authlogic UserSession.create(@user)提供了未经授权的记录 [英] authlogic UserSession.create(@user) giving unauthorized_record

问题描述

我正在尝试像这样的UserSession.create(@user, true)显式创建一个会话，但是该会话未创建，current_user是nil.

I am trying to create a session explicitly like this UserSession.create(@user, true) but the session is not getting created, current_user is nil.

但是当我这样做时，我得到< #UserSession:{:unauthorized_record =>"}>

But when I do this, I get < #UserSession: {:unauthorized_record=>""}>

us = UserSession.create(@user, true)
RAILS_DEFAULT_LOGGER.info(us.inspect) #=> UserSession: {:unauthorized_record=>""}

我查看了 Authlogic :: Session :: UnauthorizedRecord 在这里说

请务必谨慎，因为Authlogic假设您已经确认用户就是他所说的那个人.例如，这是用于内部保留会话的方法. Authlogic查找具有持久性令牌的用户.至此，我们知道用户就是他所说的那个人，因此Authlogic只是使用该记录创建了一个会话.这对于第三方身份验证方法(例如OpenID)特别有用.让该方法验证身份后，再传递对象并创建会话.

Be careful with this, because Authlogic is assuming that you have already confirmed that the user is who he says he is. For example, this is the method used to persist the session internally. Authlogic finds the user with the persistence token. At this point we know the user is who he says he is, so Authlogic just creates a session with the record. This is particularly useful for 3rd party authentication methods, such as OpenID. Let that method verify the identity, once it’s verified, pass the object and create a session.

这正是我要执行的操作(我正在使用omniauth进行身份验证，并使用authlogic创建会话).

which is exactly what I am trying to do (i am authenticating using omniauth and creating session using authlogic).

如何解决此问题，以便可以在current_user中获得有效的会话?

How do I fix this, so that I can get a valid session in current_user ?

推荐答案

我不确定.create(object，bool)方法签名，但是以下使用authlogic可以工作.

I'm not sure about the .create(object, bool) method signature, but the following works using authlogic.

class Api::ApiBaseController < ApplicationController  
  protected

  def verify_token    
    return false if params[:token].blank?
    @session = UserSession.new(User.find_by_single_access_token(params[:token]))
    @session.save
  end
end

如果这对您不起作用-我认为@user的设置不正确.

If that doesn't work for you -- I think the @user isn't being set correctly.

这篇关于authlogic UserSession.create(@user)提供了未经授权的记录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！