轨道4 +设计3.0 - 使用用户名和电子邮件验证(Rails 4 + Devise 3.0 -

2019-10-19 00:36发布

我试图让用户与它们的用户名或电子邮件地址登录。

按这里: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address

当过我尝试使用任何电子邮件或此登录登录登录:

Started POST "/users/sign_in" for 192.168.2.8 at 2013-11-22 10:11:50 +0800
Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"â", "authenticity_token"=>"WVTOKWQ8yJAJSu3NmXi3skJ8UC8zXY7qGZj7qbM3cr0=", "user"=>{"email"=>"testuser", "password"=>"password"}, "commit"=>"Sign in"}
  User Load (3.3ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'testuser' ORDER BY "users"."id" ASC LIMIT 1
Completed 401 Unauthorized in 20ms
Processing by Devise::SessionsController#new as HTML
  Parameters: {"utf8"=>"â", "authenticity_token"=>"WVTOKWQ8yJAJSu3NmXi3skJ8UC8zXY7qGZj7qbM3cr0=", "user"=>{"email"=>"rtype", "password"=>"password"}, "commit"=>"Sign in"}
  Rendered devise/sessions/new.html.erb within layouts/application (6.4ms)
Completed 200 OK in 80ms (Views: 62.6ms | ActiveRecord: 0.0ms)

其怪异的SQL是不检查的用户名,所以可能对用户的呼叫是错误的,但它究竟来自色器件文档。

我已阅读以下内容:

添加用户名制定轨道4 使用设计和Rails 4登录与用户名

我还审查了监狱长代码和代码色器件尝试和探索,如果我重写的用户错误的方法。

任何想法,为什么它不与用户名认证,与电子邮件,当它呢?

ApplicationController.rb

class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected
    def configure_permitted_parameters
      devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
      devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :remember_me) }

      # Need to add other user fields like gender etc.
      devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:email, :password, :password_confirmation, :current_password)}
    end
end

User.rb

class User < ActiveRecord::Base

  devise :database_authenticatable, :registerable, :confirmable, :encryptable, :recoverable, :rememberable, :trackable, :validatable

  attr_accessor :login # This is used to add the login for allowing user to sign in with both email or username

  # Validations
  validates :username, presence: true, length: {maximum: 255}, uniqueness: { case_sensitive: false }, format: { with: /\A[a-zA-Z0-9]*\z/, message: "may only contain letters and numbers." }

  # Overwrite devise’s find_for_database_authentication method in user model
  def self.find_first_by_auth_conditions(warden_conditions)
    conditions = warden_conditions.dup
    if login = conditions.delete(:username)
      where(conditions).where(["lower(username) = :value OR lower(email) = :value", { :value => login.downcase }]).first
    else
      where(conditions).first
    end
  end
end

new.html

<fieldset>
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name),  :html => { :class => 'form-horizontal' }) do |f| %>
  <div class="control-group">
    <%= f.label :login, "Email or Username" %>
    <div class="controls"><%= f.text_field :login, :autofocus => true %></div>
  </div>

  <div class="control-group">
    <%= f.label :password %>
    <div class="controls"><%= f.password_field :password %></div>
  </div>

  <div class="form-actions">
    <%= f.submit "Sign in", :class => "btn btn-primary", data: { disable_with: 'Working...' } %>  <%= link_to "Forgot password?", new_password_path(resource_name), :class => "btn" %>
  </div>
<% end %>
</fieldset>

Devise.rb

config.secret_key = 'Omitted for security'
config.mailer_sender = 'Omitted for security'
config.case_insensitive_keys = [ :email ]
config.strip_whitespace_keys = [ :email ]
config.skip_session_storage = [:http_auth]
config.stretches = Rails.env.test? ? 1 : 10
config.reconfirmable = true
config.password_length = 8..128
config.reset_password_within = 6.hours
config.encryptor = :sha512
config.sign_out_via = :delete

Answer 1:

您需要添加

config.authentication_keys = [ :login ]

devise.rb内

此外,如果你想使用登录复位密码或进行确认键,你还应该添加在同一文件中:

config.reset_password_keys = [ :login ]
config.confirmation_keys = [ :login ]

您还需要您的application_controller内白名单的登录参数。 在new.html鉴于你有一个登录表单,所以你必须接受的sign_in而不是用户名和电子邮件参数登录参数。

devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :password, :remember_me) }


文章来源: Rails 4 + Devise 3.0 - Authenticate using username and email