find_by function isn't successful eventhough it should

Mostah Source

my programming team created an account activation function like in Michael Hartl's Rails tutorial. Now after a few weeks of coding the function stopped working. So that is the full function:

class AccountActivationsController < ApplicationController

#Dieser Controller ist notwendig, um einen neu registrierten Account via Aktivierungsmail zu aktivieren.

  def edit
    user = User.find_by(email: params[:email])
    if user && !user.activated? && user.authenticated?(:activation, params[:id])
      user.activate
      log_in user
      flash[:success] = "Account aktiviert!"
      redirect_to user
    else
      flash[:danger] = "Ungültiger Aktivierungslink"
      redirect_to root_url
    end
  end
end

We get the danger message coming from the else loop. We tried to break the problem down into pieces and now we know that the condition:

user = User.find_by(email: params[:email]) 

is not successful.

I would like to have some suggestions, why this activation link:

http://localhost:3000/account_activations/hX1eY83-wcs8VqZcPa0H=
3g/edit?email=3Dsami.khedira%40stud.uni-hannover.de

doesn't give the right information to find the User "[email protected]" in the data base. We can see the user in the data base and the save function before worked. I also looked through an earlier version of the app, where it worked. I don't see any changes in the functions, so maybe something that we added somewhere destroyed the registration, but from my point of view there is nothing missing.

Additionally the password_reset function doesn't work as well.

The create User function from the user controller:

  def create
    @user = User.new(user_params)
    if @user.save
      @user.send_activation_email
      flash[:info] = "Bitte öffnen Sie Ihr E-Mail Postfach, um den Account zu aktivieren."
      redirect_to root_url
    else
      render 'new'
    end
  end

Here is how we create the digest:

class User < ApplicationRecord


  # Activates an account.
  def activate
    update_columns(activated: true, activated_at: Time.zone.now)
  end

  # Sends activation email.
  def send_activation_email
    UserMailer.account_activation(self).deliver_now
  end

  # Sets the password reset attributes.
  def create_reset_digest
    self.reset_token = User.new_token
    update_columns(reset_digest:  User.digest(reset_token), reset_sent_at: Time.zone.now)
  end

  # Sends password reset email.
  def send_password_reset_email
    UserMailer.password_reset(self).deliver_now
  end

  # Returns true if a password reset has expired.
  def password_reset_expired?
    reset_sent_at < 2.hours.ago
  end

  private

    # Converts email to all lower-case.
    def downcase_email
      self.email = email.downcase
    end

    # Creates and assigns the activation token and digest.
    def create_activation_digest
      self.activation_token  = User.new_token
      self.activation_digest = User.digest(activation_token)
    end

end

Views/User Mailer/Account_activation.html.erb:

<h1>Bachelorarbeitszuordnung</h1>

<p>Sehr geehrter Herr / Sehr geehrte Frau <%= @user.name %>,</p>

<p>
Sie haben sich für die Bachelorarbeit registriert! Klicken Sie auf den untenstehenden Link, um ihren Account zu aktivieren:
</p>

<%= link_to "Aktivieren", edit_account_activation_url(@user.activation_token,
                                                    email: @user.email) %>

User Mailer:

class UserMailer < ApplicationMailer


  def account_activation(user)
    @user = user
    mail to: user.email, subject: "Account activation"
  end

  def password_reset(user)
    @user = user
    mail to: user.email, subject: "Password reset"
  end
end

Application Mailer:

class ApplicationMailer < ActionMailer::Base
  default from: "[email protected]"
  layout 'mailer'
end

Here is the routes file, I already know by other users, that it is not perfect, but I currently don't know how to improve it. I read the guide on rails routing, but I don't see why my routing is not good:

