Reputation: 123
Rails authentication not reacting to wrong username or password
I am building a rails app that requires a log in. I have only one user set up and anytime I enter an incorrect user or password, it does nothing but appends "utf8=✓&authenticity_token=TnSbSndhlfVfO6VLpeGLWgkCdrcXvMFD6gUVyCRax64%3D&email=&password=&commit=Submit" to the URL. I have it set up to say "Invalid username or password" but it's doing nothing. I need it to authenticate and direct the user to the next page. It's not taking me to the next page with the correct username and password either. It just appends that string to the URL and does nothing else. I am new to this so apologies if I'm not being clear enough. Here's my code:
user.rb
class User < ActiveRecord::Base
attr_accessible :email, :password, :password_confirmation
attr_accessor :password
before_save :encrypt_password
validates_confirmation_of :password
validates_presence_of :password, :on => :create
validates_presence_of :email
validates_uniqueness_of :email
def self.authenticate(email, password)
user = find_by_email(email)
if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
user
else
nil
end
end
def encrypt_password
if password.present?
self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
end
end
end
appplication_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user
before_filter :require_login
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def require_login
unless current_user
redirect_to log_in_path, :notice => "Please log in to access this page."
end
end
end
sessions_controller.rb
class SessionsController < ApplicationController
skip_before_filter :require_login
def new
end
def create
user = User.authenticate(params[:email], params[:password])
if user
session[:user_id] = user_id
redirect_to stats_path, :notice => "Welcome"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, :notice => "Logged out"
end
end
form view html
<h2 class="form-signin-heading">Log In</h2>
<form class="form-signin">
<%= form_tag sessions_path do %>
<% flash.each do |name, msg| %>
<%= content_tag :div, msg, class: name %>
<% end %>
<%= text_field_tag :email, params[:email], :placeholder => "Email address", :class => "form-control" %><br />
<%= password_field_tag :password, params[:password], :placeholder => "Password", :class => "form-control" %><br />
<%= submit_tag "Submit", :class => "btn btn-lg btn-primary btn-block" %>
<% end %>
</form>
Upvotes: 0
Views: 686
Answers (1)
Reputation: 6840
You seem to be missing the ERB in your view to display the flash message. Example:
<% flash.each do |name, msg| -%>
<%= content_tag :div, msg, class: name %>
<% end -%>
See this rails guide for more details...
Upvotes: 1
Related Questions
- Rails password_confirmation not working
- Password security problems
- Can't log in with a valid password using Authlogic and Ruby on Rails?
- Error on User Authentication not working
- Ruby on Rails Authlogic password not valid
- Rails basic auth not working properly
- Rails sign in form don't accept password
- Rails HTTP Basic Authentication Failure
- Controller test fails for rails user authentication
- Authlogic and acts_as_authentic problem