我尝试在rails 5中从头开始进行身份验证,并且在输入注册表单时我的用户信息没有被保存。 我也收到这个rails错误:ActiveModel :: ForbiddenAttributesError
@user = User.new(params [:user])
class User < ApplicationRecord attr_accessor :password before_save :encrypt_password validates_confirmation_of :password validates_presence_of :password, :on => :create validates_presence_of :email validates_uniqueness_of :email def self.authenticate(email, password) user = find_by_email(email) if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt) user else nil end end def encrypt_password if password.present? self.password_salt = BCrypt::Engine.generate_salt self.password_hash = BCrypt::Engine.hash_secret(password, password_salt) end end end <h1>Sign Up</h1> <%= form_for @user do |f| %> <% if @user.errors.any? %> <div class="error_messages"> <h2>Form is invalid</h2> <ul> <% for message in @user.errors.full_messages %> <li><%= message %></li> <% end %> </ul> </div> <% end %> <p> <%= f.label :email %><br /> <%= f.text_field :email %> </p> <p> <%= f.label :password %><br /> <%= f.password_field :password %> </p> <p> <%= f.label :password_confirmation %><br /> <%= f.password_field :password_confirmation %> </p> <p class="button"><%= f.submit %></p> <% end %> class UsersController < ApplicationController def new @user = User.new end def create @user = User.new(params[:user]) if @user.save redirect_to root_url, :notice => "Signed up!" else render "new" end end end class Post < ApplicationRecord has_secure_password endI trying to authentication from scratch in rails 5 and my user information is not being saved when entered into the signup form. I also receive this rails error: ActiveModel::ForbiddenAttributesError
@user = User.new(params[:user])
class User < ApplicationRecord attr_accessor :password before_save :encrypt_password validates_confirmation_of :password validates_presence_of :password, :on => :create validates_presence_of :email validates_uniqueness_of :email def self.authenticate(email, password) user = find_by_email(email) if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt) user else nil end end def encrypt_password if password.present? self.password_salt = BCrypt::Engine.generate_salt self.password_hash = BCrypt::Engine.hash_secret(password, password_salt) end end end <h1>Sign Up</h1> <%= form_for @user do |f| %> <% if @user.errors.any? %> <div class="error_messages"> <h2>Form is invalid</h2> <ul> <% for message in @user.errors.full_messages %> <li><%= message %></li> <% end %> </ul> </div> <% end %> <p> <%= f.label :email %><br /> <%= f.text_field :email %> </p> <p> <%= f.label :password %><br /> <%= f.password_field :password %> </p> <p> <%= f.label :password_confirmation %><br /> <%= f.password_field :password_confirmation %> </p> <p class="button"><%= f.submit %></p> <% end %> class UsersController < ApplicationController def new @user = User.new end def create @user = User.new(params[:user]) if @user.save redirect_to root_url, :notice => "Signed up!" else render "new" end end end class Post < ApplicationRecord has_secure_password end最满意答案
如果你从头开始创建确保每个控制器都有强大的参数声明,让我解释一下,在create方法中你放入User.new(user_params),user_params是我们通常放在类底部的另一种方法,我们把方法定义为def user_params,我们声明允许使用bcrypt gem的字段/数据可以传递给我们的模型,我认为该字段与下面相同
附加信息大多数rails用户使用devise gem授权用户
class UsersController < ApplicationController def create @user = User.new(user_params) # ... end private def user_params params.require(:user).permit(:username, :email, :password, :salt, :encrypted_password) end endif you create from scratch make sure for each controller you have strong parameter declaration, let me explain, inside create method you put User.new(user_params), user_params is another method that we put usually on bottom of class, we put the method def user_params, this we declare what allowed field / data that can be passed to our model since you using bcrypt gem, I think the field is same as below
additional info most of rails user using devise gem for authorization user
class UsersController < ApplicationController def create @user = User.new(user_params) # ... end private def user_params params.require(:user).permit(:username, :email, :password, :salt, :encrypted_password) end end更多推荐
发布评论