I just upgraded from restful_authentication to devise, and before I found out there was a wiki on how to do this properly, I removed all traces of restful_authentication from my app, then installed Devise like I normally would. The issue I''m getting is I create an account, and when I confirm it, I get logged in. Once I log out and try to log back in, I get invalid username or email. I manually update my password, and I get the same error. I read this article http://jambu.posterous.com/invalid-username-and-password-in-migration-fr but that didn''t solve the issue. My user model class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :token_authenticatable, :confirmable, :lockable I tried adding :encryptable, :encryptor => :restful_authentication_sha1 but I get the same issue with or without this. I have no restful_authentication code in the app anymore, and have no idea what else to do... Any ideas? Thanks, ~Jeremy -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
ok, so more on this. I can say "I forgot my password", have the reset password email sent, and change the password. It will then log me in. If I click "logout", then "login" and use that password, it will fail. Here is my sessions controller: class SessionsController < Devise::SessionsController before_filter :load_ads, :only => [:new] protected def load_ads @ads = Advertiser.order("RAND()").limit(2) end end my routes contain devise_for :users, :controllers => { :sessions => :sessions, :registrations => :users } do get ''/login'' => ''sessions#new'', :as => :login get ''/logout'' => ''sessions#destroy'', :as => :logout end Here is my login form <%= form_for("user", :url => user_session_path) do |f| %> <div class="field"> <%= f.label(:email, :class => ''label'') %><br /> <%= f.text_field(:email) %> </div> <div class="field"> <%= f.label(:password, :class => ''label'') %> <%= f.password_field(:password) %> </div> <div class="field"> <%= f.check_box :remember_me %> <%= f.label :remember_me %> <p><%= f.submit(''Sign in'') %></p> </div> <br clear="all" /> <% end %> -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Not knowing, but as a guess I''d look at the way passwords are being encrypted. When you log in the first time, it probably doesn''t get your password out of the database. So, do the encryption and decryption match? Are you correctly using the salt? Just a shot in the dark... On Mon, May 16, 2011 at 1:20 AM, Jeremy Woertink <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> ok, so more on this. > > I can say "I forgot my password", have the reset password email sent, > and change the password. It will then log me in. If I click "logout", > then "login" and use that password, it will fail. > > Here is my sessions controller: > > class SessionsController < Devise::SessionsController > > before_filter :load_ads, :only => [:new] > > protected > > def load_ads > @ads = Advertiser.order("RAND()").limit(2) > end > > end > > my routes contain > > devise_for :users, :controllers => { :sessions => :sessions, > :registrations => :users } do > get ''/login'' => ''sessions#new'', :as => :login > get ''/logout'' => ''sessions#destroy'', :as => :logout > end > > Here is my login form > > <%= form_for("user", :url => user_session_path) do |f| %> > <div class="field"> > <%= f.label(:email, :class => ''label'') %><br /> > <%= f.text_field(:email) %> > </div> > <div class="field"> > <%= f.label(:password, :class => ''label'') %> > <%= f.password_field(:password) %> > </div> > <div class="field"> > <%= f.check_box :remember_me %> > <%= f.label :remember_me %> > <p><%= f.submit(''Sign in'') %></p> > </div> > <br clear="all" /> > <% end %> > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Paul wrote in post #999045:> Not knowing, but as a guess I''d look at the way passwords are being > encrypted. When you log in the first time, it probably doesn''t get > your password out of the database. So, do the encryption and > decryption match? Are you correctly using the salt? > > Just a shot in the dark...Thanks for the reply. I''ve narrowed it down a bit. I decided to not override the sessions controller with my own, and using devise''s default view and controller, I can sign in fine. I''ve commented out the before filter on my custom sessions controller, and copied the whole form from the devise view to my custom view. Still can''t log in. Weird thing though is that no password_salt is being created for my users.... So maybe a new question. I do need to override the registrations controller because I''m doing all kinds of stuff when a user is created. Is there a "best practices" way of using devise and doing that? Right now it''s just doing @user = User.new(params[:user]) @user.save! if there a User.new_with_cool_devise_stuff(params[:user]) ?? Thanks ~Jeremy -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> I just upgraded from restful_authentication to devise, and before I > found out there was a wiki on how to do this properly, I removed all > traces of restful_authentication from my app, then installed Devise like > I normally would. > > The issue I''m getting is I create an account, and when I confirm it, I > get logged in. Once I log out and try to log back in, I get invalid > username or email. I manually update my password, and I get the same > error.I had something similar when I ripped out Authlogic and wrote my own. If I tried to log in to a pre-existing user account, instead of just telling me the password was incorrect (which is what I expected) it would give me an invalid salt error. I suppose I could''ve coded around it, but since I was in early test mode I found it easier to just delete the two or three old users and have my new authentication handle the new salt/encryption mechanism. I would tend to concur with Paul. When you create a user, you are likely not logging that user in using the same encryption method as when you just log in. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.