i have small inherited rails project uses devise authenticate.
recently has started making incorrect query database if user enters invalid password, set out below. works expected. must have changed something, not know what.
with valid password
when user logs in valid password, console log shows similar
started post "/users/sign_in" 192.168.2.30 @ 2015-07-13 08:13:39 -0400 processing users::sessionscontroller#create html parameters: {"utf8"=>"✓", "authenticity_token"=>"a_long_authenticity_token_goes_here", "user"=>{"email"=>"m.mouse@disney.com", "password"=>"[filtered]", "remember_me"=>"0"}, "commit"=>"sign in"} user load (0.8ms) select "users".* "users" "users"."email" = $1 order "users"."id" asc limit 1 [["email", "m.mouse@disney.com"]] (0.3ms) begin sql (0.6ms) update "users" set "last_sign_in_at" = $1, "current_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 "users"."id" = $5 [["last_sign_in_at", "2015-07-10 21:17:12.592611"], ["current_sign_in_at", "2015-07-13 12:13:39.359997"], ["sign_in_count", 1000], ["updated_at", "2015-07-13 12:13:39.363621"], ["id", 22]] (17.6ms) commit and system carries on normal.
with invalid password
when user attempts log in invalid password, console log shows similar
started post "/users/sign_in" 192.168.2.30 @ 2015-07-13 07:44:55 -0400 processing users::sessionscontroller#create html parameters: {"utf8"=>"✓", "authenticity_token"=>"a_long_authenticity_token_goes_here", "user"=>{"email"=>"m.mouse@disney.com", "password"=>"[filtered]", "remember_me"=>"0"}, "commit"=>"sign in"} user load (53.0ms) select "users".* "users" "users"."email" = $1 order "users"."id" asc limit 1 [["email", "m.mouse@disney.com"]] completed 401 unauthorized in 288ms (activerecord: 53.4ms) processing users::sessionscontroller#new html parameters: {"utf8"=>"✓", "authenticity_token"=>"a_long_authenticity_token_goes_here", "user"=>{"email"=>"m.mouse@disney.com", "password"=>"[filtered]", "remember_me"=>"0"}, "commit"=>"sign in"} user load (2.2ms) select "users".* "users" "email"."email" = 'm.mouse@disney.com' , "email"."password" = 'thisisaninvalidpassword' , "email"."remember_me" = '0' order "users"."id" asc limit 1 pg::undefinedtable: error: missing from-clause entry table "email" line 1: select "users".* "users" "email"."email" = 'm.mou.... : select "users".* "users" "email"."email" = 'm.mouse@disney.com' , "email"."password" = 'thisisaninvalidpassword' , "email"."remember_me" = '0' order "users"."id" asc limit 1 completed 500 internal server error in 19ms (activerecord: 3.3ms) << output standard rails error page >> so far understand this, system tries read user table expected, no row found. devise munges 401 unauthorized response. system attempting redirect login page somehow using users::sessionscontroller#new
the system tries new query trying user using half formatted query. query tries include table called email not exist in database; query syntax not correct either.
database: postgres
rails: 2.1.2
devise gem: 3.5.1 according bundle show
there no users::sessionscontroller#create def, presumably using underlying devise version
there users::sessionscontroller#new follows
def new if (rails.env.development? || rails.env.test?) && params[:user] user = user.where(email: params[:user]).first sign_in :user, user redirect_to dashboard_home_path else super end end the environment development
nothing appears being written sessions table whether login successful or not.
where second malformed query come from, , why devise try use/call users::sessionscontroller#new after invalid login attempt anyway?
thanks in advance
Comments
Post a Comment