我对rails很新,我正在尝试完成以下身份验证问题:
用户发表评论或授予“赦免”(类似于评论)并获得一些硬币。硬币是我的应用程序中的虚拟货币,也是用户表中的一列。
由于你的帮助,我已经能够在撰写评论或授予赦免后更新硬币价值。但是,当我写评论并在此之后退出时,我的登录名或密码会被更改(?)...我无法使用此帐户登录。
这就是我的用户模型的样子:
require 'digest'
class User < ActiveRecord::Base
attr_accessor :password
attr_accessible :name, :email, :password, :password_confirmation, :twitter_url, :homepage_url, :coins
has_many :comments, :dependent => :destroy
has_many :absolutions, :dependent => :destroy
has_many :ratings
has_many :rated_sins, :through => :ratings, :source => :sins
email_regex = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
homepage_regex = /(^$)|(^(http|https):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(([0-9]{1,5})?\/.*)?$)/ix
validates :name, :presence => true,
:length => { :maximum => 50 }
validates :email, :presence => true,
:format => { :with => email_regex },
:uniqueness => { :case_sensitive => false }
validates :twitter_url, :format => { :with => homepage_regex }
validates :homepage_url, :format => { :with => homepage_regex }
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 6..40 }
before_save :encrypt_password
def has_password?(submitted_password)
encrypted_password == encrypt(submitted_password)
end
def self.authenticate(email, submitted_password)
user = find_by_email(email)
return nil if user.nil?
return user if user.has_password?(submitted_password)
end
class << self
def authenticate(email, submitted_password)
user = find_by_email(email)
(user && user.has_password?(submitted_password)) ? user : nil
end
def authenticate_with_salt(id, cookie_salt)
user = find_by_id(id)
(user && user.salt == cookie_salt) ? user : nil
end
end
private
def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(password)
end
def encrypt(string)
secure_hash("#{salt}--#{string}")
end
def make_salt
secure_hash("#{Time.now.utc}--#{password}")
end
def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end
这是我的评论控制员:
class CommentsController < ApplicationController
before_filter :authenticate, :only => [:create, :destroy]
def new
@comment = Comment.new
end
def create
@sin = Sin.find(params[:sin_id])
@comment = current_user.comments.build(params[:comment])
@comment.sin_id = @sin.id
if @comment.save
flash[:success] = "Comment created! Earned 20 coins."
coins_new = current_user.coins.to_i + 20
current_user.update_attribute(:coins, coins_new)
redirect_to sin_path(@sin)
else
flash[:error] = "Comment should have 1 - 1000 chars."
redirect_to sin_path(@sin)
end
end
def destroy
end
private
def authenticate
deny_access unless signed_in?
end
end
我认为它与before_save encrypt_password方法有关,但它只是一个猜测。非常感谢您的帮助和建议!
修改 它变得更暖......它与评论控制器中的以下行有关:
current_user.update_attribute(:coins, coins_new)
当他更新:coins列时,似乎出现了问题。如果您需要更多信息,请发表评论。谢谢你的帮助!
答案 0 :(得分:0)
您的问题是您在“encrypt_password”方法中加密已加密的密码。
因此,当用户是new_record?时,您将获取密码(比如说它是“cat”),对其进行哈希处理并将其存储在数据库中。
所以,存储的是“猫”的加密哈希,我们会说是“狗”
然后,在您下次保存用户记录时,您将在“encrypt_password”方法的第2行中使用哈希密码(“dog”),然后再次对其进行哈希 ,我们会说会产生“袋鼠”。
下次登录时,您的应用程序会将您输入的密码哈希记录到登录表单“cat”中,将其记录为“dog”,并将其与数据库中的哈希版本“kangaroo”进行比较。哦,但“狗”与“袋鼠”不匹配,因此登录失败。
改变:
def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(password)
end
要么:
def encrypt_password
self.salt = make_salt if new_record?
self.password = decrypt(password) # decrypt it first to the plain text
self.encrypted_password = encrypt(password) # then re-encrypt the plain text with the salt
end
或者:
def encrypt_password
self.salt = make_salt if new_record?
if (password_has_changed?) # somehow you'll have to figure this out
self.encrypted_password = encrypt(password)
end