如何解决Devise :: SessionsController#create中的ActionController :: InvalidAuthenticityToken
我有一个Rails应用程序,只有登录的用户可以访问所有应用程序功能。无法创建或删除用户,只有管理员才能从命令行或种子文件中创建/删除新用户。 Ruby版本是2.5.3,Rails是5.2.2,专门用于身份验证。从4天开始,我一直在开发中遇到这个问题:
Started GET "/manifest.json" for ::1 at 2020-08-16 18:53:26 -0300
Started GET "/serviceworker.js" for ::1 at 2020-08-16 18:53:28 -0300
Started POST "/users/sign_in" for ::1 at 2020-08-16 18:53:29 -0300
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓","authenticity_token"=>"****","user"=>{"email"=>"****@gmail.com","password"=>"[FILTERED]","remember_me"=>"0"},"commit"=>"Submit"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
在此之前,一切工作都很好,并且无需更改我的代码即可开始发生。这似乎仅在 google chrome 的开发环境中发生。我已经运行过Rails服务器,并在其他浏览器(例如Opera和Firefox)中进行了测试,并且开发环境在这些浏览器中仍然可以正常工作。
我尝试做的一些修复:
关闭和打开cookie,清除所有浏览器数据并几次重启pc,重新安装浏览器,删除所有涡轮链接,添加rack-cors gem和一些代码更改,如下所示。
在我的protect_from_forgery with: :exception中将protect_from_forgery prepend: true,with: :exception更改为application_controller.rb。
检查在我看来是否有<%= csrf_meta_tags %>。是的。
将skip_before_action :verify_authenticity_token添加到application_controller.rb。
当我添加skip_before_action :verify_authenticity_token时,似乎可以解决该错误,但是用户仍然无法登录。以下示例:
Started GET "/manifest.json" for ::1 at 2020-08-16 19:12:58 -0300
Started GET "/serviceworker.js" for ::1 at 2020-08-16 19:12:59 -0300
Started POST "/users/sign_in" for ::1 at 2020-08-16 19:13:05 -0300
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓","commit"=>"Submit"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["email","****@gmail.com"],["LIMIT",1]]
↳ /home/******/.rbenv/versions/2.5.3/lib/ruby/gems/2.5.0/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98
Redirected to http://localhost:3000/
Completed 302 Found in 135ms (ActiveRecord: 0.8ms)
Started GET "/" for ::1 at 2020-08-16 19:13:05 -0300
Processing by PassthroughController#index as HTML
Completed 401 Unauthorized in 0ms (ActiveRecord: 0.0ms)
我的application_controller.rb是:
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true,with: :exception
before_action :authenticate_user!
end
我的User.rb文件:
class User < ApplicationRecord
devise :database_authenticatable,:rememberable,:validatable
end
我的passthrough_controller.rb
class PassthroughController < ApplicationController
def index
path = case current_user.port
when '****'
****_map_path
when '***'
***_map_path
else
new_user_session_path
end
redirect_to path
end
end
我的路线.rb:
Rails.application.routes.draw do
devise_for :users
devise_scope :user do
authenticated :user do
get '****/map',to: '****#map'
get '****/report',to: '****#report'
get '***/map',to:'***#map'
get '***/report',to:'***#report'
end
unauthenticated do
root to: 'passthrough#index',as: :unauthenticated_root
get '****/map',to: 'passthrough#index'
get '****/report',to: 'passthrough#index'
get '***/map',to: 'passthrough#index'
get '***/report',to: 'passthrough#index'
end
end
end
Prefix Verb URI Pattern Controller#Action
new_user_session GET /users/sign_in(.:format) devise/sessions#new
user_session POST /users/sign_in(.:format) devise/sessions#create
destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy
root GET / passthrough#index
****_map GET /****/map(.:format) ****#map
****_report GET /****/report(.:format) ****#report
***_map GET /***/map(.:format) ***#map
***_report GET /***/report(.:format) ***#report
unauthenticated_root GET / passthrough#index
GET /****/map(.:format) passthrough#index
GET /****/report(.:format) passthrough#index
GET /***/map(.:format) passthrough#index
GET /***/report(.:format) passthrough#index
rails_service_blob GET /rails/active_storage/blobs/:signed_id/*filename(.:format) active_storage/blobs#show
rails_blob_representation GET /rails/active_storage/representations/:signed_blob_id/:variation_key/*filename(.:format) active_storage/representations#show
rails_disk_service GET /rails/active_storage/disk/:encoded_key/*filename(.:format) active_storage/disk#show
update_rails_disk_service PUT /rails/active_storage/disk/:encoded_token(.:format) active_storage/disk#update
rails_direct_uploads POST /rails/active_storage/direct_uploads(.:format) active_storage/direct_uploads#create
这是我的新用户会话表格:
<%= simple_form_for(resource,as: resource_name,url: session_path(resource_name),html: {id: "login-form"} ) do |f| %>
<div class="form-inputs">
<%= f.input :email,required: false,autofocus: true,input_html: { autocomplete: "email" } %>
<%= f.input :password,label: 'Password',input_html: { autocomplete: "current-password" } %>
<%= f.input :remember_me,label: 'Remember me',as: :boolean if devise_mapping.rememberable? %>
</div>
<div class="form-actions session-btn">
<%= f.button :submit,"Submit" %>
</div>
<% end %>
这是我的application.html.erb:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
<%= render 'shared/head' %>
<meta property="og:title" content="****" />
<meta property="og:description" content="*****" />
<meta property="og:image" itemprop="image" content="******">
<meta name="apple-mobile-web-app-capable" content="yes" />
<%= favicon_link_tag asset_path('icon.png') %>
<title>****</title>
<%= csrf_meta_tags %>
<%= action_cable_meta_tag %>
<%= stylesheet_link_tag 'application',media: 'all' %>
<link rel="manifest" href="/manifest.json" />
</head>
<body>
<% exclude_navbar_from_views = ['sessions','passwords','registrations'] %>
<% if exclude_navbar_from_views.include?(controller_name) %>
<%= yield %>
<% else %>
<%= render 'shared/navbar' %>
<%= render 'shared/flashes' %>
<%= yield %>
<% end %>
<%= javascript_include_tag 'application' %>
<%= javascript_pack_tag 'application' %>
</body>
</html>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。