I am using devise and i am trying to allow user to modify their information without providing their information. I have followed the tutorial https://github.com/plataformatec/devise/wiki/How-To%3a-Allow-users-to-edit-their-account-without-providing-a-password.
I have this link to allow user to change their own settings
<%= link_to "Account Settings", edit_user_registration_path(current_user) %>
What I did his follow
rails g controller Registration
In the registrations controller replace the content with this
class RegistrationsController < Devise::RegistrationsController
def update
#user = User.find(current_user.id)
email_changed = #user.email != params[:user][:email]
password_changed = !params[:user][:password].empty?
successfully_updated = if email_changed or password_changed
#user.update_with_password(params[:user])
else
#user.update_without_password(params[:user])
end
if successfully_updated
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in #user, :bypass => true
redirect_to after_update_path_for(#user)
else
render "edit"
end
end
end
And in route.rb file i did this
devise_for :users, :controllers => { :registrations => "registrations" }
But it still bring me to the folder /views/devise/registration/edit.erb.html instead of bringing me to /views/registrations/edit.erb.html. I also restarted the server and my computer but no clue what else to do
Update: Note(customers = Users)
Started GET "/customers/edit.2" for 127.0.0.1 at 2012-12-09 20:06:03 -0500
Processing by Devise::RegistrationsController#edit as
[1m[35mCustomer Load (0.3ms)[0m SELECT `customers`.* FROM `customers` WHERE `customers`.`id` = 2 LIMIT 1
[1m[36mPage Load (0.2ms)[0m [1mSELECT `pages`.* FROM `pages` [0m
[1m[35mTag Load (0.2ms)[0m SELECT `tags`.* FROM `tags`
Rendered devise/registrations/edit.html.erb within layouts/application (0.1ms)
Rendered layouts/_shim.html.erb (0.0ms)
Rendered layouts/_iewrap.html.erb (0.0ms)
Rendered layouts/_header.html.erb (1.1ms)
Rendered layouts/_search_tags.html.erb (0.0ms)
Rendered layouts/_navigation.html.erb (0.8ms)
Rendered layouts/_thirdcol.html.erb (0.0ms)
Rendered pages/_link.html.erb (0.0ms)
Rendered layouts/_footer.html.erb (0.4ms)
Completed 200 OK in 41ms (Views: 36.4ms | ActiveRecord: 0.7ms)
Started GET "/assets/application.css?body=1" for 127.0.0.1 at 2012-12-09 20:06:04 -0500
Served asset /application.css - 304 Not Modified (5ms)
Started GET "/assets/activity_managers.css?body=1" for 127.0.0.1 at 2012-12-09 20:06:04 -0500
Served asset /activity_managers.css - 304 Not Modified (0ms)
this is the path i get to
http://localhost:3000/customers/edit.2
You got the name and location of your file wrong.
The file should be called edit.html.erb, not edit.erb.html.
The file should be localed in app/views/registrations.
Also, whenever a url has .id appended at the end, it means that you are passing something to the url helper that you shouldn't be. So in this case, you can remove the current_user argument and use your link like this:
<%= link_to "Account Settings", edit_user_registration_path %>
In config/initializers/devise.rb, uncomment this line config.scoped_views = true then restart Rails server. Also check if your edit.erb.html is in the right directory, it may be need to be in app/views/users/registrations/.
UPDATE:
You need to define edit method in your RegistrationsController because without it will inherit from Devise's RegistrationsController and consequently render Devises's views. Just add these two lines to the controller and it should work.
def edit
end
Related
It shows no errors to aid in locating and fixing the problem. I've checked the database file and it's still empty.
The submit button <div><%= f.submit "Create", class: "btn btn-normal" %></div>
The only thing that changes after submitting is the address. It changes from http://localhost:3000/cars/new to http://localhost:3000/cars
Everything else stays the same. How do i fix this?
