ActionController::InvalidAuthenticityToken in LoginController

Hi,

I’m having a problem trying to get a login controller working. When I
try and post to my login controller I get the following error:

ActionController::InvalidAuthenticityToken in LoginController#login

login_controller:

class LoginController < ApplicationController
def login
case request.method
when :post
if @session[‘user’] = User.authenticate(@params[‘username’],
@params[‘password’])

      flash['notice']  = "Login successful"
      redirect_back_or_default :action => "welcome"
    else
      @login    = @params['username']
      @message  = "Login unsuccessful"
      redirect_to :action=> "login"
  end
end

end

login.html.erb:

Please Login

<form method="post" action="">
  <p><label for="user_login">Username</label>
    <%= text_field "user", "username", :class => 'textbox', :value

=> ‘’, :maxlength => 40 %>


Password
<%= password_field “user”, “password”, :class =>
‘textbox’, :value => ‘’, :maxlength => 40 %>



<%= submit_tag ‘Login’, :class => ‘button’ %>


User.rb

class User < ActiveRecord::Base

def self.authenticate(login, pass)
User.find(:first, :conditions =>[“username = ? AND password = ?”,
login, sha1(pass)])
end

def change_password(pass)
update_attribute “password”, self.class.sha1(pass)
end

protected

def self.sha1(pass)
Digest::SHA1.hexdigest(“somedigest”)
end

before_create :crypt_password

def crypt_password
write_attribute(“password”, self.class.sha1(password))
end

validates_length_of :login, :within => 3…40
validates_length_of :password, :within => 5…40
validates_presence_of :login, :password, :password_confirmation
validates_uniqueness_of :login, :on => :create
validates_confirmation_of :password, :on => :create
end

I have the :secret and :session_key set in the environment.rb

Does anyone have any ideas?

2008/1/16, Double [email protected]:

I’m having a problem trying to get a login controller working. When I
try and post to my login controller I get the following error:

ActionController::InvalidAuthenticityToken in LoginController#login

[…]

    <%= password_field "user", "password", :class =>

‘textbox’, :value => ‘’, :maxlength => 40 %>



<%= submit_tag ‘Login’, :class => ‘button’ %>


You should use the token_tag helper in your form to provide
the secret token needed by Rails for CSRF security reasons.

– Jean-François.

Are you saying that is the problem or are you making that suggestion
for simply security reasons?

On Jan 15, 10:15 pm, “Jean-François Trân” [email protected]

Forget it - got it. Thank you for the help. This worked like a charm.

<%= token_tag %>

HI I’m having that same exact problem while following “rails
solutions” book excercises.

the difference is that I’m still new to RoR that i couldn’t get it to
work with <%= token_tag %>
didn’t find much on the net either.

where should i add this tag and how is it used? is there any extra
params to add to it?

in my view I have:
<%= form_tag({:controller => ‘user’, :action => ‘login’},{:id
=>“login_form”})%>
Login:

<%= text_field :user, :login %>

Password:

<%= password_field :user, :password%>

<%= submit_tag ‘Login’ %>
<% $end %>

this happened after I uncommented in environment.rb and restarted the
server
config.action_controller.session_store = :active_record_store

if it worked for you please help me out on that one.
cheers.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs