我无法以生产模式登录。我正在关注这个维基(How-To:-Allow-users-to-sign-in-using-their-username-or-email-address),它在开发模式下运行良好,但在生产模式下运行良好。这是我的设置。 我正在使用ruby-2.2.2,rails-4.2.4和nginx。
和我的应用程序控制器
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :username, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:name, :login, :username, :email, :password, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :username, :email, :password, :password_confirmation, :current_password) }
end
protect_from_forgery with: :exception
skip_before_filter :verify_authenticity_token
after_filter :store_location
def store_location
# store last url - this is needed for post-login redirect to whatever the user last visited.
return unless request.get?
if (request.path != "/users/sign_in" &&
request.path != "/users/sign_up" &&
request.path != "/users/password/new" &&
request.path != "/users/password/edit" &&
request.path != "/users/confirmation" &&
request.path != "/users/sign_out" &&
!request.xhr?) # don't store ajax calls
session[:previous_url] = request.fullpath
end
end
def after_sign_in_path_for(resource)
session[:previous_url] || root_path
end
end
我的 app / models / user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable,
:validatable, :authentication_keys => [:login]
devise :omniauthable, :omniauth_providers => [:facebook]
#validates :email, uniqueness: true
validate :validate_username
def validate_username
if User.where(email: username).exists?
errors.add(:username, :invalid)
end
end
def email_required?
false
end
def login=(login)
@login = login
end
def login
@login || self.username || self.email
end
#without email
def self.find_for_database_authentication(warden_conditions)
conditions = warden_conditions.dup
if login = conditions.delete(:login)
where(conditions.to_h).where(["lower(username) = :value OR lower(email) = :value", { :value => login.downcase }]).first
else
where(conditions.to_h).first
end
end
#facebook
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
user.email = auth.info.email
user.password = Devise.friendly_token[0,20]
user.name = auth.info.name # assuming the user model has a name
end
end
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["raw_info"]
user.email = data["email"] if user.email.blank?
end
end
end
end
我的config/initializers/devise.rb
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
config.secret_key = '123'
require 'omniauth-facebook'
config.omniauth :facebook, "my", "key", scope: 'email', info_fields: 'email'
config.authentication_keys = [ :login ]
config.scoped_views = true
# config.secret_key = '123'
config.warden do |manager|
manager.failure_app = CustomFailure
end
# ==> Mailer Configuration
require 'devise/orm/active_record'
config.case_insensitive_keys = [:email]
config.strip_whitespace_keys = [:email]
config.skip_session_storage = [:http_auth]
config.stretches = Rails.env.test? ? 1 : 10
config.reconfirmable = true
config.password_length = 8..72
end
第一次尝试允许我的应用,但根本不接受我的电子邮件,用户名参数。所以我退出后无法登录。
这是我的日志production.log
I, [2016-01-07T06:38:08.087402 #24876] INFO -- : Started POST "/users" for 121.128.32.141 at 2016-01-07 06:38:08 +0000
I, [2016-01-07T06:38:08.088372 #24876] INFO -- : Processing by Users::RegistrationsController#create as HTML
I, [2016-01-07T06:38:08.088426 #24876] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"T6X9fDB54ek7vP/TA4XiZ8Ix5tg5A6FH6e55p8XnQAYl1svp059541I+GN/dwLDomEtYD5dMvUzLoApbJ3mkdA==", "user"=>{"name"=>"myname", "username"=>"010101010", "email"=>"abdc@naver.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"signup"}
D, [2016-01-07T06:38:08.159692 #24876] DEBUG -- : ^[[1m^[[36m (0.1ms)^[[0m ^[[1mbegin transaction^[[0m
D, [2016-01-07T06:38:08.160770 #24876] DEBUG -- : ^[[1m^[[35mUser Exists (0.2ms)^[[0m SELECT 1 AS one FROM "users" WHERE "users"."email" IS NULL LIMIT 1