Updated the question with the following;
Log
Started GET "/cars/new" for ::1 at 2020-01-26 14:44:53 +0000
(0.1ms) SELECT sqlite_version(*)
Processing by CarsController#new as HTML
User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 1], ["LIMIT", 1]]
Rendering cars/new.html.erb within layouts/application
Rendered cars/new.html.erb within layouts/application (Duration: 12.1ms | Allocations: 1210)
[Webpacker] Everything's up-to-date. Nothing to do
Rendered shared/_navbar.html.erb (Duration: 0.7ms | Allocations: 103)
Rendered shared/_message.html.erb (Duration: 0.1ms | Allocations: 17)
Completed 200 OK in 496ms (Views: 471.7ms | ActiveRecord: 1.0ms | Allocations: 15750)
Started POST "/cars" for ::1 at 2020-01-26 14:45:06 +0000
Processing by CarsController#create as HTML
Parameters: {"authenticity_token"=>"Oom+xdVDc0PqSwLbLIEP0R8H6U38+v9ISVql4Fr/0WSxZGSrxzTHccsgghd1U30OugcUBAA1R4BtsB0YigAUtA==", "car"=>{"vehicle_type"=>"Sports", "car_type"=>"Private", "seat"=>"5", "colour_type"=>"Black", "transmission_type"=>"Automatic"}, "commit"=>"Create car"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 1], ["LIMIT", 1]]
Rendering cars/new.html.erb within layouts/application
Rendered cars/new.html.erb within layouts/application (Duration: 7.2ms | Allocations: 1144)
[Webpacker] Everything's up-to-date. Nothing to do
Rendered shared/_navbar.html.erb (Duration: 0.2ms | Allocations: 103)
Rendered shared/_message.html.erb (Duration: 0.1ms | Allocations: 17)
Completed 200 OK in 124ms (Views: 114.9ms | ActiveRecord: 0.4ms | Allocations: 14757)
Model app/models/car.rb
class Car < ApplicationRecord
belongs_to :user
validates :vehicle_type, presence: true
validates :car_type, presence: true
validates :seat, presence: true
validates :transmission_type, presence: true
validates :engine, presence: true
end
Controller app/controllers/cars_controller.rb
class CarsController < ApplicationController
before_action :set_car, except: [:index, :new, :create]
before_action :authenticate_user!, except: [:show]
def index
#cars = current_user.cars
end
def new
#car = current_user.cars.build
end
def create
#car = current_user.cars.build(car_params)
if #car.save
redirect_to listing_car_path(#car), notice: "Saved..."
else
render :new, notice: "Something went wrong..."
end
end
def show
end
def listing
end
def pricing
end
def description
end
def photo_upload
end
def features
end
def location
end
def update
if #car.update(car_params)
flash[:notice] = "Saved..."
else
flash[:notice] = "Something went wrong..."
end
redirect_back(fallback_location: request.referer)
end
private
def set_car
#car = Car.find(params[:id])
end
def car_params
params.require(:car).permit(:vehicle_type, :car_type, :seat, :transmission_type, :engine, :fuel_type, :colour_type, :window_type, :listing_name, :summary, :is_tv, :is_air, :is_internet, :is_sunroof, :is_bluetooth, :is_dvd, :is_gps, :is_usb, :is_audio, :is_airbags, :price, :active)
end
end
TLDR:
Solution is that you should either provide engine and user_id in params or you should remove presence true validation and add optional true case (for user association) from model.
Explanation:
If your model says that it should validate presence of engine then how can you not provide engine param (in form). When you post the form without engine, what happens is that your model does not save it and as you have handled that case, it moves on. As it belongs to user, same goes for user ID. although you could make it optional too by adding optional: true both in schema and model (because a car can "be" without a user IRL but depends here in your use-case).
Going one step further, to exactly understand the issue yourself, use pry or byebug to see the params and happenings in runtime. Easier and faster way to verify the error is that put a bang in front of create method and it will show the error like: if #car.save!. One more thing: copy the car params and try to do this in rails console yourself manually with bang. It will give you the cause. These things will help you diagnose model save/create issues in rails.
Happy Coding :)
From your log file
Started POST "/cars" for ::1 at 2020-01-26 14:45:06 +0000
Shows that the create action is being called on the cars controller
The parameters being passed in are
{"authenticity_token"=>"Oom+xdVDc0PqSwLbLIEP0R8H6U38+v9ISVql4Fr/0WSxZGSrxzTHccsgghd1U30OugcUBAA1R4BtsB0YigAUtA==", "car"=>{"vehicle_type"=>"Sports", "car_type"=>"Private", "seat"=>"5", "colour_type"=>"Black", "transmission_type"=>"Automatic"}, "commit"=>"Create car"}
The first method called on your create action is authenticate_user
before_action :authenticate_user!, except: [:show]
You can see that this happens
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 1], ["LIMIT", 1]]
According to your log the next thing that happens is
Rendering cars/new.html.erb within layouts/application
Which means that the else clause was hit render :new, notice: "Something went wrong..."
