Problem recovering password


#1

I’ve installed LoginEngine, and the basics appear to work. However,
when I
attempt to recover my password, I end up with the failure you see at the
end
of this message. Now, looking at the code, this seems like it should
always
happen (unless Rails is doing magic I don’t know about – always a
possibility).

Also, be aware, that this user was created as part of a migration from
other
data. Looking at the user in the database, thing seem reasonable to me.

------failure---------
You have a nil object when you didn’t expect it!
You might have expected an instance of ActiveRecord::Base.
The error occured while evaluating nil.errors

Extracted source (around line #4):

1:


2:

Change Password


3:
4: <%= error_messages_for ‘user’ %>
5:
6:

7:

Enter your new password in the fields below and click ‘Change
Password’ to have a new password sent to your email inbox.

RAILS_ROOT: script/…/config/…
Application Trace | Framework Trace | Full Trace

./script/…/config/…/vendor/rails/actionpack/lib/action_view/helpers/active_record_helper.rb:106:in
error_messages_for' #{RAILS_ROOT}/vendor/plugins/login_engine/app/views/user/change_password.rhtml:4 ./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb:268:incompile_and_render_template’
./script/…/config/…/vendor/rails/actionpack/lib/action_view/base.rb:244:in
render_template' ./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb:205:inrender_file’
./script/…/config/…/vendor/rails/actionpack/lib/action_controller/base.rb:655:in
render_file' ./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:595:inrender_with_no_layout’
./script/…/config/…/vendor/rails/actionpack/lib/action_controller/layout.rb:220:in
render_without_benchmark' ./script/../config/../vendor/rails/actionpack/lib/action_controller/benchmarking.rb:53:inrender’
/usr/lib/ruby/1.8/benchmark.rb:293:in measure' ./script/../config/../vendor/rails/actionpack/lib/action_controller/benchmarking.rb:53:inrender’
./script/…/config/…/vendor/plugins/login_engine/app/controllers/user_controller.rb:247:in
generate_filled_in' ./script/../config/../vendor/plugins/login_engine/app/controllers/user_controller.rb:69:inchange_password’
./script/…/config/…/vendor/rails/actionpack/lib/action_controller/base.rb:853:in
perform_action_without_filters' ./script/../config/../vendor/rails/actionpack/lib/action_controller/filters.rb:332:inperform_action_without_benchmark’
./script/…/config/…/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:69:in
perform_action_without_rescue' /usr/lib/ruby/1.8/benchmark.rb:293:inmeasure’
./script/…/config/…/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:69:in
perform_action_without_rescue' ./script/../config/../vendor/rails/actionpack/lib/action_controller/rescue.rb:82:inperform_action’
./script/…/config/…/vendor/rails/actionpack/lib/action_controller/base.rb:369:in
process_without_session_management_support' ./script/../config/../vendor/rails/actionpack/lib/action_controller/session_management.rb:116:inprocess’
./script/…/config/…/vendor/rails/railties/lib/dispatcher.rb:38:in
dispatch' ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:117:inhandle_dispatch’
./script/…/config/…/vendor/rails/railties/lib/webrick_server.rb:83:in
service' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:inservice’
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in run' /usr/lib/ruby/1.8/webrick/server.rb:173:instart_thread’
/usr/lib/ruby/1.8/webrick/server.rb:162:in start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:instart’
/usr/lib/ruby/1.8/webrick/server.rb:92:in start' /usr/lib/ruby/1.8/webrick/server.rb:23:instart’
/usr/lib/ruby/1.8/webrick/server.rb:82:in start' ./script/../config/../vendor/rails/railties/lib/webrick_server.rb:69:indispatch’
./script/…/config/…/vendor/rails/railties/lib/commands/servers/webrick.rb:59
/usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in require' ./script/../config/../vendor/rails/activesupport/lib/active_support/dependencies.rb:214:inrequire’
./script/…/config/…/vendor/rails/railties/lib/commands/server.rb:28
./script/server:3


#2

Are you logged in when you try to do this?

