I am a beginning developer, and I was able to successfully use this tutorial (I'm in Rails 3): http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ to allow for users to reset their passwords, however I also have a customer model that I need to do this for, and I'm running into issues (listed below code). I think the error is my routing, but I'm not sure how to fix it.
routes.rb
resources :password_resets do
get 'edit_customer'
post 'edit_customer'
end
password_resets_controller.rb
class PasswordResetsController < ApplicationController
before_filter :load_user_using_perishable_token, :only => [:edit, :update]
before_filter :load_customer_using_perishable_token, :only => [:edit_customer, :update_customer]
before_filter :require_no_user, :require_no_customer
def new
render
end
def create
#user = User.find_by_email(params[:email])
#customer = Customer.find_by_email(params[:email])
if #user
#user.deliver_password_reset_instructions!
flash[:notice] = "Instructions to reset your password have been emailed to you. " +
"Please check your email."
redirect_to new_user_session_path
elsif
if #customer
#customer.deliver_customer_password_reset_instructions!
flash[:notice] = "Instructions to reset your password have been emailed to you. " +
"Please check your email."
redirect_to new_customer_session_path
end
else
flash[:notice] = "No account was found with that email address"
render :action => :new
end
end
def edit
render
end
def edit_customer
#redirect_to edit_customer_password_resets_path
end
def update
#user.password = params[:user][:password]
#user.password_confirmation = params[:user][:password_confirmation]
if #user.save
flash[:notice] = "Password successfully updated"
redirect_to new_user_session_path
else
render :action => :edit
end
end
def update_customer
#customer.password = params[:customer][:password]
#customer.password_confirmation = params[:customer][:password_confirmation]
if #customer.save
flash[:notice] = "Password successfully updated"
redirect_to new_customer_session_path
else
render :action => :edit
end
end
private
def load_user_using_perishable_token
#user = User.find_using_perishable_token(params[:id])
unless #user
flash[:notice] = "We're sorry, but we could not locate your account." +
"If you are having issues try copying and pasting the URL " +
"from your email into your browser or restarting the " +
"reset password process."
redirect_to new_user_session_path
end
end
def load_customer_using_perishable_token
#customer = Customer.find_using_perishable_token(params[:id])
unless #customer
flash[:notice] = "We're sorry, but we could not locate your account." +
"If you are having issues try copying and pasting the URL " +
"from your email into your browser or restarting the " +
"reset password process."
#redirect_to new_customer_session_path
end
end
end
MODELS
user.rb model
def deliver_password_reset_instructions!
reset_perishable_token!
UserMailer.password_reset_instructions(self).deliver
end
customer.rb model
def deliver_customer_password_reset_instructions!
reset_perishable_token!
UserMailer.customer_password_reset_instructions(self).deliver
end
VIEWS
password_resets/new
<% form_tag password_resets_path do %>
<p>Email:</p>
<%= text_field_tag "email" %><br />
<br />
<%= submit_tag "Reset my password" %>
<% end %>
password_resets/edit
<% form_for #user, :url => password_reset_path, :method => :put do |f| %>
<%= f.label :password %><br />
<%= f.password_field :password %>
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation %>
<%= f.submit "Change my password and log me in"%>
<% end %>
password_resets/edit_customer
<% form_for #customer, :url => password_reset_path, :method => :put do |f| %>
<%= f.label :password %><br />
<%= f.password_field :password %>
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation %>
<%= f.submit "Change my password and log me in" %>
<% end %>
It works perfectly for the code that does not have "customer" appended to it. The token generates, and I can get the email to send with the same format for the url: /password_resets//edit_customer
However, it receives an error when I try to pull up the url. With the code above, I receive this error: "No route matches {:action=>"show", :controller=>"password_resets"}" - I can also see that it interprets the :id to be the id of the controller (which is different than how the user one works - it correctly interprets the id as the token.
I have experimented a lot:
change :id in controller for edit_customer in load_customer_using_perishable_token to perishable_token, customer.perishable_token, #customer.perishable_token)
tried to append these to "get 'edit_customer'" using the path helper (=> "cust_pass") - :path, :path_name, :as so i could change the url to cust_pass_path
i even tried to add this to the routes just to see if it would work
match '/password_resets/:id/edit_customer' => 'password_resets#edit_customer'
So I stumped. Any help would be greatly appreciated!
Ok by my interpretation you are recieving the email, but clicking the link gives you an error? To start with the error message
"No route matches {:action=>"show", :controller=>"password_resets"}"
is appearing because you are trying to call the show action in your password_resets contoller, but it is not defined. First thing you should do is exclude it from your routes.
resources :password_resets, :except => :destroy do
get 'edit_customer'
post 'edit_customer'
end
I dont think it will fix your problem, but having routes that go nowhere is kind of pointless. Secondly make sure you do not have anything linking to the show action. As the error seems to be occuring when you click the link in the email I would think that the link you are sending is not correct.
