Railscasts: authentication from scratch - missing :session param issue in Rails 4

Question

I'm working through Railscast: authentication from scratch in Rails 4, though the tutorial was built for Rails 3. For this reason, some changes have had to be made from the original tutorial instructions.

Tutorial: http://railscasts.com/episodes/250-authentication-from-scratch?autoplay=true

Current running into an error

param is missing or the value is empty: session

Thoughts:

I've compared the 2 controllers below. My change from the tutorial is moving the params into a session_params method.
I understand the error is because the hash being posted does not contain a hash like "session" => { }. But I don't have a deep enough understanding of Rails to solve.

Recommended controller (rails 3)

def create
  user = User.authenticate(params[:email], params[:password])
  if user
    session[:user_id] = user.id
    redirect_to root_url, :notice => "Logged in!"
  else
    flash.now.alert = "Invalid email or password"
    render "new"
  end
end

My controller (converted to Rails 4)

  def create
    user = User.authenticate(session_params)
    if user
      session[:user_id] = user.id
      redirect_to root_url, :notice => "Logged in!"
    else
      flash.now.alert = "Invalid email or password"
      render "new"
    end
  end

  private
  def session_params
    params.require(:session).permit(:email, :password)
  end

Up to this point I've only been using Devise for authentication, so a great thanks in advance if you can share any advice.

UPDATE

As requested, form to post session

<h1>Log in</h1>
<%= form_tag sessions_path do %>
    <p>
        <%= label_tag :email %> <br/>
        <%= text_field_tag :email, params[:email] %>
    </p>
    <p>
        <%= label_tag :password %> <br/>
        <%= password_field_tag :password %>
    </p>
    <p class="button"> <%= submit_tag %> </p>
<% end %>

UPDATE 2

Also adding user.rb model

class User < ActiveRecord::Base
    attr_accessor :password
    before_save :encrypt_password

    validates_confirmation_of :password
    validates_presence_of :password, :on => :create
    validates_presence_of :email
    validates_uniqueness_of :email

    def self.authenticate(email, password)
        user = find_by_email(email)
        if user && user.password_hash == BCrypt::Engine.hash_secret(password, password_salt)
            user
        end
    end

    def encrypt_password
        if password.present?
            self.password_salt = BCrypt::Engine.generate_salt
            self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
        end
    end
end

can u post your form_for too ? Also, do u use `gem bcrypt` ? — 7urkm3n, Apr 04 '16 at 04:53
Added the form, though per the tutorial i'm using a form_tag. Yes - i am using bcrypt. — tim_xyz, Apr 04 '16 at 05:00

7urkm3n · Accepted Answer · 2016-04-04T06:28:42.593

1

Try this one:

in sessions_controller.rb

def create
    @user = User.find_by(email: params[:session][:email].downcase)
    if @user && @user.authenticate(params[:session][:password])
        session[:user_id] = @user.id
        flash[:success] = "#{@user.email}, Successfully Logged In"
        redirect_to root_url, :notice => "Logged in!"
    else
        flash.now[:danger] = "Incorrect User/Password"
        render 'new'
    end
end

html form

<%= form_for :session, url: :sessions do |f| %>

    <div class="field">
        <%= f.label :email %>
        <%= f.email_field :email %>
    </div>

    <div class="field">
        <%= f.label :password %>
        <%= f.password_field :password %>
    </div>

    <%= f.submit "Sign In", class: "button" %>
<% end %>

routes.rb

post 'sessions'  => 'sessions#create'

User.rb

class User < ActiveRecord::Base
    has_secure_password

    validates_confirmation_of :password
    validates_presence_of :password, :on => :create
    validates_presence_of :email
    validates_uniqueness_of :email

end

edited Apr 04 '16 at 06:28

answered Apr 04 '16 at 04:56

7urkm3n

6,054
4
29
46

Getting an error `wrong number of arguments (given 1, expected 2)`, related to `def self.authenticate(email, password)` method in user.rb – tim_xyz Apr 04 '16 at 06:01
where is that `self.authenticate` method located ? – 7urkm3n Apr 04 '16 at 06:02
user.rb - added above. – tim_xyz Apr 04 '16 at 06:04
@pandaman i see, comment all methods there, `authenticate and encrypt_passwrd` and add this one there `has_secure_password`, do not forget to add `gem 'bcrypt'`. bundle and restart server. – 7urkm3n Apr 04 '16 at 06:05
bcrypt gem supports authenticate and encryption methods. – 7urkm3n Apr 04 '16 at 06:19
`bcrypt` is already installed. So if i comment `authenticate` and `encrypt_password`, and change `@user.authenticate` to `User.has_secure_password`, then it errors `undefined method fetch for "password_name":String` – tim_xyz Apr 04 '16 at 06:26
still getting `undefined method fetch` error related to this line `if @user && User.has_secure_password(params[:session][:password])`. And if use `@user...` instead of `User...`, i get an undefined method `has_secure_password`. – tim_xyz Apr 04 '16 at 06:47
I am sorry, where is your `has_secure_password` method ? – 7urkm3n Apr 04 '16 at 06:49
Sorry, if i do exactly like `@user.authenticate...`, i get the error, `undefined local variable or method "password_digest" for # Did you mean? password_salt` – tim_xyz Apr 04 '16 at 06:54
1

ohhh, how is your password column named in users table ? if its just password then u need to rename column name to `password_digest ` – 7urkm3n Apr 04 '16 at 07:03
here is example, how to rename column: http://stackoverflow.com/questions/1992019/how-can-i-rename-a-database-column-in-a-ruby-on-rails-migration – 7urkm3n Apr 04 '16 at 07:07

Railscasts: authentication from scratch - missing :session param issue in Rails 4

1 Answers1