John Merlino
2011-Feb-25 19:51 UTC
User successfully authenticates but is not logged in as current_user in session?
Hey all,
When someone is on my login page, I have this:
<% form_for :user, :url => { :action => "login" } do |f|
%>
<%= f.label(:user_email, "User Email")%>
<%= f.text_field(:email) %><br/>
<%= f.label(:user_password, "User Password")%>
<%= f.password_field(:password) %><br/>
<%= f.submit("Login") %>
<%= link_to ''Register'', :action =>
''signup'' %> |
<%= link_to ''Forgot my password'', :action =>
''forgot_password'' %>
<% end %>
<%= flash_helper %>
Note that flash_helper method calls this method in ApplicationHelper
module:
def flash_helper
f_names = [:notice, :warning, :message]
fl = ''''
for name in f_names
if flash[name]
fl = fl + "<div
class=\"notice\">#{flash[name]}</div>"
end
flash[name] = nil;
end
return fl
end
During a post request to server, I call the authenticate class method on
User class, passing in two parameters, an email string and password:
def login
if request.post?
if session[:user] = User.authenticate(params[:user][:email],
params[:user][:password])
flash[:message] = "Login successful"
redirect_to :root
else
flash[:warning] = "Login unsuccessful"
end
end
end
authenticate is executed:
def self.authenticate(email, pass)
u=find(:first, :conditions=>["email = ?", email])
return nil if u.nil?
return u if User.encrypt(pass,
u.password_salt)==u.encrypted_password
nil
end
It does some sql, finds the user, and then if it finds matching email
address we call encrypt:
def self.encrypt(pass, salt)
Digest::SHA2.hexdigest(pass+salt)
end
which basically checks if the password and salt for that record match
the one for that record in the encrypted_password field of users table.
So everything works and user is returned to home page. (Note that I also
tested a wrong apssword and system correctly gave flash error)
But here''s the problem. When returned to home page, the user still does
not become current user!
Because I have this in my home page:
<% if current_user %>
<%= link_to "Logout", logout_path %>
<% else %>
<%= link_to "Create Account", signup_path %>
<%= link_to "Login", login_path %>
<% end %>
And it continues to shop me the login link rather than loggout, menaing
the system has not captured the record that just signed in as the
current_user. I am not sure why?
I have this in application controller:
def current_user
@current_user ||= session[:user_id] && User.find(session[:user_id])
end
So I presume that when the login process occurs the user id is stored in
session, and assigned to current_user. but apparently it''s not because
when signing in the if current_user block returns false and it triggers
the else statement instead.
Thanks for response.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2011-Feb-25 19:58 UTC
Re: User successfully authenticates but is not logged in as current_user in session?
On Feb 25, 7:51 pm, John Merlino <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> def login > if request.post? > if session[:user] = User.authenticate(params[:user][:email],This is storing stuff in session[:user]> > def current_user > @current_user ||= session[:user_id] && User.find(session[:user_id]) > endand this is checking session[:user_id]. Furthermore one appears to be storing an actual user object whereas your other piece of code seems to be expecting there to be just an id. Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
John Merlino
2011-Feb-25 20:13 UTC
Re: User successfully authenticates but is not logged in as current_user in session?
> and this is checking session[:user_id]. Furthermore one appears to be > storing an actual user object whereas your other piece of code seems > to be expecting there to be just an id. > > FredYou''re right! Thanks. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.