I just upgraded from restful_authentication to devise, and before I
found out there was a wiki on how to do this properly, I removed all
traces of restful_authentication from my app, then installed Devise like
I normally would.
The issue I’m getting is I create an account, and when I confirm it, I
get logged in. Once I log out and try to log back in, I get invalid
username or email. I manually update my password, and I get the same
error. I read this article
http://jambu.posterous.com/invalid-username-and-password-in-migration-fr
but that didn’t solve the issue.
My user model
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:token_authenticatable, :confirmable, :lockable
I tried adding :encryptable, :encryptor => :restful_authentication_sha1
but I get the same issue with or without this.
I have no restful_authentication code in the app anymore, and have no
idea what else to do…
Any ideas?
Thanks,
~Jeremy
ok, so more on this.
I can say “I forgot my password”, have the reset password email sent,
and change the password. It will then log me in. If I click “logout”,
then “login” and use that password, it will fail.
Here is my sessions controller:
class SessionsController < Devise::SessionsController
before_filter :load_ads, :only => [:new]
protected
def load_ads
@ads = Advertiser.order("RAND()").limit(2)
end
end
my routes contain
devise_for :users, :controllers => { :sessions => :sessions,
:registrations => :users } do
get ‘/login’ => ‘sessions#new’, :as => :login
get ‘/logout’ => ‘sessions#destroy’, :as => :logout
end
Here is my login form
<%= form_for(“user”, :url => user_session_path) do |f| %>
<%= f.label(:email, :class => ‘label’) %>
<%= f.text_field(:email) %>
<%= f.label(:password, :class => ‘label’) %>
<%= f.password_field(:password) %>
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
<%= f.submit(‘Sign in’) %>
<% end %>
Not knowing, but as a guess I’d look at the way passwords are being
encrypted. When you log in the first time, it probably doesn’t get
your password out of the database. So, do the encryption and
decryption match? Are you correctly using the salt?
Just a shot in the dark…
Paul wrote in post #999045:
Not knowing, but as a guess I’d look at the way passwords are being
encrypted. When you log in the first time, it probably doesn’t get
your password out of the database. So, do the encryption and
decryption match? Are you correctly using the salt?
Just a shot in the dark…
Thanks for the reply.
I’ve narrowed it down a bit. I decided to not override the sessions
controller with my own, and using devise’s default view and controller,
I can sign in fine.
I’ve commented out the before filter on my custom sessions controller,
and copied the whole form from the devise view to my custom view. Still
can’t log in. Weird thing though is that no password_salt is being
created for my users…
So maybe a new question. I do need to override the registrations
controller because I’m doing all kinds of stuff when a user is created.
Is there a “best practices” way of using devise and doing that? Right
now it’s just doing
@user = User.new(params[:user])
@user.save!
if there a User.new_with_cool_devise_stuff(params[:user]) ??
Thanks
~Jeremy
I just upgraded from restful_authentication to devise, and before I
found out there was a wiki on how to do this properly, I removed all
traces of restful_authentication from my app, then installed Devise like
I normally would.
The issue I’m getting is I create an account, and when I confirm it, I
get logged in. Once I log out and try to log back in, I get invalid
username or email. I manually update my password, and I get the same
error.
I had something similar when I ripped out Authlogic and wrote my own.
If I tried to log in to a pre-existing user account, instead of just
telling me the password was incorrect (which is what I expected) it
would give me an invalid salt error. I suppose I could’ve coded
around it, but since I was in early test mode I found it easier to
just delete the two or three old users and have my new authentication
handle the new salt/encryption mechanism.
I would tend to concur with Paul. When you create a user, you are
likely not logging that user in using the same encryption method as
when you just log in.