ActionController::InvalidAuthenticityToken in LoginController

rubyonrails-talk
1

Hi,

I'm having a problem trying to get a login controller working. When I try and post to my login controller I get the following error:

ActionController::InvalidAuthenticityToken in LoginController#login

login_controller:

class LoginController < ApplicationController def login     case request.method       when :post         if @session['user'] = User.authenticate(@params['username'], @params['password'])

          flash['notice'] = "Login successful"           redirect_back_or_default :action => "welcome"         else           @login = @params['username']           @message = "Login unsuccessful"           redirect_to :action=> "login"       end     end   end .....

login.html.erb:

  <div id="login">     <h1>Please Login</h1>

    <form method="post" action="">       <p><label for="user_login">Username</label>         <%= text_field "user", "username", :class => 'textbox', :value => '', :maxlength => 40 %></p>       <p><label for="user_password">Password</label>         <%= password_field "user", "password", :class => 'textbox', :value => '', :maxlength => 40 %></p>       <p class="buttons">         <%= submit_tag 'Login', :class => 'button' %>       </p>     </form> </div>

User.rb

class User < ActiveRecord::Base

  def self.authenticate(login, pass)     User.find(:first, :conditions =>["username = ? AND password = ?", login, sha1(pass)])   end

  def change_password(pass)     update_attribute "password", self.class.sha1(pass)   end

  protected

  def self.sha1(pass)     Digest::SHA1.hexdigest("somedigest")   end

  before_create :crypt_password

  def crypt_password     write_attribute("password", self.class.sha1(password))   end

  validates_length_of :login, :within => 3..40   validates_length_of :password, :within => 5..40   validates_presence_of :login, :password, :password_confirmation   validates_uniqueness_of :login, :on => :create   validates_confirmation_of :password, :on => :create end

I have the :secret and :session_key set in the environment.rb

Does anyone have any ideas?

2

I'm having a problem trying to get a login controller working. When I try and post to my login controller I get the following error:

ActionController::InvalidAuthenticityToken in LoginController#login

[...]

login.html.erb:

  <div id="login">     <h1>Please Login</h1>

    <form method="post" action="">       <p><label for="user_login">Username</label>         <%= text_field "user", "username", :class => 'textbox', :value => '', :maxlength => 40 %></p>       <p><label for="user_password">Password</label>         <%= password_field "user", "password", :class => 'textbox', :value => '', :maxlength => 40 %></p>       <p class="buttons">         <%= submit_tag 'Login', :class => 'button' %>       </p>     </form> </div>

You should use the token_tag helper in your form to provide the secret token needed by Rails for CSRF security reasons.

   -- Jean-François.

3

Are you saying that is the problem or are you making that suggestion for simply security reasons?

4

Forget it - got it. Thank you for the help. This worked like a charm.

<%= token_tag %>

5

HI I'm having that same exact problem while following "rails solutions" book excercises.

the difference is that I'm still new to RoR that i couldn't get it to work with <%= token_tag %> didn't find much on the net either.

where should i add this tag and how is it used? is there any extra params to add to it?

in my view I have: <%= form_tag({:controller => 'user', :action => 'login'},{:id =>"login_form"})%>         <label for="user_login">Login:</label><br />         <%= text_field :user, :login %><br />         <label for="user_login">Password:</label><br />         <%= password_field :user, :password%><br />         <%= submit_tag 'Login' %>       <% $end %>

this happened after I uncommented in environment.rb and restarted the server config.action_controller.session_store = :active_record_store

if it worked for you please help me out on that one. cheers.