Rails - 401当我在生产中访问动作时未经授权 [英] Rails - 401 Unauthorized when I access action in Production only

问题描述

我使用的是Ruby On Rails 3.0.9，一切都在开发环境中运行正常。当我切换到生产环境，或者我将其上传到我们的服务器，登录后我被带回到同一个登录页面。当我查看日志时，我可以看到以下内容：

 在Thu开始POST / / users / login为127.0.0.1 10月03 16:48:13 -0300 2013 
 UserSessionsController处理＃create as HTML 
参数：{user=> {password=>[FILTERED]，login ="demo_admin}，utf8=>✓，authenticity_token=>+ 7AEoVXZ9XiagEymVUnOhFHnck4rgDu883E / ySMlCxQ =} 
重定向到http：// localhost：3000 / admin 
完成302发现在111ms 
 
 
在Thu Oct 03 16:48:13 -0300 2013启动GET/ admin127.0.0.1 
由管理员处理：DashboardController #index as HTML 
完成401未授权在1ms 
  

我按顺序使用authorization_rules文件管理访问权限，但是我已经在Dev env中没有问题，如前所述。

如果我在 admin /操作系统＃index 操作，它不会被执行，因为它没有达到。它打破了httpserver文件（我一步一步地调试），但我不明白为什么它在Dev上工作，而不是在Prod env。

请帮助。 p>

感谢
Brian

更新

$ b $我要提到，在我的 ApplicationController 中，有一个名为 check_plan_features 的before_filter，它要求的第一件事是，除非current_user.blank？ #redirects到管理员部分。

我注意到，登录后，使用Devise， current_user 具有用户的价值，但是在重定向到管理部分之后，它返回到相同的过滤器，而这次， current_user 为null。 所以，我假设，不知何故，用户的会话在尝试访问管理部分后被销毁。但是，由于这只是在生产环境中发生，我仍然在想，可能是什么。

解决方案

有这个确切的问题（使用rails 4和devise 3）。

解决方案是向 config / initializers / session_store添加域声明。 rb 这样的文件：

  YourAppName :: Application.config.session_store：cookie_store，key：' _your_session'，domain：{
 production：'production_domain'，
 development：'development_domain'
} .fetch（Rails.env.to_sym，：all）
  

尽管重要的是，由于向应用程序添加了子域，因此最初发生了更改。

I'm using Ruby On Rails 3.0.9 and everything works fine on Development env. When I switch to Production env, or I upload it to our server, after sign in I'm taken back to the same Login page. When I check the log, I can see the following:

Started POST "/users/login" for 127.0.0.1 at Thu Oct 03 16:48:13 -0300 2013
  Processing by UserSessionsController#create as HTML
  Parameters: {"user"=>{"password"=>"[FILTERED]", "login"=>"demo_admin"}, "utf8"=>"✓", "authenticity_token"=>"+7AEoVXZ9XiagEymVUnOhFHnck4rgDu883E/ySMlCxQ="}
Redirected to http://localhost:3000/admin
Completed 302 Found in 111ms


Started GET "/admin" for 127.0.0.1 at Thu Oct 03 16:48:13 -0300 2013
  Processing by Admin::DashboardController#index as HTML
Completed 401 Unauthorized in 1ms

I'm using authorization_rules file in order to manage access, but I've got no problem on Dev env, as I said before.

If I place a breakpoint at the admin/dashboard#index action, it won't be executed, as it's not reached. It breaks at httpserver file (I debugged it step by step), but I cannot understand why it works on Dev and not on Prod env.

Please, help.

Thanks, Brian

UPDATE

I forgor to mention that, in my ApplicationController, there's a before_filter called check_plan_features and the first thing it asks is unless current_user.blank? #redirects to Admin section.

I've noticed that after signing in, using Devise, current_user has the user's value, but when after redirecting to the admin section, it comes back to the same filter, and this time, the current_user is null. So, I assume that, somehow, the user's session is destroyed after trying to access Admin section. But, as this only happens on production environment, I'm still wondering what could be.

解决方案

I just had this exact problem (using rails 4 and devise 3).

The solution was to add a domain declaration to the config/initializers/session_store.rb file like this:

YourAppName::Application.config.session_store :cookie_store, key: '_your_session', domain: {
  production: 'production_domain',
  development: 'development_domain'
}.fetch(Rails.env.to_sym, :all)

Though it is important that this was changed initially due to adding sub-domains to the application.

这篇关于Rails - 401当我在生产中访问动作时未经授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！