身份驗證失敗：設計+ OmniAuth + Facebook

Question

我越來越（facebook）身份驗證失敗！ 錯誤 - omniauth：（臉書）認證失敗！ csrf_detected：OmniAuth ::策略:: OAuth2 :: CallbackError，csrf_detected | CSRF檢測 處理由會員:: OmniauthCallbacksController＃衰竭爲HTML

這裏我的應用程序代碼

控制器

class Members::OmniauthCallbacksController < Devise::OmniauthCallbacksController 
    def facebook  
     @user = Member.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)  
     if @user.persisted?  
      sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated 
      set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format? 
     else 
      session["devise.facebook_data"] = request.env["omniauth.auth"] 
      redirect_to new_user_registration_url 
     end 
    end 
end 

型號

class Member < ActiveRecord::Base 
    devise :omniauthable, :database_authenticatable, :confirmable, :registerable, :recoverable, :rememberable, :trackable, :validatable 
    validates :lastName, :presence => true 
    def self.find_for_facebook_oauth(auth, signed_in_resource=nil) 
    user = Member.where(:provider => auth.provider, :uid => auth.uid).first 
    if user 
     return user 
    else 
     registered_user = Member.where(:email => auth.info.email).first 
     if registered_user 
     return registered_user 
     else 
     user = Member.create(name:auth.extra.raw_info.name, 
          provider:auth.provider, 
          uid:auth.uid, 
          email:auth.info.email, 
          password:Devise.friendly_token[0,20], 
         ) 
     end end 
    end 

end 

路線

TestDevice::Application.routes.draw do 
    devise_for :members, :controllers => { :omniauth_callbacks => "members/omniauth_callbacks", :sessions => "members/sessions", :passwords => "members/passwords", :registrations => "members/registrations" } 
    root "home#index" 

    get "boot/new" 
    get "boot/show" 

    devise_scope :members do 

    end 

末

佈局

-if member_signed_in? 
    %h3.text-center.page-header 
     You have succesfully signed in 
     =link_to "Sign Out", destroy_member_session_path, :method => :delete, :class => "btn btn-primary" 
-else 
    %h1.text-center.page-header 
     Welcome to rails community 
    %div.text-center 
     =link_to "Sign In", new_member_session_path, :method => :get, :class => "btn btn-primary" 
     | 
     =link_to "Sign up", new_member_registration_path, :method => :get, :class => "btn btn-primary" 
     | 
     =link_to "Sign in with Facebook", member_omniauth_callback_path(:facebook), :class => "btn btn-primary"\ 

devise.rb文件

require "omniauth-facebook" 
    config.omniauth :facebook, "**********", "****************" 

控制檯樣子

Started GET "/members/auth/facebook/callback" for 127.0.0.1 at 2014-02-13 09:53:12 +0500 
I, [2014-02-13T09:53:12.166717 #74319] INFO -- omniauth: (facebook) Callback phase initiated. 
E, [2014-02-13T09:53:12.168392 #74319] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected 
Processing by Members::OmniauthCallbacksController#failure as HTML 
Redirected to http://localhost:3000/members/sign_in 
Completed 302 Found in 2ms (ActiveRecord: 0.0ms) 

我不理解這是什麼意思？我只有config/initializers/devise.rb文件而不是這個文件config/initializers/omniauth.rb。

Answer 1

你必須確保Facebook應用程序設置爲公共視圖。