0
votes

I have a problem with my Devise gem at the moment. The problem is that every time a user want to sign in the following error is displayed:

Invalid login or password.

But I am sure that the login and password are correct. Users are able to sign up, log out and update the account details. As example changing the password or email address works fine.

I have added the firstname, lastname to the devise sign up view, but I think this feature can't cause this error, right?

I am using Ruby on Rails 4.1.8.

Please take a look at my code:

sessions/new.html.erb:

<div class="panel panel-default">
<div class="panel-heading">
        <h4><%= t('.sign_in', :default => "Sign in") %></h4>
  </div>
  <div class="panel-body">
    <%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { role: "form" }) do |f| %>
      <div class="form-group">
        <%= f.label :email %>
        <%= f.email_field :email, autofocus: true, class: "form-control" %>
      </div>
      <div class="form-group">
        <%= f.label :password %>
        <%= f.password_field :password, autocomplete: "off", class: "form-control" %>
      </div>
      <% if devise_mapping.rememberable? %>
        <div class="checkbox">
          <label>
            <%= f.check_box :remember_me %>
            <%= f.label :remember_me %>
          </label>
        </div>
      <% end %>
      <%= f.submit  t('.sign_in', :default => "Sign in"), class: "btn btn-primary" %>
    <% end %>
  </div>
</div>
<%= render "devise/shared/links" %>

registrations/new.html.erb:

<%= bootstrap_devise_error_messages! %>
    <div class="panel panel-default">
      <div class="panel-heading">
        <h4><%= t('.sign_up', :default => "Sign up") %></h4>
      </div>
      <div class="panel-body">
        <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), html: { role: "form" }) do |f| %>
            <div class="form-group">
              <%= f.label :first_name %>
              <%= f.text_field :first_name, class: "form-control" %>
            </div>
            <div class="form-group">
              <%= f.label :last_name %>
              <%= f.text_field :last_name, class: "form-control" %>
            </div>
            <div class="form-group">
            <%= f.label :email %>
            <%= f.email_field :email, class: "form-control" %>
          </div>
          <div class="form-group">
            <%= f.label :password %><br />
            <%= f.password_field :password, class: "form-control" %>
          </div>
          <div class="form-group">
            <%= f.label :password_confirmation %>
            <%= f.password_field :password_confirmation, class: "form-control" %>
          </div>
          <%= f.submit t('.sign_up', :default => "Sign up"), class: "btn btn-primary" %>
        <% end %>
      </div>
    </div>
    <%= render "devise/shared/links" %>

models/user.rb:

class User < ActiveRecord::Base
  attr_accessor :login
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :authentication_keys => [:login]
  # Virtual attribute for authenticating by either username or email
  # This is in addition to a real persisted field like 'username'


end

controllers/application_controller.rb:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
 # before_action :authenticate_user!
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :first_name, :last_name) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password, :first_name, :last_name) }
  end

EDIT:

Webrick server log:

Started GET "/users/sign_in" for 127.0.0.1 at 2015-02-20 18:35:56 +0100
Processing by Devise::SessionsController#new as HTML
  Rendered devise/shared/_links.erb (1.5ms)
  Rendered devise/sessions/new.html.erb within layouts/application (310.6ms)
Completed 200 OK in 682ms (Views: 650.4ms | ActiveRecord: 4.7ms)


Started POST "/users/sign_in" for 127.0.0.1 at 2015-02-20 18:36:07 +0100
Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"ehQeHIwX+5C+7zRbr/VIi3LA8bVidzgwIiJc1uHrqj4=", "user"=>{"email"=>"[email protected]", "password"=>"12345678", "remember_me"=>"0"}, "commit"=>"Sign in"}
Completed 401 Unauthorized in 1ms
Processing by Devise::SessionsController#new as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"ehQeHIwX+5C+7zRbr/VIi3LA8bVidzgwIiJc1uHrqj4=", "user"=>{"email"=>"[email protected]", "password"=>"12345678", "remember_me"=>"0"}, "commit"=>"Sign in"}
Unpermitted parameters: email
  Rendered devise/shared/_links.erb (0.6ms)
  Rendered devise/sessions/new.html.erb within layouts/application (6.7ms)
Completed 200 OK in 548ms (Views: 439.7ms | ActiveRecord: 0.0ms)
1
Did it work before you had added first name and last name ? - Ahmad Al-kheat
Honestly I dont know - Napsterlicious

1 Answers

0
votes

You don't need this line :

devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }

Because you don't need to whitelist these attributes for sign_in, only for sign_up. Also modify this line

devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :first_name, :last_name) }

to

devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( :first_name, :last_name) }

You only need the newly added attributes.