Home/ Questions/Q 8835151
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T09:11:39+00:00

I have looked at similar errors but not only will my test wont pass,

  • 0

I have looked at similar errors but not only will my test wont pass, the script will not sign in a user.

Failures:

Finished in 0.41649 seconds 31 examples, 2 failures

Failed examples:

rspec ./spec/controllers/sessions_controller_spec.rb:48 #
SessionsController GET ‘new’ POST ‘create’ success should sign the
user in rspec ./spec/controllers/sessions_controller_spec.rb:54 #
SessionsController GET ‘new’ POST ‘create’ success should redirect to
the user show page

Done.

Error upon signin: NoMethodError in SessionsController#create

undefined method `authenticate’ for #
Rails.root: /Users/lancevelasco/Development/appsample

Application Trace | Framework Trace | Full Trace
app/controllers/sessions_controller.rb:10:in `create’

Code

user.rb

# == Schema Information
#
# Table name: users
#
#  id                 :integer          not null, primary key
#  name               :string(255)
#  email              :string(255)
#  created_at         :datetime         not null
#  updated_at         :datetime         not null
#  encrypted_password :string(255)
#  salt               :string(255)
#

class User < ActiveRecord::Base
  attr_accessor   :password
  attr_accessible :email, :name, :password, :password_confirmation

  email_regex = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i

  validates :name,  :presence => true,
                    :length   => { :maximum => 50 }
  validates :email, :presence   => true,
                    :format     => { :with => email_regex },
                    :uniqueness => { :case_sensitive => false }    
  validates :password, :presence => true,
                        :confirmation => true,
                        :length => { :within => 6..40 }

  before_save :encrypt_password

  def has_password?(submitted_password)
    encrypted_password == encrypt(submitted_password)
  end


  def User.authenticate(email, submitted_password)
    user = find_by_email(email)
    return nil  if user.nil?
    return user if user.has_password?(submitted_password) 
  end

  def authenticate_with_salt(id, cookie_salt)
    user = find_by_id(id)
    (user && user.salt == cookie_salt ) ? user : nil
  end

  private
  def encrypt_password
    self.salt = make_salt if new_record?
    self.encrypted_password = encrypt(password)
  end

  def encrypt(string)
      secure_hash("#{salt}--#{string}")
      end   

  def make_salt
    secure_hash("#{Time.now.utc}--#{password}")
  end

  def secure_hash(string)
    Digest::SHA2.hexdigest(string)
  end     
end

sessions_controller.rb

 class SessionsController < ApplicationController

  def new
    @title = "Sign in"
  end

  def create
    user = User.authenticate(params[:session][:email],
                             params[:session][:password])
    if user.nil?
      flash.now[:error] = "Invalid email/password combination."
      render 'new'
    else
      sign_in user
      redirect_back_or user
    end
  end

  def destroy
    sign_out
    redirect_to root_path
  end
end

sessions_helper.rb

module SessionsHelper

  def sign_in_(user)
    cookies.permanent.signed[:remember_token] = [user.id, user.salt]
    current_user = user
  end

  def current_user=(user)
    @current_user = user
  end

  def current_user
    @current_user || user_from_remember_token    
  end

  private

    def user_from_remember_token
      User.authenticate_with_salt()
    end

    def remember_token
      cookies.signed[:remember_token] || [nil,nil]
    end
end

user_controller_spec.rb

require 'spec_helper'

describe SessionsController do

  render_views

    describe "GET 'new'" do
    it "returns http success" do
      get 'new'
      response.should be_success
    end

    it "should have the right title" do
       get :new
       response.should have_selector('title', :content => "Sign in")
     end

     describe "POST 'create'" do

       describe "failure" do

          before(:each) do
            @attr = { :email => "", :password => ""}
          end 

          it "should re-render the new page" do
            post :create,  :session => @attr 
            response.should render_template('new')
          end

          it "should have the right title" do
            post :create, :session => @attr
          end

          it "should have an error message" do
            post :create, :session => @attr
            flash.now[:error].should =~ /invalid/i
          end
       end

       describe "success" do

         before(:each) do
           @user= Factory(:user)
           @attr = { :email => @user.email, :password => @user.password }
         end

         it "should sign the user in" do
           post :create, :session => @attr
           controller.current_user.should == @user
           controller.should  be_signed_in
         end

         it "should redirect to the user show page" do
           post :create, :session => @attr
           response.should redirect_to(user_path(@user))
         end

       end

     end
  end

end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From what I understand, Michael Hartl used to use bcrypt to handle his authentication (has_secure_password“). Looks like he opted to drop this and write his own authentication (looks like in order to add a salt…very good indeed).

    You have in user.rb:

    def User.authenticate(email, submitted_password)
  user = find_by_email(email)
  return nil  if user.nil?
  return user if user.has_password?(submitted_password) 
end

    So as you can see, you need to pass the email to the authenticate method as well, and since it also grabs the user, you can simplify the session#create method. Try this:

    def create
  user = User.authenticate(params[:session][:email], params[:session][:password])
  if user.nil?
    flash.now[:error] = 'Invalid email/password combination'
    render 'new'
  else
    sign_in user
    redirect_back_or user
  end
end
    • 0