#car = current_user.cars.build(car_params)
if #car.save
redirect_to listing_car_path(#car), notice: "Saved..."
else
render :new, notice: "Something went wrong..."
end
Therefore the car did not save so validation must have failed.
Your new car form should have an errors loop to display all the errors. If it did have this then your user (You) would know what went wrong
Something like this
<% if car.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(car.errors.count, "error") %> prohibited this car from being saved:</h2>
<ul>
<% car.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
Should do the trick but it's standard in all rails generated forms so it should be there anyway
I'm trying to create a rails 5 applications with devise that's supposed to act like a social network, so every user has a profile.
After updating the user instead of going back to the profile, the server redirects to localhost, then there is a message Filter chain halted as :require_no_authentication rendered or redirected and only then the user profile is loaded.
Also on the profile a message is shown "You are already signed in".
My goal is to erase those redirects.
I tried to change the redirect in a custom RegistrationController but then it said there are too many redirects so I could't just replace it.
I tried to have different roots for authenticated and unauthenticated users in routes.rb but it didn't change the behaviour
I tried to get behind the :require no authentication but I'm actually not quite sure I understood it correctly and also it didn't change anything.
The after_sign_in_path_for is set to the user profile
This is the server output:
Started PUT "/users" for 127.0.0.1 at 2019-06-04 12:13:37 +0200
Processing by Users::RegistrationsController#update as HTML
Parameters: {"email"=>"asdf#asdf.de", "password"=>"[FILTERED]", "password_confirmat
ion"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (0.8ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER BY `users`.`id` ASC LIMIT 1
User Load (0.6ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT
1
(0.3ms) BEGIN
(0.4ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 295ms (ActiveRecord: 2.1ms)
Started GET "/" for 127.0.0.1 at 2019-06-04 12:13:37 +0200
Processing by Users::SessionsController#new as HTML
User Load (0.7ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER
BY `users`.`id` ASC LIMIT 1
Redirected to http://localhost:3000/users/1
Filter chain halted as :require_no_authentication rendered or redirected
Completed 302 Found in 15ms (ActiveRecord: 0.7ms)
Started GET "/users/1" for 127.0.0.1 at 2019-06-04 12:13:37 +0200
Processing by UsersController#show as HTML
Parameters: {"id"=>"1"}
User Load (0.6ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER
BY `users`.`id` ASC LIMIT 1
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT
1
Rendering users/show.html.erb within layouts/application
Rendered users/show.html.erb within layouts/application (1.1ms)
Rendered shared/_navbar.html.erb (0.7ms)
Completed 200 OK in 162ms (Views: 145.3ms | ActiveRecord: 1.1ms)
Also why does the user get signed in again after updating? Is it correct behaviour?
I cannot seem to fathom where the redirect to localhost ist happening and intervene. Any help would be appreciated.
Edit 1
So, to clarify. I tried to use an authenticated_root but then I get the errormessage Couldn't find User without an ID.
devise_scope :user do
authenticated :user do
root to: 'users#show', as: :authenticated_root
end
root to: 'users/sessions#new'
end
Also I can't manage to change the redirecting from to root to the user profile. So the RegistrationController is unchanged. I would like to say in the update method or somewhere else "after updating go to user profile".
It seems like your root_path is /users/sign_in, and when the user updates his account, you redirect him to the root... but the user is already signed in so he can't access to the new_user_session_pah. The fallback default location configured in Devise is the user's profile, so he's redirected to this route.
