Upgrade to Pro — share decks privately, control downloads, hide ads and more …

実例で学ぶRailsアプリケーションデバッグ入門 〜ログインできちゃってました編〜/rails...

実例で学ぶRailsアプリケーションデバッグ入門 〜ログインできちゃってました編〜/rails-application-debug-introduction

Masatoshi Moritsuka

October 21, 2022
Tweet

More Decks by Masatoshi Moritsuka

Other Decks in Programming

Transcript

  1. ࣗݾ঺հ JSC NBJO TQFBLFS4QFBLFS fi OE@CZ ZFBS OVNCFS UBQ\QQ@CJP^ w

    ໊લ৿௩ਅ೥ w (JU)VC!TBOGSFDDFPTBLB w 5XJUUFS!TBOGSFDDF@PTBLB w ॴଐגࣜձࣾΤϯϖΠ w ։࠵ίϛϡχςΟ.BDIJEBSCɾ)JSBLBUBSC w ࠷΋޷͖ͳػೳύλʔϯϚον
  2. ձࣾ঺հ JSC NBJO QQTQFBLFSDPNQBOZBCPVU w גࣜձࣾΤϯϖΠ w ΍͍͞͠ϑΟϯςοΫΛɻ w ूۚۀ຿ͷΩϟογϡϨεԽɾ%9Խ

    w όοΫΤϯυ3BJMT 3VCZ w ϑϩϯτΤϯυ7VFKT 5ZQF4DSJQU w 8FBSFIJSJOH
  3. ୀձͨ͠ΞΧ΢ϯτ͕ୀձޙ΋ϩάΠϯͰ͖ͯαʔϏεΛར༻Ͱ͖ͯ͠·͍ͬͯͨ JSC NBJO QQJTTVFPVUMJOF w JTTVF w IUUQTHJUIVCDPNTBOGSFDDFPTBLBLBJHJ@PO@SBJMT@@CVH@ fi Y@DIBMMFOHF

    JTTVFT w എܠɾࣄ৅ w Ҏલୀձͨ͠ΞΧ΢ϯτΛϩάΠϯͰ͖ͳ͍Α͏ʹ"DDPVOUT4FTTJPOT$POUSPMMFSʹ੍ ޚΛ௥Ճͨ͠ w ৽ͨʹαʔϏεར༻։࢝લͷͨΊͷ੍ޚΛ௥Ճͨ͠ͱ͜Ζ͏·͘ಈ͔ͳ͍ w ೦ͷҝୀձͨ͠ΞΧ΢ϯτ΋ࢼͯ͠Έͨͱ͜ΖϩάΠϯͰ͖ͯ͠·ͬͨ
  4. ิ଍σόοάͷखॱ  ൃੜ͍ͯ͠Δࣄ৅ͷ֬ೝ JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU EFCVH@QSPDFTT@ w ݩʑ૝ఆ௨Γಈ͍͍ͯͨͷ͔֬ೝ w

    ࣮૷౰࣌ͷίϛοτΛνΣοΫΞ΢τͯ͠ಈ͔ͯ͠ΈΔ w ࣗ෼ͷखͰόάΛ࠶ݱͯ͠ΈΔ w ࠷৽ͷঢ়ଶͷίϛοτΛνΣοΫΞ΢τͯ͠ಈ͔ͯ͠ΈΔ
  5. ิ଍σόοάͷखॱ  ݪҼͱͳ͍ͬͯΔՕॴΛ୳͢ JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU EFCVH@QSPDFTT@ w ԾઆΛཱͯΔ w

    FH෼ذ৚͕͓͔݅ͯ͘͠TJHO@PVU͕࣮ߦ͞Ε͍ͯͳ͍ͷͰ͸ʁ w ৘ใΛूΊͯԾઆΛݕূ͢Δ w QSJOUσόοά w ϩά w EFCVHHFN w ίϛοτϩάɾ1VMM3FRVFTUͷEFTDSJQUJPO
  6. ิ଍σόοάͷखॱ  ݪҼΛಛఆ͠मਖ਼ํ਑Λ୳Δ JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU EFCVH@QSPDFTT@ w Ҏޙ͸ԾઆΛཱͯͯݕূ͢Δɺͷ܁Γฦ͠ w

