我正在关注[lynda.com的Ruby on Rails 5基本培训] [1]并且在构建登录系统时非常困难。
问题是数据库似乎对rails使用的内容持有不同的哈希值。我已经查看了所有原因和修复,我知道存储的哈希和一个rails运行是不同的但为什么以及如何解决这个问题?
我已经添加了:
bcrypt 3.1.11 gem安装 表中的password_digest列 has_secure_password来更正模型文件
我已经向下迁移并再次备份以查看表格是否存在问题。
存储在数据库中的密码经过哈希处理 - password_digest:$ 2a $ 10 $ AMHXZBl / zXQ9yHOR7uBSiOdsGloArDkxO
我甚至在Ruby控制台中遵循了以下步骤:
user.password = 'password'
user.password_confirmation = 'password'
user.save
user.authenticate('password')
密码保存并且身份验证会显示正确的条目,但在重新运行控制台或使用rails服务器上的登录页面后,密码不匹配。
我每次都会收到此错误:
BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/cms_access_controller.rb:16:in `attempt_login'
和浏览器中的无效哈希错误卡在这里:
found_user = CmsUser.where(:username => params[:username]).first
if found_user
authorized_user = found_user.authenticate(params[:password])
end
end
这是rails的日志:
Started POST "/cms_access/attempt_login" for 127.0.0.1 at 2018-01-02 17:59:18 +0800
Processing by CmsAccessController#attempt_login as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"YP2tiHyRfDhJhhuF+PPM0D+hA+6BMJW5YmTyZyLpT6nXs4NdhGyihVKZpoMaRl0oUsobnr6x5bYGBR75+huUjg==", "username"=>"username", "password"=>"[FILTERED]", "commit"=>"Login"}
[1m[36mCmsUser Load (0.4ms)[0m [1m[34mSELECT `cms_users`.* FROM `cms_users` WHERE `cms_users`.`username` = 'username' ORDER BY `cms_users`.`id` ASC LIMIT 1[0m
Completed 500 Internal Server Error in 9ms (ActiveRecord: 0.4ms)
BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/cms_access_controller.rb:16:in `attempt_login'
完整的irb代码如下:
irb(main):001:0> u = CmsUser.first
(0.4ms) SET NAMES utf8, @@SESSION.sql_mode = CONCAT(REPLACE(REPLACE(REPLACE(@@sql_mode, 'STRICT_TRANS_TABLES', ''), 'STRICT_ALL_TABLES', ''), 'TRADITIONAL', ''), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
CmsUser Load (0.2ms) SELECT `cms_users`.* FROM `cms_users` ORDER BY `cms_users`.`id` ASC LIMIT 1
=> #<CmsUser id: 1, first_name: "first name", last_name: "last name", email: "email", username: "username", password_digest: nil, created_at: "2018-01-02 14:48:42", updated_at: "2018-01-02 14:48:42">
irb(main):002:0> u.password = "password"
=> "password"
irb(main):003:0> u.password_confirmation = "password"
=> "password"
irb(main):004:0> u.save
(0.3ms) BEGIN
SQL (0.4ms) UPDATE `cms_users` SET `password_digest` = '$2a$10$gKAyDPTNzg.7Xnd7uatzuu0VWZNH6zGPA653RZ.5THB2Rziax1fyC', `updated_at` = '2018-01-02 14:50:29' WHERE `cms_users`.`id` = 1
(1.1ms) COMMIT
=> true
irb(main):005:0> u.authenticate("password")
=> #<CmsUser id: 1, first_name: "first name", last_name: "last name", email: "email", username: "username", password_digest: "$2a$10$gKAyDPTNzg.7Xnd7uatzuu0VWZNH6zGPA653RZ.5THB...", created_at: "2018-01-02 14:48:42", updated_at: "2018-01-02 14:50:29">
运行rails服务器并尝试登录后:
Started POST "/cms_access/attempt_login" for 127.0.0.1 at 2018-01-02 22:52:01 +0800
Processing by CmsAccessController#attempt_login as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"qF/U+46QhGZHYuEbfPTStRxryPpp0hIEt1TQIRVE5bgfEfoudm1a21x9XB2eQUNNcQDQilZTYgvTNTy/zbY+nw==", "username"=>"username", "password"=>"[FILTERED]", "commit"=>"Login"}
CmsUser Load (0.4ms) SELECT `cms_users`.* FROM `cms_users` WHERE `cms_users`.`username` = 'username' ORDER BY `cms_users`.`id` ASC LIMIT 1
Completed 500 Internal Server Error in 11ms (ActiveRecord: 0.8ms)
BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/cms_access_controller.rb:16:in `attempt_login'
尝试按照以下方式执行登录操作
found_user = CmsUser.find_by(:username => params[:session][:username].downcase)
if found_user && found_user.authenticate(params[:session][:password])
#=> code to be here
else
#=> code to be here
end
希望能有所帮助