Can't log in with a valid password using Authlogic and Ruby on Rails?
- by kbighorse
We support a bit of an unusual scheme. We don't require a password on User creation, and use password_resets to add a password to the user later, on demand. The problem is, once a password is created, the console indicates the password is valid:
user.valid_password? 'test'
= true
but in my UserSessions controller, @user_session.save returns false using the same password. What am I not seeing?
Kimball
UPDATE:
Providing more details, here is the output when saving the new password:
Processing PasswordResetsController#update (for 127.0.0.1 at 2011-01-31 14:01:12) [PUT]
Parameters: {"commit"="Update password", "action"="update", "_method"="put", "authenticity_token"="PQD4+eIREKBfHR3/fleWuQSEtZd7RIvl7khSYo5eXe0=", "id"="v3iWW5eD9P9frbEQDvxp", "controller"="password_resets", "user"={"password"="johnwayne"}}
The applicable SQL is:
UPDATE users SET updated_at = '2011-01-31 22:01:12',
crypted_password = 'blah',
perishable_token = 'blah',
password_salt = 'blah',
persistence_token = 'blah'
WHERE id = 580
I don't see an error per se, @user_session.save just returns false, as if the password didn't match.
I skip validating passwords in the User model:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.validate_password_field = false
end
Here's the simplified controller code:
def create
logger.info("SAVED SESSION? #{@user_session.save}")
end
which outputs:
Processing UserSessionsController#create (for 127.0.0.1 at 2011-01-31 14:16:59) [POST]
Parameters: {"commit"="Login", "user_session"={"remember_me"="0", "password"="johnwayne", "email"="[email protected]"}, "action"="create", "authenticity_token"="PQD4+eIREKBfHR3/fleWuQSEtZd7RIvl7khSYo5eXe0=", "controller"="user_sessions"}
User Columns (2.2ms) SHOW FIELDS FROM users
User Load (3.7ms) SELECT * FROM users WHERE (users.email = '[email protected]') ORDER BY email ASC LIMIT 1
SAVED SESSION? false
CACHE (0.0ms) SELECT * FROM users WHERE (users.email = '[email protected]') ORDER BY email ASC LIMIT 1
Redirected to http://localhost:3000/login
Lastly, the console indicates that the new password is valid:
$ u.valid_password? 'johnwayne'
= true
Would love to do it all in the console, is there a way to load UserSession controller and call methods directly?
Kimball