    ԾઆΛফ͠ࠐΜͰ৘ใΛߜΓࠐΜͰ͍͘ w Ծઆ͕͍͋ͬͯͨ৔߹ w ԾઆΛཪ෇͚͢Δ৘ใΛूΊΔ w Ծઆ͕֎Ε͍ͯͨ৔߹ w ผͷԾઆΛཱͯͯࢼͯ͠ΈΔ
  7. ิ଍TJHO@PVU͸࣮ߦ͞Ε͍ͯΔͷ͔QSJOUσόοά JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU DPO fi SN@TJHO@PVU@CZ@QSJOU def create if

    account_signed_in? && !current_account.can_use_service? alert = message_of_can_not_sign_in + pp 'before sign out' sign_out :account + pp 'after sign out' redirect_to new_account_session_path, alert: alert and return end super end
  8. ิ଍3BJMTͷϩάͷಡΈํ MPHSBHF JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU SFBE@MPH "DDPVOU-PBE NT 4&-&$5BDDPVOUT '30.BDDPVOUT8)&3&BDDPVOUTJE

    03%&3#: BDDPVOUTJE"4$-*.*5 <<JE > <-*.*5 >> ↳BQQDPOUSPMMFSTBQQMJDBUJPO@DPOUSPMMFSSCJOADPOGJHVSF@TFOUSZ $PSQPSBUJPO-PBE NT 4&-&$5DPSQPSBUJPOT '30.DPSQPSBUJPOT8)&3&DPSQPSBUJPOTJE  -*.*5 <<JE > <-*.*5 >> ↳BQQMPZBMUJFTQSPKFDUT@MPZBMUZSCJOAJOEFY  1SPKFDU-PBE NT 4&-&$5QSPKFDUT '30.QSPKFDUT ↳BQQWJFXTQSPKFDUTJOEFYIUNMFSC \NFUIPE(&5 QBUI QSPKFDUT GPSNBUIUNM DPOUSPMMFS1SPKFDUT$POUSPMMFS BDUJPOJOEFY TUBUVT EVSBUJPO WJ FX EC BDDPVOU@JE^ 3FRVFTUϩάɻ7JFXͷϨϯμϦϯάؚΊͯ͜ͷ ϩά·ͰͰͭͷ$POUSPMMFSͷॲཧ͕׬݁͢Δ ൃߦ͞Εͨ42-ͷϩά 42-Λൃߦ͍ͯ͠Δ৔ॴͷϑΝΠϧ໊ɾߦ൪߸ɾϝιου໊ WFSCPTF@RVFSZ@MPHT͕USVFʹͳ͍ͬͯΕ͹ग़ྗ͞ΕΔ
  9. ิ଍WFSCPTF@RVFSZ@MPHT JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU WFSCPTF@RVFSZ@MPHT w ΫΤϦ͕ൃߦ͞Εͨϝιου͕͋ΔιʔεϑΝΠϧ໊ͱߦ൪߸ΛEFCVHϨϕϧͰ ϩάʹग़ྗͯ͘͠ΕΔػೳ w 3BJMTҎ߱͸EFWFMPQNFOUϞʔυͰσϑΥϧτͰ༗ޮʹͳ͍ͬͯΔ

    w IUUQTSBJMTHVJEFTKQ EFCVHHJOH@SBJMT@BQQMJDBUJPOTIUNM&"#&##& ""&"'&"&""&"%&# w IUUQTZZBHJIBUFOBCMPHDPNFOUSZ
  10. ิ଍ϝλϓϩάϥϛϯάͰॻ͔ΕͨίʔυΛಡΉࡍͷUJQT JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU SFBE@NFUBQSPHSBNNJOH w ͋Δఔ౓ύλʔϯ͕͋ΔͷͰ͔ͦ͜ΒHSFQ͢ΔύλʔϯΛ֮͑Δ w ΩʔϫʔυADVSSFOU@ABDDPVOUɾBDDPVOUA@TJHOFE@JO A

