Hi, The user/login management system in Chapter 31: Authenticating Your Users and Chapter 32: Authorizing Users with Roles of Chad Fowler''s Rails Recipes looks reasonable and adequate. However, when I ran the Chapter 31 code, I get the following error: Username or password invalid And I am not even given the chance to sign in; that is, the signin form does not appear at all. Has anyone tried this code and encountered the same error message and how did you correct it? Thanks for the help, gk -- Posted via http://www.ruby-forum.com/.
Gene Kahn wrote:>I get the following error: > > Username or password invalid > > And I am not even given the chance to sign in; that is, the signin form > does not appear at all.Don''t have the book in front of me but my guess is that you''re stuck in an infinite loop: you need to set a before filter on the controller and then specify which action to not use the filter on: class LoginController < ActionController::Base before_filter :authenticate, :except => "signin" def signin #code for signin form here end end http://rubyonrails.com/rails/classes/ActionController/Filters/ClassMethods.html -- Posted via http://www.ruby-forum.com/.
Greg wrote:> Gene Kahn wrote: >>I get the following error: >> >> Username or password invalid >> >> And I am not even given the chance to sign in; that is, the signin form >> does not appear at all. > > Don''t have the book in front of me but my guess is that you''re stuck in > an infinite loop: you need to set a before filter on the controller and > then specify which action to not use the filter on: > > class LoginController < ActionController::Base > before_filter :authenticate, :except => "signin" > def signin > #code for signin form here > end > end > > http://rubyonrails.com/rails/classes/ActionController/Filters/ClassMethods.htmlHi, Thanks for the reply. The before_filter is in the code: class AdminController < ApplicationController before_filter :check_authentication, :except => [:signin] def check_authentication unless session[:user] session[:intended_action] = action_name session[:intended_controller] = controller_name redirect_to :action => "signin" end end ... end gk -- Posted via http://www.ruby-forum.com/.
Perhaps :except => :signin instead of :except => [:signin] On 7/7/06, Gene Kahn <kublaikhan55@hotmail.com> wrote:> Greg wrote: > > Gene Kahn wrote: > >>I get the following error: > >> > >> Username or password invalid > >> > >> And I am not even given the chance to sign in; that is, the signin form > >> does not appear at all. > > > > Don''t have the book in front of me but my guess is that you''re stuck in > > an infinite loop: you need to set a before filter on the controller and > > then specify which action to not use the filter on: > > > > class LoginController < ActionController::Base > > before_filter :authenticate, :except => "signin" > > def signin > > #code for signin form here > > end > > end > > > > http://rubyonrails.com/rails/classes/ActionController/Filters/ClassMethods.html > > Hi, > Thanks for the reply. > The before_filter is in the code: > > class AdminController < ApplicationController > > before_filter :check_authentication, :except => [:signin] > > def check_authentication > unless session[:user] > session[:intended_action] = action_name > session[:intended_controller] = controller_name > redirect_to :action => "signin" > end > end > ... > end > > gk > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On 7/7/06, Gene Kahn <kublaikhan55@hotmail.com> wrote:> Hi, > The user/login management system in Chapter 31: Authenticating Your > Users and Chapter 32: Authorizing Users with Roles of Chad Fowler''s > Rails Recipes looks reasonable and adequate. However, when I ran the > Chapter 31 code, I get the following error: > > Username or password invalid > > And I am not even given the chance to sign in; that is, the signin form > does not appear at all. > > Has anyone tried this code and encountered the same error message and > how did you correct it?Not being able to see your code, I can''t really say what you''re doing wrong. I have used those two recipes in the past and they worked just fine. However, it''s possible that I spotted an error and just don''t remember doing so. Again, more info will help people help you. -- James
TJ Stankus wrote:> Perhaps :except => :signin instead of :except => [:signin]Hi, Tried that one, but it didn''t help. The application trace says: - - - Username or password invalid RAILS_ROOT: ./script/../config/.. Application Trace | Framework Trace | Full Trace #{RAILS_ROOT}/app/models/user.rb:19:in `authenticate'' #{RAILS_ROOT}/app/controllers/admin_controller.rb:19:in `signin'' - - - It does look like it is going through authentication, even given the advice not to. Here''s the controller: class AdminController < ApplicationController before_filter :check_authentication, :except => :signin def check_authentication unless session[:user] session[:intended_action] = action_name session[:intended_controller] = controller_name redirect_to :action => "signin" end end def signin session[:user] = User.authenticate(params[:username], params[:password]).id redirect_to :action => session[:intended_action], :controller => session[:intended_controller] end end Line 19 of user.rb is the raise command below: - - - require ''digest/sha2'' class User < ActiveRecord::Base validates_uniqueness_of :username def password=(pass) salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp self.password_salt, self.password_hash salt, Digest::SHA256.hexdigest(pass + salt) end def self.authenticate(username, password) user = User.find(:first, :conditions => [''username = ?'', username]) if user.blank? || Digest::SHA256.hexdigest(password + user.password_salt) != user.password_hash raise "Username or password invalid" end user end end - - - And signin.rhtml is: - - - <html> <head> <title>Signin for Admin Access</title> </head> <body> <%= start_form_tag :action => "signin" %> <label for = "username">Username:</label> <%= text_field_tag "username" %><br /> <label for = "password">Password:</label> <%= password_field_tag "password" %><br /> <%= submit_tag "Signin" %> <%= end_form_tag%> </body> </html> - - - I cleared the browser cache. I took out #before_filter :check_authentication, :except => :signin to see if it will take me to the signin screen, but, no, it didn''t. So there is something fundamentally wrong with my setup. Thanks for any help, gk -- Posted via http://www.ruby-forum.com/.
