当前位置:theitroad>Ruby-on-rails Rails Devise - current_user 为零

Ruby-on-rails Rails Devise - current_user 为零

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/18423718/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-02 22:35:30  来源:igfitidea点击:

Rails Devise - current_user is nil

ruby-on-railsrubyruby-on-rails-3devise

提问by Justin D.

For some reason, current_userreturns nilin my model-less controller (Subscriptions). I have found nothing on the Internet to justify this behavior...

出于某种原因,current_user回报nil在我的模型少控制器(Subscriptions)。我在互联网上找不到任何可以证明这种行为的理由......

class SubscriptionsController < ApplicationController  
  def new
    ...
  end

  def create
    current_user    # returns nil
  end
end

I have a csrf meta tag :

我有一个 csrf 元标记:

<meta content="xxx" name="csrf-token">

I can provide more code, but I'm not sure what would be useful.

我可以提供更多代码,但我不确定什么会有用。

UPDATE

更新

So thanks to the comments/answers, I have pinpointed the problem to one particular action : create.

因此,多亏了评论/答案,我已将问题确定为一项特定操作:create

if I add @user = current_userto the new, I can show the current user's email in my newview. However, in my createcontroller, current_userreturns nil.

如果我添加@user = current_usernew,我可以在我的new视图中显示当前用户的电子邮件。但是,在我的create控制器中,current_user返回nil.

I accessed the createaction through a form (submit).

create通过表单(提交)访问了该操作。

Before the form is submitted, I validate the input and then send a request to Stripe to get a token out of the form. If there are no errors (validation and stripe), I then send the form.

在提交表单之前,我验证输入,然后向 Stripe 发送请求以从表单中获取令牌。如果没有错误(验证和条带),我就发送表单。

Could that be the cause?

这可能是原因吗?

UPDATE 2

更新 2

In my error message, my session dump is empty, while it should contains the current_user info...

在我的错误消息中,我的会话转储为,而它应该包含 current_user 信息...

采纳答案by Justin D.

It turned out the AJAX request I was making didn't carry the CSRF token. For that reason, Rails was killing my session.

结果我发出的 AJAX 请求没有携带 CSRF 令牌。出于这个原因,Rails 正在扼杀我的会话。

I added skip_before_filter :verify_authenticity_tokenin my SubscriptionsControllerand it is now working. It might not be the most secure solution, but it works for now, so I continue to develop and come back to this issue later.

我添加skip_before_filter :verify_authenticity_token了我的SubscriptionsController,现在正在工作。它可能不是最安全的解决方案,但它现在有效,所以我继续开发并稍后再回到这个问题。

回答by Adam Waselnuk

Note that when you create forms using the form_taghelper, they do not automatically generate the hidden field which holds the token for CSRF authentication. I ran into this same issue with a form I had constructed using the form_tagwhich I sometimes prefer using.

请注意,当您使用form_tag帮助程序创建表单时,它们不会自动生成包含 CSRF 身份验证令牌的隐藏字段。我使用form_tag我有时更喜欢使用的构建的表单遇到了同样的问题。

I fixed the issue by including the following helpers within the form:

我通过在表单中​​包含以下助手解决了这个问题:

<%= hidden_field_tag 'authenticity_token', form_authenticity_token %>

<%= hidden_field_tag 'authenticity_token', form_authenticity_token %>

It's basically a manual way of generating the hidden field you need for the CSRF stuff.

它基本上是一种手动生成CSRF 所需的隐藏字段的方法。

回答by Vinicius

for current_userto work you need to add before_filter :authenticate_user!to your class, like:

为了current_user工作,您需要添加before_filter :authenticate_user!到您的课程中,例如:

class SubscriptionsController < ApplicationController  
  before_filter :authenticate_user!

  def new
    ...
  end

  def create
    curent_user    # returns nil
  end
end

and the authenticate_user!method will set the current user for you :)

authenticate_user!方法将为您设置当前用户:)

回答by Jose Paez

I had a similar issue but I was editing the model. So everytime I updated the model suddenly that would happen:

我有一个类似的问题,但我正在编辑模型。所以每次我突然更新模型时都会发生:

current_model to nil

After analyzing things, it turns out that if you leave the password in the form, when the user tries to edit some attribute, the person is then forced to write a password.
Once the form is delivered and updated, Devise does the rational thing when someone updates a password, which is to destroy the session and ask the user to sign in again.

经过分析,事实证明,如果您将密码留在表单中,当用户尝试编辑某些属性时,该人将被迫输入密码。
一旦表单被交付和更新,当有人更新密码时,Devise 会做理性的事情,即破坏会话并要求用户再次登录。

So that was why current_modelwas suddenly turning to nil. Hope this helps, have a great day!

所以这就是为什么current_model突然变成零的原因。希望这会有所帮助,祝您有美好的一天!

相关推荐

Ruby-on-rails 每次我进行更改时,Rails Server 都需要重新启动吗?为什么?

Ruby-on-rails 每次我进行更改时,Rails Server 都需要重新启动吗?为什么?

Ruby - 从传入的 http 调用中获取请求正文

Ruby - 从传入的 http 调用中获取请求正文

Ruby-on-rails 如何在 rails 中为 url helper 设置默认主机?

Ruby-on-rails 如何在 rails 中为 url helper 设置默认主机?

Ruby-on-rails 如何在 RSpec 中使用 HTTP 状态代码符号?

Ruby-on-rails 如何在 RSpec 中使用 HTTP 状态代码符号?

相关推荐
最近更新
标签