    w Ωʔϫʔυ͕EF fi OF@NFUIPE଒΍EFGʹ౉͞Ε͍ͯΔ৔ॴΛ୳͢ w ਖ਼نදݱྗ͕͋Δͱ͓ಘ w #6/%-&@1"5)ΛWFOEPSCVOEMFʹ͓ͯ͘͠ͱHSFQ͕ḿΔ w 3VCZͷ͜ͱ͸3VCZʹฉ͚ w .FUIPETPVSDF@MPDBUJPO w ϝλϓϩάϥϛϯά3VCZΛಡΜͰΈͯ🧙
  11. ิ଍ίʔυϦʔσΟϯάؔ࿈ͷաڈͷൃද JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU QBTU@QSFTFOUBUJPO@ w 3VCZͰॻ͔ΕͨιʔείʔυΛಡΉٕज़GVLBKVO w IUUQTZPVUVCF$W8'0:1DG w

    "DUJWF3FDPSEͷาΈํPTZP w IUUQTZPVUVCFCC"JQX:H w γεςϜ։ൃΛࢧ͑Δϝλϓϩάϥϛϯάͷٕज़IPHVDD w IUUQTLBJHJPOSBJMTPSHUBMLTIPHVDD
  12. ิ଍DVSSFOU@YYYͷఆٛ৔ॴΛ୳͢ JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU TFBSDI@DVSFSOU@YYY def append_info_to_payload(payload) super + pp

    method(:current_account).source_location payload[:account_id] = current_account&.id end IUUQTEPDTSVCZMBOHPSHKBNFUIPE.FUIPEJTPVSDF@MPDBUJPOIUNM
  13. ิ଍XBSEFOͷ@QFSGPSN@BVUIFOUJDBUJPO JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU XBSEFO@QFSGPSN@BVUIFOUJDBUJPO def _perform_authentication(*args) scope, opts =

    _retrieve_scope_and_opts(args) user = nil # Look for an existing user in the session for this scope. # If there was no user in the session, see if we can get one from the request. return user, opts if user = user(opts.merge(:scope => scope)) _run_strategies_for(scope, args) if winning_strategy && winning_strategy.successful? opts[:store] = opts.fetch(:store, winning_strategy.store?) set_user(winning_strategy.user, opts.merge!(:event => :authentication)) end [@users[scope], opts] end ೝূࡁͳΒVTFSϝιουͰ ೝূࡁͷϦιʔε͕ฦͬͯ ૣظSFUVSO͞ΕΔͷͰ ೝূॲཧ͸࣮ߦ͞Εͳ͍
  14. ิ଍XBSEFOͷ@SVO@TUSBUFHJFT@GPS JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU XBSEFO@SVO@TUSBUFHJFT@GPS def _run_strategies_for(scope, args) #:nodoc: self.winning_strategy

    = @winning_strategies[scope] return if winning_strategy && winning_strategy.halted? # Do not run any strategy if locked return if @locked if args.empty? defaults = @config[:default_strategies] strategies = defaults[scope] || defaults[:_all] end (strategies || args).each do |name| strategy = _fetch_strategy(name, scope) next unless strategy && !strategy.performed? && strategy.valid? catch(:warden) do _update_winning_strategy(strategy, scope) end strategy._run! _update_winning_strategy(strategy, scope) break if strategy.halted? end end ೝূͷTUSBUFHZΛ࣮ߦ
  15. ิ଍EFWJTFͷ%BUBCBTF"VUIFOUJDBUBCMF JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU EBUBCBTF@BVUIFOUJDBUBCMF def authenticate! resource = password.present?

    && mapping.to.find_for_database_authentication(authentication_hash) hashed = false if validate(resource){ hashed = true; resource.valid_password?(password) } remember_me(resource) resource.after_database_authentication success!(resource) end # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key. # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't # exist in the database if the password hashing algorithm is not called. mapping.to.new.password = password if !hashed && Devise.paranoid unless resource Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database) end end ༩͑ΒΕͨϝʔϧΞυϨεɾύεϫʔυͰϨίʔυΛऔಘ ೝূͷ੒൱൑ఆ EFWJTFϝιουʹEBUBCBTF@BVUIFOUJDBUBCMFΛ Ҿ਺ͱͯ͠౉͍ͯ͠ΔͱೝূͷࡍͷTUSBUFHZͱͯ͠ %BUBCBTF"VUIFOUJDBUBCMFBVUIFOUJDBUF͕࣮ߦ͞ΕΔ
  16. ิ଍YYY@TJHOFE@JO Ͱ੍ޚͯ͠ΈΔ JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU DPOUSPMM@CZ@YYY@TJHOFE@JO def append_info_to_payload(payload) super -

