Devise Forget password routing error - ruby-on-rails

I have internal messages in my application. I am using devise and I have installed password module but did not configured it yet. when I tried to press on Forget Password? I got this error:
No route matches {:controller=>"messages", :mailbox=>:inbox, :user_id=>nil}
So what I need is: How to solve this problem ? and How to make the forget password feature works for action mailer so user can reset his password using the email which saved in the database.
Note: Before installing internal messages into my app , when i tried to click forget password link it was redirecting normally.
I am using another controller for registration instead of that one by devise and on signup , users are added by admin.
this is from my routes file
devise_for :users, :controllers => { :registrations => "users" }
resources :users, only: [:index, :new, :create, :show, :destroy, :edit, :update] do |user|
resources :messages do
collection do
post 'delete_multiple'
end
end
end
Forget Password link
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to "Forgot your password?", new_password_path(resource_name), :class => "btn btn-danger" %><br />
<% end -%>
Users_Controller.rb
class UsersController < ApplicationController
load_and_authorize_resource
def index
#users = User.all
#users_grid = initialize_grid(User,
:per_page => 5)
end
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(params[:user])
if #user.save
flash[:notice] = 'A new user created successfully.'
redirect_to users_path
else
flash[:error] = 'An error occurred please try again!'
redirect_to users_path
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(params[:user])
flash[:notice] = 'Profile updated'
redirect_to users_path
else
render 'edit'
end
end
def destroy
#user = User.find(params[:id])
if current_user == (#user)
flash[:error] = "Admin suicide warning: Can't delete yourself."
else
#user.destroy
flash[:notice] = 'User deleted'
redirect_to users_path
end
end
end
Messaages_controller.rb
class MessagesController < ApplicationController
before_filter :set_user
def index
if params[:mailbox] == "sent"
#messages = #user.sent_messages
elsif params[:mailbox] == "inbox"
#messages = #user.received_messages
#elsif params[:mailbox] == "archieved"
# #messages = #user.archived_messages
end
end
def new
#message = Message.new
if params[:reply_to]
#reply_to = User.find_by_id(params[:reply_to])
unless #reply_to.nil?
#message.recepient_id = #reply_to.id
end
end
end
def create
#message = Message.new(params[:message])
#message.sender_id = #user.id
if #message.save
flash[:notice] = "Message has been sent"
redirect_to user_messages_path(current_user, :mailbox=>:inbox)
else
render :action => :new
end
end
def show
#message = Message.readingmessage(params[:id],#user.id)
end
def delete_multiple
if params[:delete]
params[:delete].each { |id|
#message = Message.find(id)
#message.mark_message_deleted(#message.id,#user.id) unless #message.nil?
}
flash[:notice] = "Messages deleted"
end
redirect_to user_messages_path(#user, #messages)
end
private
def set_user
#user = current_user
end
end

Since it's showing user_id => nil. Can you check if your session is not expired

Related

No route matches {:action=>"index", :controller=>"comments", :post_id=>nil} missing required keys: [:post_id]

