Search code examples
ruby-on-railsrubysessionerror-handlingdevise

Devise "Sign In" form displays "Invalid Invalid email or password" error message incorrectly

I am working on a Rails app. I am using the Devise gem to handle users sessions. Whenever I navigate to localhost:3000/users/sign_in, I see Devise's error message that says "Invalid username or password". This occurs even after trying to sign on the first time, with no previous log-in attempts. I have tried clearing my web browser's cache to no avail. Here are some relevant snippets:

app/views/layouts/application.html.erb:

...
#section where Devise alerts are displayed
<% if notice %>
  <p class="alert alert-success"><%= notice %></p>
<% end %>
<% if alert %>
  <p class="alert alert-danger"><%= alert %></p>
<% end %>
...

app/views/devise/sessions/new.html.erb:

<div class="container">
<h2>Sign in</h2>

<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<%= f.email_field :email, autofocus: true, placeholder: "email", class: "form-control login-credentials" %><br>
<%= f.password_field :password, autocomplete: "off", placeholder: "password", class: "form-control login-credentials" %></br>
<% if devise_mapping.rememberable? -%>
    <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
<% end -%>
<div class="btn-group">
    <%= f.submit "Sign in", class: "btn btn-primary" %>
<% end %>
<div class="btn-group">
    <%= render "devise/shared/links" %>
</div>

/config/initializers/devise.rb:

Devise.setup do |config|
  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
  require 'devise/orm/active_record'
  config.case_insensitive_keys = [ :email ]
  config.strip_whitespace_keys = [ :email ]
  config.skip_session_storage = [:http_auth]
  config.stretches = Rails.env.test? ? 1 : 10
  config.reconfirmable = true
  config.password_length = 8..128
  config.reset_password_within = 6.hours
  config.sign_out_via = :delete
end

Let me know if there is any information I can provide to help troubleshoot this.

Solution

  • I fixed the problem by changing the :method of the button_to containing the link to the log-in page from its default value of :post to :get. I think that using :post was causing an attempt to log in with blank credentials, causing the error message to be displayed. Here is my code fix:

    <div class="btn-group">
  <%= button_to 'Sign in', new_user_session_path, method: :get, class: :'btn btn-primary btn-lg' %>
</div>