Problem recovering password

I’ve installed LoginEngine, and the basics appear to work. However,
when I
attempt to recover my password, I end up with the failure you see at the
end
of this message. Now, looking at the code, this seems like it should
always
happen (unless Rails is doing magic I don’t know about – always a
possibility).

Also, be aware, that this user was created as part of a migration from
other
data. Looking at the user in the database, thing seem reasonable to me.

------failure---------
You have a nil object when you didn’t expect it!
You might have expected an instance of ActiveRecord::Base.
The error occured while evaluating nil.errors

Extracted source (around line #4):

1:

Are you logged in when you try to do this?

On 3/2/06, David C. [email protected] wrote:

------failure---------
5:
./script/…/config/…/vendor/rails/actionpack/lib/action_view/base.rb:268:in
render_without_benchmark' perform_action_without_filters’
process_without_session_management_support' /usr/lib/ruby/1.8/webrick/server.rb:162:in start_thread’
./script/…/config/…/vendor/rails/railties/lib/commands/server.rb:28
./script/server:3

---

engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

–

• J *
  ~

No, I’m not logged in. I’m trying to test the situation after I migrate
users
over, and users have to gain access to the site without knowing a
password.

Looking at the code, I don’t see how the link emailed to me could
possibly
work, as the action seems to assume you are logged in, which defeats the
purpose.

David

But the link I’m getting in my email is not to authorize, but to
“change_password”.

The authorize method has special handling for logging in via a token
(login_engine/lib/login_engine/authenticated_system.rb):

def user?
  # First, is the user already authenticated?
  return true if not session[:user].nil?

  # If not, is the user being authenticated by a token?
  id = params[:user_id]
  key = params[:key]
  if id and key
    session[:user] = User.authenticate_by_token(id, key)
    return true if not session[:user].nil?
  end

  # Everything failed
  return false
end

i.e. when it checks for a logged in user, if an ID and Key parameter
are both present it will attempt to authenticate you based on that.
That would be the place to start debugging…

• james

On 3/3/06, David C. [email protected] wrote:

to me.
3:
ive_record_helper.rb:106:in error_messages_for' ./script/../config/../vendor/rails/actionpack/lib/action_controller/base. ./script/../config/../vendor/plugins/login_engine/app/controllers/user_co ./script/../config/../vendor/rails/actionpack/lib/action_controller/rescu service’
./script/…/config/…/vendor/rails/railties/lib/commands/servers/webrick.
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.or
engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

–

• J *
  ~

There is no ‘authorize’ action, but the filter will cause the user?
method to be called, which should then authenticate you on any
action so long as a valid id and key parameter is given. Therefore,
calling the ‘change_password’ method will:

1. cause the ‘login_required’ filter to be called (you are using
   before_filter :login_required in your application.rb, right?),
2. which in turn checks to see if the current action requires any
   authentication
3. if the action does require authentication, it then checks for a
   logged in user (method: user?) and if that user is authorized for this
   particular action (method: authorize?(user))

If the user? method manages to return true (either by you already
being logged in, or by authenticating you against a key and id
parameter) then you will be allowed to perform the given action, which
in this case is change_password.

• james

On 3/3/06, David C. [email protected] wrote:

  return true if not session[:user].nil?
  return false

users over, and users have to gain access to the site without knowing a

reasonable to me.
3:
./script/…/config/…/vendor/rails/actionpack/lib/action_view/helpers

ase. rb:595:in render_with_no_layout' r_co ntroller.rb:69:in change_password’
escu e.rb:82:in perform_action' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in service’
ick. rb:59
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engine

engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

---

engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

–

• J *
  ~

On Friday 03 March 2006 12:34 am, David C. wrote:

Ah! I think I know the problem, but haven’t verified it yet. Is
user_controller assuming that I’ve added the login_required filter to
application_controller? I haven’t. I’d wanted to add explicit filters for
those few actions that are admin related.

I’ll try that and let you know.

Yes, that fixed the problem. Seems to me the user_controller should
have this
in it.

If you want to add it in to only the user_controller, you can mix this
in in the normal engines style, i…e
RAILS_ROOT/app/controllers/user_controller.rb:

class UserController < ApplicationController
before_filter :login_required
end

• james

On 3/3/06, David C. [email protected] wrote:

in it.

---

engine-users mailing list
[email protected]
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

–

• J *
  ~

Ah! I think I know the problem, but haven’t verified it yet. Is
user_controller assuming that I’ve added the login_required filter to
application_controller? I haven’t. I’d wanted to add explicit filters
for
those few actions that are admin related.

I’ll try that and let you know.