I was able to fix this by updating the url in edit_customer.rb
from
:url => password_reset_path
to
:url => {:action=>"update_customer", :controller=>"password_resets"}
I also had to update my route.rb
from
resources :password_resets do
get 'edit_customer'
post 'edit_customer'
end
to
resources :password_resets, :except => [:index, :destroy, :show] do
get 'edit_customer'
put 'update_customer'
end
Related
I am having issues trying to login into my Rails app. I attempt to login and it redirects my back to my login page. I checked what password I was providing and it's on point. It does not give me an error at all in the browser. I checked my console and I get a 200 code which means its found the page.
Here are my controller actions/routes
get 'login', to: 'sessions#new', as: 'login'
post 'login', to: 'sessions#create'
Here is my Sessions Controller
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(username: params[:username])
if user && user.authenticate(params[:password])
# log_in user
sessions[:user_id] = user.id
redirect_to user_path(user), notice: 'Logged in!'
else
flash.now[:danger] = 'Invalid email/password combination'
render :new
end
end
def destroy
session.delete(:user_id)
redirect_to '/', notice: 'Logged out!'
end
end
and here is my login form.
<h1>Login</h1>
<%= form_tag '/login' do %>
<div>
<%= label_tag :username %><br>
<%= text_field_tag :username %>
</div>
<div>
<%= label_tag :password %><br>
<%= password_field_tag :password %>
</div>
<div>
<%= submit_tag "Log In" %>
</div>
<% end %>
Is any one able to spot why its redirecting back to my login page?
your example has
sessions[:user_id] = user.id
shouldn't it be
session[:user_id] = user.id
session should be singular
When a user clicks on "Forgot My Password" on the login screen, they are redirected to a route '/password-reset'. Right now, I'm trying to understand how to right the form for entering your email to receive and SMS from Twilio with a code.
<div class="form-group", style="width:50%;">
<%= form_for #user, url: password_patch_path(current_user) do |f| %>
<div class="form-group">
<%= f.label :email %>
<%= f.email_field :email, class: "form-control" %>
</div>
<%= f.submit "Get Confirmation Code", class: "btn btn-default" %>
<% end %>
</div>
The issue I'm running into is that #user is nil, and I'm uncertain if the url is correct at the beginning of the form for. It makes sense to me that #user is nil because no one is logged in, so I'm not sure what that should be.
My routes are
get '/password-reset', :to => 'passwords#edit', as: :password_reset
post '/password-reset', :to => 'passwords#reset', as: :password_edit
patch '/password-confirmation', :to => 'passwords#update', as: :password_patch
and my passwords controller looks like
class PasswordsController < ApplicationController
before_action :authenticated?, only: [:edit, :update]
def reset
ConfirmationSender.send_confirmation_to(current_user)
redirect_to new_confirmation_path
end
def edit
#user = current_user
end
def update
if passwords_not_empty? && passwords_equal?
current_user.update(password_params)
redirect_to users_dashboard_path(current_user.username), success: "Password Updated"
session[:authenticated] = false
else
redirect_to password_edit_path(current_user.username), warning: "Error, please try again."
end
end
private
def password_params
params.require(:user).permit(:password, :password_confirmation)
end
def passwords_not_empty?
params[:user][:password].length > 0 && params[:user][:password_confirmation].length > 0
end
def passwords_equal?
params[:user][:password] == params[:user][:password_confirmation]
end
def authenticated?
render :file => "#{Rails.root}/public/404.html", :status => 404 unless session[:authenticated]
end
end
You are right that there will be no current_user if a user forgot his/her password. I would redesign as follows:
PasswordsContoller
class PasswordsController < ApplicationController
before_action :authenticated?, only: [:update]
def reset
#user = User.find_by(email: params[:user][:email])
if #user.present?
ConfirmationSender.send_confirmation_to(#user)
redirect_to new_confirmation_path
else
redirect_to password_reset_path, warning: "Email not found."
end
end
def edit
#user = User.new
end
...
end
Form
<div class="form-group", style="width:50%;">
<%= form_for #user, url: password_edit_path do |f| %>
<div class="form-group">
<%= f.label :email %>
<%= f.email_field :email, class: "form-control" %>
</div>
<%= f.submit "Get Confirmation Code", class: "btn btn-default" %>
<% end %>
</div>
The new edit method seeds the form with a blank user. The new reset method looks up the user by email and sends the token if the user is found. If not, it displays an email not found flash message and redirects back to the forgotten password form.
