首先,我想告诉您我可以成功创建新用户并为该新用户启动会话。我不能做的就是以新用户身份登录。
不要分散任何人的注意力,但我认为错误在于对用户进行身份验证。
目前在会话控制器中。如果我有以下内容。
user = User.find_by(params[:email])
if user && user.authenticate(params[:session][:password])
我将被重定向到登录页面,因为密码不匹配。 如果我有以下内容,我可以登录。但我不会以正确的用户身份开始会话。
user = User.find_by(params[:email])
if user
我再次创建新用户,我的用户数确实增加了,但是一旦我结束会话,我就无法登录用户。
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(params[:email])
if user && user.authenticate(params[:session])
session[:user_id] = user.id
case user.admin_level
when 1
session[:site_admin] = true
session[:can_create_post] = true
when 2
session[:creator] = true
session[:can_create_post] = true
when 3
session[:friend] = true
session[:can_comment_on_post] = true
end
if params[:remember_me]
cookies.permanent[:auth_token] = user.auth_token
else
cookies[:auth_token] = user.auth_token
end
log_in user
redirect_to user, :notice => "Logged in!"
else
flash.now[:danger] = 'Invalid email/password combination' # Not quite right!
redirect_to root_url
end
end
def loggedin?
@user = session[:user_id]
redirect_to page_path(current_user)
end
def destroy
log_out if logged_in?
cookies.delete(:auth_token)
session.clear
redirect_to root_url, :notice => "Logged out!"
end
def session_params
params.require(:session).permit(:user_id)
end
end
我的用户模型如下所示
class User < ActiveRecord::Base
attr_accessor :remember_token, :image
before_create { generate_token(:auth_token) }
mount_uploader :image, ImageUploader
mount_uploader :avatar, AvatarUploader
validates :name, presence: true, length: { maximum: 50 }
before_save { email.downcase! }
before_save { name.capitalize! }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true , length: { maximum: 255 },
format: {with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
has_secure_password
validates :password, length: { minimum: 6 }, allow_blank: true
def User.digest(string)
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
BCrypt::Engine.cost
BCrypt::Password.create(string, cost: cost)
end
def User.new_token
SecureRandom.urlsafe_base64
end
def remember
self.remember_token = User.new_token
update_attribute(:remember_digest, User.digest(remember_token))
end
def forget
update_attribute(:remember_digest, nil)
end
def authenticated?(remember_token)
BCrypt::Password.new(remember_digest).is_password?(remember_token)
end
def generate_token(column)
begin
self[column] = SecureRandom.urlsafe_base64
end while User.exists?(column => self[column])
end
def authenticated?(remember_token)
BCrypt::Password.new(remember_digest).is_password?(remember_token)
end
end