Rails.application.routes.draw do

  resources :deadlines
  resources :preferences
  resources :institutes
  resources :users
  resources :admin, to: 'users#admin'

  get 'password_resets/new'
  get 'password_resets/edit'

  root 'static_pages#home'
  get '/home', to: 'static_pages#home'
  get '/help', to: 'static_pages#help'
  get '/about', to: 'static_pages#about'
  get '/contact', to: 'static_pages#contact'
  get '/matching', to: 'static_pages#matching'
  get '/cockpit', to: 'static_pages#cockpit'

  get '/signup', to: 'users#new'
  post '/signup',  to: 'users#create'

  get '/performance_show', to: 'users#performance_show'
  get '/performance_update', to: 'users#performance_update'

  post 'preferences/create_all', to: 'preferences#create_all'

  get '/login', to: 'sessions#new'
  post '/login', to: 'sessions#create'
  delete '/logout', to: 'sessions#destroy'

  resources :account_activations, only: [:edit]
  resources :password_resets,     only: [:new, :create, :edit, :update]

  # Routes für die Buttons der GAMS Berechnung
  post 'read_matching', to: 'static_pages#read_matching'
  post 'delete_matching', to: 'static_pages#delete_matching'
  post 'optimize', to: 'static_pages#optimize'

  # Route für Button zum Löschen aller Studenten
  delete 'delete_all', to: 'users#delete_all'

  #Route für Page zum Löschen des eigenen Accounts.
  get 'delete_account', to: 'users#delete_account'
  delete 'delete_account_sure', to: 'users#delete_account_sure'

end

And here is my log. It starts with the registration of the user "Sami Khedira":

Started POST "/users" for 127.0.0.1 at 2018-03-13 17:41:09 +0100
Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"hbZ8A9CWC60nyXYd3nf6Dv0M+d/ViCp0PJ8AmG/fI5ZvyE+hFBt5n8W54gg9yNqZQTfSuOa8PyUD16a3qoRGsg==", "user"=>{"name"=>"Sami Khedira", "mat_number"=>"1234567", "email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Erstelle meinen Account"}
  [1m[35m (1.0ms)[0m  [1m[36mbegin transaction[0m
  [1m[36mUser Exists (3.0ms)[0m  [1m[34mSELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER(?) LIMIT ?[0m  [["email", "[email protected]"], ["LIMIT", 1]]
  [1m[35mSQL (0.8ms)[0m  [1m[32mINSERT INTO "users" ("name", "email", "created_at", "updated_at", "password_digest", "activation_digest", "mat_number") VALUES (?, ?, ?, ?, ?, ?, ?)[0m  [["name", "Sami Khedira"], ["email", "[email protected]"], ["created_at", "2018-03-13 16:41:10.395281"], ["updated_at", "2018-03-13 16:41:10.395281"], ["password_digest", "$2a$10$2BLl1RzF2SOPB9/S5y.oC.W3vUY64GX9jOtd9EfOhrhs3Wnd7Z0Ky"], ["activation_digest", "$2a$10$MaFRiFb195HRm8AQ14OU.ey5ds5qDvR9nznFLBgClNXM21VqQh0AK"], ["mat_number", 1234567]]
  [1m[35m (11.9ms)[0m  [1m[36mcommit transaction[0m
  Rendering user_mailer/account_activation.html.erb within layouts/mailer
  Rendered user_mailer/account_activation.html.erb within layouts/mailer (29.8ms)
  Rendering user_mailer/account_activation.text.erb within layouts/mailer
  Rendered user_mailer/account_activation.text.erb within layouts/mailer (7.8ms)
UserMailer#account_activation: processed outbound mail in 80.2ms
Sent mail to [email protected] (31.7ms)
Date: Tue, 13 Mar 2018 17:41:11 +0100

From: [email protected]

To: [email protected]

Message-ID: <[email protected]>

Subject: Account activation

Mime-Version: 1.0

Content-Type: multipart/alternative;

 boundary="--==_mimepart_5aa7ff279cbd7_3afe126dc74620d2";

 charset=UTF-8

Content-Transfer-Encoding: 7bit





----==_mimepart_5aa7ff279cbd7_3afe126dc74620d2

Content-Type: text/plain;

 charset=UTF-8

Content-Transfer-Encoding: quoted-printable



Sehr geehrter Herr Sami Khedira,

Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:

<a href=3D"http://localhost:3000/account_activations/hX1eY83-wcs8VqZcPa0H=
3g/edit?email=3Dsami.khedira%40stud.uni-hannover.de">Aktivieren</a>



