Forum: Rails Engines Problem recovering password

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
37c332966b49eeb1d54eeefd3bc5ce97?d=identicon&s=25 David Corbin (Guest)
on 2006-03-03 01:42
(Received via mailing list)
I've installed LoginEngine, and the basics appear to work.  However,
when I
attempt to recover my password, I end up with the failure you see at the
end
of this message.  Now, looking at the code, this seems like it should
always
happen (unless Rails is doing magic I don't know about -- always a
possibility).


Also, be aware, that this user was created as part of a migration from
other
data.  Looking at the user in the database, thing seem reasonable to me.

------failure---------
You have a nil object when you didn't expect it!
You might have expected an instance of ActiveRecord::Base.
The error occured while evaluating nil.errors

Extracted source (around line #4):

1: <div title="<%= title_helper %>" class="form">
2:   <h3>Change Password</h3>
3:
4:   <%= error_messages_for 'user' %>
5:
6:   <div class="form-padding">
7:     <p>Enter your new password in the fields below and click 'Change
Password' to have a new password sent to your email inbox.</p>

RAILS_ROOT: script/../config/..
Application Trace | Framework Trace | Full Trace

./script/../config/../vendor/rails/actionpack/lib/action_view/helpers/active_record_helper.rb:106:in
`error_messages_for'
#{RAILS_ROOT}/vendor/plugins/login_engine/app/views/user/change_password.rhtml:4
./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb:268:in
`compile_and_render_template'
./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb:244:in
`render_template'
./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb:205:in
`render_file'
./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:655:in
`render_file'
./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:595:in
`render_with_no_layout'
./script/../config/../vendor/rails/actionpack/lib/action_controller/layout.rb:220:in
`render_without_benchmark'
./script/../config/../vendor/rails/actionpack/lib/action_controller/benchmarking.rb:53:in
`render'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
./script/../config/../vendor/rails/actionpack/lib/action_controller/benchmarking.rb:53:in
`render'
./script/../config/../vendor/plugins/login_engine/app/controllers/user_controller.rb:247:in
`generate_filled_in'
./script/../config/../vendor/plugins/login_engine/app/controllers/user_controller.rb:69:in
`change_password'
./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:853:in
`perform_action_without_filters'
./script/../config/../vendor/rails/actionpack/lib/action_controller/filters.rb:332:in
`perform_action_without_benchmark'
./script/../config/../vendor/rails/actionpack/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue'
/usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
./script/../config/../vendor/rails/actionpack/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue'
./script/../config/../vendor/rails/actionpack/lib/action_controller/rescue.rb:82:in
`perform_action'
./script/../config/../vendor/rails/actionpack/lib/action_controller/base.rb:369:in
`process_without_session_management_support'
./script/../config/../vendor/rails/actionpack/lib/action_controller/session_management.rb:116:in
`process'
./script/../config/../vendor/rails/railties/lib/dispatcher.rb:38:in
`dispatch'
./script/../config/../vendor/rails/railties/lib/webrick_server.rb:117:in
`handle_dispatch'
./script/../config/../vendor/rails/railties/lib/webrick_server.rb:83:in
`service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
./script/../config/../vendor/rails/railties/lib/webrick_server.rb:69:in
`dispatch'
./script/../config/../vendor/rails/railties/lib/commands/servers/webrick.rb:59
/usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in `require'
./script/../config/../vendor/rails/activesupport/lib/active_support/dependencies.rb:214:in
`require'
./script/../config/../vendor/rails/railties/lib/commands/server.rb:28
./script/server:3
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-03-03 10:33
(Received via mailing list)
Are you logged in when you try to do this?

On 3/2/06, David Corbin <dcorbin@machturtle.com> wrote:
> ------failure---------
> 5:
> ./script/../config/../vendor/rails/actionpack/lib/action_view/base.rb:268:in
> `render_without_benchmark'
> `perform_action_without_filters'
> `process_without_session_management_support'
> /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
> ./script/../config/../vendor/rails/railties/lib/commands/server.rb:28
> ./script/server:3
>
> _______________________________________________
> engine-users mailing list
> engine-users@lists.rails-engines.org
> http://lists.rails-engines.org/listinfo.cgi/engine...
>


--
* J *
  ~
37c332966b49eeb1d54eeefd3bc5ce97?d=identicon&s=25 David Corbin (Guest)
on 2006-03-03 12:22
(Received via mailing list)
No, I'm not logged in.  I'm trying to test the situation after I migrate
users
over, and users have to gain access to the site without knowing a
password.

Looking at the code, I don't see how the link emailed to me could
possibly
work, as the action seems to assume you are logged in, which defeats the
purpose.

David
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-03-03 12:28
(Received via mailing list)
The authorize method has special handling for logging in via a token
(login_engine/lib/login_engine/authenticated_system.rb):

    def user?
      # First, is the user already authenticated?
      return true if not session[:user].nil?

