ruby-on-rails - 设计忽略定制策略

Question

这简直是​​不可思议。

我已经安装了Devise运行了Rails 3 RC。我定义了一种自定义策略，以尝试使用Kerberos进行身份验证。

module Devise
  module Strategies
    class Kerb < Devise::Strategies::Base
      def valid?
        params[:username] || params[:password]
      end

      def authenticate!
        # cheap debugging
        puts "PARAMS: #{params}"

        if check_kerb_auth(params[:username], params[:password])
          # create user account if none exists
          u = User.find(:first, :conditions => { :username => params[:username] }) || User.create({ :username => login })
          success!(u)
        else
          fail!("Could not log in")
        end
      end

      def check_kerb_auth(username, password)
        require 'krb5_auth'
        include Krb5Auth

        return false if username.blank? or password.blank?

        begin
            kerberos = Krb5.new
            return kerberos.get_init_creds_password(username, password)
        rescue Krb5Auth::Krb5::Exception
            return false
        end
      end
    end
  end
end

我具有Devise Warden配置设置，如下所示:

config.warden do |manager|
  manager.strategies.add(:kerb, Devise::Strategies::Kerb)
  manager.default_strategies :kerb
end

我的日志中没有错误。一切似乎都正常。如果我添加“廉价调试”(又名是一堆puts语句)，似乎反射(reflect)出:kerb策略是默认策略。这是来自登录尝试的示例日志集:

=> Booting WEBrick
=> Rails 3.0.0.rc application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-08-17 10:50:35] INFO  WEBrick 1.3.1
[2010-08-17 10:50:35] INFO  ruby 1.8.7 (2010-01-10) [x86_64-linux]
[2010-08-17 10:50:40] INFO  WEBrick::HTTPServer#start: pid=12717 port=3000


Started POST "/users/login" for 127.0.0.1 at Tue Aug 17 10:50:43 -0400 2010
  Processing by Devise::SessionsController#create as HTML
  Parameters: {"commit"=>"Login", "authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE=", "_snowman"=>"\342\230\203", "user"=>{"remember_me"=>"1", "username"=>"hernan43", "password"=>"[FILTERED]"}}
Completed   in 0ms
  Processing by Devise::SessionsController#new as HTML
  Parameters: {"commit"=>"Login", "authenticity_token"=>"afZF6ho96p47dc9LQFwwNN5PqnRpl7x+1J7V3MiKgTE=", "_snowman"=>"\342\230\203", "user"=>{"remember_me"=>"1", "username"=>"hernan43", "password"=>"[FILTERED]"}}
Rendered devise/shared/_links.erb (1.2ms)
Rendered devise/sessions/new.html.erb within layouts/application (8.2ms)
Completed 200 OK in 124ms (Views: 11.7ms | ActiveRecord: 1.3ms)

kerberos代码可以在同一台机器上的其他地方工作。如果有问题，我有点期待它会显示很多错误，但是我什么也没得到。是否有调试Devise/Warden的好方法？

Answer 1

万一有人遇到这个问题，我相信这就是问题所在:

根据Warden Strategies:

valid?

The valid? method acts as a guard for the strategy. It’s optional to declare a valid? method, and if you don’t declare it, the strategy will always be run. If you do declare it though, the strategy will only be tried if #valid? evaluates to true.

The strategy above is reasoning that if there’s either a ‘username’ or a ‘password’ param, then the user is trying to login. If there’s only one of them, then the ‘User.authenticate’ call will fail, but it was still the desired (valid) strategy.

所以你的有效方法是:

def valid?
  params[:username] || params[:password]
end

它返回的是false，因此永远不会调用 authenticate!。 params是一个嵌套的哈希，因此应该是 params[:user][:username]而不是 params[:username]。

将您的有效方法更改为:

def valid?
  params[:user] && (params[:user][:username] || params[:user][:password])
end

将返回true并导致 authenticate!方法被调用。