I have a problem with my Devise gem at the moment. The problem is that every time a user want to sign in the following error is displayed:
Invalid login or password.
But I am sure that the login and password are correct. Users are able to sign up, log out and update the account details. As example changing the password or email address works fine.
I have added the firstname, lastname to the devise sign up view, but I think this feature can't cause this error, right?
I am using Ruby on Rails 4.1.8.
Please take a look at my code:
sessions/new.html.erb:
<div class="panel panel-default">
<div class="panel-heading">
<h4><%= t('.sign_in', :default => "Sign in") %></h4>
</div>
<div class="panel-body">
<%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { role: "form" }) do |f| %>
<div class="form-group">
<%= f.label :email %>
<%= f.email_field :email, autofocus: true, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :password %>
<%= f.password_field :password, autocomplete: "off", class: "form-control" %>
</div>
<% if devise_mapping.rememberable? %>
<div class="checkbox">
<label>
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
</label>
</div>
<% end %>
<%= f.submit t('.sign_in', :default => "Sign in"), class: "btn btn-primary" %>
<% end %>
</div>
</div>
<%= render "devise/shared/links" %>
registrations/new.html.erb:
<%= bootstrap_devise_error_messages! %>
<div class="panel panel-default">
<div class="panel-heading">
<h4><%= t('.sign_up', :default => "Sign up") %></h4>
</div>
<div class="panel-body">
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), html: { role: "form" }) do |f| %>
<div class="form-group">
<%= f.label :first_name %>
<%= f.text_field :first_name, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :last_name %>
<%= f.text_field :last_name, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :email %>
<%= f.email_field :email, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :password %><br />
<%= f.password_field :password, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, class: "form-control" %>
</div>
<%= f.submit t('.sign_up', :default => "Sign up"), class: "btn btn-primary" %>
<% end %>
</div>
</div>
<%= render "devise/shared/links" %>
models/user.rb:
class User < ActiveRecord::Base
attr_accessor :login
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :authentication_keys => [:login]
# Virtual attribute for authenticating by either username or email
# This is in addition to a real persisted field like 'username'
end
controllers/application_controller.rb:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :first_name, :last_name) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password, :first_name, :last_name) }
end
EDIT:
Webrick server log:
Started GET "/users/sign_in" for 127.0.0.1 at 2015-02-20 18:35:56 +0100
Processing by Devise::SessionsController#new as HTML
Rendered devise/shared/_links.erb (1.5ms)
Rendered devise/sessions/new.html.erb within layouts/application (310.6ms)
Completed 200 OK in 682ms (Views: 650.4ms | ActiveRecord: 4.7ms)
Started POST "/users/sign_in" for 127.0.0.1 at 2015-02-20 18:36:07 +0100
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"ehQeHIwX+5C+7zRbr/VIi3LA8bVidzgwIiJc1uHrqj4=", "user"=>{"email"=>"[email protected]", "password"=>"12345678", "remember_me"=>"0"}, "commit"=>"Sign in"}
Completed 401 Unauthorized in 1ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"ehQeHIwX+5C+7zRbr/VIi3LA8bVidzgwIiJc1uHrqj4=", "user"=>{"email"=>"[email protected]", "password"=>"12345678", "remember_me"=>"0"}, "commit"=>"Sign in"}
Unpermitted parameters: email
Rendered devise/shared/_links.erb (0.6ms)
Rendered devise/sessions/new.html.erb within layouts/application (6.7ms)
Completed 200 OK in 548ms (Views: 439.7ms | ActiveRecord: 0.0ms)