我目前正在rails中嘗試restful_authentication。這是我的routes.rb文件與路由混淆
ActionController::Routing::Routes.draw do |map|
map.logout '/logout', :controller => 'sessions', :action => 'destroy'
map.login '/login', :controller => 'sessions', :action => 'new'
map.register '/register', :controller => 'users', :action => 'create'
map.signup '/signup', :controller => 'users', :action => 'new'
map.resources :users
map.resource :session
map.resources :products
這是我SessionsController它處理登錄和註銷
class SessionsController < ApplicationController
# render new.erb.html
def new
end
def create
logger.error("Inside create")
logout_keeping_session!
user = User.authenticate(params[:login], params[:password])
if user
# Protects against session fixation attacks, causes request forgery
# protection if user resubmits an earlier form using back
# button. Uncomment if you understand the tradeoffs.
# reset_session
self.current_user = user
new_cookie_flag = (params[:remember_me] == "1")
handle_remember_cookie! new_cookie_flag
redirect_back_or_default('/')
flash[:notice] = "Logged in successfully"
else
note_failed_signin
@login = params[:login]
@remember_me = params[:remember_me]
render :action => 'new'
end
end
def destroy
logout_killing_session!
flash[:notice] = "You have been logged out."
redirect_back_or_default('/')
end
protected
# Track failed login attempts
def note_failed_signin
flash[:error] = "Couldn't log you in as '#{params[:login]}'"
logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
end
end
我注意到,沒有索引操作。因此http://localhost:3000/sessions應該拋出一個未知的動作錯誤,它確實如此。然後我進入了登錄頁面,即:sessionscontroller中的新動作。我擡頭對錶單提交的url,我發現它是 並在提交的螢火顯示的URL是
怎麼的URL重定向到正確的行動?
Verb Path Action
------------------------------
GET /session/new new
POST /session create
GET /session show
GET /session/edit edit
PUT /session update
DELETE /session destroy
因爲它是一個單一的資源,所有的路徑使用/session
,不/sessions
,所以GET
:即http://localhost:3000/sessions到http://localhost:3000/sessions/new
Thanx。這幫了很多.. – Rahul