我正在使用Postgres在我的Rails应用中设置用户身份验证,并且尽管用户肯定不在我的数据库中,但User.new()
不断地告诉我User Exists
。
应用/控制器/ API / user_controller.rb
class Api::UserController < ApplicationController
respond_to :json
protect_from_forgery with: :null_session
def create
@user = User.new(
email: params[:email],
password: params[:password],
password_confirmation: params[:password_confirmation],
first_name: params[:first_name],
last_name: params[:last_name],
groupname: params[:groupname],
admin: params[:admin]
)
if @user.save
puts "it worked"
else
puts "Didn't work"
end
end
end
应用/模型/ user.rb
class User < ApplicationRecord
before_save { self.email = email.downcase }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
validates :first_name, presence: true, length: { maximum: 51 }
validates :groupname, presence: true, length: { maximum: 51 }
has_secure_password
validates :password, presence: true, length: { minimum: 6 }
end
应用/ db.schema.rb
create_table "users", force: :cascade do |t|
t.string "email"
t.string "password_digest"
t.string "first_name"
t.string "last_name"
t.string "groupname"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.boolean "admin"
t.index ["email"], name: "index_users_on_email", unique: true
end
终端回复
app/controllers/api/user_controller.rb:31:in `create'
Started POST "/api/user" for 127.0.0.1 at 2018-01-30 19:03:55 -0800
Processing by Api::UserController#create as JSON
Parameters: {"email"=>"ktuh@org.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true", "user"=>{"email"=>"test@test.com", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true"}}
Can't verify CSRF token authenticity.
(0.2ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER($1) LIMIT $2 [["email", "ktuh@org.com"], ["LIMIT", 1]]
(0.2ms) ROLLBACK
Didn't work
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 118ms (ActiveRecord: 6.3ms)
答案 0 :(得分:2)
User Exists
提到了Rails为检查用户电子邮件的唯一性验证所执行的操作。您可以尝试删除uniqueness
验证并检查日志。
有关Rails如何检查uniqueness
验证的详细信息:https://robots.thoughtbot.com/the-perils-of-uniqueness-validations
答案 1 :(得分:1)
感谢@BradWerth的调试帮助。事实证明它没有写入数据库,因为密码确认与密码不匹配。我不确定User Exists
是什么意思(将会看到@Tai)但这就是现在正在发生的事情......
使用@ user.errors.full_messages
Started POST "/api/user" for 127.0.0.1 at 2018-01-30 19:55:27 -0800
Processing by Api::UserController#create as JSON
Parameters: {"email"=>"ktuh@org.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true", "user"=>{"email"=>"test@test.com", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true"}}
Can't verify CSRF token authenticity.
(0.3ms) BEGIN
User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER($1) LIMIT $2 [["email", "ktuh@org.com"], ["LIMIT", 1]]
(0.2ms) ROLLBACK
["Password confirmation doesn't match Password"]
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 117ms (ActiveRecord: 6.4ms)
使用@ user.errors.full_messages并使用正确的密码确认
Started POST "/api/user" for 127.0.0.1 at 2018-01-30 19:55:52 -0800
Processing by Api::UserController#create as JSON
Parameters: {"email"=>"test@test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true", "user"=>{"email"=>"test@test.com", "first_name"=>"asdfasfd", "last_name"=>"asdfasddfs", "groupname"=>"fdsafdasf", "admin"=>"true"}}
Can't verify CSRF token authenticity.
(0.2ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER($1) LIMIT $2 [["email", "ktuh@org.com"], ["LIMIT", 1]]
SQL (0.6ms) INSERT INTO "users" ("email", "password_digest", "first_name", "last_name", "groupname", "created_at", "updated_at", "admin") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id" [["email", "test@test.com"], ["password_digest", "$2a$10$W1wt6arxrP8sW/K1jQPsLuEX8BUFMl7lOSgvCHa6hBTdON/HCoHNa"], ["first_name", "asdfasfd"], ["last_name", "asdfasddfs"], ["groupname", "fdsafdasf"], ["created_at", "2018-01-31 03:55:52.787377"], ["updated_at", "2018-01-31 03:55:52.787377"], ["admin", "t"]]
(1.0ms) COMMIT
it worked
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 112ms (ActiveRecord: 2.2ms)
答案 2 :(得分:1)
我在这里看到了多个潜在的问题:
1 /无法验证CSRF令牌的真实性。 如果这是一个API,那么我假设您试图在rails表单之外使用它,这意味着如果必须在请求中发送csrf令牌或从您的操作中删除de伪造保护。 http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
2 / Rails作为“强参数”概念,可能会阻止您直接使用参数来操纵您的模型。 http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters
“用户EXIST”是输出上显示的内容,因为已完成检查
ruby
validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }