ruby - Rails renders view when redirected -
so have rails 4 app uses devise authentication. have started writing controller tests when noticed odd behaviour , confirmed in firebug.
when try access controller action, has before_action :authenticate_user!, returns response 302 found header , body first database entry , after redirects new_user_session_path. therefore if open console , @ it, can see information, that's supposed hidden them.
and don't understand how can render body user, when user found @user = current_user , there no current_user, or @ least there shouldn't be.
i have looked found nothing. here additional info: devise version 3.5.2, rails 4.2.4
edit
rails log when trying access authenticated page
started "/dashboard" 127.0.0.1 @ 2016-01-28 11:07:27 +0100 processing userscontroller#show html completed 401 unauthorized in 0ms (activerecord: 0.0ms) started "/users/sign_in" 127.0.0.1 @ 2016-01-28 11:07:27 +0100 processing users::sessionscontroller#new html rendered users/sessions/new.html.erb within layouts/application (1.4ms) rendered shared/_navigation.html.erb (0.4ms) rendered shared/_flashes.html.erb (0.1ms) completed 200 ok in 192ms (views: 191.6ms | activerecord: 0.0ms) and firebug shows. don't understand why different
get dashboard 302 found localhost:3000 101 b 127.0.0.1:3000 16ms sign_in 200 ok localhost:3000 6,6 kb 127.0.0.1:3000 edit 2
so figured out has nothing devise. if implement own authenticate method , use in before_action instead of authenticate_user!, still doesn't work. action renders view, although, when put byebug in action, did not break. i'm renaming question.
edit 3
all possibly relevant pieces of code.
application.html.erb
<!doctype html> <html> <head> <title>oregano</title> <%= stylesheet_link_tag 'application', media: 'all' %> <%= javascript_include_tag 'application' %> <%= csrf_meta_tags %> </head> <body> <div id="wrapper"> <%= render 'shared/navigation' %> <% if content_for? :welcome %> <div class="section welcome-section"> <div class="container"> <div id="flashes"><%= render 'shared/flashes' %></div> <%= yield :welcome %> </div> </div> <% else %> <div id="page-wrapper"> <div class="section"> <div class="container main-content"> <div id="flashes"><%= render 'shared/flashes' %></div> <div class="row"> <%= yield :top %> </div> <div class="row bottom-index-part"> <div class="col-md-8 index"> <%= yield :main %> </div> <div class="col-md-4"> <div id="showdetailswell" class="well well-sm hidden"> <%= yield :details %> </div> </div> </div> </div> </div> </div> <% end %> <%= debug(params) if rails.env.development? %> <!-- modal --> <div class="modal fade" id="mymodal" tabindex="-1" role="dialog" aria-labelledby="mymodallabel"> <div class="modal-dialog" role="document"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="close"> <span aria-hidden="true">×</span></button> <h4 class="modal-title" id="mymodallabel"></h4> </div> <div class="modal-body"> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">close</button> </div> </div> </div> </div> </div> </body> </html> users/show.html.erb
<% content_for :top %> <div class="user-header header-combo"> <%= gravatar_image_tag current_user.email, alt: "#{current_user.name} gravatar", class: 'img-circle' %> <h1 class="heading"><%= current_user.name %></h1> </div> <% end %> <% content_for :main %> <div class="row"> <div class="col-md-7"> <h3>my interests</h3> <%= render 'shared/add_tag', resource: current_user, tag_name: 'interest', label_name: 'i to' %> <div class="tags-row interests-row"> <% current_user.user_interests.each |ui| %> <%= render 'shared/remove_tag', resource: ui, path: [@user, ui] unless ui.new_record? %> <% end %> </div> </div> <div class="col-md-5"> <h3>my places</h3> <%= render 'shared/add_tag', resource: current_user, tag_name: 'place', label_name: 'i live in' %> <div class="tags-row places-row"> <% current_user.user_places.each |up| %> <%= render 'shared/remove_tag', resource: up, path: [@user, up] unless up.new_record? %> <% end %> </div> </div> </div> <div class="row"> <div class="col-md-7 about-user"> <%= render 'about_show' %> </div> <div class="col-md-5 contact-info-user"> <%= render 'contact_info_show' %> </div> </div> <% end %> userscontroller#show
def show respond_to |format| format.html @user = current_user end format.js @user = user.find params[:id] @group = params[:group_id] ? group.find(params[:group_id]) : nil end end end excerpt routes.rb
get 'dashboard', to: 'users#show', as: 'dashboard' resources :users, only: [:show, :index] resources :user_interests resources :user_places resources :relationships, only: [:index] member 'get_interests_json' end collection 'edit_about', to: 'users#edit_about' patch 'about', to: 'users#update_about' 'edit_contact_info', to: 'users#edit_contact_info' patch 'contact_info', to: 'users#update_contact_info' end end applicationcontroller
class applicationcontroller < actioncontroller::base # prevent csrf attacks raising exception. # apis, may want use :null_session instead. protect_from_forgery with: :exception before_action :init_scope_hash before_action :authenticate_basic before_action :authenticate_user! include applicationhelper protected def init_scope_hash @scope = {} end def authenticate_basic if rails.env.production? authenticate_or_request_with_http_basic |username, password| username == "blablabl" && password == "blablabla" end end end end edit 4
applicationhelper
module applicationhelper def universalise string res = string.gsub(/[ÁÄáäČčĎďÉéÍíĹ弾ŇÓÔóôŔ੹ŤťÚúÝýŽž]/, 'aaaaccddeeiillllnoooorrssttuuyyzz') res.downcase end def current_user?(user) user == current_user end end
use unnamed yield instead of (one of) named ones in application.html.erb
Comments
Post a Comment