tags:

views:

59

answers:

5
Q: 

Authentication Problem - not recognizing 'else' - Ruby on rails...

I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login.

Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %>) but I need it to say 'failed login' and redirect to login path. Here is my code:

SessionsController

class SessionsController < ApplicationController
   def create
      if 
      session[:password] = params[:password]
      flash[:notice] = 'Successfully logged in'
      redirect_to posts_path
    else
      flash[:notice] = "whoops"
      redirect_to login_path
    end
  end

    def destroy
      reset_session
      flash[:notice] = 'Successfully logged out'
      redirect_to posts_path
    end
  end

ApplicationController

class ApplicationController < ActionController::Base

  helper_method :admin?

  protected

  def authorize
    unless admin?
      flash[:error] = "unauthorized request"
      redirect_to posts_path
      false
    end
  end

  def admin?
    session[:password] == "123456"
  end

  helper :all # include all helpers, all the time
  protect_from_forgery # See ActionController::RequestForgeryProtection for details
  # 
end
A:  
    if  #YOU MISSING SOMETHING HERE WHICH Returns TRUE IF USER IS VALID
      session[:password] = session[:password]
      flash[:notice] = 'Successfully logged in'
      redirect_to posts_path
    else
      flash[:notice] = "invalid login"  #CHange if messaage for invalid login
      redirect_to login_path
    end

it must be

    if   session[:password] == params[:password]
Salil  2010-04-28 14:53:04
Yea, I had a typo there. Still not working even with that change.
bgadoci  2010-04-28 15:37:09
A: 

You never have a fail condition due to:

if session[:password] = session[:password]

This will always be true. You probably want something like:

if session[:password] == 'canihazpasswrd' then
  do_something_here
Nazar  2010-04-28 14:56:27
I think you have a typo here. What's the point of setting a password in the session if it's already present?
John Topley  2010-04-28 15:47:37
So I have. oops!
Nazar  2010-04-28 15:54:08
+2  A: 
John Topley  2010-04-28 15:02:52
Hi John, that doesn't seem to be working either. Still redirects and flashes 'successfully logged in' even though they are not.
bgadoci  2010-04-28 15:29:35
Thanks for fixing my typo in the title as well.
bgadoci  2010-04-28 15:30:22
See my edit above.
John Topley  2010-04-28 15:48:38
Perfect, that worked great. I know this isn't a great way but want to make sure I understand how this all works before moving on. I will likely by install gem clearance next. Thanks for the help.
bgadoci  2010-04-28 15:55:07
I would suggest authlogic :)
Shripad K  2010-04-28 15:57:18
No problem, I'm glad it worked. This is approach is fine for simple stuff, but you probably wouldn't want to build an online banking application using it! ;-)
John Topley  2010-04-28 15:57:27
A: 

Edit: Refer @john's answer. :)

Try this:

  def create
    if session[:password] == '123456'
      flash[:notice] = 'Succesfully logged in'
      redirect_to home_path
     else
      flash[:notice] = "Incorrect Password!"
      redirect_to login_path
    end
  end
Shripad K  2010-04-28 15:52:15
The `admin?` method should just return whether the user is an administrator or not by comparing the password stored in the session against the known correct password. You can't use the assignment operator within an `if` statement as your `create` method does.
John Topley  2010-04-28 15:55:43
Sorry that was a typo. I copy pasted from the question! :P
Shripad K  2010-04-28 15:58:05
Yes you are right about the abmin? method part.
Shripad K  2010-04-28 15:59:34
A: 

The thing is that the tutorial you used does no user's authentication. It only checks if the login belongs to an admin, so some content will be showed.

This way you'll never have wrong login/password, just admin/non-admin.

j.  2010-04-28 16:00:53

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?