logo标签列表

Rails 4身份验证

ruby-on-railsauthenticationruby-on-rails-4
18

在Rails 4中,哪个宝石(gem)对身份验证最好?我尝试使用devise,但遇到了问题。

.rvm/gems/ruby-2.0.0-p0/gems/activemodel-4.0.0.beta1/lib/active_model/deprecated_mass_assignment_security.rb:14:in `attr_accessible': `attr_accessible` is extracted out of Rails into a gem. Please use new recommended protection model for params(strong_parameters) or add `protected_attributes` to your Gemfile to use old one. (RuntimeError)
    from /home/leapfrog/projects/kathloc/app/models/user.rb:8:in `<class:User>'
    from /home/leapfrog/projects/kathloc/app/models/user.rb:1:in `<top (required)>'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:423:in `load'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:423:in `block in load_file'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:615:in `new_constants_in'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:422:in `load_file'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:323:in `require_or_load'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:462:in `load_missing_constant'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:183:in `const_missing'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/inflector/methods.rb:226:in `const_get'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/inflector/methods.rb:226:in `block in constantize'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/inflector/methods.rb:224:in `each'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/inflector/methods.rb:224:in `inject'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/inflector/methods.rb:224:in `constantize'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:534:in `get'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:565:in `constantize'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise.rb:261:in `get'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/mapping.rb:77:in `to'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/mapping.rb:72:in `modules'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/mapping.rb:89:in `routes'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/mapping.rb:156:in `default_used_route'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/mapping.rb:66:in `initialize'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise.rb:291:in `new'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise.rb:291:in `add_mapping'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/rails/routes.rb:193:in `block in devise_for'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/rails/routes.rb:192:in `each'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/devise-1.5.4/lib/devise/rails/routes.rb:192:in `devise_for'
    from /home/leapfrog/projects/kathloc/config/routes.rb:2:in `block in <top (required)>'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/actionpack-4.0.0.beta1/lib/action_dispatch/routing/route_set.rb:320:in `instance_exec'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/actionpack-4.0.0.beta1/lib/action_dispatch/routing/route_set.rb:320:in `eval_block'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/actionpack-4.0.0.beta1/lib/action_dispatch/routing/route_set.rb:298:in `draw'
    from /home/leapfrog/projects/kathloc/config/routes.rb:1:in `<top (required)>'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:222:in `load'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:222:in `block in load'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:213:in `load_dependency'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:222:in `load'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:40:in `block in load_paths'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:40:in `each'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:40:in `load_paths'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:16:in `reload!'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:26:in `block in updater'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/file_update_checker.rb:75:in `call'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/file_update_checker.rb:75:in `execute'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:27:in `updater'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/routes_reloader.rb:7:in `execute_if_updated'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application/finisher.rb:69:in `block in <module:Finisher>'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/initializable.rb:30:in `instance_exec'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/initializable.rb:30:in `run'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/initializable.rb:55:in `block in run_initializers'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:150:in `block in tsort_each'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:183:in `block (2 levels) in each_strongly_connected_component'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:219:in `each_strongly_connected_component_from'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:182:in `block in each_strongly_connected_component'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:180:in `each'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:180:in `each_strongly_connected_component'
    from /home/leapfrog/.rvm/rubies/ruby-2.0.0-p0/lib/ruby/2.0.0/tsort.rb:148:in `tsort_each'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/initializable.rb:54:in `run_initializers'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application.rb:213:in `initialize!'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/railtie/configurable.rb:30:in `method_missing'
    from /home/leapfrog/projects/kathloc/config/environment.rb:5:in `<top (required)>'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:228:in `require'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:228:in `block in require'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:213:in `load_dependency'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/activesupport-4.0.0.beta1/lib/active_support/dependencies.rb:228:in `require'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/application.rb:187:in `require_environment!'
    from /home/leapfrog/.rvm/gems/ruby-2.0.0-p0/gems/railties-4.0.0.beta1/lib/rails/commands.rb:45:in `<top (required)>'
    from bin/rails:4:in `require'
    from bin/rails:4:in `<main>'
7
我真的很烦。每次 Rails 发布新版本时,都会与某些 gem 不兼容,我花费了大量时间来解决这些不兼容性问题而不是进行开发工作。 - Mauro
3
告诉我关于它的事情。我觉得Rails就像是一个独裁政体,只有那些开发了多年的人才能对它未来的发展发表意见。那新手呢?Rails 2.0比Rails 4.0要容易理解得多,现在变得越来越深奥难懂了。如果一个开源项目要成长起来,就需要让新手参与其中。把这个功能从控制器中抽象出来就很愚蠢,应该放在模型里。但你不能在IRC上这样说,人们把Rails当做是他们的信仰一样。这真是个愚蠢的想法,他们应该把它改回来。 - Starkers
7个回答
26