    payload[:account_id] = current_account&.id + payload[:account_id] = current_account&.id if account_signed_in? end DVSSFOU@YYY͕ೝূΛ࣮ߦ͢ΔͳΒ YYY@TJHOFE@JO ͰϩάΠϯঢ়ଶͷͱ͖͚ͩ ࣮ߦ͢ΔΑ͏ʹ͢Ε͹͍͍͡ΌΜ
  17. ิ଍8BSEFO1SPYZBVUIFOUJDBUFE JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU XBSEFO@BVUIFOUJDBUFE w IUUQTXXXSVCZEPDJOGPHJUIVCIBTTPYXBSEFO8BSEFO 1SPYZBVUIFOUJDBUFE'JOTUBODF@NFUIPE w ೝূঢ়ଶʮ͚ͩʯΛ֬ೝ͍ͨ͠৔߹͸͜ͷϝιουΛ࢖͏

    w IUUQTXXXSVCZEPDJOGPHFNTEFWJTF %FWJTF'$POUSPMMFST'4JHO*O0VUTJHOFE@JO' w ࣮͸EFWJTFͷυΩϡϝϯτͷ͜͜ʹೝূঢ়ଶʮ͚ͩʯΛ֬ೝ͍ͨ͠৔߹͸ 8BSEFO1SPYZBVUIFOUJDBUFE Λ࢖͑ΔΑɺͱ͍͏هࡌ͕͋Δ
  18. ิ଍EFWJTFɾXBSEFOͷ֤ϝιουఆٛ৔ॴ  JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU EFWJTF@XBSEFO@NFUIPET@ w DVSSFOU@YYY w IUUQTHJUIVCDPNIFBSUDPNCPEFWJTFCMPCWMJCEFWJTFDPOUSPMMFST

    IFMQFSTSC-- w BVUIFOUJDBUF w IUUQTHJUIVCDPNXBSEFODPNNVOJUZXBSEFOCMPCWMJCXBSEFOQSPYZSC- - w @QFSGPSN@BVUIFOUJDBUJPO w IUUQTHJUIVCDPNXBSEFODPNNVOJUZXBSEFOCMPCWMJCXBSEFOQSPYZSC- -
  19. ิ଍EFWJTFɾXBSEFOͷ֤ϝιουఆٛ৔ॴ  JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU EFWJTF@XBSEFO@NFUIPET@ w @SVO@TUSBUFHJFT@GPS w IUUQTHJUIVCDPNXBSEFODPNNVOJUZXBSEFOCMPCWMJCXBSEFOQSPYZSC-

    - w %BUBCBTF"VUIFOUJDBUBCMFBVUIFOUJDBUF w IUUQTHJUIVCDPNIFBSUDPNCPEFWJTFCMPCWMJCEFWJTFTUSBUFHJFT EBUBCBTF@BVUIFOUJDBUBCMFSC-- w YYY@TJHOFE@JO  w IUUQTHJUIVCDPNIFBSUDPNCPEFWJTFCMPCWMJCEFWJTFDPOUSPMMFST IFMQFSTSC--
  20. ิ଍EFWJTFؔ࿈ͷաڈͷൃදɾهࣄ JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU QBTU@QSFTFOUBUJPO@ w #VJMEBOE-FBSO3BJMT"VUIFOUJDBUJPO3ZP,BKJXBSB TZMQI  w

    IUUQTLBJHJPOSBJMTPSHUBMLTT w %FWJTF4FTTJPOT$POUSPMMFSͷDSFBUFΞΫγϣϯͰೝূΛճආ͢Δࡍͷ஫ҙ ఺ w IUUQTUFDISBDIPCQTJODKQZVTJSP@@
  21. ม਺ೖΕΔͷ৑௕΍ΖʂϦϑΝΫλϦϯά͡Όʂ JSC NBJO 3FGBDUPSDBMM "DDPVOUT4FTTJPOT$POUSPMMFS DSFBUF def create if account_signed_in?