Have you configured an authenticated root?
https://github.com/plataformatec/devise/wiki/How-To:-Define-a-different-root-route-for-logged-in-out-users
It should fix your problem (:
I managed to solve it by adding a method to RegistrationController as follows:
def after_update_path_for(resource)
user_path(current_user)
end
That is, after updating user, Rails goes to root_path, that is sessions#new. But user's already logged in, so rails router redirects you to users#show
Why don't you set root "home#index" (or sth like that)
Rails.application.routes.draw do
devise_for :users
authenticated :user do
root 'secret#index', as: :authenticated_root
end
root "home#index"
end
and then, in your application_controller.rb you can just require users to login before using your page
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
end
If you want to redirect user to users#show after update, you can override the after_update_path_for
class User::RegistrationsController < Devise::RegistrationsController
protected
def after_update_path_for(resource)
user_path(resource)
end
end
So at every submit request my rails server shows it is trying to get the logo and then shows there is no user with id = logo.png. Can somebody please help me!
Detailed error message:
Started GET "/users/2" for 127.0.0.1 at 2016-10-02 19:01:18 +0530
Processing by UsersController#show as HTML
Parameters: {"id"=>"2"}
User Load (0.0ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 2 LIMIT 1
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 2 LIMIT 1
Rendered users/show.html.erb within layouts/application (1.8ms)
Rendered layouts/_header.html.erb (0.0ms)
Rendered layouts/_sidebar.html.erb (1.0ms)
Completed 200 OK in 130ms (Views: 126.9ms | ActiveRecord: 0.5ms)
Started GET "/users/logo.png" for 127.0.0.1 at 2016-10-02 19:01:18 +0530
Processing by UsersController#show as PNG
Parameters: {"id"=>"logo"}
User Load (1.0ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 0 LIMIT 1
Completed 404 Not Found in 3ms (ActiveRecord: 1.0ms)
ActiveRecord::RecordNotFound (Couldn't find User with 'id'=logo):
app/controllers/users_controller.rb:43:in `show'
Here is my routes file:
Rails.application.routes.draw do
root 'dashboard#show'
get 'signup' => 'users#new'
get 'admins' => 'users#admins_dashboard'
delete 'users' => 'users#destroy'
get '/users/edit/:id' => 'users#edit'
resources :users
get 'login' => 'sessions#new'
post 'login' => 'sessions#create'
delete 'logout' => 'sessions#destroy'
end
My controller action for users:
def show
#user = User.find(params[:id])
end
def create
#user = User.new(user_params)
if #user.save
session[:user_id] = #user.id
redirect_to '/'
else
redirect_to '/signup'
end
end
the model for users:
class User < ActiveRecord::Base
has_secure_password
def admin?
self.role == 'admin'
end
end
This happened due to the way the browser resolves relative urls. When you use a fully qualified url for an image src(eg: http://example.com/logo.png), the browser doesn't have to do anything. It just issues a request to that URL. However, when you use relative URLs(without the protocol and domain), the browser has to figure out the full URL to issue the request.
You had <img alt="Brand" src="logo.png" /> in your layout, so the browser used the current context to resolve the full URL for that image. When you were on http://example.com/users/1, the src was resolved to http://example.com/users/logo.png because it used the current path. When you were in the homepage the logo could be found because you were at the root path, so it resolved that src to http://example.com/logo.png.
One way to solve this is to prepend a slash to the src <img alt="Brand" src="/logo.png" /> forcing the browser to resolve it at the root of your domain. That will only work in your rails app if that image is on the public folder.
If you placed the image inside your assets, it's best to use rails image_tag helper. image_tag("logo.png").
Trying to signup in my RoR webapp give me the Devise Message "Auth token has already been taken"
Also, the webapp have an API and works fine, doesn't give any message, this only happen when I'm trying to use the HTML view.
user_controller.rb
before_action :set_user, only: [:show, :edit, :update, :destroy]
# DELETE /users/:id.:format
def destroy
# authorize! :delete, #user
#user.destroy
respond_to do |format|
format.html { redirect_to root_url }
end
end
private
def set_user
#user = User.find(params[:id])
end
def user_params
accessible = [ :name, :email ]
accessible << [ :password, :password_confirmation ] unless params[:user][:password].blank?
params.require(:user).permit(accessible)
end
User.rb
validates :auth_token, uniqueness: true
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
before_create :generate_authentication_token!
def generate_authentication_token!
