开发者

#<UserSession: {:unauthorized_record=>"<protected>"}>

开发者 https://www.devze.com 2023-03-18 08:26 出处:网络
I\'m trying to build a \"just click on your name to login\" system using auth_logic. My user model has an email and name field. To login, I simply do:
相关专题:authlogicruby-on-rails-3

I'm trying to build a "just click on your name to login" system using auth_logic. My user model has an email and name field. To login, I simply do:

UserSession.create(@user, true)

Unfortunately that doesn't result in a session being created. Using a debugger I found this message:

#<UserSession: {:unauthorized_record=>"<protected>"}>

My user model just has one line:

acts_as_authentic

User session line has this, which I found somewhere. I'm not sure what it does and I've tried with and without:

class UserSession < Authlogic::Session::Base
  def to_key
     new_record? ? nil : [ self.send(self.class.primary_key) ]
  end
end

The database (I'm also not sure if that user_sessions table is needed):

create_table "sessions", :force => true do |t|
  t.string   "session_id", :null => false
  t.text     "data"
  t.datetime "created_at"
  t.datetime "updated_at"
end

add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id"
add_index "sessi开发者_如何学编程ons", ["updated_at"], :name => "index_sessions_on_updated_at"

create_table "user_sessions", :force => true do |t|
  t.datetime "created_at"
  t.datetime "updated_at"
end

create_table "users", :force => true do |t|
  t.datetime "created_at"
  t.datetime "updated_at"
  t.string   "persistence_token"
  t.string   "email"
  t.string   "name"
end

I'm using Rails 3.0.9 and my Gemfile says (I tried both the normal and the Github authlogic gem):

gem 'rails', '3.0.9'
gem 'sqlite3'
gem "authlogic" #, :git => 'git://github.com/odorcicd/authlogic.git', :branch => 'rails3'

Here's the rest of the source code.

I had this problem a few days ago on a similar project and it "just went away" at some point. I just don't remember how.

Any ideas? This is driving me nuts...

Possible solution... it looks like there are two versions of those helper method examples floating around. There is the one that we used:

@current_user = current_user_session && current_user_session.user

and then there is the newer version that is in some newer tutorials and examples:

@current_user = current_user_session && current_user_session.record

Apparently, when .user (or whatever the login field is) is called on the session object, it returns the unauthorized_record, whereas .record.user returns the appropriate data.

I experienced this issue recently and was confused as well. I have figured out my code's specific problem so this is another potential solution.

tl;dr

I did not understand that #<UserSession: {:unauthorized_record=>"<protected>"}> is still valid user session, just an unauthed one that we created ourselves. You can confirm this by calling user on it and you should get whatever User instance you passed into UserSession.create.

Cause

The real issue is two fold. The current_user method was built with the assumption that the current user would not change during the lifetime of a request and I was calling current_user before creating one one to ensure I didn't have one already. It can be simplified to the following:

def current_user
  return @current_user if defined?(@current_user)

  @current_user = some_method_that_finds_a_proper_user
end

The key here is that my method for finding a user can return nil. When it does, it will define @current_user as nil and thus that cached value will always be returned on subsequent calls.

Solutions

Here's where it gets a bit harder as it really depends on what your code needs.

  1. If you do not need the current_user after signing a user model in with UserSession.create then you don't need to do anything but wait for the render or redirect. On your next request, your current_user will be properly set.

  2. If you do not need to check for an already logged in user, remove any calls to current_user before UserSession.create if able and your first call to current_user will work as expected.

  3. Ensure your method chain that produces current_user either does not use caching, does not cache nils, or change the guard for these cached values to determine if the value is truthy instead of if the instance variable is defined. The guard could be changed to:

    return @current_user if !@current_user.nil? # or @current_user.present? in Rails

    Or you can use Ruby's ||= operator and implicit return. My simplified example above could instead be:

    def current_user
  @current_user ||= some_method_that_finds_a_proper_user
end

    or if it's not as simple

    def current_user
  @current_user ||= begin
    some_code
    doing_many
    things_here
  end
end

  4. Or your problem could be that you're having trouble writing a test for this behavior. In that case I'd rather just put an expectation on the code like

    expect(UserSession).to receive(:create).with(user)
0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9