This is the issue I am having, Haven't been able to get around it. Now this happens while logging into the account. I haven't had this issue before til last night.
Here is my users_controller.rb,
class UsersController < ApplicationController
before_action :set_user, only: [:edit, :update, :destroy]
before_action :correct_user, only: [:edit ]
after_action :signed_in_after_register, only: :create
def index
#users = User.all
#user = User.find(session[:user_id])
if params[:search]
#users = User.search(params[:search]).order("created_at DESC")
else
#users = User.all.order('created_at DESC')
end
end
def dashboard
#user = User.find(session[:user_id]) unless session[:user_id] == ""
redirect_to login_path, notice: "You're not logged in" unless #user
#posts = #user.posts.order("created_at DESC").limit(3)
#comment = Comment.new
#post = Post.new
end
def newsfeed
#user = User.find(session[:user_id]) unless session[:user_id] == nil
redirect_to login_path, notice: "You're not logged in" unless #user
#posts = #user.posts.order("created_at DESC").limit(3)
end
def nav
#user = User.find(session[:user_id])
end
def posts
#user = User.find(session[:user_id])
#posts = #user.posts
end
def destroy
#user = User.find(session[:user_id]) unless session[:user_id] == ""
redirect_to login_path, notice: "You're not logged in" unless #user
end
def welcome
#user = User.find(params[:user_id]) unless session[:user_id] == ""
redirect_to login_path, notice: "You're not logged in" unless #user
#user = User.find(session[:user_id])
end
def show
#user = User.find(params[:user_id]) unless session[:user_id] == ""
redirect_to login_path, notice: "You're not logged in" unless #user
#posts = #user.posts.order("created_at DESC").limit(3)
#comment = Comment.new
#post = Post.new
end
def new
#user = User.new
#post = Post.new(params[:post_id])
end
def edit
#user = User.find(params[:user_id]) if params[:user_id]
redirect_to #dashboard_path unless #user
end
def create
#user = User.new(user_params)
respond_to do |format|
if #user.save
format.html { redirect_to dashboard_path, notice: 'User was successfully created!' }
format.json { render :profile, status: :created, location: #user }
else
format.html { render :new }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
end
def update
if #user == current_user
respond_to do |format|
if #user.update(user_params)
format.html { redirect_to dashboard_path, notice: 'User was successfully updated.' }
format.json { render :profile, status: :ok, location: #user }
else
format.html { render :edit }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
else
redirect_to dashboard_path, notice: 'You do not have permission to edit the profile of another user.'
end
end
def destroy
#user.destroy
respond_to do |format|
format.html { redirect_to users_url, notice: 'User was successfully destroyed.' }
format.json { head :no_content }
end
end
private
def set_user
#user = User.find(params[:id])
end
def correct_user
#user = User.find(params[:id]) unless session[:user_id] == ""
end
def signed_in_after_register
session[:user_id] = #user.id
end
def user_params
params.require(:user).permit(:first_name, :last_name, :bio, :comments, :password, :password_confirmation, :email, :age, :profile_picture, :post, :body)
end
end
Heres my comments _form.html.erb,
<%= form_for([#post, #comment]) do |f| %>
<p>
<%= f.text_area :body, placeholder: "Write a comment!" %>
</p>
<br>
<p> <%= f.submit %> </p>
<% end %>
And here is my routes.rb,
Rails.application.routes.draw do
root 'welcome#welcome'
get 'login' => 'sessions#login', :as => :login
get 'dashboard' => 'users#dashboard', :as => :dashboard
post 'logging/user' => 'sessions#create'
get 'logout' => 'sessions#destroy', :as => :logout
get 'about' => 'about'
get 'newsfeed' => 'users#newsfeed'
resources :users, except: :show
get 'profile/:user_id' => 'users#show', as: :profile
get 'location' => 'location#location'
resources :posts do
resources :comments
end
get 'index' => 'posts#index'
get 'register' => 'users#new', :as => :register
end
If you guys do need to see anymore code then just let me know, I will post it! Thank you so much in advance!
The problem is you're trying to create a URL that looks like this: /posts/:post_id/comments by passing form_for([#post, #comment]). It's OK that #comment isn't saved to the database, but the #post you use must already be saved to the database because you can't create that URL without #post having an ID.
Once #post is saved, it'll have an ID, so you can generate the route: for example, /posts/32/comments.
Check your dashboard.html.erb file for where you're using #posts and rendering comments/_form.html.erb. You may have a post object available, and you should use it in your form instead: form_for([post, #comment]).
You'll probably also want to remove the #post = Post.new line from your #dashboard controller action.

Cancan - can't save data for other roles - Ruby on Rails

can you help my to fix my problem. I can save data if the user is managing partner but when I choose other roles, (like secretary), I can't save data to the database.
I think, there's a problem here. This is my codes:
def profile
#office = Office.last
#partial = (params[:type].present?) ? params[:type] : "work_data"
#user = User.find(params[:id])
#user.is_managing_partner = true if current_user.role == 'managing partner'
end
def update_profile
#office = Office.last
#user = User.find(params[:id])
#user.is_managing_partner = true
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
case params[:type]
when 'work_data'
redirect_to profile_user_path(type: "personal_data")
when 'personal_data'
redirect_to root_path
end
else
#partial = (params[:type].present?) ? params[:type] : "work_data"
render json: #user.errors, status: :unprocessable_entity
end
end
and this is my application_controller.rb
rescue_from CanCan::AccessDenied do |exception|
#office = Office.last
#user = User.find(params[:id])
if #user == current_user
#partial = (params[:type].present?) ? params[:type] : "work_data"
authorize! :read, #user
render 'profile'
else
flash[:warning] = "Access Denied."
redirect_to root_url
end
end
and this is my ability.rb
if user.role == 'managing partner'
can :manage, :all
else
if user.role == "secretary"
can :update, :user_id => user.id
end
can :read, :all
end
In your ability.rb the 'can :update, :user_id => user.id' row is wrong. You have to specify WHAT he can update:
can :update, WHAT, :user_id => user.id

How can I prevent "not-yet-approved" Admins from accessing Admin functions in my web app?