On 3/2/06, David C. removed_email_address@domain.invalid wrote:

------failure---------
5:
./script/…/config/…/vendor/rails/actionpack/lib/action_view/base.rb:268:in
render_without_benchmark'perform_action_without_filters’
process_without_session_management_support' /usr/lib/ruby/1.8/webrick/server.rb:162:instart_thread’
./script/…/config/…/vendor/rails/railties/lib/commands/server.rb:28
./script/server:3


engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

  • J *
    ~

#3

No, I’m not logged in. I’m trying to test the situation after I migrate
users
over, and users have to gain access to the site without knowing a
password.

Looking at the code, I don’t see how the link emailed to me could
possibly
work, as the action seems to assume you are logged in, which defeats the
purpose.

David


#4

But the link I’m getting in my email is not to authorize, but to
“change_password”.


#5

The authorize method has special handling for logging in via a token
(login_engine/lib/login_engine/authenticated_system.rb):

def user?
  # First, is the user already authenticated?
  return true if not session[:user].nil?

  # If not, is the user being authenticated by a token?
  id = params[:user_id]
  key = params[:key]
  if id and key
    session[:user] = User.authenticate_by_token(id, key)
    return true if not session[:user].nil?
  end

  # Everything failed
  return false
end

i.e. when it checks for a logged in user, if an ID and Key parameter
are both present it will attempt to authenticate you based on that.
That would be the place to start debugging…

  • james

On 3/3/06, David C. removed_email_address@domain.invalid wrote:

to me.
3:
ive_record_helper.rb:106:in error_messages_for' ./script/../config/../vendor/rails/actionpack/lib/action_controller/base. ./script/../config/../vendor/plugins/login_engine/app/controllers/user_co ./script/../config/../vendor/rails/actionpack/lib/action_controller/rescuservice’
./script/…/config/…/vendor/rails/railties/lib/commands/servers/webrick.
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.or
engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

  • J *
    ~

#6

There is no ‘authorize’ action, but the filter will cause the user?
method to be called, which should then authenticate you on any
action so long as a valid id and key parameter is given. Therefore,
calling the ‘change_password’ method will:

  1. cause the ‘login_required’ filter to be called (you are using
    before_filter :login_required in your application.rb, right?),
  2. which in turn checks to see if the current action requires any
    authentication
  3. if the action does require authentication, it then checks for a
    logged in user (method: user?) and if that user is authorized for this
    particular action (method: authorize?(user))

If the user? method manages to return true (either by you already
being logged in, or by authenticating you against a key and id
parameter) then you will be allowed to perform the given action, which
in this case is change_password.

  • james

On 3/3/06, David C. removed_email_address@domain.invalid wrote:

  return true if not session[:user].nil?
  return false

users over, and users have to gain access to the site without knowing a

reasonable to me.
3:
./script/…/config/…/vendor/rails/actionpack/lib/action_view/helpers

ase. rb:595:in render_with_no_layout' r_co ntroller.rb:69:inchange_password’
escu e.rb:82:in perform_action' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:inservice’
ick. rb:59
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engine

engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org


engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

  • J *
    ~

#7

On Friday 03 March 2006 12:34 am, David C. wrote:

Ah! I think I know the problem, but haven’t verified it yet. Is
user_controller assuming that I’ve added the login_required filter to
application_controller? I haven’t. I’d wanted to add explicit filters for
those few actions that are admin related.

I’ll try that and let you know.

Yes, that fixed the problem. Seems to me the user_controller should
have this
in it.


#8

If you want to add it in to only the user_controller, you can mix this
in in the normal engines style, i…e
RAILS_ROOT/app/controllers/user_controller.rb:

class UserController < ApplicationController
before_filter :login_required
end

  • james

On 3/3/06, David C. removed_email_address@domain.invalid wrote:

in it.


engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

  • J *
    ~

#9

Ah! I think I know the problem, but haven’t verified it yet. Is
user_controller assuming that I’ve added the login_required filter to
application_controller? I haven’t. I’d wanted to add explicit filters
for
those few actions that are admin related.

I’ll try that and let you know.