ActionController::InvalidAuthenticityToken in LoginController

Double · January 16, 2008, 3:46am

Hi,

I’m having a problem trying to get a login controller working. When I
try and post to my login controller I get the following error:

ActionController::InvalidAuthenticityToken in LoginController#login

login_controller:

class LoginController < ApplicationController
def login
case request.method
when :post
if @session[‘user’] = User.authenticate(@params[‘username’],
@params[‘password’])

      flash['notice']  = "Login successful"
      redirect_back_or_default :action => "welcome"
    else
      @login    = @params['username']
      @message  = "Login unsuccessful"
      redirect_to :action=> "login"
  end
end

end
…

login.html.erb:

Please Login

<form method="post" action="">
  <p><label for="user_login">Username</label>
    <%= text_field "user", "username", :class => 'textbox', :value

=> ‘’, :maxlength => 40 %>

Password
<%= password_field “user”, “password”, :class =>
‘textbox’, :value => ‘’, :maxlength => 40 %>

<%= submit_tag ‘Login’, :class => ‘button’ %>

User.rb

class User < ActiveRecord::Base

def self.authenticate(login, pass)
User.find(:first, :conditions =>[“username = ? AND password = ?”,
login, sha1(pass)])
end

def change_password(pass)
update_attribute “password”, self.class.sha1(pass)
end

protected

def self.sha1(pass)
Digest::SHA1.hexdigest(“somedigest”)
end

before_create :crypt_password

def crypt_password
write_attribute(“password”, self.class.sha1(password))
end

validates_length_of :login, :within => 3…40
validates_length_of :password, :within => 5…40
validates_presence_of :login, :password, :password_confirmation
validates_uniqueness_of :login, :on => :create
validates_confirmation_of :password, :on => :create
end

I have the :secret and :session_key set in the environment.rb

Does anyone have any ideas?

Double · January 16, 2008, 4:16am

2008/1/16, Double [email protected]:

I’m having a problem trying to get a login controller working. When I
try and post to my login controller I get the following error:

ActionController::InvalidAuthenticityToken in LoginController#login

[…]

    <%= password_field "user", "password", :class =>
‘textbox’, :value => ‘’, :maxlength => 40 %>

<%= submit_tag ‘Login’, :class => ‘button’ %>

You should use the token_tag helper in your form to provide
the secret token needed by Rails for CSRF security reasons.

– Jean-François.

Double · January 16, 2008, 4:22am

Are you saying that is the problem or are you making that suggestion
for simply security reasons?

On Jan 15, 10:15 pm, “Jean-François Trân” [email protected]

Double · January 16, 2008, 4:33am

Forget it - got it. Thank you for the help. This worked like a charm.

<%= token_tag %>

Double · January 21, 2008, 11:45am

HI I’m having that same exact problem while following “rails
solutions” book excercises.

the difference is that I’m still new to RoR that i couldn’t get it to
work with <%= token_tag %>
didn’t find much on the net either.

where should i add this tag and how is it used? is there any extra
params to add to it?

in my view I have:
<%= form_tag({:controller => ‘user’, :action => ‘login’},{:id
=>“login_form”})%>
Login:

<%= text_field :user, :login %>

Password:

<%= password_field :user, :password%>

<%= submit_tag ‘Login’ %>
<% $end %>

this happened after I uncommented in environment.rb and restarted the
server
config.action_controller.session_store = :active_record_store

if it worked for you please help me out on that one.
cheers.