我的 Devise
统一登录表单不再允许我的 Tech
用户使用其用户名或电子邮件登录后实现重定向到特定页面的功能,在这种情况下是 Profiles 页面 . 我可以以 customer
登录,但我无法再以 tech
登录 . 我收到以下信息:
Invalid login or password.
我实现的另一个功能是让用户使用 usernames
或 email
签名 . 请知道每个 Devise
用户都有自己的一组控制器和视图 . 例如, customer
和 tech
有自己的自定义视图进行注册 .
-
客户:控制器/客户
-
tech:controllers / tech
如果我要删除“重定向到特定页面”功能,则所有 Devise
用户模型( customers
和 techs
)都可以正常登录 .
在使用Devise重定向功能时,如何重新获得两种用户模型的统一登录功能?
以下是用于实现每个功能的资源 .
-
How To: Allow users to sign in using their username or email address
-
How To: Redirect to a specific page on successful sign up (registration)
routes
Rails.application.routes.draw做devise_for:客户,控制器:{注册:'客户/注册'},路径:''#保持登录页面不显示:url中的customer_signup
devise_for :techs, controllers: { registrations: 'techs/registrations' }
resources :appointments, :customer_profiles, :service_menus, :services, :tech_profiles
root "home#index"
结束
这个 monkey patch
可能是我 tech
用户统一登录失败的原因 .
Unified sign in form for multiple types of Devise users.
config/initializers/devise.rb
它位于我的 devise.rb
文件的底部 .
module Strategies
class Base
def mapping
# @mapping ||= begin
mapping = Devise.mappings[scope]
raise "Could not find mapping for #{scope}" unless mapping
mapping
# end
end
end
end
end
end
我尝试过的事情 .
- 将代码
def create
从controllers/customer/sessions_controller.rb
移动到controllers/customer/registrations_controller.rb
,因为我认为这是routes
文件正在调用的内容 .
routes
devise_for :customers, controllers: { registrations: 'customers/registrations' }, path: ''
controllers/customer/registrations_controller.rb
class Customers::RegistrationsController < Devise::RegistrationsController
def create
# try to authenticate as a Customers
self.resource = warden.authenticate(auth_options)
resource_name = self.resource_name
if resource.nil?
# try to authenticate as a Tech
resource_name = :tech
request.params[:tech] = params[:customer]
self.resource = warden.authenticate!(auth_options.merge(scope: :tech))
end
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_with resource, :location => after_sign_in_path_for(resource)
end
protected
def after_sign_up_path_for(resource)
new_customer_profile_path
end
private
def sign_up_params
params.require(:customer).permit(:username, :email, :password)
end
def account_update_params
params.require(:customer).permit(:email, :password, :password_confirmation, :current_password)
end
end
编辑美国东部标准时间下午3:00 - 7-25-15
我在 customers/registrations_controller.rb
和 customers/sessions_controller.rb
之前的 resource.nil?
之前添加了 bind.pry
但没有发生任何事情 . 我甚至试图通过将 pry
拼写错误到 binding.pry123
来强制执行错误,并且在尝试以 customer
或 tech
登录时不会产生错误 . 这让我相信登录过程可能会通过另一个默认控制器进行登录 .
尝试以 tech
登录时,我在服务器日志中看到 Unpermitted parameters: login, password, remember_me
:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"SOME TOKEN", "customer"=>{"login"=>"s1@example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
Customer Load (0.3ms) SELECT `customers`.* FROM `customers` WHERE (username = 's1@example.com' OR lower(email) = lower('s1@example.com')) ORDER BY `customers`.`id` ASC LIMIT 1
Completed 401 Unauthorized in 4ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"SOME TOKEN", "customer"=>{"login"=>"s1@example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
Unpermitted parameters: login, password, remember_me
Rendered customers/shared/_links.html.erb (4.9ms)
Rendered customers/sessions/new.html.erb within layouts/application (11.5ms)
Completed 200 OK in 239ms (Views: 238.1ms | ActiveRecord: 0.0ms)
编辑2015年7月27日晚上11:20
我未能包括以下与Devise相关的文件 .
application controller
require "customer_sanitizer.rb"
require "tech_sanitizer.rb"
protected
def devise_parameter_sanitizer
if resource_class == Customer
CustomerParameterSanitizer.new(Customer, :customer, params)
elsif resource_class == Tech
TechParameterSanitizer.new(Tech, :tech, params)
else
super
end
end
lib/customer_sanitizer.rb
class CustomerParameterSanitizer < Devise::ParameterSanitizer
def sign_up
default_params.permit(:username, :email, :password, :password_confirmation, :current_password)
end
def sign_in
default_params.permit(:username, :email)
end
def account_update
default_params.permit(:email, :password, :password_confirmation, :current_password)
end
end
lib/tech_sanitizer.rb
class TechParameterSanitizer < Devise::ParameterSanitizer
def sign_up
default_params.permit(:username, :email, :password, :password_confirmation, :current_password)
end
def sign_in
default_params.permit(:username, :email)
end
def account_update
default_params.permit(:email, :password, :password_confirmation, :current_password)
end
end
如果我在路线中启用此功能:
devise_for :customers, controllers: { sessions: 'customers/sessions' }
devise_for :techs, controllers: { sessions: 'techs/sessions }
...我可以使用统一登录 . 但是,如果我要注册,它将不会重定向到自定义配置文件页面 .
注释掉以前的路线设置并启用此功能:
devise_for :customers, controllers: { registrations: 'customers/registrations' }
devise_for :techs, controllers: { registrations: 'techs/registrations' }
...我可以注册一个帐户,然后在注册成功后重定向到自定义 Profiles 页面,但我失去了统一登录的能力 .
根据日志,它说明了未经许可的参数 . 有没有可以覆盖/列入强大的警报?
如果有统一登录字段的任何其他实用解决方案,请让我知道 user
可以使用他们的电子邮件或用户名登录 . 还可以在注册后转到自定义配置文件页面 .