So that multiple people can be an administrator to a business page, we've created a model called administration where people can apply to be an admin of a business and thus the status of "0" is "pending" and "1" is accepted.
How can I prevent users from editing a page where their status for i is still "0" (pending).
class Administration < ActiveRecord::Base
attr_accessible :business_id, :user_id, :status
belongs_to :user
belongs_to :business
scope :pending, where('status = ?',0).order("updated_at desc")
def self.new_by_user_business( user, business)
admin = self.new
admin.business_id = business.id
admin.user_id = user.id
admin.status = 0
admin.save!
end
end
Here is the current "edit page"
<h1>Editing business</h1>
<%= render 'form1' %>
Here is the business controller.
class BusinessesController < ApplicationController
respond_to :html, :xml, :json
before_filter :authenticate_user!, except: [:index, :show]
def index
#businesses = Business.all
respond_with(#businesses)
end
def show
#business = Business.find(params[:id])
if request.path != business_path(#business)
redirect_to #business, status: :moved_permanently
end
end
def new
#business = Business.new
3.times { #business.assets.build }
respond_with(#business)
end
def edit
#business = get_business(params[:id])
#avatar = #business.assets.count
#avatar = 3-#avatar
#avatar.times {#business.assets.build}
end
def create
#business = Business.new(params[:business])
if #business.save
redirect_to #business, notice: 'Business was successfully created.'
else
3.times { #business.assets.build }
render 'new'
end
end
def update
#business = get_business(params[:id])
if #business.update_attributes(params[:business])
flash[:notice] = "Successfully updated Business."
end
#avatar = #business.assets.count
#avatar = 3-#avatar
#avatar.times {#business.assets.build}
respond_with(#business)
end
def destroy
#business = get_business(params[:id])
#business.destroy
respond_with(#business)
end
def my_business
#business = Business.all
end
def business_tickets
#user = current_user
#business = get_business(params[:id])
#tickets = #business.tickets
#business_inbox = TicketReply.where(:email => #business.callred_email)
end
def your_business
#user = current_user
#business = get_business(params[:id])
if #business.users.map(&:id).include? current_user.id
redirect_to my_business_businesses_path, notice: 'You are already an administator of this business.'
else
#admin = Administration.new_by_user_business( #user, #business)
BusinessMailer.delay(queue: "is_your_business", priority: 20, run_at: 5.minutes.from_now).is_your_business(#user,#business)
redirect_to #business, notice: 'Thank you for claiming your business, and we will be in touch with you shortly.'
end
end
def view_message
# #business = Business.find(params[:business_id])
#ticket = Ticket.find(params[:id])
#reply = #ticket.ticket_replies
end
private
def get_business(business_id)
#business = Business.find(business_id)
end
end
You could add a before_filter to check the status. You will have to change some of the logic but this is the idea
class BusinessesController < ApplicationController
before_filter :restrict_access, :only => [:edit, :update]
private
def restrict_access
#business = get_business(params[:id])
redirect to root_path, :notice => "Not Authorized" unless current_user.status == 1
end
end