begin
self.auth_token = Devise.friendly_token
end while self.class.exists?(auth_token: auth_token)
end
logs
Started GET "/users/sign_up" for 127.0.0.1 at 2015-06-30 09:31:46 -0500
Processing by Devise::RegistrationsController#new as HTML
Rendered devise/registrations/new.html.haml within layouts/application (12.9ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."deleted_at" IS NULL AND "users"."auth_token" IS NULL LIMIT 1
Rendered layouts/_navigation_links.html.haml (2.1ms)
Rendered layouts/_navigation.html.haml (3.4ms)
Rendered layouts/_messages.html.haml (0.2ms)
Completed 200 OK in 132ms (Views: 117.0ms | ActiveRecord: 1.5ms)
Started POST "/users" for 127.0.0.1 at 2015-06-30 09:32:00 -0500
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"20w9AXmACwggvPocKfLBdrxQRasT5OiaC7niuzooBBm3BAp8xkN6VLWyxZLRoLIpFPEIIdkxZRd9CCwsJxkeUA==", "user"=>{"email"=>"hola#x.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
(0.1ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE "users"."auth_token" = '' LIMIT 1
User Exists (0.3ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = 'hola#x.com' LIMIT 1
(0.1ms) ROLLBACK
Rendered devise/registrations/new.html.haml within layouts/application (3.2ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."deleted_at" IS NULL AND "users"."auth_token" IS NULL LIMIT 1
Rendered layouts/_navigation_links.html.haml (1.5ms)
Rendered layouts/_navigation.html.haml (2.1ms)
Rendered layouts/_messages.html.haml (0.2ms)
Completed 200 OK in 232ms (Views: 134.4ms | ActiveRecord: 1.2ms)
Started GET "/assets/jquery/jquery-bb5529929fa5581a780a38ecb7470f2c.js?body=1" for 127.0.0.1 at 2015-06-30 09:32:00 -0500
Follow the following
1) Open Rails console
rails console
2) Get the total count of users
user = User.all
user.count
this should be 1
3) Get the user and check the auth token
user = User.last
user.auth_token
auth token would be an empty string which is the reason your command is failing as the user doesn't have valid auth token
4) Create a valid auth token for the user
user.auth_token = Devise.friendly_token
user.save
It would create a valid auth token for the user and save it
5) Now you can run your commands and it would work perfectly
Cheers! :)
It's probably because you already have users in your db without auth_token,
use Devise.friendly_token to update those users with a token
I am trying to create a simple authentication system but I seem to have a problem.
The signup process works fine, but when I try to login with the exact same information, I can't (I get "Invalid email or password"). As I saw, the hash comparison returns false. Here is my code:
#sessions_controller.rb
def create
user = User.authenticate(params[:email], params[:password])
if user
session[:user_id] = user.id
redirect_to root_url, :notice => "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
and
class User < ActiveRecord::Base
attr_accessor :password
before_save :encrypt_password
validates_confirmation_of :password
validates_presence_of :password, :on => :create
validates_presence_of :name
validates_presence_of :email
validates_uniqueness_of :email
def self.authenticate(email, password)
user = User.where(email: email).first
# throw Exception.new(user.password_hash) #uncaught throw #<Exception: $2a$10$9FHhPyb7BW01ktwTTgZHX.hlKKv4ajX/dX9D/xNGmZoajJTdGG4N.>
# throw Exception.new(user.password_salt) #uncaught throw #<Exception: $2a$10$9FHhPyb7BW01ktwTTgZHX.>
# throw Exception.new(BCrypt::Engine.hash_secret(password, user.password_salt)) #uncaught throw #<Exception: $2a$10$9FHhPyb7BW01ktwTTgZHX.O62xalJit020Jb0g5XDdB5V8dGMslQS>
if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
user
else
nil
end
end
def encrypt_password
if password.present?
self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
end
end
end
So, as you can see in the commented lines in user.rb, the password hash that I get when trying to log in is not the same with the original one. Obviously, the password I enter is the correct one.
user.password_hash = $2a$10$9FHhPyb7BW01ktwTTgZHX.hlKKv4ajX/dX9D/xNGmZoajJTdGG4N.
user.password_salt = $2a$10$9FHhPyb7BW01ktwTTgZHX.