I am also having this exact same problem with Chad Fowler''s "Rails Recipes", recipe 31. Gene, did you ever figure out why it throws up an error that says:> Username or password invalid? If anyone has any insight on this, I''d love to hear it. I even threw the authentication stuff into my application.rb, so it would password protect all of my controllers, but I still get the same error whenever I try to go anywhere in my app. Dave> - - - > > I cleared the browser cache. I took out > > #before_filter :check_authentication, :except => :signin > > to see if it will take me to the signin screen, but, no, it didn''t. So > there is something fundamentally wrong with my setup. > Thanks for any help, > gk-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
> class AdminController < ApplicationController > > before_filter :check_authentication, :except => [:signin] > > def check_authentication > unless session[:user] > session[:intended_action] = action_name > session[:intended_controller] = controller_name > redirect_to :action => "signin" > end > end > ... > endI have that puppy working. But I remember running into osmething similar. When in doubt...debugging print statements are your friend. I know this because I see that I used a couple in my application. :-) Sooooo... 1. Put a print statement at the beginning of each and see when they are being run. 2. redirect_to(:action => "signin") is what I have. Don''t know if it''s going to really matter....sometimes it''s a quirk. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Thanks Steve! One quick clarification. I''m a bit of a n00b, so what do you mean by putting a print statement at the beginning of each? Could you show me an example print statement and define "each"? Thanks again!! Dave> I have that puppy working. But I remember running into osmething > similar. When in doubt...debugging print statements are your friend. I > know this because I see that I used a couple in my application. :-) > > Sooooo... > > 1. Put a print statement at the beginning of each and see when they are > being run. >-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
>> I have that puppy working. But I remember running into osmething >> similar. When in doubt...debugging print statements are your friend. I >> know this because I see that I used a couple in my application. :-) >> >> Sooooo... >> >> 1. Put a print statement at the beginning of each and see when they are >> being run. >>Just FYI...I started in RoR 3 weeks ago. :-) Luckily I''ve been able to ignore my bosses and work with it almost exclusively the whole time. Since I''m lazy I usually have some sort of simple debugging function floating around on most projects. Here''s my current one: def db(msg) d = get_config_setting("debug") if ( !d.nil? and d == "true" ) logger.debug("d***** #{msg} *****") end end This allows me to print out whatever I want by simply calling db("My stupid message") For ease of use just set up your logger and initially don''t worry about creating a configuruation yaml file. (Though I have that laying around somewhere as well.) So at intervals (Beginning, ending, etc...) in your procedures you can put the db("") and figure out what is being called...as well as with what values. Debugging by print statements. Sometimes it''s easiest to fall back on the simplest methods for finding bugs. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Thanks for the help; I''ll definitely give it a try; I''ve
already
copy/pasted your code and am excited to give it a whirl. One last
question, if it''s okay: when I get the error (the RuntimeError that
actually says "Username or password invalid.") the application trace
mentions model line 9 (the line that says username or password invalid)
and application.rb line 15 (the one right after def signin:
def signin
session[:user] = User.authenticate(params[:username],
params[:password]).id
redirect_to :action => session[:intended_action],
:controller => session[:intended_controller]
end
Does everything look normal to you, compared to what you did? I just
want to double check before I start doing line-by-line testing.
Thanks again! Your help is definitely appreciated!
Dave
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
Define this method in a module. Then do a "require" in a superclass and now you can use it in any of the sub-classes without explicit require statement.> def db(msg) > d = get_config_setting("debug") > if ( !d.nil? and d == "true" ) > logger.debug("d***** #{msg} *****") > end > end > > This allows me to print out whatever I want by simply calling > > db("My stupid message") >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Dave A. wrote:> session[:user] = User.authenticate(params[:username],Put a logging statement and see what''s in that parameter field. At a guess it''s blank and you are still validating it. Hence the error. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I put this in a utilities.db file while I''m debugging:
require ''pp''
def dbg *args
if ENV[''RAILS_ENV''] == ''test''
stack = caller(1).slice(0, 4)
$stdout << "==========================\n"
pp(*args)
pp stack
else
def dbg(*args)
end
end
end
I''ll frequently change the slice size for the stack trace (0 to large)
depending on what I''m doing, or add little snippets of code to do
particular
things with args. I think of it more like a debugger macro than actual
code.
Defining dbg (or whatever you want to call it) for all objects means you
don''t have to put in include statements, making it slightly easier to
remove
when you''re no longer debugging.
I usually don''t use the logger for debugging printf. Most of the time
I
want to see those debug statements on stdout/stderr when I''m running
tests,
and if I''m not running tests I don''t care about them.
- James Moore
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---