    && !current_account.can_use_service? - alert = message_of_can_not_sign_in sign_out :account - redirect_to new_account_session_path, alert: alert and return + redirect_to new_account_session_path, alert: message_of_can_not_sign_in and return end super end
  22. ๨ΕͨࠒͷDVSSFOU@YYY JSC NBJO SBJTF6OFYQFDUFE-PHJO&SSPS b💥` def message_of_can_not_sign_in case current_account.corporation 👈Ξʃο

    in ->(corporation) { corporation.approved? && ! corporation.already_usage_started? } 'αʔϏεར༻։࢝೔લͷͨΊ·ͩαʔϏεΛར༻Ͱ͖·ͤΜ' in ->(corporation) { corporation.rejected? } 'ୀձࡁͷͨΊɺαʔϏεΛར༻Ͱ͖·ͤΜ' end end
  23. ิ଍ͦͷଞUJQT  JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU UJQT@ w ίʔυΛಡΈͳ͕ΒϝϞΛͱΔ w ಡΜͩཤྺΛ࢒͓ͯ͘͠ͱ໎ࢠʹͳͬͯ΋ฦͬͯ͜ΕΔ

    w ϑΝΠϧ໊ɾΫϥε໊ɾϝιου໊ɾߦ൪߸ w JSC΍SBJMTDPOTPMFͰ࣮ࡍʹ࣮ߦͯ͠ΈΔ w ࣮ࡍʹ࣮ߦͯ͠Έͨํ͕ཧղ͠΍͍͢ w CVOEMFQSJTUJOF w ґଘHFNʹσόοάίʔυΛ௥Ճ͙ͯͪ͠Ό͙ͪΌʹͳͬͯ΋໭ͯ͘͠ΕΔ
  24. ิ଍ͦͷଞUJQT  JSC NBJO TQFBLFSQSFTFOUBUJPOTVQQMFNFOU UJQT@ w ໘౗ʹࢥͬͨΒɾɾɾHFNΛॻ͍ͯΈΑ͏ʂ w 3VCZྗɾઃܭྗɾ࣮૷ྗΛ஁͑ΒΕΔ࠷ߴͷ৔

    w ΋͔ͨ͠͠Β͋ͳͨҎ֎ʹ΋ཉ͕͍ͬͯ͠Δਓ͕͍Δ͔΋͠Εͳ͍ w ࣮૷΍࣮ݱํ๏ʹ໎ͬͨΒ͓͍ͰΑ3VCZίϛϡχςΟͷ৿΁ w 3VCZίϛϡχςΟʹڵຯ͕͋Δਓ͸࠙਌ձͰ஻Γ·͠ΐ͏ʂ🍺🍺🍺
  25. ·ͱΊ JSC NBJO QQTQFBLFSQSFTFOUBUJPOTVNNBSZ w ϩάΠϯͰ͖ͯ͠·͍ͬͯͨݪҼ͸EFWJTFͷDVSSFOU@YYY w DVSSFOU@YYY͸ೝূॲཧΛ࣮ߦ͢Δ w ೝূ͕੒ޭͨ͠ঢ়ଶͰTJHO@PVUޙʹ࣮ߦ͢ΔͱϩάΠϯঢ়ଶʹ໭Δ

    w YYY@TJHOFE@JO ͰDVSSFOU@YYYͷ࣮ߦ͸੍ޚͰ͖ͳ͍ w YYY@TJHOFE@JO ͸DVSSFOU@YYYΛ࣮ߦ͍ͯ͠ΔͨΊ w ೝূঢ়ଶʮ͚ͩʯΛ֬ೝ͢Δʹ͸8BSEFO1SPYZBVUIFOUJDBUFE Λ࢖͑͹0, w EFWJTFͷϝιουʹ͸ؾΛ͚ͭ·͠ΐ͏ େࣄͳ͜ͱͳͷͰճݴ͍·ͨ͠