Double
2008-Jan-16 02:45 UTC
ActionController::InvalidAuthenticityToken in LoginController
Hi,
I''m having a problem trying to get a login controller working. When I
try and post to my login controller I get the following error:
ActionController::InvalidAuthenticityToken in LoginController#login
login_controller:
class LoginController < ApplicationController
def login
case request.method
when :post
if @session[''user''] =
User.authenticate(@params[''username''],
@params[''password''])
flash[''notice''] = "Login successful"
redirect_back_or_default :action => "welcome"
else
@login = @params[''username'']
@message = "Login unsuccessful"
redirect_to :action=> "login"
end
end
end
.....
login.html.erb:
<div id="login">
<h1>Please Login</h1>
<form method="post" action="">
<p><label for="user_login">Username</label>
<%= text_field "user", "username", :class =>
''textbox'', :value
=> '''', :maxlength => 40 %></p>
<p><label for="user_password">Password</label>
<%= password_field "user", "password", :class
=>
''textbox'', :value => '''', :maxlength =>
40 %></p>
<p class="buttons">
<%= submit_tag ''Login'', :class =>
''button'' %>
</p>
</form>
</div>
User.rb
class User < ActiveRecord::Base
def self.authenticate(login, pass)
User.find(:first, :conditions =>["username = ? AND password =
?",
login, sha1(pass)])
end
def change_password(pass)
update_attribute "password", self.class.sha1(pass)
end
protected
def self.sha1(pass)
Digest::SHA1.hexdigest("somedigest")
end
before_create :crypt_password
def crypt_password
write_attribute("password", self.class.sha1(password))
end
validates_length_of :login, :within => 3..40
validates_length_of :password, :within => 5..40
validates_presence_of :login, :password, :password_confirmation
validates_uniqueness_of :login, :on => :create
validates_confirmation_of :password, :on => :create
end
I have the :secret and :session_key set in the environment.rb
Does anyone have any ideas?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Jean-François Trân
2008-Jan-16 03:15 UTC
Re: ActionController::InvalidAuthenticityToken in LoginController
2008/1/16, Double <ddemichele-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>:> I''m having a problem trying to get a login controller working. When I > try and post to my login controller I get the following error: > > ActionController::InvalidAuthenticityToken in LoginController#login[...]> login.html.erb: > > <div id="login"> > <h1>Please Login</h1> > > <form method="post" action=""> > <p><label for="user_login">Username</label> > <%= text_field "user", "username", :class => ''textbox'', :value > => '''', :maxlength => 40 %></p> > <p><label for="user_password">Password</label> > <%= password_field "user", "password", :class => > ''textbox'', :value => '''', :maxlength => 40 %></p> > <p class="buttons"> > <%= submit_tag ''Login'', :class => ''button'' %> > </p> > </form> > </div>You should use the token_tag helper in your form to provide the secret token needed by Rails for CSRF security reasons. -- Jean-François. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Double
2008-Jan-16 03:22 UTC
Re: ActionController::InvalidAuthenticityToken in LoginController
Are you saying that is the problem or are you making that suggestion for simply security reasons? On Jan 15, 10:15 pm, "Jean-François Trân" <jft...-HujFcYLiWL6M4zKIHC2jIg@public.gmane.org> wrote:> 2008/1/16, Double <ddemich...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>: > > > I''m having a problem trying to get a login controller working. When I > > try and post to my login controller I get the following error: > > > ActionController::InvalidAuthenticityToken in LoginController#login > > [...] > > > > > login.html.erb: > > > <div id="login"> > > <h1>Please Login</h1> > > > <form method="post" action=""> > > <p><label for="user_login">Username</label> > > <%= text_field "user", "username", :class => ''textbox'', :value > > => '''', :maxlength => 40 %></p> > > <p><label for="user_password">Password</label> > > <%= password_field "user", "password", :class => > > ''textbox'', :value => '''', :maxlength => 40 %></p> > > <p class="buttons"> > > <%= submit_tag ''Login'', :class => ''button'' %> > > </p> > > </form> > > </div> > > You should use the token_tag helper in your form to provide > the secret token needed by Rails for CSRF security reasons. > > -- Jean-François.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Double
2008-Jan-16 03:32 UTC
Re: ActionController::InvalidAuthenticityToken in LoginController
Forget it - got it. Thank you for the help. This worked like a charm. <%= token_tag %> On Jan 15, 10:22 pm, Double <ddemich...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Are you saying that is the problem or are you making that suggestion > for simply security reasons? > > On Jan 15, 10:15 pm, "Jean-François Trân" <jft...-HujFcYLiWL6M4zKIHC2jIg@public.gmane.org> > wrote: > > > 2008/1/16, Double <ddemich...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>: > > > > I''m having a problem trying to get a login controller working. When I > > > try and post to my login controller I get the following error: > > > > ActionController::InvalidAuthenticityToken in LoginController#login > > > [...] > > > > login.html.erb: > > > > <div id="login"> > > > <h1>Please Login</h1> > > > > <form method="post" action=""> > > > <p><label for="user_login">Username</label> > > > <%= text_field "user", "username", :class => ''textbox'', :value > > > => '''', :maxlength => 40 %></p> > > > <p><label for="user_password">Password</label> > > > <%= password_field "user", "password", :class => > > > ''textbox'', :value => '''', :maxlength => 40 %></p> > > > <p class="buttons"> > > > <%= submit_tag ''Login'', :class => ''button'' %> > > > </p> > > > </form> > > > </div> > > > You should use the token_tag helper in your form to provide > > the secret token needed by Rails for CSRF security reasons. > > > -- Jean-François.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Bzouchir
2008-Jan-21 10:33 UTC
Re: ActionController::InvalidAuthenticityToken in LoginController
HI I''m having that same exact problem while following "rails
solutions" book excercises.
the difference is that I''m still new to RoR that i couldn''t
get it to
work with <%= token_tag %>
didn''t find much on the net either.
where should i add this tag and how is it used? is there any extra
params to add to it?
in my view I have:
<%= form_tag({:controller => ''user'', :action =>
''login''},{:id
=>"login_form"})%>
<label for="user_login">Login:</label><br />
<%= text_field :user, :login %><br />
<label for="user_login">Password:</label><br />
<%= password_field :user, :password%><br />
<%= submit_tag ''Login'' %>
<% $end %>
this happened after I uncommented in environment.rb and restarted the
server
config.action_controller.session_store = :active_record_store
if it worked for you please help me out on that one.
cheers.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---