This also makes the form use the correct path for requesting a password confirmation.
I must be missing something... my views are being rendered, but it appears like code in the controller isn't being executed. I can't find what's wrong.
When I click the login button in login.html.erb, the login_process method of the PublicController should be called to authenticate the user. That doesn't seem to happen as the view login_process.html.erb just displays, which shouldn't be possible.
I've even tried putting a flash[:notice] = "heyhey" on the login_screen action so it appears on the login form, but that doesn't happen either.
What have I done wrong?
Is it something in the routes.rb?
routes.rb
root :to => "public#index"
get "login",
:to => "public#login",
:as => "login_screen"
post "login_process",
:to => "public#login_process",
:as => "login_process"
get "logout",
:to => "public#logout",
:as => "logout"
public_controller.rb
class PublicController < ApplicationController
def login_screen
flash[:notice] = "heyhey"
end
def login_process
authenticated_user = User.authenticate params[:email], params[:password]
if authenticated_user
session[:user_id] = authenticated_user.id
session.countdown_start(1.minute)
redirect_to :public => :index
else
flash[:notice] = 'Email/Password incorrect. Receive a new password.'
flash[:color] = "invalid"
end
render :login_screen
end
def logout
session.countdown_abort
flash[:notice] = "You are now logged out"
redirect_to :login_screen
end
def count
render :text => session.countdown_count.to_i
end
end
views/public/login.html.erb
<h1>Login</h1>
<p id="notice"><%= notice %></p>
<%= form_tag :login_process do %>
<div class="field">
<%= label_tag :email %><br>
<%= text_field_tag :email %>
</div>
<div class="field">
<%= label_tag :password %><br>
<%= password_field_tag :password %>
</div>
<div class="actions">
<%= submit_tag "Login" %>
</div>
<% end %>
<h1>Login</h1>
<p id="notice"><%= notice %></p>
<%= form_tag :login_process do %>
<div class="field">
<%= label_tag :email %><br>
<%= text_field_tag :email %>
</div>
<div class="field">
<%= label_tag :password %><br>
<%= password_field_tag :password %>
</div>
<div class="actions">
<%= submit_tag "Login" %>
</div>
<% end %>
login_process.html.erb
I never expect to see this page as the user should be directed elsewhere
<p>login_process.html.erb</p>
<p id="notice"><%= notice %></p>
Update 1:
I've modified the authenticate action in the User model to be:
def authenticate(:email, :password)
#x = new User
#x.id = 123
return false #x
end
and login_process on PublicController to be:
def login_process
if true
flash[:notice] = 'boom'
else
flash[:notice] = 'Email/Password incorrect. Receive a new password.'
flash[:color] = "invalid"
end
redirect_to :login_screen
end
Unfortunately though... same issue. The login_process.html.erb is
displayed with no flash notices either.
Versions:
Ruby 2.0.0p247
Rails 4.0.0
The code in your controller is probably executing just fine.
I think the authenticate class method on User is not giving you the correct result. That's why it doesn't go through the if authenticated_user and just renders the login_process view. You don't have to call this render command though, it's done for you if you do nothing.
There's a problem with the login_process method though. You can't have a render call and a redirect_to be called together, now it can happen in your case, if the user is authenticated. Put the render :login_screen in the else case, otherwise you get the AbstractController::DoubleRenderError error saying: Render and/or redirect were called multiple times in this action. [etc.]
This is what you would get as an error if the user was authenticated.
Edit: Running this locally (stubbing User.authenticate) on a new Rails project it works. Flash notices appear and everything.
Also: render :login_screen is probably render :login, no? in login_process?
If nothing works still, what's your: Ruby version, Rails version, put authenticated_user = false # or true in login_process to see if it behaves differently.
redirect_to :public => :index
It seems like you are redirecting from login_process to /login_process?public=index, which I don't think is your intention.
If you are meaning to redirect to public#index, try
redirect_to root_path
(But I can't see that action in your public controller.)
I believe the problem is that you call two renders in one action. You can only render one page per action.
def login_process
authenticated_user = User.authenticate params[:email], params[:password]
if authenticated_user
session[:user_id] = authenticated_user.id
session.countdown_start(1.minute)
redirect_to :public => :index
else
flash[:notice] = 'Email/Password incorrect. Receive a new password.'
flash[:color] = "invalid"
end
render :login_screen
end
The user is authenticated and the redirect_to should bring you to the public/index, however, you call render :login_screen after the if statement, so it will execute that portion of the code no matter what and bring you back to the login.
