我有Rails 3 RC运行与Devise安装.我已经定义了一个自定义策略来尝试使用Kerberos进行身份验证.
module Devise
module Strategies
class Kerb < Devise::Strategies::Base
def valid?
params[:username] || params[:password]
end
def authenticate!
# cheap debugging
puts "PARAMS: #{params}"
if check_kerb_auth(params[:username],params[:password])
# create user account if none exists
u = User.find(:first,:conditions => { :username => params[:username] }) || User.create({ :username => login })
success!(u)
else
fail!("Could not log in")
end
end
def check_kerb_auth(username,password)
require 'krb5_auth'
include Krb5Auth
return false if username.blank? or password.blank?
begin
kerberos = Krb5.new
return kerberos.get_init_creds_password(username,password)
rescue Krb5Auth::Krb5::Exception
return false
end
end
end
end
end
我的Devise Warden配置设置如下:
config.warden do |manager| manager.strategies.add(:kerb,Devise::Strategies::Kerb) manager.default_strategies :kerb end
我的日志中没有错误.一切似乎都行了.如果我添加了“廉价调试”一堆put语句,似乎反映出:路由策略是默认的.以下是登录尝试的一组日志记录:
=> Booting WEBrick
=> Rails 3.0.0.rc application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-08-17 10:50:35] INFO WEBrick 1.3.1
[2010-08-17 10:50:35] INFO ruby 1.8.7 (2010-01-10) [x86_64-linux]
[2010-08-17 10:50:40] INFO WEBrick::HTTPServer#start: pid=12717 port=3000
Started POST "/users/login" for 127.0.0.1 at Tue Aug 17 10:50:43 -0400 2010
Processing by Devise::SessionsController#create as HTML
Parameters: {"commit"=>"Login","authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE=","_snowman"=>"\342\230\203","user"=>{"remember_me"=>"1","username"=>"hernan43","password"=>"[FILTERED]"}}
Completed in 0ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"commit"=>"Login","password"=>"[FILTERED]"}}
Rendered devise/shared/_links.erb (1.2ms)
Rendered devise/sessions/new.html.erb within layouts/application (8.2ms)
Completed 200 OK in 124ms (Views: 11.7ms | ActiveRecord: 1.3ms)
kerberos代码在同一台机器上的其他工作.我有一种期待它出现一堆错误,如果有一个问题,但我什么也没有.有没有好的方法来调试Devise / Warden?
解决方法
valid?
The valid? method acts as a guard for the strategy. It’s optional to declare a valid? method,and if you don’t declare it,the strategy will always be run. If you do declare it though,the strategy will only be tried if #valid? evaluates to true.
The strategy above is reasoning that if there’s either a ‘username’ or a ‘password’ param,then the user is trying to login. If there’s only one of them,then the ‘User.authenticate’ call will fail,but it was still the desired (valid) strategy.
所以你有效的方法:
def valid? params[:username] || params[:password] end
它返回false,所以认证!从来不叫params是一个嵌套哈希,所以它应该是params [:user] [:username],而不是params [:username].
将有效的方法更改为:
def valid? params[:user] && (params[:user][:username] || params[:user][:password]) end