Session usage in rails 3.1.3, returning errors

I am in a process of upgrading my app from rails 2.3.11 to 3.2.x. Everything worked well untill 3.1.x where I faced issues in session handling. Earlier I have utilized cookies for session handling but now there is a question if I can use ActiveModel for handling sessions too?????
Secondly, while still playing around with cookies, I see this unavoidable undefined method error. Any suggestions to get around this error????
Here is my codes-
Session Controller:
class SessionsController < ApplicationController
def new
#title = "Sign in"
end
def create
#title = "create session"
user = User.authenticate(params[:session][:name], params[:session][:password])
if user.nil?
flash.now[:error] = "Invalid username/password combination."
#title = "Sign in"
render 'new'
else
sign_in user
#partner = Partner.find(:first, :conditions => [ "user_id = ?", user.id])
logger.info "---------User loggin: " + current_user.name
redirect_back_or samplings_url
end
end
def destroy
#title = "Sign out"
logger.info "---------User log OUT: " + current_user.name
sign_out
redirect_to root_path
end
end
User Model:
class User < ActiveRecord::Base
attr_accessor :password
attr_accessible :name, :email, :password
EmailRegex = /\A[\w+\-._]+#[a-z\d\-.]+\.[a-z]+\z/i
validates_presence_of :name, :email
validates_length_of :name, :maximum => 50
validates_format_of :email, :with => EmailRegex
validates_uniqueness_of :email, :case_sensitive => false
has_many :microposts
validates_confirmation_of :password
validates_presence_of :password
validates_length_of :password, :within => 1..40
before_save :encrypt_password
def self.authenticate(name, submitted_password)
username = self.where(name: name)
return nil if username.nil?
return username if username.encrypted_password == encrypt(submitted_password)
end
def remember_me!
self.remember_token = encrypt("#{salt}--#{id}--#{Time.now.utc}")
save(validate=false)
end
private
def encrypt_password
unless password.nil? #due to def remember_me! method during sign in function call
self.salt = make_salt
self.encrypted_password = encrypt(password)
end
end
def encrypt(string)
secure_hash("#{salt}#{string}")
end
def make_salt
secure_hash("#{Time.now.utc}#{password}")
end
def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end
UserController:
class UsersController < AuthController
before_filter :authenticate, :only => [:index, :edit, :update]
before_filter :correct_user, :only => [:new, :create, :destroy]
before_filter :modify_user, :only => [:edit, :update]
filter_parameter_logging :password
def index
#users = User.all
#title = "users"
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => #users }
end
end
def show
#user = User.find(params[:id])
#title = #user.name
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => #user }
end
end
def new
redirect_to signin_path
if !current_user?(#user)
flash[:notice] = "Only the partner who create the risorse can modify it."
end
end
def create
#title = "sign up user"
#user = User.new(params[:user]) #hash of user attributes
if #user.save
sign_in #user
flash[:success] = "Welcome to the microaqua web application!"
redirect_to #user #equal as user_path(#user)
else
#title = "Sign up"
render 'new'
end
end
# GET /users/1/edit
def edit
#title = #user.name #"user"
end
def update
#title = #user.name #"user"
if #user.update_attributes(params[:user])
flash[:success] = "Profile updated."
redirect_to #user
else
#title = "Edit user"
render 'edit'
end
end
def destroy
redirect_to users_path
end
private
def correct_user
#user = User.find(params[:id])
reroute() unless signed_in_and_master?
end
def modify_user
#user = User.find(params[:id])
reroute() unless (current_user?(#user) or signed_in_and_master?)
end
def reroute()
flash[:notice] = "Only the partner can modify his own profile."
redirect_to(user_path(#user))
end
end
Error:
NoMethodError in SessionsController#create
undefined method `encrypted_password' for #<ActiveRecord::Relation:0x00000003632038>
.where always returns an array. Here is the code that is throwing the error in your user model:
def self.authenticate(name, submitted_password)
username = self.where(name: name)
return nil if username.nil?
return username if username.encrypted_password == encrypt(submitted_password)
end
You are calling .encrypted_password on an array. Change the code to this:
def self.authenticate(name, submitted_password)
username = self.where(name: name).first
return nil if username.nil?
return username if username.encrypted_password == encrypt(submitted_password)
end
If it is possible to get more than one user with the same name then you should iterate through the array and check every result.
As far as storing the session in the database, check out this SO question:Rails 3: Storing Session in Active Record (not cookie)

Nesting messages on channel view

I'm trying to show all messages that belong to each channel on that channels index pages, is there a simple way to do this?
class MessagesController < ApplicationController
def index
#channel = Channel.find(params[:channel_id])
#messages = #channel.messages
end
def new
#channel = Channel.find(params[:channel_id])
#message = #channel.messages.build
end
def create
#channel = Channel.find(params[:channel_id])
#message = #channel.messages.build(params[:message])
if #message.save
flash[:notice] = "Successfully created message."
redirect_to channel_url(#message.channel_id)
else
render :action => 'new'
end
end
def edit
#message = Message.find(params[:id])
end
def update
#message = Message.find(params[:id])
if #message.update_attributes(params[:message])
flash[:notice] = "Successfully updated message."
redirect_to channel_url(#message.channel_id)
else
render :action => 'edit'
end
end
def destroy
#message = Message.find(params[:id])
#message.destroy
flash[:notice] = "Successfully destroyed message."
redirect_to channel_url(#message.channel_id)
end
end
&
class ChannelsController < ApplicationController
def index
#channels = Channel.find(:all)
end
def show
#channel = Channel.find(params[:id])
#message = Message.new(:channel => #channel)
end
def new
#channel = Channel.new
end
def create
#channel = Channel.new(params[:channel])
if #channel.save
flash[:notice] = "Successfully created channel."
redirect_to #channel
else
render :action => 'new'
end
end
def edit
#channel = Channel.find(params[:id])
end
def update
#channel = Channel.find(params[:id])
if #channel.update_attributes(params[:channel])
flash[:notice] = "Successfully updated channel."
redirect_to #channel
else
render :action => 'edit'
end
end
def destroy
#channel = Channel.find(params[:id])
#channel.destroy
flash[:notice] = "Successfully destroyed channel."
redirect_to channels_url
end
end
&
MyApp::Application.routes.draw do
resources :users
resources :channels , :has_many => :messages, :shallow => true
resources :messages , :only => [:index]
root :channels
resources :users, :user_sessions
match 'login' => 'user_sessions#new', :as => :login
match 'logout' => 'user_sessions#destroy', :as => :logout
match ':controller(/:action(/:id(.:format)))'
#root :to => 'channels#index', :as => :listchannels
end
Assuming two models Channel and Message, where a channel has many messages, you could do something like this:
# controller
#channel = Channel.find(params[:channel_id])
#messages = #channel.messages
# index.html.erb
<% #messages.each do |message| %>
<%=h message.content %><br>
<% end %>
where content is some attribute of Message

Resources