Rails Recipes Book: Authentication

Hi,
The user/login management system in Chapter 31: Authenticating Your
Users and Chapter 32: Authorizing Users with Roles of Chad F.'s
Rails Recipes looks reasonable and adequate. However, when I ran the
Chapter 31 code, I get the following error:

Username or password invalid

And I am not even given the chance to sign in; that is, the signin form
does not appear at all.

Has anyone tried this code and encountered the same error message and
how did you correct it?

Thanks for the help,
gk

Gene K. wrote:

I get the following error:

Username or password invalid

And I am not even given the chance to sign in; that is, the signin form
does not appear at all.

Don’t have the book in front of me but my guess is that you’re stuck in
an infinite loop: you need to set a before filter on the controller and
then specify which action to not use the filter on:

class LoginController < ActionController::Base
before_filter :authenticate, :except => “signin”
def signin
#code for signin form here
end
end

http://rubyonrails.com/rails/classes/ActionController/Filters/ClassMethods.html

Greg wrote:

Gene K. wrote:

I get the following error:

Username or password invalid

And I am not even given the chance to sign in; that is, the signin form
does not appear at all.

Don’t have the book in front of me but my guess is that you’re stuck in
an infinite loop: you need to set a before filter on the controller and
then specify which action to not use the filter on:

class LoginController < ActionController::Base
before_filter :authenticate, :except => “signin”
def signin
#code for signin form here
end
end

http://rubyonrails.com/rails/classes/ActionController/Filters/ClassMethods.html

Hi,
Thanks for the reply.
The before_filter is in the code:

class AdminController < ApplicationController

before_filter :check_authentication, :except => [:signin]

def check_authentication
unless session[:user]
session[:intended_action] = action_name
session[:intended_controller] = controller_name
redirect_to :action => “signin”
end
end

end

gk

Perhaps :except => :signin instead of :except => [:signin]

On 7/7/06, Gene K. [email protected] wrote:

Has anyone tried this code and encountered the same error message and
how did you correct it?

Not being able to see your code, I can’t really say what you’re doing
wrong. I have used those two recipes in the past and they worked just
fine. However, it’s possible that I spotted an error and just don’t
remember doing so.

Again, more info will help people help you.

– James

I am also having this exact same problem with Chad F.'s “Rails
Recipes”, recipe 31. Gene, did you ever figure out why it throws up an
error that says:

Username or password invalid

?

If anyone has any insight on this, I’d love to hear it. I even threw
the authentication stuff into my application.rb, so it would password
protect all of my controllers, but I still get the same error whenever I
try to go anywhere in my app.

Dave


I cleared the browser cache. I took out

#before_filter :check_authentication, :except => :signin

to see if it will take me to the signin screen, but, no, it didn’t. So
there is something fundamentally wrong with my setup.
Thanks for any help,
gk

class AdminController < ApplicationController

before_filter :check_authentication, :except => [:signin]

def check_authentication
unless session[:user]
session[:intended_action] = action_name
session[:intended_controller] = controller_name
redirect_to :action => “signin”
end
end

end

I have that puppy working. But I remember running into osmething
similar. When in doubt…debugging print statements are your friend. I
know this because I see that I used a couple in my application. :slight_smile:

Sooooo…

  1. Put a print statement at the beginning of each and see when they are
    being run.

  2. redirect_to(:action => “signin”) is what I have. Don’t know if it’s
    going to really matter…sometimes it’s a quirk.

TJ Stankus wrote:

Perhaps :except => :signin instead of :except => [:signin]

Hi,
Tried that one, but it didn’t help. The application trace says:


Username or password invalid

RAILS_ROOT: ./script/…/config/…
Application Trace | Framework Trace | Full Trace

#{RAILS_ROOT}/app/models/user.rb:19:in authenticate' #{RAILS_ROOT}/app/controllers/admin_controller.rb:19:insignin’


