Question

我正在使用Postgres在我的Rails应用中设置用户身份验证，并且尽管用户肯定不在我的数据库中，但User.new()不断地告诉我User Exists。

应用/控制器/ API / user_controller.rb

class Api::UserController < ApplicationController
    respond_to :json
    protect_from_forgery with: :null_session


def create
    @user = User.new(
        email: params[:email],
        password: params[:password],
        password_confirmation: params[:password_confirmation],
        first_name: params[:first_name],
        last_name: params[:last_name],
        groupname: params[:groupname],
        admin: params[:admin]
    )

    if @user.save
        puts "it worked"
    else
        puts "Didn't work"
    end
end
end

应用/模型/ user.rb

class User < ApplicationRecord
    before_save { self.email = email.downcase }
    VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
    validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
    validates :first_name, presence: true, length: { maximum: 51 }
    validates :groupname, presence: true, length: { maximum: 51 }
    has_secure_password
    validates :password, presence: true, length: { minimum: 6 }
end

应用/ db.schema.rb

create_table "users", force: :cascade do |t|
    t.string "email"
    t.string "password_digest"
    t.string "first_name"
    t.string "last_name"
    t.string "groupname"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.boolean "admin"
    t.index ["email"], name: "index_users_on_email", unique: true
  end

终端回复

app/controllers/api/user_controller.rb:31:in `create'
Started POST "/api/user" for 127.0.0.1 at 2018-01-30 19:03:55 -0800
Processing by Api::UserController#create as JSON
  Parameters: {"email"=>"ktuh@org.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true", "user"=>{"email"=>"test@test.com", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true"}}
Can't verify CSRF token authenticity.
   (0.2ms)  BEGIN
  User Exists (0.4ms)  SELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER($1) LIMIT $2  [["email", "ktuh@org.com"], ["LIMIT", 1]]
   (0.2ms)  ROLLBACK
Didn't work
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 118ms (ActiveRecord: 6.3ms)

Answer 1

日志中的

User Exists提到了Rails为检查用户电子邮件的唯一性验证所执行的操作。您可以尝试删除uniqueness验证并检查日志。

有关Rails如何检查uniqueness验证的详细信息：https://robots.thoughtbot.com/the-perils-of-uniqueness-validations

Answer 2

感谢@BradWerth的调试帮助。事实证明它没有写入数据库，因为密码确认与密码不匹配。我不确定User Exists是什么意思（将会看到@Tai）但这就是现在正在发生的事情......

使用@ user.errors.full_messages

Started POST "/api/user" for 127.0.0.1 at 2018-01-30 19:55:27 -0800
Processing by Api::UserController#create as JSON
  Parameters: {"email"=>"ktuh@org.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true", "user"=>{"email"=>"test@test.com", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true"}}
Can't verify CSRF token authenticity.
   (0.3ms)  BEGIN
  User Exists (0.5ms)  SELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER($1) LIMIT $2  [["email", "ktuh@org.com"], ["LIMIT", 1]]
   (0.2ms)  ROLLBACK
["Password confirmation doesn't match Password"]
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 117ms (ActiveRecord: 6.4ms)

使用@ user.errors.full_messages并使用正确的密码确认

Started POST "/api/user" for 127.0.0.1 at 2018-01-30 19:55:52 -0800
Processing by Api::UserController#create as JSON
  Parameters: {"email"=>"test@test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true", "user"=>{"email"=>"test@test.com", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true"}}
Can't verify CSRF token authenticity.
   (0.2ms)  BEGIN
  User Exists (0.4ms)  SELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER($1) LIMIT $2  [["email", "ktuh@org.com"], ["LIMIT", 1]]
  SQL (0.6ms)  INSERT INTO "users" ("email", "password_digest", "first_name", "last_name", "groupname", "created_at", "updated_at", "admin") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id"  [["email", "test@test.com"], ["password_digest", "$2a$10$W1wt6arxrP8sW/K1jQPsLuEX8BUFMl7lOSgvCHa6hBTdON/HCoHNa"], ["first_name", "asdfasfd"], ["last_name", "asdfasddfs"], ["groupname", "fdsafdasf"], ["created_at", "2018-01-31 03:55:52.787377"], ["updated_at", "2018-01-31 03:55:52.787377"], ["admin", "t"]]
   (1.0ms)  COMMIT
it worked
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 112ms (ActiveRecord: 2.2ms)

Answer 3

我在这里看到了多个潜在的问题：

1 /无法验证CSRF令牌的真实性。如果这是一个API，那么我假设您试图在rails表单之外使用它，这意味着如果必须在请求中发送csrf令牌或从您的操作中删除de伪造保护。 http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html

2 / Rails作为“强参数”概念，可能会阻止您直接使用参数来操纵您的模型。 http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters

“用户EXIST”是输出上显示的内容，因为已完成检查 ruby validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }

Rails Postgres不断告诉我用户存在

3 个答案: