我正在尝试通过rails教程,并遇到了一个问题。 在调试它的过程中,我遇到了这种奇怪的行为,我认为这与我的问题有关。
>rails console DL is deprecated, please use Fiddle Loading development environment (Rails 3.2.16) irb(main):001:0> app.cookies['foo'] = 'bar' => "bar" irb(main):002:0> app.cookies['remember_token'] = 'foobar' => "foobar" irb(main):003:0> app.cookies['foo'] => "bar" irb(main):004:0> app.cookies['remember_token'] => "foobar" irb(main):005:0> app.put app.root_url User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" IS NULL LIMIT 1 CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" IS NULL LIMIT 1 => 200 irb(main):006:0> app.cookies['foo'] => "bar" irb(main):007:0> app.cookies['remember_token'] => ""请注意在put之后cookies ['foo']如何设置为'bar',但cookies ['remember_token']设置为“”
任何人都可以解释这里可能发生的事情吗? 我在模型中有一个“remember_token”列,但我不知道它应该如何发挥作用。
这是模型:
class User < ActiveRecord::Base attr_accessible :email, :name, :password, :password_confirmation has_secure_password validates :name, presence: true, length: { maximum: 50 } VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false } validates :password, presence: true, length: { minimum: 6 } validates :password_confirmation, presence: true before_save { email.downcase! } before_save :create_remember_token private def create_remember_token puts "in create remember_token" #added for debug self.remember_token = SecureRandom.urlsafe_base64 puts remember_token #added for debug end end这是数据库:
ActiveRecord::Schema.define(:version => 20140111165943) do create_table "users", :force => true do |t| t.string "name" t.string "email" t.datetime "created_at", :null => false t.datetime "updated_at", :null => false t.string "password_digest" t.string "remember_token" end add_index "users", ["email"], :name => "index_users_on_email", :unique => true add_index "users", ["remember_token"], :name => "index_users_on_remember_token" end我原来的问题与测试失败有关,可以在这里找到
更新:找到这种奇怪行为的来源
当我开始将代码组合在一起以显示完整的控制器时(根据评论中的要求),很明显这将成为我问题的根源。
class ApplicationController < ActionController::Base protect_from_forgery include SessionsHelper # Force signout to prevent CSRF attacks def handle_unverified_request sign_out super end end这是sign_out方法(在我的sessions_helper中)
def sign_out puts "in sign out" cookies.delete :remember_token self.current_user = nil end我在sign_out方法中添加了一个put,看到它只是在执行put(但不是get)时被调用。 现在我必须回到教程,看看我一定做错了什么。
I am trying to work through the rails tutorial, and ran into a problem. In the process of debugging it I ran into this strange behavior, which I think is related to my problem.
>rails console DL is deprecated, please use Fiddle Loading development environment (Rails 3.2.16) irb(main):001:0> app.cookies['foo'] = 'bar' => "bar" irb(main):002:0> app.cookies['remember_token'] = 'foobar' => "foobar" irb(main):003:0> app.cookies['foo'] => "bar" irb(main):004:0> app.cookies['remember_token'] => "foobar" irb(main):005:0> app.put app.root_url User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" IS NULL LIMIT 1 CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" IS NULL LIMIT 1 => 200 irb(main):006:0> app.cookies['foo'] => "bar" irb(main):007:0> app.cookies['remember_token'] => ""Notice how cookies['foo'] remains set to 'bar' after a put, but cookies['remember_token'] gets set to ""
Can anyone explain what might be going on here? I do have a column "remember_token" in the model, but I don't see how that should come into play.
Here is the model:
class User < ActiveRecord::Base attr_accessible :email, :name, :password, :password_confirmation has_secure_password validates :name, presence: true, length: { maximum: 50 } VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false } validates :password, presence: true, length: { minimum: 6 } validates :password_confirmation, presence: true before_save { email.downcase! } before_save :create_remember_token private def create_remember_token puts "in create remember_token" #added for debug self.remember_token = SecureRandom.urlsafe_base64 puts remember_token #added for debug end endand here is the database :
ActiveRecord::Schema.define(:version => 20140111165943) do create_table "users", :force => true do |t| t.string "name" t.string "email" t.datetime "created_at", :null => false t.datetime "updated_at", :null => false t.string "password_digest" t.string "remember_token" end add_index "users", ["email"], :name => "index_users_on_email", :unique => true add_index "users", ["remember_token"], :name => "index_users_on_remember_token" endMy original question was related to test failures , and can be found here
Update: Found source of this strange behavior
As I began to get together the code to show the full controller (as requested in the comment), it became clear that this was going to be the source of my problem.
class ApplicationController < ActionController::Base protect_from_forgery include SessionsHelper # Force signout to prevent CSRF attacks def handle_unverified_request sign_out super end endand here is the sign_out method (in my sessions_helper)
def sign_out puts "in sign out" cookies.delete :remember_token self.current_user = nil endI added a puts in the sign_out method and saw that it was called as soon as a did a put (but not a get). Now I have to back to the tutorial and see what I must have done wrong.
最满意答案
这里的问题是在handle_unverified_request中使用protect_from_forgery和sign_out方法的结果。 有关详细信息,请参阅问题末尾的更新
The issue here was a result of having protect_from_forgery on and a sign_out method in handle_unverified_request. See the update at the end of the question for the details
更多推荐
发布评论