我在此身份验证实现中缺少什么?

时间:2014-11-03 20:58:25

标签: ruby-on-rails forms authentication basic-authentication

这是一个Rails应用程序,我已在控制器上实现了truentiction,但有1个视图除外

 before_filter :authenticate, except: [:new]

身份验证在控制器中运行良好。

允许公开查看............. 

localhost:3000/softruns/new

并且 NOT 允许公开查看............. 

localhost:3000/softrunss/1/edit
localhost:3000/softruns  <---- index page

问题是当用户提交localhost:3000 / softruns / new中的表单时,它会触发身份验证。 我成功提交后,甚至将用户重定向到home / index.html页面。

我可能缺少什么?
这是我的softruns_controller.rb 

require 'digest/sha2'
class SoftrunsController < ApplicationController
before_filter :authenticate, except: [:new]  
  before_action :set_softrun, only: [:show, :edit, :update, :destroy]

  # GET /softruns
  # GET /softruns.json
  def index
    @softruns = Softrun.all
  end

  # GET /softruns/1
  # GET /softruns/1.json
  def show
  end

  # GET /softruns/new
  def new
    @softrun = Softrun.new
  end

  # GET /softruns/1/edit
  def edit
  end

  # POST /softruns
  # POST /softruns.json
  def create
    @softrun = Softrun.new(softrun_params)

    respond_to do |format|
      if @softrun.save
        format.html { redirect_to root_path, notice: 'Softrun was successfully created.' }
        format.json { render action: 'show', status: :created, location: @softrun }
      else
        format.html { render action: 'new' }
        format.json { render json: @softrun.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /softruns/1
  # PATCH/PUT /softruns/1.json
  def update
    respond_to do |format|
      if @softrun.update(softrun_params)
        format.html { redirect_to @softrun, notice: 'Softrun was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @softrun.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /softruns/1
  # DELETE /softruns/1.json
  def destroy
    @softrun.destroy
    respond_to do |format|
      format.html { redirect_to softruns_url }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_softrun
      @softrun = Softrun.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def softrun_params
      params.require(:softrun).permit(:soft_email, :soft_twitter, :prim_session)
    end
  private 
    def authenticate 
      userhash = { } 
      User.all.each do |user|
        userhash.store(user.username, user.password) 
      end

      authenticate_or_request_with_http_digest("localhost") do |username| 
      userhash[username] 
      end 
    end 
end

1 个答案:

答案 0 :(得分:0)

当用户提交表单时,它将调用action create并且需要进行身份验证,因此失败。如果您在例外列表中添加此项,则可以根据需要创建新记录。

before_filter :authenticate, except: [:new, :create]

更多,before_action和before_filter是相同的(Rails 4首选) 在Rails中,您不必在每个私有方法上使用私有。类中私有的所有内容都是私有的

相关问题
最新问题