这是因为在rails-4中,ActiveModel::MassAssignmentSecurity已被移出了ActiveModel。但是devise使用了attr_accessible,因此要使用它,只需在您的Gemfile中添加以下宝石,并尝试再次加载。

gem 'protected_attributes'

编辑:

现在Devise支持Rails 4。将此添加到您的Gemfile中。

gem 'devise', '3.0.0.rc'
9
ActiveModel::MassAssignmentSecurity被移除是有充分理由的;它存在根本性缺陷,并被strong_parameters所取代。因此最好不要盲目推荐使用protected_attributes gem 来重新引入它。毫无疑问,Devise将会(或已经)在没有MassAssignmentSecurity的情况下与Rails 4兼容。 - Paul Annesley
6
Devise 3.0.0rc 支持 Rails 4。 - Sjors Provoost
1
是的,现在它支持rails-4,但当我回答上面的帖子时,增强开发仍在进行中。 - Sagar Bommidi
1
谢谢。将gem 'protected_attributes'添加到我的Gemfile中,让我在rails4/ruby1.9.3上使用attr_accessible。 - speedynomads
13

编辑: 现在有一个支持Rails 4的Devise版本: Devise 3.0.0.rc

之前的回答: 我在我的端上所做的使其运行良好的是...

  1. 在Gemfile中: gem 'devise', github: 'plataformatec/devise', branch: 'rails4'

  2. 在生成的模型中,删除attr_accessible相关内容。

  3. 使用Strong Parameters代替attr_accessible启用Devise。为此,请创建一个具有以下内容的新初始化器:

    DeviseController.class_eval do
  def resource_params
    unless params[resource_name].blank?
      params.require(resource_name).permit(:email, :password, :password_confirmation, :remember_me)
    end
  end
end
你必须在之前的设备安装清理干净后再进行新的操作。 卸载 - vincentp
4

在项目中使用devise时,不要使用attr_accessible,请按以下方式使用accessibles -

例如我们有attr_accessible :email, :password, :password_confirmation, :remember_me,我们可以将它们转换为私有方法以提高安全性:

private

def user_params  
  params.require(:user).permit(:email, :password, :password_confirmation, :remember_me)

end
1
Ruby将#视为注释符号。看起来你正在注释掉#{file_name}_params。这对你有用吗? - Benjamin
1
@Vezu请使用"#{file_params}"代替#{file_params}。 - Amit Suroliya
我认为在Ruby中,既不def #{file_name}_params也不def "#{file_name}_params"是有效的。 - Shiva
@illusionist......我同意你的观点,但我这里只是举个例子。现在,我正在更新我的回答。 - Amit Suroliya
1

这真的取决于您需要gem做什么。有很多选择,而Devise绝对是其中之一。我建议使用Thoughtbot的Clearance(https://github.com/thoughtbot/clearance)。它经过了很好的测试,并经常更新。对我来说,在我需要核心认证功能而不是像Devise这样的gem中带有的所有其他东西时,它非常有用!

0

如果你遇到了Devise的问题,可以尝试一下Authlogic,这也是一个很好的用于认证的宝石(gem)。

你可以使用最新版本支持Rails 4.0的'authlogic' '~3.2.0'宝石(gem)。

Ruby toolbox有一个关于最受欢迎的认证宝石(gem)列表:http://ruby-toolbox.com/categories/rails_authentication.html

0
0

我已经修复了Rails 4中Devise的问题。

现在,您可以毫不费力地实现它。

只需将 gem 'devise' 添加到您的Gemfile中,并执行bundle命令。

谢谢

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接