----==_mimepart_5aa7ff279cbd7_3afe126dc74620d2

Content-Type: text/html;

 charset=UTF-8

Content-Transfer-Encoding: quoted-printable



<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8" />
    <style>
      /* Email styles need to be inline */
    </style>
  </head>

  <body>
    <h1>Bachelorarbeitszuordnung</h1>

<p>Sehr geehrter Herr Sami Khedira,</p>

<p>
Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:
</p>

<a href=3D"http://localhost:3000/account_activations/hX1eY83-wcs8VqZcPa0H=
3g/edit?email=3Dsami.khedira%40stud.uni-hannover.de">Aktivieren</a>

  </body>
</html>


----==_mimepart_5aa7ff279cbd7_3afe126dc74620d2--


Redirected to http://localhost:3000/
Completed 302 Found in 1972ms (ActiveRecord: 65.1ms)


Started GET "/" for 127.0.0.1 at 2018-03-13 17:41:11 +0100
Processing by StaticPagesController#home as HTML
  Rendering static_pages/home.html.erb within layouts/application
  Rendered static_pages/home.html.erb within layouts/application (22.8ms)
  Rendered layouts/_rails_default.html.erb (604.6ms)
  Rendered layouts/_shim.html.erb (0.4ms)
  Rendered layouts/_header.html.erb (7.5ms)
  Rendered layouts/_footer.html.erb (3.8ms)
Completed 200 OK in 765ms (Views: 755.8ms | ActiveRecord: 0.0ms)  

Started GET "/" for 127.0.0.1 at 2018-03-13 17:47:23 +0100
Processing by StaticPagesController#home as HTML
  Rendering static_pages/home.html.erb within layouts/application
  Rendered static_pages/home.html.erb within layouts/application (965.2ms)
  Rendered layouts/_rails_default.html.erb (11813.6ms)
  Rendered layouts/_shim.html.erb (66.2ms)
  Rendered layouts/_header.html.erb (194.1ms)
  Rendered layouts/_footer.html.erb (53.3ms)
Completed 200 OK in 14350ms (Views: 14125.1ms | ActiveRecord: 0.0ms)

Thank you very much!

Edit: User bkunzi01 recommended me to exchange (email: params[:email]) with params[:user][:email]. That gave me the following error: Error Message

Logfile:

Started POST "/users" for 127.0.0.1 at 2018-03-14 02:07:04 +0100
Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"6vTYSvvGONUEC7hEP/C/AqEHAeQ+oQToqHQGKuBsM7ozw/N+w11mWnIb1x4Io5CWU/eYpYwncObyWWC+zKY4Jg==", "user"=>{"name"=>"Sami Khedira", "mat_number"=>"12345678", "email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Erstelle meinen Account"}
   (0.1ms)  begin transaction
  User Exists (1.9ms)  SELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER(?) LIMIT ?  [["email", "[email protected]"], ["LIMIT", 1]]
  SQL (14.4ms)  INSERT INTO "users" ("name", "email", "created_at", "updated_at", "password_digest", "activation_digest", "mat_number") VALUES (?, ?, ?, ?, ?, ?, ?)  [["name", "Sami Khedira"], ["email", "[email protected]"], ["created_at", "2018-03-14 01:07:04.901137"], ["updated_at", "2018-03-14 01:07:04.901137"], ["password_digest", "$2a$10$whjEx3oPnLxyNFZomWst4uCAPqweV0jBtN342mlx.sJwAm6A4JD7a"], ["activation_digest", "$2a$10$EG9MOsxQYUJC2//VGj6Iyu1CB7/39NP3mMpv1BjE2QrYx2WeZCM7K"], ["mat_number", 12345678]]
   (62.6ms)  commit transaction
  Rendering user_mailer/account_activation.html.erb within layouts/mailer
  Rendered user_mailer/account_activation.html.erb within layouts/mailer (9.2ms)
  Rendering user_mailer/account_activation.text.erb within layouts/mailer
  Rendered user_mailer/account_activation.text.erb within layouts/mailer (9.3ms)
UserMailer#account_activation: processed outbound mail in 142.7ms
Sent mail to [email protected] (116.4ms)
Date: Wed, 14 Mar 2018 02:07:05 +0100
From: [email protected]
To: [email protected]
Message-ID: <[email protected]>
Subject: Account activation
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f";
 charset=UTF-8
Content-Transfer-Encoding: 7bit


