设计忽略自定义策略 [英] Devise ignoring custom strategy
问题描述
这简直太奇怪了.
我已经在安装了 Devise 的情况下运行了 Rails 3 RC.我已经定义了一个自定义策略来尝试使用 Kerberos 进行身份验证.
模块设计模块策略类遏制<设计::策略::基础定义有效吗?参数[:用户名] ||参数[:密码]结尾明确认证!# 便宜的调试把参数:#{params}"如果 check_kerb_auth(params[:username], params[:password])# 如果不存在,则创建用户帐户u = User.find(:first, :conditions => { :username => params[:username] }) ||User.create({:username => login })成功!(u)别的失败!(无法登录")结尾结尾def check_kerb_auth(用户名,密码)需要'krb5_auth'包括 Krb5Auth如果 username.blank 返回 false?或password.blank?开始kerberos = Krb5.new返回 kerberos.get_init_creds_password(用户名,密码)救援 Krb5Auth::Krb5::Exception返回假结尾结尾结尾结尾结尾
我的 Devise Warden 配置设置如下:
config.warden 做 |manager|manager.strategies.add(:kerb, Devise::Strategies::Kerb)manager.default_strategies :kerb结尾
我的日志中没有错误.一切似乎都正常.如果我添加廉价调试"又名一堆 puts 语句,它似乎反映了 :kerb 策略是默认策略.以下是登录尝试的一组示例日志:
=>启动 WEBrick=>Rails 3.0.0.rc 应用程序在 http://0.0.0.0:3000 上开始开发=>使用 -d 调用以分离=>Ctrl-C 关闭服务器[2010-08-17 10:50:35] INFO WEBrick 1.3.1[2010-08-17 10:50:35] 信息红宝石 1.8.7 (2010-01-10) [x86_64-linux][2010-08-17 10:50:40] 信息 WEBrick::HTTPServer#start: pid=12717 port=30002010 年 8 月 17 日星期二 10:50:43 -0400 开始为 127.0.0.1 发布/users/login"由 Devise::SessionsController#create as HTML 处理参数:{"commit"=>"登录"、"authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE="、"_snowman"=>"342230203"、"用户"==>"1",用户名"=>hernan43",密码"=>[过滤]"}}0ms内完成由 Devise::SessionsController#new 处理为 HTML参数:{"commit"=>"登录"、"authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE="、"_snowman"=>"342230203"、"用户"==>"1",用户名"=>hernan43",密码"=>[过滤]"}}渲染设计/共享/_links.erb (1.2ms)在布局/应用程序中渲染 devise/sessions/new.html.erb(8.2 毫秒)在 124 毫秒内完成 200 个 OK(查看次数:11.7 毫秒 | ActiveRecord:1.3 毫秒)
kerberos 代码在同一台机器上的其他东西中也能工作.如果出现问题,我有点期待它会显示一堆错误,但我什么也没得到.有没有调试设计/监狱长的好方法?
如果其他人遇到这个问题,我认为问题是:
根据监狱长策略:
<块引用>有效?
有效吗?方法充当策略的守卫.是否可以选择声明有效?方法,如果你不声明它,策略将始终运行.但是,如果您确实声明了它,则只有在#valid?评估为真.
上述策略的推理是,如果有用户名"或密码"参数,则用户正在尝试登录.如果只有其中一个,则User.authenticate"调用将失败,但它仍然是所需的(有效)策略.
所以你的有效方法:
def 有效吗?参数[:用户名] ||参数[:密码]结尾
它返回 false,所以 authenticate!
永远不会被调用.params
是一个嵌套的哈希,所以它应该是 params[:user][:username]
而不是 params[:username]
.>
将您的有效方法更改为:
def 有效吗?参数[:用户] &&(params[:user][:username] || params[:user][:password])结尾
将返回 true 并导致调用 authenticate!
方法.
This is just plain weird.
I've got Rails 3 RC running with Devise installed. I've defined a custom strategy to try and use Kerberos for authentication.
module Devise
module Strategies
class Kerb < Devise::Strategies::Base
def valid?
params[:username] || params[:password]
end
def authenticate!
# cheap debugging
puts "PARAMS: #{params}"
if check_kerb_auth(params[:username], params[:password])
# create user account if none exists
u = User.find(:first, :conditions => { :username => params[:username] }) || User.create({ :username => login })
success!(u)
else
fail!("Could not log in")
end
end
def check_kerb_auth(username, password)
require 'krb5_auth'
include Krb5Auth
return false if username.blank? or password.blank?
begin
kerberos = Krb5.new
return kerberos.get_init_creds_password(username, password)
rescue Krb5Auth::Krb5::Exception
return false
end
end
end
end
end
I have the Devise Warden configuration setup as follows:
config.warden do |manager|
manager.strategies.add(:kerb, Devise::Strategies::Kerb)
manager.default_strategies :kerb
end
I get no errors in my log. Everything seems to work ok. If I add "cheap debugging" aka a bunch of puts statements, it seems to reflect that the :kerb strategy is the default. Here is a sample set of logs from a login attempt:
=> Booting WEBrick
=> Rails 3.0.0.rc application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-08-17 10:50:35] INFO WEBrick 1.3.1
[2010-08-17 10:50:35] INFO ruby 1.8.7 (2010-01-10) [x86_64-linux]
[2010-08-17 10:50:40] INFO WEBrick::HTTPServer#start: pid=12717 port=3000
Started POST "/users/login" for 127.0.0.1 at Tue Aug 17 10:50:43 -0400 2010
Processing by Devise::SessionsController#create as HTML
Parameters: {"commit"=>"Login", "authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE=", "_snowman"=>"342230203", "user"=>{"remember_me"=>"1", "username"=>"hernan43", "password"=>"[FILTERED]"}}
Completed in 0ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"commit"=>"Login", "authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE=", "_snowman"=>"342230203", "user"=>{"remember_me"=>"1", "username"=>"hernan43", "password"=>"[FILTERED]"}}
Rendered devise/shared/_links.erb (1.2ms)
Rendered devise/sessions/new.html.erb within layouts/application (8.2ms)
Completed 200 OK in 124ms (Views: 11.7ms | ActiveRecord: 1.3ms)
The kerberos code works in other things on the same machine. I was sort of expecting it to show a bunch of errors if there was a problem but I am getting nothing. Is there a good way to debug Devise/Warden?
In case someone else comes across this, here's what I believe the problem is:
According to Warden Strategies:
valid?
The valid? method acts as a guard for the strategy. It’s optional to declare a valid? method, and if you don’t declare it, the strategy will always be run. If you do declare it though, the strategy will only be tried if #valid? evaluates to true.
The strategy above is reasoning that if there’s either a ‘username’ or a ‘password’ param, then the user is trying to login. If there’s only one of them, then the ‘User.authenticate’ call will fail, but it was still the desired (valid) strategy.
So your valid method:
def valid?
params[:username] || params[:password]
end
It's returning false, so the authenticate!
is never called. params
is a nested hash, so it should be params[:user][:username]
instead of params[:username]
.
Changing your valid method to:
def valid?
params[:user] && (params[:user][:username] || params[:user][:password])
end
will return true and cause the authenticate!
method to be called.
这篇关于设计忽略自定义策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!