small medium large xlarge

Generic-user-small
19 Feb 2009, 07:28
Shilo Ayalon (2 posts)

I’m trying out the extended authentication in the depot app (page 160 on), but ran into some problems. My code is pretty much just like the book, except that I used a { :controller => ‘login’, :action => ‘do_login’ } in the authorize method of application.rb (to make the address nicer):

before_filter :authorize, :except => :do_login


protected
  def authorize
    unless User.find_by_id(session[:user_id])
      session[:original_uri] = request.request_uri
      flash[:notice] = "Please log in"
      #redirect_to :controller => 'admin' , :action => 'login'
      redirect_to :controller => 'login', :action => 'do_login'
    end
  end
end

I’m trying to log in but after submitting I get the InvalidAuthentictyToken error in LoginController#do_login action: ~~~ def do_login session[:user_id] = nil if request.post? user = User.authenticate(params[:name], params[:password]) if user session[:user_id] = user.id uri = session[:original_uri] session[:original_uri] = nil redirect_to(uri || { :action => "index" }) else flash.now[:notice] = "Invalid user/password combination" end end end ~~~

Not sure what this could be, so any input will be great.

Another strange thing is that I look in the session dump and see that the requested page is /stylesheets/scaffold.css, even though I asked for something completely different (/products). I know the scaffold.css stylesheet is loaded in the layout, but can’t figure out how it got from there to be the page I wanted to go to after login.

Also, any tips on how to add password reset option?

Generic-user-small
19 Feb 2009, 09:31
Shilo Ayalon (2 posts)

Alright, solved the problem by adding a token_tag to my login form:

<% form_tag do -%>
  <%= token_tag %>
  <!-- login fields -->
<% end -%>

</code> Also, need to comment out the secret in the application.rb file, unless someone has a better idea.

The requested page was scaffold.css for some reason. I changed the stylesheet to another (login.css), and the problem vanished - don’t know if that was the reason.

Regarding password reset - I’d appreciate help on this. What I want is a button/link to reset password, and then display a form to enter a new password. Thanks!

You must be logged in to comment