----==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Sehr geehrter Herr Sami Khedira,

Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:

<a href=3D"http://localhost:3000/account_activations/WFJAfA0Ed4h-eL13PApg=
ng/edit?email=3Dsamikhedira%40stud.uni-hannover.de">Aktivieren</a>


----==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8" />
    <style>
      /* Email styles need to be inline */
    </style>
  </head>

  <body>
    <h1>Bachelorarbeitszuordnung</h1>

<p>Sehr geehrter Herr / Sehr geehrte Frau Sami Khedira,</p>

<p>
Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:
</p>

<a href=3D"http://localhost:3000/account_activations/WFJAfA0Ed4h-eL13PApg=
ng/edit?email=3Dsamikhedira%40stud.uni-hannover.de">Aktivieren</a>

  </body>
</html>

----==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f--

Redirected to http://localhost:3000/
Completed 302 Found in 1177ms (ActiveRecord: 128.8ms)


Started GET "/" for 127.0.0.1 at 2018-03-14 02:07:05 +0100
Processing by StaticPagesController#home as HTML
  Rendering static_pages/home.html.erb within layouts/application
  Rendered static_pages/home.html.erb within layouts/application (6.4ms)
  Rendered layouts/_rails_default.html.erb (234.4ms)
  Rendered layouts/_shim.html.erb (0.6ms)
  Rendered layouts/_header.html.erb (12.3ms)
  Rendered layouts/_footer.html.erb (1.9ms)
Completed 200 OK in 305ms (Views: 301.8ms | ActiveRecord: 0.0ms)


Started GET "/account_activations/WFJAfA0Ed4h-eL13PApg=ng/edit?email=3Dsamikhedira%40stud.uni-hannover.de" for 127.0.0.1 at 2018-03-14 02:07:44 +0100
Processing by AccountActivationsController#edit as HTML
  Parameters: {"email"=>"[email protected]", "id"=>"WFJAfA0Ed4h-eL13PApg=ng"}
Completed 500 Internal Server Error in 5ms (ActiveRecord: 0.0ms)



NoMethodError (undefined method `[]' for nil:NilClass):

app/controllers/account_activations_controller.rb:6:in `edit'
ruby-on-railsrubydatabaseerror-handlingfind-by-sql

Answers

answered 6 months ago kparekh01 #1

You could convert the email and make it url safe like below. You should be alright as long as you are verifying the uniqueness of all the emails in your database. Hope this helps.

Base64.urlsafe_encode64("[email protected]")
# "dWdsYXNAc3R1ZC51bmktaGFubm92ZXIuZGU=" 

Base64.urlsafe_decode64("dWdsYXNAc3R1ZC51bmktaGFubm92ZXIuZGU=")
#  "[email protected]" 

So wherever you are generating your activation link, make the 64bit conversion there so that the new link will now look like:

http://localhost:3000/account_activations/9rxXuiQEEXmeOnqcS_m-=
VQ/edit?email="dWdsYXNAc3R1ZC51bmktaGFubm92ZXIuZGU="

And now when you are getting your params[:email] you can simply convert it back like so:

user = User.find_by(Base64.urlsafe_decode64(params[:email]))

answered 6 months ago Mostah #2

I solved the issue by setting the View/Mailer back to an older version.

Here you can see the difference between a successful link at the top and a false one at the bottom!

http://localhost:3000/account_activations/iTIWL74dAzPlsVckrOc6Uw/edit?email=dana%40stud.uni-hannover.de

http://localhost:3000/account_activations/iTIWL74dAzPlsVckrOc6Uw/edit?ema=il=3Ddana%40stud.uni-hannover.de

The suggestion from the beginning that the 3D causes the problem was right. I didn't even change the activation link. It was enough to put a German letter "ü" in the email text. That fucked up the link to. I don't really understand that connection but now everything is fine. I hope that someone in the future can profit from my experiences.

Kind regards to everyone who helped, you are heroes!

comments powered by Disqus