I am able to create users and sign in, however when I sign out I receive the following (although the session does appear to end):
NoMethodError at /signout
undefined method `update_attribute' for nil:NilClass
This is on the sign_out method in the SessionsHelper, where current_user.update_attribute(...)
Does this mean that current_user is nil? What can I do to fix, this. I'm very new to RoR, thanks.
Here's my SessionsHelper
module SessionsHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.encrypt(remember_token))
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
#current_user = user
end
def current_user
remember_token = User.encrypt(cookies[:remember_token])
#current_user ||= User.find_by(remember_token: remember_token)
end
def sign_out
current_user.update_attribute(:remember_token, User.encrypt(User.new_remember_token))
#current_user.update_attribute(:remember_token, User.new_remember_token)
cookies.delete(:remember_token)
self.current_user = nil
end
end
Here's my SessionsController
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
redirect_to user
else
flash.now[:error] = 'Invalid email/password combination' #not quite right
render 'new'
end
end
def destroy
sign_out
redirect_to 'signin'
end
end
it would be nice if you told us what the exact circumstances are that you got this error.
it's quite possible you're going to the sign-out page when you're not actually currently signed-in.
In which case - why don't you add "if signed_in?" to your action eg:
def sign_out
return unless signed_in? # you are already signed out
current_user.update_attribute(:remember_token, User.encrypt(User.new_remember_token))
cookies.delete(:remember_token)
self.current_user = nil
end
def destroy
sign_out if signed_in?
redirect_to 'signin'
end
Alternatively - do you have skip_before_action authenticate_user or similar for sign_out?
Again - to sign out, you have to be signed-in... so you can't skip the authentication action for sign-out.
Related
I'm using Rails 4.2 on a project and the helper doesn't seem to be loading.
I've got a sessions_controller.rb:
class SessionsController < ApplicationController
def new
if signed_in?
redirect_to admin_path
else
render layout: 'login'
end
end
def create
#controller_js = ''
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
# user.update_attribute(:sign_in_count, user.sign_in_count + 1)
user.update_attribute(:last_login, DateTime.now)
if user.admin?
redirect_to admin_path
else
redirect_to user
end
else
flash.now[:danger] = 'Invalid email/password combination'
render layout: 'login'
end
end
def destroy
sign_out
redirect_to root_url
end
end
And in my SessionsHelper.rb
module SessionsHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.digest(remember_token))
self.current_user = user
end
end
But I get an error which is caused by the SessionsHelper not being loaded.
However when I add the method in the ApplicationController.rb it does work fine.
It seems to be Rails 4.2 issue?
But I'm not sure how to resolve in my case. Any ideas?
if a user has not signed in and visits localhost:3000/projects, this error occurs undefined method `projects' for nil:NilClass
I want to change it so it will be redirected to sign_in page. But using something like
if signed_in?
#projects=current_user.projects
else
link_to 'Please sign in first' ,signin_path
end
will raise errors
This is how the SessionsHelper looks like
module SessionsHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.digest(remember_token))
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
#current_user = user
end
def current_user
remember_token = User.digest(cookies[:remember_token])
#current_user ||= User.find_by(remember_token: remember_token)
end
def sign_out
current_user.update_attribute(:remember_token,User.digest(User.new_remember_token))
cookies.delete(:remember_token)
self.current_user = nil
end
end
and here is my ApplicationController
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
include SessionsHelper
end
class ProjectsController < ApplicationController
def index
#projects=Project.all
end
end
if current_user
#projects = current_user.projects
else
redirect_to signin_path, notice: "Please sign in first"
end
Also it is common practice to define current_user method in application_controller.rb.
I have sign_in page using remember me checkbox.
Remember Me - obviously to remember session forever (with 20 years expiration) unless you will click the log-out button.
The problem is, I can't sign in if I didn't check the remember me.
SessionController:
def create
user = User.find_by(email: params[:email].downcase)
if user && user.authenticate(params[:password])
if params[:remember_me]
sign_in user
redirect_to root_url
else
User.find_by_id(session[:remember_token])
session[:remember_token] = user.id
redirect_to root_url
end
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
SessionHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.encrypt(remember_token))
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
#current_user = user
end
def current_user
remember_token = User.encrypt(cookies[:remember_token])
#current_user ||= User.find_by(remember_token: remember_token)
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
In your create method, you didn't actually mark the user as logged in when the user didn't check the remember me box. It only stores user.id in session[:remember_token].
if user && user.authenticate(params[:password]) # valid email & password
if params[:remember_me] # remember me
sign_in user
redirect_to root_url
else # do not remember me
#User.find_by_id(session[:remember_token]) # this line did nothing
session[:remember_token] = user.id # store user.id in session
redirect_to root_url
end
else
...
end
Your current_user doesn't check user.id in session, but only checks cookies or manual assignment of current_user.
I would rewrite current user like this:
def current_user
if #current_user
#current_user
elsif session[:remember_token]
#current_user ||= User.find_by_id(session[:remember_token])
elsif cookies[:remember_token]
remember_token = User.encrypt(cookies[:remember_token])
#current_user ||= User.find_by(remember_token: remember_token)
else
nil
end
end
BTW. The title is irrelevant with the problem defined in the body.
When i sign into the sample app i've made from Hartl's rail tutorial at the end of Chapter 9 i get this error. I've searched high and low but can't figure out what's probably very obvious.
NoMethodError in SessionsController#create
undefined method `current_user=' for #session....
The errors occur in these 2 files, code below
app/helpers/sessions_helper.rb:7:in sign_in'
app/controllers/sessions_controller.rb:9:increate'
app/helpers/sessions_helper
module SessionsHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.encrypt(remember_token))
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user
remember_token = User.encrypt(cookies[:remember_token])
#current_user ||= User.find_by(remember_token: remember_token)
end
def current_user?(user)
user == current_user
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
def redirect_back_or(default)
redirect_to(session[:return_to] || default)
session.delete(:return_to)
end
def store_location
session[:return_to] = request.url if request.get?
end
end
app/controllers/sessions_controller
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
redirect_back_or user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
sign_out
redirect_to root_url
end
end
Take a look at listing 8.20 on http://ruby.railstutorial.org/chapters/sign-in-sign-out. It looks like you missed the step of defining the current_user= method
def current_user=(user)
#current_user = user
end
I'm following this tutorial: http://ruby.railstutorial.org/
I have a problem with my sessions. Every time I login to my application, I get no session but get redirected to my user page. And create/register users works, too.
sessions_helper.rb
module SessionsHelper
def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
#current_user = user
#self.current_user = user
end
def signed_in?
#current_user != nil
#!#current_user.nil?
end
def current_user
#current_user ||= User.find_by_remember_token(cookies[:remember_token])
##current_user ||= User.find_by_remember_token(cookies[:remember_token])
end
def current_user?(user)
#current_user = user
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
def store_location
session[:return_to] = request.url
end
end
session_controller.rb
class SessionsController < ApplicationController
def new
#title = "| Signin"
end
def create
user = User.find_by_email(params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
redirect_to user
else
#Fehlermeldung anzeigen falls login nicht erfolgreich war
flash.now[:error] = "Invalid email/password combination"
render 'new'
end
end
def destroy
sign_out
redirect_to root_url
end
end
I see at least one mistake:
def current_user?(user)
#current_user = user
end
Should be
def current_user?(user)
#current_user == user
end
==, not =, because you should check that current_user equals some other user, not make an assignment.