使用带有 Rails 的设计并将 authentication_keys 设置为 [:username] 时出现 401 身份验证错误
401 Auth Error when using devise with Rails and setting authentication_keys to [:username]
您好,我遇到的错误与此处的一些错误类似,但我认为根本原因不同,因为我找到的解决方案均无效。基本上我在一个小项目上使用 Rails 中的 Devise,虽然使用 sign_up 页面工作得很好(用户被放入数据库),但 sign_in 页面似乎找到用户但不将他们设置为当前用户。我从开箱即用的解决方案中唯一改变的是使用 :username 作为授权密钥而不是 :email.
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true
skip_before_action :verify_authenticity_token
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.permit(:sign_in) { |u| u.permit(:username, :password, :remember_me) }
devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:username, :email, :password, :current_password) }
end
end
在我的 initializer/devise.rb:
config.authentication_keys = [:username]
config.case_insensitive_keys = [:username]
config.strip_whitespace_keys = [:username]
用户模型
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
def email_required?
false
end
def email_changed?
false
end
def will_save_change_to_email?
false
end
end
控制台输出如下:
Started POST "/users/sign_in" for ::1 at 2020-08-11 17:12:53 +0100
Processing by Devise::SessionsController#create as HTML
Parameters: {"authenticity_token"=>"EbXx8CI0+FsF1HkNwHqsUW09BJ0HOW2lJDjWmJEc03d0AeaBOWVxNFpupUA+qLKIsiVMZ9kfbmCZidZMZIKoXA==", "user"=>{"username"=>"bob", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."username" = ORDER BY "users"."id" ASC LIMIT [["username", "bob"], ["LIMIT", 1]]
Redirected to http://localhost:3031/
Completed 302 Found in 103ms (ActiveRecord: 0.4ms | Allocations: 3788)
Started GET "/" for ::1 at 2020-08-11 17:12:53 +0100
Processing by BoardsController#index as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms | Allocations: 248)
而 Boards Controller 仅具有:
before_action :authenticate_user!
由于身份验证失败,正在重定向回 sign_in。
感谢任何建议!
把它放在这里以防其他人遇到这个问题。
如果您正在使用 Stimulus Reflex,它目前会禁用 rails cookie_store 并改为使用 cache_store。您可以切换回去:
config.session_store :cache_store
返回 rails 默认值
config.session_store :cookie_store
或运行 rails dev:cache
在您的开发环境中启用cache_store。
您好,我遇到的错误与此处的一些错误类似,但我认为根本原因不同,因为我找到的解决方案均无效。基本上我在一个小项目上使用 Rails 中的 Devise,虽然使用 sign_up 页面工作得很好(用户被放入数据库),但 sign_in 页面似乎找到用户但不将他们设置为当前用户。我从开箱即用的解决方案中唯一改变的是使用 :username 作为授权密钥而不是 :email.
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true
skip_before_action :verify_authenticity_token
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.permit(:sign_in) { |u| u.permit(:username, :password, :remember_me) }
devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:username, :email, :password, :current_password) }
end
end
在我的 initializer/devise.rb:
config.authentication_keys = [:username]
config.case_insensitive_keys = [:username]
config.strip_whitespace_keys = [:username]
用户模型
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
def email_required?
false
end
def email_changed?
false
end
def will_save_change_to_email?
false
end
end
控制台输出如下:
Started POST "/users/sign_in" for ::1 at 2020-08-11 17:12:53 +0100
Processing by Devise::SessionsController#create as HTML
Parameters: {"authenticity_token"=>"EbXx8CI0+FsF1HkNwHqsUW09BJ0HOW2lJDjWmJEc03d0AeaBOWVxNFpupUA+qLKIsiVMZ9kfbmCZidZMZIKoXA==", "user"=>{"username"=>"bob", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."username" = ORDER BY "users"."id" ASC LIMIT [["username", "bob"], ["LIMIT", 1]]
Redirected to http://localhost:3031/
Completed 302 Found in 103ms (ActiveRecord: 0.4ms | Allocations: 3788)
Started GET "/" for ::1 at 2020-08-11 17:12:53 +0100
Processing by BoardsController#index as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms | Allocations: 248)
而 Boards Controller 仅具有:
before_action :authenticate_user!
由于身份验证失败,正在重定向回 sign_in。
感谢任何建议!
把它放在这里以防其他人遇到这个问题。
如果您正在使用 Stimulus Reflex,它目前会禁用 rails cookie_store 并改为使用 cache_store。您可以切换回去:
config.session_store :cache_store
返回 rails 默认值
config.session_store :cookie_store
或运行 rails dev:cache
在您的开发环境中启用cache_store。