ruby-on-rails 为什么rails返回401未授权状态,为什么它说用户存在?

jaql4c8m  于 2023-06-07  发布在  Ruby
关注(0)|答案(2)|浏览(205)

我正在用Rails、React和Redux编写一个单页应用程序;下面是完整的错误消息:

Started POST "/api/users" for ::1 at 2020-01-27 21:48:27 -0800
Processing by Api::UsersController#create as JSON
  Parameters: {"user"=>{"username"=>"racookin", "password"=>"[FILTERED]", "nickname"=>"racookin", "gender"=>"female", "birthday"=>"1990-07-07"}}
   (0.2ms)  BEGIN
  ↳ app/controllers/api/users_controller.rb:6
  User Exists (0.4ms)  SELECT  1 AS one FROM "users" WHERE "users"."username" = $1 LIMIT $2  [["username", "racookin"], ["LIMIT", 1]]
  ↳ app/controllers/api/users_controller.rb:6
  User Exists (0.3ms)  SELECT  1 AS one FROM "users" WHERE "users"."email" IS NULL LIMIT $1  [["LIMIT", 1]]
  ↳ app/controllers/api/users_controller.rb:6
  User Exists (0.3ms)  SELECT  1 AS one FROM "users" WHERE "users"."session_token" = $1 LIMIT $2  [["session_token", "9B3Uo1FGMnJDeASGGucj_Q"], ["LIMIT", 1]]
  ↳ app/controllers/api/users_controller.rb:6
   (0.2ms)  ROLLBACK
  ↳ app/controllers/api/users_controller.rb:6
Completed 401 Unauthorized in 274ms (Views: 0.2ms | ActiveRecord: 10.6ms)

我试着去理解这是什么意思,这样我就能知道从哪里开始寻找bug;它似乎返回了401 Unauthorized错误,并且它说用户存在(即使我尝试用新用户注册)。这到底是怎么回事#36825;数据库中的三个?
更新:我想我明白它失败是因为用户没有被保存,这意味着它可能没有通过其中一个验证。
以下是我的User模型:

class User < ApplicationRecord
  attr_reader :password 

  validates :username, :email, :nickname, :gender, :birthday, :password_digest, :session_token, presence: true
  validates :username, :email, :session_token, uniqueness: true 
  validates :password, length: {minimum: 6}, allow_nil: true

  after_initialize :ensure_session_token
...

下面是我的users表的模式的详细说明:

# Table name: users
#
#  id              :bigint           not null, primary key
#  username        :string           not null
#  email           :string           not null
#  nickname        :string           not null
#  gender          :string           not null
#  birthday        :date             not null
#  password_digest :string           not null
#  session_token   :string           not null
#  created_at      :datetime         not null
#  updated_at      :datetime         not null

这些验证之一是否可能失败?我假设因为这些列的值是在表单中设置的,所以我的用户会通过验证;但我错了吗
更新:我已经修复了电子邮件参数问题,但我似乎仍然得到401状态错误:

Started POST "/api/users" for ::1 at 2020-01-28 08:54:20 -0800
Processing by Api::UsersController#create as JSON
  Parameters: {"user"=>{"username"=>"", "password"=>"[FILTERED]", "nickname"=>"pooh", "gender"=>"male", "birthday"=>"2002-02-02", "email"=>"pooh10"}}
   (0.2ms)  BEGIN
  ↳ app/controllers/api/users_controller.rb:6
  User Exists (1.3ms)  SELECT  1 AS one FROM "users" WHERE "users"."username" = $1 LIMIT $2  [["username", ""], ["LIMIT", 1]]
  ↳ app/controllers/api/users_controller.rb:6
  User Exists (0.3ms)  SELECT  1 AS one FROM "users" WHERE "users"."email" = $1 LIMIT $2  [["email", "pooh10"], ["LIMIT", 1]]
  ↳ app/controllers/api/users_controller.rb:6
  User Exists (0.3ms)  SELECT  1 AS one FROM "users" WHERE "users"."session_token" = $1 LIMIT $2  [["session_token", "232kGIICEzCUSSesxgeYfg"], ["LIMIT", 1]]
  ↳ app/controllers/api/users_controller.rb:6
   (0.2ms)  ROLLBACK
  ↳ app/controllers/api/users_controller.rb:6
Completed 401 Unauthorized in 284ms (Views: 0.3ms | ActiveRecord: 12.3ms)
omjgkv6w

omjgkv6w1#

根据您的请求,api/users的参数。

Parameters: {"user"=>{"username"=>"racookin", "password"=>"[FILTERED]", "nickname"=>"racookin", "gender"=>"female", "birthday"=>"1990-07-07"}}

你没有在你的参数中传递电子邮件。根据您的模型,您为电子邮件添加了uniqueness验证。

validates :username, :email, :session_token, uniqueness: true

现在,当活动记录尝试使用现有记录验证您的记录时,它发现一个带有null email的记录,因此它向您返回验证失败消息。
如果你想保存空值的记录,你需要在你的模型中为email字段添加:allow_nil => true

编辑

users模型中设置用户名随机。

class User < ApplicationRecord
 .....
 .....
 .....
 before_save :assign_username

def assign_username
  return unless self.username.blank?
  self.username = SecureRandom.alphanumeric(8)
end
tkqqtvp1

tkqqtvp12#

有时,您保存的记录与模型没有直接关联。
比如我用这个

@employee.build_admin_reference(recommendee: current_admin)

其中“current_admin”是Admin模型,传递的“recommendee”哈希参数应该是Employee模型。我传递的是管理员而不是员工记录。
这个场景会导致请求在Rails中响应401状态来保护请求。
我把它改成了

@employee.build_admin_reference(recommendee: current_admin.adminable)

这里的“adminable”是对Employee的多态关联引用,因此返回Employee模型。通过这样做,它以200状态响应。

相关问题