Rails - 为多种类型的Devise用户统一登录表单

我的 Devise 统一登录表单不再允许我的 Tech 用户使用其用户名或电子邮件登录后实现重定向到特定页面的功能，在这种情况下是 Profiles 页面 . 我可以以 customer 登录，但我无法再以 tech 登录 . 我收到以下信息：

Invalid login or password.

我实现的另一个功能是让用户使用 usernames 或 email 签名 . 请知道每个 Devise 用户都有自己的一组控制器和视图 . 例如， customer 和 tech 有自己的自定义视图进行注册 .

• 客户：控制器/客户

• tech：controllers / tech

如果我要删除“重定向到特定页面”功能，则所有 Devise 用户模型（ customers 和 techs ）都可以正常登录 .

在使用Devise重定向功能时，如何重新获得两种用户模型的统一登录功能？

以下是用于实现每个功能的资源 .

• How To: Allow users to sign in using their username or email address

• Unified sign in form for multiple types of Devise users.

• How To: Redirect to a specific page on successful sign up (registration)

routes

Rails.application.routes.draw做devise_for：客户，控制器：{注册：'客户/注册'}，路径：''＃保持登录页面不显示：url中的customer_signup

devise_for :techs, controllers: { registrations: 'techs/registrations' }

resources :appointments, :customer_profiles, :service_menus, :services, :tech_profiles
root "home#index"

结束

这个 monkey patch 可能是我 tech 用户统一登录失败的原因 .

Unified sign in form for multiple types of Devise users.

config/initializers/devise.rb

它位于我的 devise.rb 文件的底部 .

module Strategies
      class Base
        def mapping
          # @mapping ||= begin
            mapping = Devise.mappings[scope]
            raise "Could not find mapping for #{scope}" unless mapping
            mapping
          # end
        end
      end
    end
  end

end

我尝试过的事情 .

• 将代码 def create 从 controllers/customer/sessions_controller.rb 移动到 controllers/customer/registrations_controller.rb ，因为我认为这是 routes 文件正在调用的内容 .

routes

devise_for :customers, controllers: { registrations: 'customers/registrations' }, path: ''

controllers/customer/registrations_controller.rb

class Customers::RegistrationsController < Devise::RegistrationsController

  def create
    # try to authenticate as a Customers
    self.resource = warden.authenticate(auth_options)
    resource_name = self.resource_name

    if resource.nil?
      # try to authenticate as a Tech
      resource_name = :tech
      request.params[:tech] = params[:customer]

      self.resource = warden.authenticate!(auth_options.merge(scope: :tech))
    end

    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)
    respond_with resource, :location => after_sign_in_path_for(resource)
  end

  protected
    def after_sign_up_path_for(resource)
      new_customer_profile_path
    end

  private

  def sign_up_params
    params.require(:customer).permit(:username, :email, :password)
  end

  def account_update_params
    params.require(:customer).permit(:email, :password, :password_confirmation, :current_password)
  end
end

编辑美国东部标准时间下午3:00 - 7-25-15

我在 customers/registrations_controller.rb 和 customers/sessions_controller.rb 之前的 resource.nil? 之前添加了 bind.pry 但没有发生任何事情 . 我甚至试图通过将 pry 拼写错误到 binding.pry123 来强制执行错误，并且在尝试以 customer 或 tech 登录时不会产生错误 . 这让我相信登录过程可能会通过另一个默认控制器进行登录 .

尝试以 tech 登录时，我在服务器日志中看到 Unpermitted parameters: login, password, remember_me ：

Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"SOME TOKEN", "customer"=>{"login"=>"s1@example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
  Customer Load (0.3ms)  SELECT  `customers`.* FROM `customers` WHERE (username = 's1@example.com' OR lower(email) = lower('s1@example.com'))  ORDER BY `customers`.`id` ASC LIMIT 1

Completed 401 Unauthorized in 4ms

Processing by Devise::SessionsController#new as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"SOME TOKEN", "customer"=>{"login"=>"s1@example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}

Unpermitted parameters: login, password, remember_me

  Rendered customers/shared/_links.html.erb (4.9ms)
  Rendered customers/sessions/new.html.erb within layouts/application (11.5ms)
Completed 200 OK in 239ms (Views: 238.1ms | ActiveRecord: 0.0ms)

编辑2015年7月27日晚上11:20

我未能包括以下与Devise相关的文件 .

application controller

require "customer_sanitizer.rb"
  require "tech_sanitizer.rb"

  protected

  def devise_parameter_sanitizer
    if resource_class == Customer
      CustomerParameterSanitizer.new(Customer, :customer, params)
    elsif resource_class == Tech
      TechParameterSanitizer.new(Tech, :tech, params)
    else
      super
    end
  end

lib/customer_sanitizer.rb

class CustomerParameterSanitizer < Devise::ParameterSanitizer

  def sign_up
    default_params.permit(:username, :email, :password, :password_confirmation, :current_password)
  end

  def sign_in
    default_params.permit(:username, :email)
  end

  def account_update
    default_params.permit(:email, :password, :password_confirmation, :current_password)
  end

end

lib/tech_sanitizer.rb

class TechParameterSanitizer < Devise::ParameterSanitizer

  def sign_up
    default_params.permit(:username, :email, :password, :password_confirmation, :current_password)
  end

  def sign_in
    default_params.permit(:username, :email)
  end

  def account_update
    default_params.permit(:email, :password, :password_confirmation, :current_password)
  end

 end

如果我在路线中启用此功能：

devise_for :customers, controllers: { sessions: 'customers/sessions' }
devise_for :techs, controllers: { sessions: 'techs/sessions }

...我可以使用统一登录 . 但是，如果我要注册，它将不会重定向到自定义配置文件页面 .

注释掉以前的路线设置并启用此功能：

devise_for :customers, controllers: { registrations: 'customers/registrations' }
devise_for :techs, controllers: { registrations: 'techs/registrations' }

...我可以注册一个帐户，然后在注册成功后重定向到自定义 Profiles 页面，但我失去了统一登录的能力 .

根据日志，它说明了未经许可的参数 . 有没有可以覆盖/列入强大的警报？

如果有统一登录字段的任何其他实用解决方案，请让我知道 user 可以使用他们的电子邮件或用户名登录 . 还可以在注册后转到自定义配置文件页面 .