使用Devise - 可以通过omniauth-twitter和我的管理员用户登录,但普通用户即使在密码重置链接后也会获得401。在密码重置时,Devise登录用户,但如果您注销并尝试登录,请获取401.如果我创建新用户,则不会让我登录。
在检查用户记录时,它似乎不会在保存时为encrypted_password生成哈希值。如果我使用.valid_password检查? "密码",即使重置密码,我也会收到错误。
我正在运行Ruby 2.3.1 + Rails 4.2.7.1 + Devise 4.4.1
sessions_controller.rb
中没有任何内容application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit :account_update, keys: [:username, :customer_id, :password, :password_confirmation, :remember_me, address_attributes: [:name, :address1, :address2, :city, :state, :zip]]
end
def after_sign_in_path_for(resource_or_scope)
if admin_user_signed_in?
admin_root_path
else
if request.env['omniauth.auth']
provider = request.env['omniauth.auth'].provider
session["login.#{provider}"] = provider
end
edit_user_registration_path
end
end
end
节/ new.html.haml
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
= devise_error_messages!
.field
= f.label :email
%br/
= f.email_field :email, autofocus: true
.field
= f.label :password
%br/
= f.password_field :password, autocomplete: "off"
- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations'
= link_to "Forgot your password?", new_password_path(resource_name), class: "right small"
%br/
- if devise_mapping.rememberable?
.field.small
= f.check_box :remember_me
= f.label :remember_me
.actions.center
= f.submit "Log in", class: "waves-effect waves-light btn"
= render "devise/shared/links"
的routes.rb
devise_for :users, controllers: {registrations: "users/registrations", sessions: "users/sessions", passwords: "users/passwords", omniauth_callbacks: 'omniauth_callbacks'}, skip: [:sessions, :registrations]
devise_scope :user do
get "login" => "users/sessions#new", as: :new_user_session
post "login" => "users/sessions#create", as: :user_session
delete "signout" => "users/sessions#destroy", as: :destroy_user_session
get "signup" => "users/registrations#new", as: :new_user_registration
post "signup" => "users/registrations#create", as: :user_registration
put "signup" => "users/registrations#update", as: :update_user_registration
get "account" => "users/registrations#edit", as: :edit_user_registration
put 'update_plan', :to => 'users/registrations#update_plan'
put 'update_card', :to => 'users/registrations#update_card'
end
控制台输出:
Completed 401 Unauthorized in 15ms (ActiveRecord: 1.7ms)
Processing by Users::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"x0ACUBAv4MPdK2DmFvIC0c/PqiWgD+AK/+Z2VxMmtWrGvFrKcgs+gLdbJcxUo1W8QWTP2ccbDdX6WOLu0ATovQ==", "user"=>{"email"=>"joshdfadafakl@gotostepone.com", "password"=>"[FILTERED]","remember_me"=>"0"}, "commit"=>"Log in"}
谢谢!