      # If not, is the user being authenticated by a token?
      id = params[:user_id]
      key = params[:key]
      if id and key
        session[:user] = User.authenticate_by_token(id, key)
        return true if not session[:user].nil?
      end

      # Everything failed
      return false
    end

i.e. when it checks for a logged in user, if an ID and Key parameter
are both present it will attempt to authenticate you based on that.
That would be the place to start debugging.....

- james

On 3/3/06, David Corbin <dcorbin@machturtle.com> wrote:
> >
> > > to me.
> > > 3:
> > >ive_record_helper.rb:106:in `error_messages_for'
> > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/base.
> > > ./script/../config/../vendor/plugins/login_engine/app/controllers/user_co
> > > ./script/../config/../vendor/rails/actionpack/lib/action_controller/rescu
> > > `service'
> > > ./script/../config/../vendor/rails/railties/lib/commands/servers/webrick.
> > > http://lists.rails-engines.org/listinfo.cgi/engine...
> engine-users mailing list
> engine-users@lists.rails-engines.org
> http://lists.rails-engines.org/listinfo.cgi/engine...
>


--
* J *
  ~
37c332966b49eeb1d54eeefd3bc5ce97?d=identicon&s=25 David Corbin (Guest)
on 2006-03-03 12:34
(Received via mailing list)
But the link I'm getting in my email is not to authorize, but to
"change_password".
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-03-03 12:46
(Received via mailing list)
There is no 'authorize' action, but the filter will cause the user?
method to be called, which should then authenticate you on *any*
action so long as a valid id and key parameter is given. Therefore,
calling the 'change_password' method will:

1. cause the 'login_required' filter to be called (you *are* using
before_filter :login_required in your application.rb, right?),
2. which in turn checks to see if the current action requires any
authentication
3. if the action does require authentication, it then checks for a
logged in user (method: user?) and if that user is authorized for this
particular action (method: authorize?(user))

If the user? method manages to return true (either by you already
being logged in, or by authenticating you against a key and id
parameter) then you will be allowed to perform the given action, which
in this case is change_password.

- james

On 3/3/06, David Corbin <dcorbin@machturtle.com> wrote:
> >       return true if not session[:user].nil?
> >       return false
> > > users over, and users have to gain access to the site without knowing a
> > > >
> > > > > reasonable to me.
> > > > > 3:
> > > > > ./script/../config/../vendor/rails/actionpack/lib/action_view/helpers
> > > > >
> > > > >ase. rb:595:in `render_with_no_layout'
> > > > >r_co ntroller.rb:69:in `change_password'
> > > > >escu e.rb:82:in `perform_action'
> > > > > /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
> > > > >ick. rb:59
> > > > > http://lists.rails-engines.org/listinfo.cgi/engine...
> > >
> > engine-users mailing list
> > engine-users@lists.rails-engines.org
> > http://lists.rails-engines.org/listinfo.cgi/engine...
> _______________________________________________
> engine-users mailing list
> engine-users@lists.rails-engines.org
> http://lists.rails-engines.org/listinfo.cgi/engine...
>


--
* J *
  ~
37c332966b49eeb1d54eeefd3bc5ce97?d=identicon&s=25 David Corbin (Guest)
on 2006-03-03 12:49
(Received via mailing list)
Ah!  I think I know the problem, but haven't verified it yet.   Is
user_controller assuming that I've added the login_required filter to
application_controller?  I haven't.  I'd wanted to add explicit filters
for
those few actions that are admin related.

I'll try that and let you know.
37c332966b49eeb1d54eeefd3bc5ce97?d=identicon&s=25 David Corbin (Guest)
on 2006-03-03 12:52
(Received via mailing list)
On Friday 03 March 2006 12:34 am, David Corbin wrote:
> Ah!  I think I know the problem, but haven't verified it yet.   Is
> user_controller assuming that I've added the login_required filter to
> application_controller?  I haven't.  I'd wanted to add explicit filters for
> those few actions that are admin related.
>
> I'll try that and let you know.


Yes, that fixed the problem.  Seems to me the user_controller should
have this
in it.
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-03-03 12:58
(Received via mailing list)
If you want to add it in to only the user_controller, you can mix this
in in the normal engines style, i..e
RAILS_ROOT/app/controllers/user_controller.rb:

class UserController < ApplicationController
  before_filter :login_required
end

- james

On 3/3/06, David Corbin <dcorbin@machturtle.com> wrote:
> in it.
>
> _______________________________________________
> engine-users mailing list
> engine-users@lists.rails-engines.org
> http://lists.rails-engines.org/listinfo.cgi/engine...
>


--
* J *
  ~
This topic is locked and can not be replied to.