由于 Auth Provider,如何应对来自同一用户的多个帐户
How to counter multiple accounts from same user because of Auth Providers
我已经为一个应用程序(ruby 在 rails)实现了 Auth 提供程序(twitter、facebook、soundcloud),但是我已经设置了约束,因此没有创建新的用户帐户是基于在电子邮件中,但一些供应商不提供电子邮件地址。
有什么好的对策可以避免为同一用户创建多个帐户?
user.model
class User < ActiveRecord::Base
has_many :usertracks, :dependent => :destroy
mount_uploader :image, ArtistPhotoUploader
TEMP_EMAIL_PREFIX = 'change@me'
TEMP_EMAIL_REGEX = /\Achange@me/
# Include default devise modules. Others available are:
# :lockable, :timeoutable
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
validates_format_of :email, :without => TEMP_EMAIL_REGEX, on: :update
validates_presence_of :image
validates_integrity_of :image
validates_processing_of :image
def self.find_for_oauth(auth, signed_in_resource = nil)
# Get the identity and user if they exist
identity = Identity.find_for_oauth(auth)
user = signed_in_resource ? signed_in_resource : identity.user
# Create the user if needed
if user.nil?
UsersController.finish_signup
email_is_verified = auth.info.email && (auth.info.verified || auth.info.verified_email)
email = auth.info.email if email_is_verified
user = User.where(:email => email).first if email
# Create the user if it's a new registration
if user.nil?
firstname = auth.info.name.split(' ')[0]
surname = auth.info.name.split(' ')[1]
user = User.new(
firstname: firstname,
surname: surname,
#username: auth.info.nickname || auth.uid,
email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
password: Devise.friendly_token[0,20],
remote_image_url: auth.info.image.gsub('http://','https://')
)
user.oauth_token = auth.credentials.token
user.oauth_secret = auth.credentials.secret
user.skip_confirmation!
user.save!
end
end
# Associate the identity with the user if needed
if identity.user != user
identity.user = user
identity.save!
end
user
end
def email_verified?
self.email && self.email !~ TEMP_EMAIL_REGEX
end
end
确实没有什么好方法可以阻止某人再次注册。您不是魔术师,无法预测某人将如何注册/登录。
你已经在做合乎逻辑的事情了。
前进的最佳方式是允许某人合并 2 个帐户,然后允许他们 link 多个提供商。
添加多个提供商部分很容易。只需在配置文件中提供一个 link,他们就可以在其中单击以授权每个可用的配置文件。
合并帐户可能比较棘手。每个存储 user_id 的地方(包括多态关联)都需要更新以反映保留的 user_id。之后应删除其他用户。
我已经为一个应用程序(ruby 在 rails)实现了 Auth 提供程序(twitter、facebook、soundcloud),但是我已经设置了约束,因此没有创建新的用户帐户是基于在电子邮件中,但一些供应商不提供电子邮件地址。
有什么好的对策可以避免为同一用户创建多个帐户?
user.model
class User < ActiveRecord::Base
has_many :usertracks, :dependent => :destroy
mount_uploader :image, ArtistPhotoUploader
TEMP_EMAIL_PREFIX = 'change@me'
TEMP_EMAIL_REGEX = /\Achange@me/
# Include default devise modules. Others available are:
# :lockable, :timeoutable
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
validates_format_of :email, :without => TEMP_EMAIL_REGEX, on: :update
validates_presence_of :image
validates_integrity_of :image
validates_processing_of :image
def self.find_for_oauth(auth, signed_in_resource = nil)
# Get the identity and user if they exist
identity = Identity.find_for_oauth(auth)
user = signed_in_resource ? signed_in_resource : identity.user
# Create the user if needed
if user.nil?
UsersController.finish_signup
email_is_verified = auth.info.email && (auth.info.verified || auth.info.verified_email)
email = auth.info.email if email_is_verified
user = User.where(:email => email).first if email
# Create the user if it's a new registration
if user.nil?
firstname = auth.info.name.split(' ')[0]
surname = auth.info.name.split(' ')[1]
user = User.new(
firstname: firstname,
surname: surname,
#username: auth.info.nickname || auth.uid,
email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
password: Devise.friendly_token[0,20],
remote_image_url: auth.info.image.gsub('http://','https://')
)
user.oauth_token = auth.credentials.token
user.oauth_secret = auth.credentials.secret
user.skip_confirmation!
user.save!
end
end
# Associate the identity with the user if needed
if identity.user != user
identity.user = user
identity.save!
end
user
end
def email_verified?
self.email && self.email !~ TEMP_EMAIL_REGEX
end
end
确实没有什么好方法可以阻止某人再次注册。您不是魔术师,无法预测某人将如何注册/登录。
你已经在做合乎逻辑的事情了。
前进的最佳方式是允许某人合并 2 个帐户,然后允许他们 link 多个提供商。
添加多个提供商部分很容易。只需在配置文件中提供一个 link,他们就可以在其中单击以授权每个可用的配置文件。
合并帐户可能比较棘手。每个存储 user_id 的地方(包括多态关联)都需要更新以反映保留的 user_id。之后应删除其他用户。