#3 ✓resolved
Andrew Zielinski

Unable to login

Reported by Andrew Zielinski | November 7th, 2008 @ 04:59 PM

I've setup authlogic according to the instructions given in the following tutorial: http://www.binarylogic.com/2008/...

However, each time I try to login, it fails. I debugged it and UserSession password seems to be invalid?

I initially thought that it was something that I had done, but when I tried out the demo at: http://authlogic_example.binaryl..., I found I couldn't log in with username: monkey, password: monkey ( which are the credentials I used in registration ).

Comments and changes to this ticket

  • Ben Johnson

    Ben Johnson November 7th, 2008 @ 05:12 PM

    • State changed from “new” to “open”

    I actually just logged in with monkey / monkey. What browser are you using?

  • Raj Ojha

    Raj Ojha November 8th, 2008 @ 02:48 PM

    I've also experienced this problem, logging in with the already created account "monkey/monkey" and with a new account I created "blarb/blarb" on the live example app. I have also been unable to login using the latest plugin version in my own local projects, saying that the password is invalid.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 03:18 PM

    Can you give me more information? I am trying to recreate the problem and I can't, everything works fine for me.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 03:26 PM

    Also, I just logged in with blarb/blarb as well. It says this is my 4th login, so someone successfully logged in 3 times. My guess is that it has something to do with the rails sessions / cookies system. I switched to DB sessions, hopefully this will fix it.

  • Raj Ojha

    Raj Ojha November 8th, 2008 @ 03:46 PM

    I tried logging into the live example using safari 3.1.2 and firefox 3.0.3, both on os x leopard after I had emptied my browser cache and cookies. When I try to log in, I'm redirected back to "http://authlogic_example.binarylogic.com/user_session/new" with no error message or anything. I thought it should redirect me to my account profile upon successful login correct? It does however show that there are 3 users currently logged in.

    I actually have two apps on my local machine, both with the latest version of authlogic installed as a plugin. They both have namespaced admin controllers with code from the authlogic tutorial and use DB sessions store. Weirdly enough, one of these apps works fine and the other one gives me the "invalid password" error. However, on the one that does not work I am automatically logged in after I reset my admin user's password. I thought this problem was on my end until I saw this thread and tried to log into the live example app. I'll keep looking for problems with my code though, the problem could very well be on my end.

  • Raj Ojha

    Raj Ojha November 8th, 2008 @ 03:50 PM

    hmm, I just tried logging into the live example app again with firefox and it seems to work fine now, still not working with safari however.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 03:51 PM

    Please let me know what you find. I really think it has to do with the rails cookies system. There is a plugin called tamper data for firefox, you can see the server requests and responses. You can see what cookies are trying to be set and what cookies are sent back. My guess is that when you log in, the server responds and wants you to set the user_credentials cookie. Then when you are redirected I can almost guarantee no cookie is being passed back. If cookies arent working properly nothing will work, including sessions.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 03:52 PM

    I would also bet if you tried to set your own cookie it would not be there on your next request. The rails protect from forgery code does a lot of tricky things.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 04:09 PM

    I was able to reproduce the problem on my wifes computer. She is able to log in just fine in firefox, but safari will not let her. Her login is actually successful, after logging in it redirects her to the account area. When she is redirected no cookie is being passed back. So she gets redirected back to the login screen. There is also no "you must be logged in" message either. So I did some tests. In the new action I am doing:

    cookies["test"] = {:value => "test"} if params[:set]
    @test_cookie = cookies["test"]
    

    I keep getting nil for the @test_cookie value. Which means cookies aren't working period on her computer. This is also the reason none of the flash messages work, since those rely on sessions and sessions rely on cookies. The authlogic example is on edge rails. I am going to use a stable version and see if that fixes it.

  • Raj Ojha

    Raj Ojha November 8th, 2008 @ 04:47 PM

    I just tried the test cookie code on my local apps and I get a nil for the @test_cookie variable in both firefox and safari. I also forgot to say I'm running rails 2.1.2.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 04:50 PM

    I reproduced the problem on my wifes computer by using the app in multiple browsers. Apparently rails didnt like this and safari isnt storing cookies anymore. Firefox and opera are still working just fine.

    But authlogic uses the cookies system is does not alter. So if cookies are not being stored at all there is a bug in the rails code somewhere.

  • Raj Ojha

    Raj Ojha November 8th, 2008 @ 05:04 PM

    Okay, so I was able to fix the error on my end. I guess it wasn't the cookies that were the problem but my migration file. I recently moved over from restful_auth to authlogic and there were some character length limits setup in my users table that I think was causing the password to be seen as invalid. Here's my old users migration that was causing the problem...

    @@@ruby

      t.column :login,                     :string, :limit => 40
      t.column :name,                      :string, :limit => 100, :default => '', :null => true
      t.column :email,                     :string, :limit => 100
      t.column :crypted_password,          :string, :limit => 40
      t.column :password_salt,                      :string, :limit => 40
      t.column :password_reset_code, :string, :limit => 40
      t.string :remember_token
      t.integer :login_count
      t.datetime :last_request_at
      t.datetime :last_login_at
      t.datetime :current_login_at
      t.string :last_login_ip
      t.string :current_login_ip
      t.integer :role_id
      t.string :slug
    
      t.timestamps
    
    
    
    
  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 05:24 PM

    Yep that will do it. Authlogic uses Sha512, restful_authentication uses Sha1, which is pretty weak now days. But I think we were talking about 2 different issues. There are some cookie problems with edge rails, so I'm going to downgrade to the latest stable version and see if that fixes it.

  • Raj Ojha

    Raj Ojha November 8th, 2008 @ 05:29 PM

    Sorry I forgot to mention, even after I fixed the "invalid password" problem it still seems as though a cookie is not being set in safari, under rails 2.1.2.

  • Ben Johnson

    Ben Johnson November 8th, 2008 @ 05:31 PM

    • State changed from “open” to “resolved”

    Which is really strange, but out of my hands. I couldnt set a cookie at all, even outside of authlogic.

  • Andrew Zielinski

    Andrew Zielinski November 9th, 2008 @ 07:13 PM

    Raj, I basically did exactly what you did in terms of migrating from RestfulAuthentication to Authlogic :(. Everything seems to be working fine now.

    I'm working with Rails 2.2. When I get home tonight, I'll check to see how safari is working for me.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

Pages