Right now I'm building a project management app in rails, here is some background info:
Right now i have 2 models, one is User and the other one is Client. Clients and Users have a one-to-one relationship (client -> has_one and user -> belongs_to which means that the foreign key it's in the users table)
So what I'm trying to do it's once you add a client you can actually add credentials (add an user) to that client, in order to do so all the clients are being displayed with a link next to that client's name meaning that you can actually create credentials for that client.
So in order to do that I'm using a helper the link to helper like this.
<%= link_to "Credentials",
{:controller => 'user', :action => 'new', :client_id => client.id} %>
Meaning that he url will be constructed like this:
http://localhost:3000/clients/2/user/new
By creating the user for the client with he ID of 2.
And then capturing the info into the controller like this:
#user = User.new(:client_id => params[:client_id])
EDIT: This is what i currently have in my View/Controller and Routes
I keep getting this error: No route matches "/clients//user" with {:method=>:post}
Routes
ActionController::Routing::Routes.draw do |map|
map.resources :users
map.resources :clients, :has_one => :user
map.connect ':controller/:action/:id'
map.connect ':controller/:action/:id.:format'
end
Controller
class UsersController < ApplicationController
before_filter :load_client
def new
#user = User.new
#client = Client.new
end
def load_client
#client = Client.find(params[:client_id])
end
def create
#user = User.new(params[:user])
#user.client_id = #client.id
if #user.save
flash[:notice] = "Credentials created"
render :new
else
flash[:error] = "Credentials created failed"
render :new
end
end
View
<% form_for #user, :url => client_user_url(#client) do |f| %>
<p>
<%= f.label :login, "Username" %>
<%= f.text_field :login %>
</p>
<p>
<%= f.label :password, "Password" %>
<%= f.password_field :password %>
</p>
<p>
<%= f.label :password_confirmation, "Password Confirmation" %>
<%= f.password_field :password_confirmation %>
</p>
<%= f.submit "Create", :disable_with => 'Please Wait...' %>
<% end %>
Your form tag is wrong, you are posting to /users without the :client_id.
Try this:
<% form_for #user, :url => {:controller => 'users', :action => 'new', :client_id => #client.id} do |f| >
Alternatively, you could use nested resources:
config/routes.rb
map.resources :clients do |clients|
clients.resources :users
end
Controller
class UsersController < ApplicationController
before_filter :load_client
def load_client
#client = Client.find(params[:client_id])
end
# Your stuff here
end
View
<% form_for [#client, #user] do |f| %>
I solved this by using nested attributes, by including the user model, when creating the client. And it works flawlessly.
In case any of you guys need more info here's the two screencasts that helped me come up with as solution:
http://railscasts.com/episodes/196-nested-model-form-part-1
http://railscasts.com/episodes/196-nested-model-form-part-2
I'm following this article(http://asciicasts.com/episodes/160-authlogic), I'm not using nifty generator tho.
I've done the User model and localhost:3000/users/new page works fine.
But when I try to open localhost:3000/login, the page is just empty. The source is empty too.
I've just copied the source from the site.
routes.rb
map.login 'login', :controller => 'user_sessions', :action => 'new'
map.logout 'logout', :controller => 'user_sessions', :action => 'destroy'
map.resources :user_sessions
map.resources :users
user_sessions_controller.rb
class UserSessionsController < ApplicationController
def new
#user_session = UserSession.new
end
def create
#user_session = UserSession.new(params[:user_session])
if #user_session.save
flash[:notice] = "Successfully logged in."
redirect_to root_url
else
render :action => 'new'
end
end
def destroy
#user_session = UserSession.find
#user_session.destroy
flash[:notice] = "Successfully logged out."
redirect_to root_url
end
end
/views/user_sessions/new.html.erb
<% form_for #user_session do |f| %>
<%= f.error_messages %>
<p>
<%= f.label :username %><br />
<%= f.text_field :username %>
</p>
<p>
<%= f.label :password %><br />
<%= f.password_field :password %>
</p>
<p><%= f.submit "Submit" %></p>
<% end %>
The code is just same as the site.
The server console shows that the views are being rendered:
Completed 200 OK in 149ms (Views: 145.5ms | ActiveRecord: 3.2ms)
Why is the login form not displayed at all?
Update
After added new action 'index' into user_sessions controller(also plus index.html.erb), if I open localhost:3000/user_sessions/index shows me below message.
Unknown action
No action responded to show. Actions: create, destroy, index, and new
And, this is WEBrick output
Processing UserSessionsController#show
(for 127.0.0.1 at 2010-01-22 12:47:10)
[GET]
Parameters: {"id"=>"index"}
ActionController::UnknownAction (No
action responded to show. Actions:
create, destroy, index, and new):
I've found the reason.
There was nothing in Views/layouts/application.html.erb, the file is exist, tho.
/views/new.html.erb should be located at views/user_sessions/new.html.erb