deviseでのユーザーログインで認証失敗の際エラーメッセージを表示させたい。
初歩的な質問かも知れませんがお知恵を拝借させてください。
Ruby on Rails を使って簡単なウェブアプリケーションを作成しています。
ユーザー認証機能にDeviseを用いているところで問題が発生しました。
ログインの画面で間違ったメールアドレス、パスワードを入力しPOSTすると以下のようなエラーが発生します。なお正しいメールアドレス、パスワードを入力した際はエラーは出ず、正常にログイン状態になります。
ActionController::InvalidAuthenticityToken
試したこと
- application.rb の
protect_from_forgery with: :exception
をwith: :null_session
に変更。 - registrations_controller.rbに
protect_from_forgery :except => [:new, :create]
を追加。
上記2つを試したところエラーは発生せず、元のログイン画面にrenderされた。しかし、メールアドレスやパスワードが間違っているというエラーメッセージは表示されませんでした。
しかし、このウェブアプリケーションは外部からのログインを許可したくないので上記2つの対処をしたくありません。
authenticity_token
はhtml部分に埋め込まれていることをディベロッパーツールで確認しました。
以下のように改善したいと思っています。
- 外部からのアクセスを許可せず、CSRF対策部分をパスしたい。
- ログイン失敗後、deviseのエラーメッセージ”メールアドレスかパスワードが違っています。"などを表示したい。
ActionController::InvalidAuthenticityToken in Users::SessionsController#create
以下ブラウザ上でのエラーメッセージ
def handle_unverified_request raise ActionController::InvalidAuthenticityToken end
以下Rails コンソールでのログ
Processing by Users::SessionsController#new as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"ukg5MQN1IPeninocx7H1KDhzY76vfNvoLcvsCgLK0vEtXUob73I4jdm8nb2XXTIG2s97+zMNEDQTKoEDl2F80Q==", "user"=>{"email"=>"keke@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"ログインする"} Can't verify CSRF token authenticity. Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms) ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/request_forgery_protection.rb:243:in `handle_unverified_request' vendor/bundle/ruby/2.5.0/gems/devise-4.6.1/lib/devise/controllers/helpers.rb:255:in `handle_unverified_request' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/request_forgery_protection.rb:238:in `verify_authenticity_token' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:426:in `block in make_lambda' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:198:in `block (2 levels) in halting' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:199:in `block in halting' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:513:in `block in invoke_before' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:513:in `each' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:513:in `invoke_before' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:131:in `run_callbacks' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/abstract_controller/callbacks.rb:41:in `process_action' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/rescue.rb:22:in `process_action' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/notifications.rb:168:in `block in instrument' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/notifications/instrumenter.rb:23:in `instrument' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/notifications.rb:168:in `instrument' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/instrumentation.rb:32:in `process_action' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal/params_wrapper.rb:256:in `process_action' vendor/bundle/ruby/2.5.0/gems/activerecord-5.2.2/lib/active_record/railties/controller_runtime.rb:24:in `process_action' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/abstract_controller/base.rb:134:in `process' vendor/bundle/ruby/2.5.0/gems/actionview-5.2.2/lib/action_view/rendering.rb:32:in `process' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal.rb:191:in `dispatch' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal.rb:236:in `block in action' vendor/bundle/ruby/2.5.0/gems/devise-4.6.1/lib/devise/failure_app.rb:75:in `recall' vendor/bundle/ruby/2.5.0/gems/devise-4.6.1/lib/devise/failure_app.rb:41:in `respond' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/abstract_controller/base.rb:194:in `process_action' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/abstract_controller/base.rb:134:in `process' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal.rb:191:in `dispatch' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_controller/metal.rb:236:in `block in action' vendor/bundle/ruby/2.5.0/gems/devise-4.6.1/lib/devise/failure_app.rb:23:in `call' vendor/bundle/ruby/2.5.0/gems/devise-4.6.1/lib/devise/delegator.rb:7:in `call' vendor/bundle/ruby/2.5.0/gems/warden-1.2.8/lib/warden/manager.rb:143:in `call_failure_app' vendor/bundle/ruby/2.5.0/gems/warden-1.2.8/lib/warden/manager.rb:129:in `process_unauthenticated' vendor/bundle/ruby/2.5.0/gems/warden-1.2.8/lib/warden/manager.rb:44:in `call' vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call' vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call' vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:38:in `call' vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/http/content_security_policy.rb:18:in `call' vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in `context' vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/cookies.rb:670:in `call' vendor/bundle/ruby/2.5.0/gems/activerecord-5.2.2/lib/active_record/migration.rb:559:in `call' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call' vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:98:in `run_callbacks' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:26:in `call' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call' vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
sessions_controller.rb
# frozen_string_literal: true class Users::SessionsController < Devise::SessionsController before_action :alert_account, only: :destroy, raise: false before_action :reset_session_before_login, only: :create protect_from_forgery :except => [:create] # before_action :configure_sign_in_params, only: [:create] # GET /resource/sign_in # def new # super # end # POST /resource/sign_in # def create # super # end # DELETE /resource/sign_out # def destroy # super # end # protected # If you have extra params to permit, append them to the sanitizer. # def configure_sign_in_params # devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute]) # end private def reset_session_before_login user_return_to = session[:user_return_to] reset_session session[:user_return_to] = user_return_to if user_return_to end end
application_controller.rb
class ApplicationController < ActionController::Base protect_from_forgery with: :exception before_action :configure_permitted_parameters, if: :devise_controller? before_action :configure_account_update_params, if: :devise_controller? before_action :set_host before_action :store_current_location, unless: :devise_controller? def alert_account unless current_user flash[:alert] = "アカウントの作成もしくはログインしてください" redirect_to new_user_session_path end end def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:username, :tall, :age, :gendar, :active_level, :recom_calorie, :image, :password, :password_confirmation, :email]) end def configure_account_update_params devise_parameter_sanitizer.permit(:account_update, keys: [:username,:tall, :age, :gendar, :active_level, :recom_calorie, :image]) end def require_admin redirect_to root_path unless current_user.admin? end def set_host Rails.application.routes.default_url_options[:host] = request.host_with_port end def user_recom? unless (current_user&.recom_calorie) || session[:recom_calorie] flash[:notice] = "先に推奨カロリーを計算しましょう。" unless current_user redirect_to new_scalcalo_path else redirect_to edit_calcalo_path(current_user) end end end def store_current_location return if current_user store_location_for(:user, request.url) end end
補足情報
ruby: 2.5.3p105
rails: 5.2.2
devise: 4.6.2
あなたの回答
tips
プレビュー