使用设计检查用户是否在登录期间确认

Check if user confirmed during login, using devise

我有一个 React+Rails 应用程序,我正在使用 devise 进行身份验证。我正在尝试为在确认期过后尝试登录的用户生成自定义错误消息。

目前,他们被阻止登录,但没有显示解释他们被阻止原因的自定义错误消息。

我的session_controller.rb

def create

  if BANNED_EMAILS.include?(params["user"]["email"])
    render :status => 500, :json => { error: true, message: 'Your account has been suspended. Please contact us for more information.' }

//I get an error `ActiveRecord::RecordNotFound (Couldn't find User)` when I try this even though the user has already signed up and exists in the database

  elsif User.find_by_email!(params[:user][:email]).confirmed? == true
    render :json => { error: true, message: 'Please confirm your registered email to access your account.'}, :status => 500
  else
    self.resource = warden.authenticate!(auth_options)
    sign_in(resource_name, resource)
    render :status => 200, :json => resource.to_json    
end

结束

是否有其他方法可以提取尝试登录的用户的信息,或者是否有其他方法可以显示相同的错误?

试试这个。将尝试通过电子邮件查找用户,不区分大小写。

user = User.where("upper(email) = '?'", params[:user][:email].upcase).first

然后你可以尝试 user.confirmed? 如果 user 不是 nil

如果您查看 Devise::SessionsController(或任何设计控制器),您可以看到它产生:

class Devise::SessionsController < DeviseController
  # POST /resource/sign_in
  def create
    self.resource = warden.authenticate!(auth_options)
    set_flash_message!(:notice, :signed_in)
    sign_in(resource_name, resource)
    yield resource if block_given?
    respond_with resource, location: after_sign_in_path_for(resource)
  end
end

这让子类可以在不覆盖整个方法的情况下进入流程。

class MySessionsController < DeviseController
  def create
    # taps into the yield right after the user is authenticated by warden
    super do |user|
      if user.banned?
        # 500 is the wrong response code
        # it means that the server is broken and cannot respond to the request
        render json: { error: true, message: 'Your account has been suspended. Please contact us for more information.' }, 
          status: 401 and return
      elsif user.requires_confirmation?
        render json: { error: true, message: 'Please confirm your registered email to access your account.'}, 
          status: 401 and return
      end
    end
  end
end

与其使用代码常量(您真的要在每次用户被禁止时重新部署应用程序吗?),不如在用户上使用标志 table 来表示用户是否被禁止。

同样,确定何时必须确认用户的业务逻辑应该在模型层处理:

class User < ApplicationRecord
  # ...
  def requires_confirmation?
    if user.confirmed? || user.created_at < 3.days.ago
      false
    else
      true
    end
  end
end