BCrypt::Engine.hash_secret(password, user.password_salt) = $2a$10$9FHhPyb7BW01ktwTTgZHX.O62xalJit020Jb0g5XDdB5V8dGMslQS
Can you please give me a hint here? What is that I do wrong?
Thanks a lot!
//later edit: also adding the users controller, perhaps this can help.
class UsersController < ApplicationController
def new
#user = User.new(user_params)
end
def create
#user = User.new(user_params)
if #user.save
redirect_to root_url, :notice => "Signed up!"
else
render "new"
end
end
private
def user_params
params.fetch(:user).permit(:name, :email, :password, :password_confirmation) if params[:user]
end
end
Edit: posting the logs for signing up/logging in
Started GET "/sign_up" for 127.0.0.1 at 2013-10-11 11:23:13 +0300
Processing by UsersController#new as HTML
Rendered users/new.html.erb within layouts/application (31.8ms)
Completed 200 OK in 48ms (Views: 41.8ms | ActiveRecord: 1.2ms)
Started POST "/users" for 127.0.0.1 at 2013-10-11 11:24:30 +0300
Processing by UsersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"LPLEs9at6BLGgjikYynnEzA/JAMMVl9IYGId1zEyNEg=", "user"=>{"name"=>"johntest", "email"=>"johntest#johntest.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create User"}
(0.1ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM `users` WHERE `users`.`email` = BINARY 'johntest#johntest.com' LIMIT 1
SQL (0.3ms) INSERT INTO `users` (`created_at`, `email`, `name`, `password_hash`, `password_salt`, `updated_at`) VALUES ('2013-10-11 08:24:30', 'johntest#johntest.com', 'johntest', '$2a$10$tpDFvkFUC.OPckDm6xacU.xkjFmECg2CDpsi3cjTJNX6K58ujHOn6', '$2a$10$tpDFvkFUC.OPckDm6xacU.', '2013-10-11 08:24:30')
(39.2ms) COMMIT
Redirected to http://localhost:3000/
Completed 302 Found in 141ms (ActiveRecord: 40.0ms)
Started GET "/" for 127.0.0.1 at 2013-10-11 11:24:30 +0300
Processing by TroublesController#frontpage as HTML
Trouble Load (0.2ms) SELECT `troubles`.* FROM `troubles`
CACHE (0.0ms) SELECT `troubles`.* FROM `troubles`
Rendered troubles/_marker_infowindow.html.erb (0.8ms)
Rendered troubles/_marker_infowindow.html.erb (0.1ms)
Rendered /home/alex/.rvm/gems/ruby-2.0.0-p247/gems/gmaps4rails-1.5.6/app/views/gmaps4rails/_gmaps4rails.html.erb (1.9ms)
Rendered troubles/frontpage.html.erb within layouts/application (3.9ms)
Completed 200 OK in 21ms (Views: 13.5ms | ActiveRecord: 0.2ms)
[...](loading assets)
Started GET "/log_in" for 127.0.0.1 at 2013-10-11 11:24:52 +0300
Processing by SessionsController#new as HTML
Rendered sessions/new.html.erb within layouts/application (1.1ms)
Completed 200 OK in 14ms (Views: 12.8ms | ActiveRecord: 0.0ms)
Started POST "/sessions" for 127.0.0.1 at 2013-10-11 11:25:05 +0300
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"LPLEs9at6BLGgjikYynnEzA/JAMMVl9IYGId1zEyNEg=", "name"=>"johntest", "email"=>"johntest#johntest.com", "password"=>"[FILTERED]", "commit"=>"Log in"}
User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'johntest#johntest.com' ORDER BY `users`.`id` ASC LIMIT 1
Rendered sessions/new.html.erb within layouts/application (1.7ms)
Completed 200 OK in 99ms (Views: 10.9ms | ActiveRecord: 0.4ms)
[...](loading assets)
So I went to the sign up page, filled in the details, I was forwarded to the homepage and it said "Signed up!". I clicked login, entered the details and it says "Invalid email or password".
Bcrypt is decrypting the right way but the culprit in your code is the before_save :encrypt_password just change the before save event as before_create event. with before_save , Every time you update the user record encrypt_password is called and it is encrypting the password field that way you are losing the first encrypted password which never matches though you give the correct password. I got stuck up with the same issue, after a deep analysis I got to know the fix.