It does look like it is going through authentication, even given the
advice not to. Here’s the controller:

class AdminController < ApplicationController

before_filter :check_authentication, :except => :signin

def check_authentication
unless session[:user]
session[:intended_action] = action_name
session[:intended_controller] = controller_name
redirect_to :action => “signin”
end
end

def signin
session[:user] = User.authenticate(params[:username],
params[:password]).id
redirect_to :action => session[:intended_action],
:controller => session[:intended_controller]
end

end

Line 19 of user.rb is the raise command below:


require ‘digest/sha2’
class User < ActiveRecord::Base
validates_uniqueness_of :username
def password=(pass)
salt = [Array.new(6){rand(256).chr}.join].pack(“m”).chomp
self.password_salt, self.password_hash =
salt, Digest::SHA256.hexdigest(pass + salt)
end

def self.authenticate(username, password)
user = User.find(:first, :conditions => [‘username = ?’, username])
if user.blank? ||
Digest::SHA256.hexdigest(password + user.password_salt) !=
user.password_hash
raise “Username or password invalid”
end
user
end
end


And signin.rhtml is:


Signin for Admin Access <%= start_form_tag :action => "signin" %> Username: <%= text_field_tag "username" %>
Password: <%= password_field_tag "password" %>
<%= submit_tag "Signin" %> <%= end_form_tag%> - - -

I cleared the browser cache. I took out

#before_filter :check_authentication, :except => :signin

to see if it will take me to the signin screen, but, no, it didn’t. So
there is something fundamentally wrong with my setup.
Thanks for any help,
gk

Thanks Steve!

One quick clarification. I’m a bit of a n00b, so what do you mean by
putting a print statement at the beginning of each? Could you show me
an example print statement and define “each”?

Thanks again!!

Dave

I have that puppy working. But I remember running into osmething
similar. When in doubt…debugging print statements are your friend. I
know this because I see that I used a couple in my application. :slight_smile:

Sooooo…

  1. Put a print statement at the beginning of each and see when they are
    being run.

Thanks for the help; I’ll definitely give it a try; I’ve already
copy/pasted your code and am excited to give it a whirl. One last
question, if it’s okay: when I get the error (the RuntimeError that
actually says “Username or password invalid.”) the application trace
mentions model line 9 (the line that says username or password invalid)
and application.rb line 15 (the one right after def signin:

  def signin
    session[:user] = User.authenticate(params[:username], 

params[:password]).id
redirect_to :action => session[:intended_action],
:controller => session[:intended_controller]
end

Does everything look normal to you, compared to what you did? I just
want to double check before I start doing line-by-line testing.

Thanks again! Your help is definitely appreciated!

Dave

Dave A. wrote:

    session[:user] = User.authenticate(params[:username], 

Put a logging statement and see what’s in that parameter field. At a
guess it’s blank and you are still validating it. Hence the error.

I have that puppy working. But I remember running into osmething
similar. When in doubt…debugging print statements are your friend. I
know this because I see that I used a couple in my application. :slight_smile:

Sooooo…

  1. Put a print statement at the beginning of each and see when they are
    being run.

Just FYI…I started in RoR 3 weeks ago. :slight_smile: Luckily I’ve been able to
ignore my bosses and work with it almost exclusively the whole time.

Since I’m lazy I usually have some sort of simple debugging function
floating around on most projects. Here’s my current one:

def db(msg)
d = get_config_setting(“debug”)
if ( !d.nil? and d == “true” )
logger.debug(“d***** #{msg} *****”)
end
end

This allows me to print out whatever I want by simply calling

db(“My stupid message”)

For ease of use just set up your logger and initially don’t worry about
creating a configuruation yaml file. (Though I have that laying around
somewhere as well.)

So at intervals (Beginning, ending, etc…) in your procedures you can
put the db("") and figure out what is being called…as well as with
what values. Debugging by print statements. Sometimes it’s easiest to
fall back on the simplest methods for finding bugs.

Define this method in a module. Then do a “require” in a superclass
and now you can use it in any of the sub-classes without explicit
require statement.

I put this in a utilities.db file while I’m debugging:

require ‘pp’

def dbg *args
if ENV[‘RAILS_ENV’] == ‘test’
stack = caller(1).slice(0, 4)
$stdout << “==========================\n”
pp(*args)
pp stack
else
def dbg(*args)
end
end
end

I’ll frequently change the slice size for the stack trace (0 to large)
depending on what I’m doing, or add little snippets of code to do
particular
things with args. I think of it more like a debugger macro than actual
code.

Defining dbg (or whatever you want to call it) for all objects means you
don’t have to put in include statements, making it slightly easier to
remove
when you’re no longer debugging.

I usually don’t use the logger for debugging printf. Most of the time I
want to see those debug statements on stdout/stderr when I’m running
tests,
and if I’m not running tests I don’t care about them.

  • James M.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs