Sorcery registration not going through

Question

I'm trying to use the Sorcery gem for authenticating users, but after the registration form is filled out it redirects back to the registration page with an error. I'm able to create a user from the console, however.

log file:

Started POST "/users" for 127.0.0.1 at 2012-01-23 13:54:12 -0500
Processing by UsersController#create as HTML
Parameters: {"utf8"=>"✓",     "authenticity_token"=>"Rh6R5rwLu+XchOv3ki9iATgihU8hqr84y4AcQbyKFyI=", "user"=>  {"username"=>"testusername", "email"=>"[email protected]", "password"=>"[FILTERED]"}, "commit"=>"Register"}
[1m[35m (0.1ms)[0m  SELECT 1 FROM "users" WHERE "users"."username" = 'testusername' LIMIT 1
[1m[36m (0.1ms)[0m  [1mSELECT 1 FROM "users" WHERE "users"."email" = '[email protected]' LIMIT 1[0m
Rendered users/new.html.erb within layouts/application (2.1ms)
Completed 200 OK in 29ms (Views: 17.1ms | ActiveRecord: 0.3ms)

users_controller.rb

class UsersController < ApplicationController
    def new
        @user = User.new
    end

    def create
        @user = User.new(params[:user])

        if @user.save
            redirect_to 'Static#index', :notice => "Thanks for registering!"
        else
            render :new
        end
    end
end

models/user.rb:

class User < ActiveRecord::Base
   authenticates_with_sorcery!

  attr_accessible :username, :email, :password
  validates_presence_of :username
  validates_presence_of :password, :on => :create
  validates_presence_of :email
  validates_length_of :password, :minimum => 7
  validates_length_of :username, :minimum => 10
  validates_uniqueness_of :username
  validates_uniqueness_of :email
end

config/initializers/sorcery.rb:

Rails.application.config.sorcery.submodules = []

Rails.application.config.sorcery.configure do |config|

config.user_config do |user|

end

config.user_class = "User"
end

sorcery migration:

class SorceryCore < ActiveRecord::Migration
    def self.up
        create_table :users do |t|

            t.string :username,         :null => false
            t.string :email,            :default => nil
            t.string :crypted_password, :default => nil
            t.string :salt,             :default => nil
            t.timestamps

        end
    end

    def self.down
        drop_table :users
    end
end

Answer 1

What you need to see in log file is more or less this:

   (0.1ms)  SELECT 1 FROM "users" WHERE "users"."username" = 'testusername' LIMIT 1
   (0.1ms)  SELECT 1 FROM "users" WHERE "users"."email" = '[email protected]' LIMIT 1
Binary data inserted for `string` type on column `crypted_password`
  SQL (3.7ms)  INSERT INTO "users" ("created_at", "crypted_password", "email", "salt", "updated_at", "username") VALUES (?, ?, ?, ?, ?, ?)  [["created_at", Mon, 23 Jan 2012 20:39:46 UTC +00:00], ["crypted_password", "$2a$10$za6RqGnvHpAiNASQ86NCl.t/LyrGn1U1wHfzQ3X9f/NJYjY/ramJG"], ["email", "[email protected]"], ["salt", "xxRspPQysvq5yzp7xpFh"], ["updated_at", Mon, 23 Jan 2012 20:39:46 UTC +00:00], ["username", "testusername"]]

If you can't see INSERT statement, this means that data didn't pass validations. Maybe you're trying to add another User with the same username/email? Otherwise it should work. Try to create User in rails console:

irb> u = User.create username: 'testusername', ........
irb> u.errors.full_messages

Does it return any messages?

EDIT: Sorry I've just noticed your update, where you wrote that you can create User in console. From log file it looks like parameters are ok. You said, that redirects to new page with error. What does this error say?

Answer 2

What you have in user/new view?

Don't forget, that you have length validations on your :username and :password.

maybe you can do:

attr_accessible \
  :username,
  :email,
  :password,
  :password_confirmation

Answer 3

The one thing that jumps out at me here is the password field. You have it set with attr_accessible which should only be used if the field is in your database. Sorcery, like most authentication solutions, will not store the raw password in the database, which you can see from the migration file which does not include the password field.

Instead use a virtual attribute for password so that the raw string is never stored:

attr_accessor :password
attr_accessible :username, :email

The actual password will be crypted through the Sorcery process and stored in crypted_password field.

With this setup all your validations will still work.