所以我有一个使用Devise进行身份验证的Rails 4应用程序。当我注意到奇怪的行为并在firebug中确认时,我已经开始编写控制器测试了。
当我尝试访问具有before_action :authenticate_user!的控制器操作时,它会返回一个响应,其中包含302 Found标头和第一个数据库条目的BODY,然后重定向到new_user_session_path。因此,如果有人只是打开一个控制台并查看它,他们就可以看到应该隐藏的信息。
我只是不明白当用户被发现如@user = current_user且没有current_user时,或者至少不应该有#39}时,它如何为用户呈现正文;是的。
我看了,却一无所获。以下是一些其他信息:Devise版本3.5.2,Rails 4.2.4
修改
尝试访问经过身份验证的页面时的Rails日志
Started GET "/dashboard" for 127.0.0.1 at 2016-01-28 11:07:27 +0100
Processing by UsersController#show as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2016-01-28 11:07:27 +0100
Processing by Users::SessionsController#new as HTML
Rendered users/sessions/new.html.erb within layouts/application (1.4ms)
Rendered shared/_navigation.html.erb (0.4ms)
Rendered shared/_flashes.html.erb (0.1ms)
Completed 200 OK in 192ms (Views: 191.6ms | ActiveRecord: 0.0ms)
这就是FireBug所展示的。我不明白为什么会有所不同
GET dashboard 302 Found localhost:3000 101 B 127.0.0.1:3000 16ms
GET sign_in 200 OK localhost:3000 6,6 KB 127.0.0.1:3000
编辑2
所以我发现它与Devise无关。即使我实现了我自己的身份验证方法并在before_action而不是authenticate_user!中使用它,它仍然无法正常工作。该操作呈现视图,但是,当我将byebug置于操作中时,它没有中断。所以我要重新命名这个问题。
编辑3
所有可能相关的代码片段。
application.html.erb
<!DOCTYPE html>
<html>
<head>
<title>Oregano</title>
<%= stylesheet_link_tag 'application', media: 'all' %>
<%= javascript_include_tag 'application' %>
<%= csrf_meta_tags %>
</head>
<body>
<div id="wrapper">
<%= render 'shared/navigation' %>
<% if content_for? :welcome %>
<div class="section welcome-section">
<div class="container">
<div id="flashes"><%= render 'shared/flashes' %></div>
<%= yield :welcome %>
</div>
</div>
<% else %>
<div id="page-wrapper">
<div class="section">
<div class="container main-content">
<div id="flashes"><%= render 'shared/flashes' %></div>
<div class="row">
<%= yield :top %>
</div>
<div class="row bottom-index-part">
<div class="col-md-8 index">
<%= yield :main %>
</div>
<div class="col-md-4">
<div id="showDetailsWell" class="well well-sm hidden">
<%= yield :details %>
</div>
</div>
</div>
</div>
</div>
</div>
<% end %>
<%= debug(params) if Rails.env.development? %>
<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span></button>
<h4 class="modal-title" id="myModalLabel"></h4>
</div>
<div class="modal-body">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
用户/ show.html.erb
<% content_for :top do %>
<div class="user-header header-combo">
<%= gravatar_image_tag current_user.email, alt: "#{current_user.name} gravatar", class: 'img-circle' %>
<h1 class="heading"><%= current_user.name %></h1>
</div>
<% end %>
<% content_for :main do %>
<div class="row">
<div class="col-md-7">
<h3>My interests</h3>
<%= render 'shared/add_tag', resource: current_user, tag_name: 'interest', label_name: 'I like to' %>
<div class="tags-row interests-row">
<% current_user.user_interests.each do |ui| %>
<%= render 'shared/remove_tag', resource: ui, path: [@user, ui] unless ui.new_record? %>
<% end %>
</div>
</div>
<div class="col-md-5">
<h3>My places</h3>
<%= render 'shared/add_tag', resource: current_user, tag_name: 'place', label_name: 'I live in' %>
<div class="tags-row places-row">
<% current_user.user_places.each do |up| %>
<%= render 'shared/remove_tag', resource: up, path: [@user, up] unless up.new_record? %>
<% end %>
</div>
</div>
</div>
<div class="row">
<div class="col-md-7 about-user">
<%= render 'about_show' %>
</div>
<div class="col-md-5 contact-info-user">
<%= render 'contact_info_show' %>
</div>
</div>
<% end %>
UsersController#节目
def show
respond_to do |format|
format.html do
@user = current_user
end
format.js do
@user = User.find params[:id]
@group = params[:group_id] ? Group.find(params[:group_id]) : nil
end
end
end
摘自routes.rb
get 'dashboard', to: 'users#show', as: 'dashboard'
resources :users, only: [:show, :index] do
resources :user_interests
resources :user_places
resources :relationships, only: [:index]
member do
get 'get_interests_json'
end
collection do
get 'edit_about', to: 'users#edit_about'
patch 'about', to: 'users#update_about'
get 'edit_contact_info', to: 'users#edit_contact_info'
patch 'contact_info', to: 'users#update_contact_info'
end
end
的ApplicationController
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :init_scope_hash
before_action :authenticate_basic
before_action :authenticate_user!
include ApplicationHelper
protected
def init_scope_hash
@scope = {}
end
def authenticate_basic
if Rails.env.production?
authenticate_or_request_with_http_basic do |username, password|
username == "blablabl" && password == "blablabla"
end
end
end
end
编辑4
ApplicationHelper
module ApplicationHelper
def universalise string
res = string.gsub(/[ÁÄáäČčĎďÉéÍíĹ弾ŇÓÔóôŔ੹ŤťÚúÝýŽž]/, 'AAaaCcDdEeIiLlLlNOOooRrSstTUuYyZz')
res.downcase
end
def current_user?(user)
user == current_user
end
end
答案 0 :(得分:0)
好的,我明白了。它是由浏览器缓存引起的。没有rails错误。
这真是一个意外,我在布局中做了一些更改,并在登录时将其加载到FF中,然后打开一个私人窗口并观察响应,它也被更改了。然后我改回了布局并做了另一个请求,但注意到响应没有改变。当我在活动会话FF中重新加载它时,它也在私有窗口中更改。所以我禁用了浏览器缓存并且它有效。
我仍然无法相信这就是它。
答案 1 :(得分:0)
在yield
application.html.erb代替({1}}中指定的</android.support.design.widget.AppBarLayout>