2013-10-09 49 views
4

我剛剛在我的應用程序中配置了強參數,似乎都很好。但我的設計登錄失敗。我仍然可以註冊一個用戶,這將登錄用戶在我對色器件3.1.1設計完成401在應用強參數後1ms未授權

我加入application_controller:

before_filter :configure_permitted_parameters, if: :devise_controller? 

    protected 
     def configure_permitted_parameters 
     devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) } 
     devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) } 
     end 

在我的模型

devise :database_authenticatable, :registerable, 
    :recoverable, :rememberable, :trackable, :validatable, :token_authenticatable, :invitable, :invite_for => 2.weeks, :authentication_keys => [:username] 

我的日誌,有一個DEPRECATION WARNING:devise:token_authenticatable已被棄用,不確定這是否是問題所在?

 Started POST "https://stackoverflow.com/users/login" for 127.0.0.1 at 2013-10-09 21:54:13 +1300 
     DEPRECATION WARNING: devise :token_authenticatable is deprecated. Please check Devise 3.1 release notes for more information on how to upgrade. (called from <class:User> at /home/jcui/Desktop/workspace/iv/app/models/user.rb:6) 
     Configuration Load (0.4ms) SELECT "configurations".* FROM "configurations" 
     Processing by Devise::SessionsController#create as HTML 
     Parameters: {"utf8"=>"✓", "authenticity_token"=>"G1aVfzHcwHAI7ao6sBLF9WtgJAWlQ8c5KlKzEHpZzTo=", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"} 
     Completed 401 Unauthorized in 1ms 
     Processing by Devise::SessionsController#new as HTML 
     Parameters: {"utf8"=>"✓", "authenticity_token"=>"G1aVfzHcwHAI7ao6sBLF9WtgJAWlQ8c5KlKzEHpZzTo=", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"} 
     Rendered devise/shared/_links.erb (0.6ms) 
     Rendered devise/sessions/new.html.erb within layouts/application (6.8ms) 
     Completed 200 OK in 169ms (Views: 83.0ms | ActiveRecord: 0.0ms | Solr: 0.0ms) 

我試圖在會話新視圖中輸出資源錯誤對象,但沒有錯誤!

#<ActiveModel::Errors:0xe911424 @base=#<User id: nil, email: "[email protected]", encrypted_password: "$2a$10$j6lAQhBNgsO01HuBjxbgCOdvd0biRehWhQct50ee8cAo...", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, 
    sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil, created_at: nil, updated_at: nil, api_key: nil, avatar: nil, deleted_at: nil, roles_mask: nil, subdomain_id: nil, 
    invitation_token: nil, invitation_sent_at: nil, invitation_accepted_at: nil, invitation_limit: nil, invited_by_id: nil, invited_by_type: nil, username: nil, avatar_processing: nil, lang: nil>, @messages={}> 
+0

你能保證t你的配置被調用了嗎? – phoet

+0

也可以配置強參數,以便在使用錯誤密鑰訪問時引發錯誤。這可能有助於解決問題 – phoet

+0

控制器的外觀如何。具體是創建方法 – bobbdelsol

回答

1

您正在使用的用戶名,身份驗證的模式,你的色器件模型

:authentication_keys => [:username] 

其中作爲您的登錄,您的電子郵件進行身份驗證。嘗試從

devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) } 

改變你的允許參數以

devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :password, :remember_me) } 

還可以修改配置/初始化/ devise.rb有:

config.case_insensitive_keys = [ :email, :username ] 
config.strip_whitespace_keys = [ :email, :username ] 

看看這個鏈接,如果你希望用用戶名或密碼登錄: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address