未初始化常量SessionsController :: User

问题描述 投票:0回答:1

我正在尝试为我的Rails应用程序编写一个登录系统,但出现会话错误。对于更多上下文,我没有用户类,但是有我的登录方法的EmployeeAuthentication和Employee类。

当前,这是我的sessions_controller.rb

class SessionsController < ApplicationController
   def new
  end

  def create
    user = User.authenticate(params[:username], params[:password])
    if user
      session[:user_id] = user.id
      redirect_to home_path, notice: "Logged in!"
    else
      flash.now.alert = "Username and/or password is invalid"
      render "new"
    end
  end

  def destroy
    session[:user_id] = nil
    redirect_to home_path, notice: "Logged out!"
  end
end

这是我的路线文件:

Rails.application.routes.draw do

  # Semi-static page routes
  get 'home', to: 'home#index', as: :home
  get 'home/about', to: 'home#about', as: :about
  get 'home/contact', to: 'home#contact', as: :contact
  get 'home/privacy', to: 'home#privacy', as: :privacy
  get 'home/search', to: 'home#search', as: :search

  # Resource routes (maps HTTP verbs to controller actions automatically):
  resources :employees
  resources :stores
  resources :assignments
  resources :users
  resources :sessions

  # Custom routes
  patch 'assignments/:id/terminate', to: 'assignments#terminate', as: :terminate_assignment

  # You can have the root of your site routed with 'root'
  root 'home#index'


  get 'user/edit' => 'users#edit', :as => :edit_current_user
  get 'signup' => 'users#new', :as => :signup
  get 'login' => 'sessions#new', :as => :login
  get 'logout' => 'sessions#destroy', :as => :logout


end
ruby-on-rails authentication session routing controller
1个回答
0
投票

您是否出于教育目的从头开始编写身份验证?如果不是,最好不要“重新发明轮子”。身份验证及其紧密的同属关系授权专门处理应用程序的安全性,您不应该将这种安全性完全掌握在自己手中(尤其是如果您以前从未从头开始编写完整的身份验证系统并对其进行了测试,则尤其如此)。

[构建Rails应用程序时,我倾向于使用'devise'gem进行身份验证,并使用'cancancan'gem进行授权。这两个瑰宝与Rails几乎一样长,并且已经经过多年的尝试和测试,它们被证明是在Web应用程序中实现身份验证和授权的安全选项。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.