D, [2016-01-07T06:38:08.161906 #24876] DEBUG -- : ^[[1m^[[36mSQL (0.2ms)^[[0m ^[[1mINSERT INTO "users" ("encrypted_password", "name", "created_at", "updated_at") VALUES (?, ?, ?, ?)^[[0m [["encrypted_password", "$2a$10$RmEbaGBCvGWpGb9TOIyyt.6Y0t0EZIloOJDQM9GNxCApZuQC.kDRu"], ["name", "myname"], ["created_at", "2016-01-07 06:38:08.160981"], ["updated_at", "2016-01-07 06:38:08.160981"]]
D, [2016-01-07T06:38:08.170872 #24876] DEBUG -- : ^[[1m^[[35m (8.6ms)^[[0m commit transaction
D, [2016-01-07T06:38:08.171620 #24876] DEBUG -- : ^[[1m^[[36m (0.0ms)^[[0m ^[[1mbegin transaction^[[0m
D, [2016-01-07T06:38:08.172626 #24876] DEBUG -- : ^[[1m^[[35mSQL (0.1ms)^[[0m UPDATE "users" SET "last_sign_in_at" = ?, "current_sign_in_at" = ?, "last_sign_in_ip" = ?, "current_sign_in_ip" = ?, "sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = ? [["last_sign_in_at", "2016-01-07 06:38:08.171208"], ["current_sign_in_at", "2016-01-07 06:38:08.171208"], ["last_sign_in_ip", "121.128.32.141"], ["current_sign_in_ip", "121.128.32.141"], ["sign_in_count", 1], ["updated_at", "2016-01-07 06:38:08.171805"], ["id", 17]]
答案 0 :(得分:0)
实际上,这不是生产模式的问题。我从unpermitted-parameters-adding-new-fields-to-devise-in-rails-4-0找到了解决方案。我分开后
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :username, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:name, :login, :username, :email, :password, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :username, :email, :password, :password_confirmation, :current_password) }
end
到每个controller / users / sessions_controller.rb,如
class Users::SessionsController < Devise::SessionsController
# before_filter :configure_sign_in_params, only: [:create]
before_filter :configure_permitted_parameters
# GET /resource/sign_in
# def new
# super
# end
# POST /resource/sign_in
# def create
# super
# end
# DELETE /resource/sign_out
# def destroy
# super
# end
# protected
# If you have extra params to permit, append them to the sanitizer.
# def configure_sign_in_params
# devise_parameter_sanitizer.for(:sign_in) << :attribute
# end
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in).push(:name, :login, :username, :email, :password, :remember_me)
end
end
和controllers / users / registrations_controller.rb一样
class Users::RegistrationsController < Devise::RegistrationsController
# before_filter :configure_sign_up_params, only: [:create]
# before_filter :configure_account_update_params, only: [:update]
before_filter :configure_permitted_parameters
# GET /resource/sign_up
# def new
# super
# end
# POST /resource
# def create
# super
# end
# GET /resource/edit
def edit
super
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up).push(:name, :username, :email, :password, :password_confirmation, :current_password)
devise_parameter_sanitizer.for(:account_update).push(:name, :username, :email, :password, :password_confirmation, :current_password)
end
# PUT /resource
# def update
# super
# end
# DELETE /resource
# def destroy
# super
# end
# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.
# def cancel
# super
# end
# protected
# If you have extra params to permit, append them to the sanitizer.
# def configure_sign_up_params
# devise_parameter_sanitizer.for(:sign_up) << :attribute
# end
# If you have extra params to permit, append them to the sanitizer.
# def configure_account_update_params
# devise_parameter_sanitizer.for(:account_update) << :attribute
# end
protected
def after_sign_up_path_for(resource)
session[:previous_url] || root_path(resource)
end
def after_inactive_sign_up_path_for(resource)
session[:previous_url] || root_path(resource)
end
end
如果有人遇到像我这样的问题,请不要使用application_cotrollers
而是将每个设备的控制器分开。