使用设计检查用户是否在登录期间确认
Check if user confirmed during login, using devise
我有一个 React+Rails 应用程序,我正在使用 devise 进行身份验证。我正在尝试为在确认期过后尝试登录的用户生成自定义错误消息。
目前,他们被阻止登录,但没有显示解释他们被阻止原因的自定义错误消息。
我的session_controller.rb
def create
if BANNED_EMAILS.include?(params["user"]["email"])
render :status => 500, :json => { error: true, message: 'Your account has been suspended. Please contact us for more information.' }
//I get an error `ActiveRecord::RecordNotFound (Couldn't find User)` when I try this even though the user has already signed up and exists in the database
elsif User.find_by_email!(params[:user][:email]).confirmed? == true
render :json => { error: true, message: 'Please confirm your registered email to access your account.'}, :status => 500
else
self.resource = warden.authenticate!(auth_options)
sign_in(resource_name, resource)
render :status => 200, :json => resource.to_json
end
结束
是否有其他方法可以提取尝试登录的用户的信息,或者是否有其他方法可以显示相同的错误?
试试这个。将尝试通过电子邮件查找用户,不区分大小写。
user = User.where("upper(email) = '?'", params[:user][:email].upcase).first
然后你可以尝试 user.confirmed?
如果 user
不是 nil
如果您查看 Devise::SessionsController
(或任何设计控制器),您可以看到它产生:
class Devise::SessionsController < DeviseController
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message!(:notice, :signed_in)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
end
这让子类可以在不覆盖整个方法的情况下进入流程。
class MySessionsController < DeviseController
def create
# taps into the yield right after the user is authenticated by warden
super do |user|
if user.banned?
# 500 is the wrong response code
# it means that the server is broken and cannot respond to the request
render json: { error: true, message: 'Your account has been suspended. Please contact us for more information.' },
status: 401 and return
elsif user.requires_confirmation?
render json: { error: true, message: 'Please confirm your registered email to access your account.'},
status: 401 and return
end
end
end
end
与其使用代码常量(您真的要在每次用户被禁止时重新部署应用程序吗?),不如在用户上使用标志 table 来表示用户是否被禁止。
同样,确定何时必须确认用户的业务逻辑应该在模型层处理:
class User < ApplicationRecord
# ...
def requires_confirmation?
if user.confirmed? || user.created_at < 3.days.ago
false
else
true
end
end
end
我有一个 React+Rails 应用程序,我正在使用 devise 进行身份验证。我正在尝试为在确认期过后尝试登录的用户生成自定义错误消息。
目前,他们被阻止登录,但没有显示解释他们被阻止原因的自定义错误消息。
我的session_controller.rb
def create
if BANNED_EMAILS.include?(params["user"]["email"])
render :status => 500, :json => { error: true, message: 'Your account has been suspended. Please contact us for more information.' }
//I get an error `ActiveRecord::RecordNotFound (Couldn't find User)` when I try this even though the user has already signed up and exists in the database
elsif User.find_by_email!(params[:user][:email]).confirmed? == true
render :json => { error: true, message: 'Please confirm your registered email to access your account.'}, :status => 500
else
self.resource = warden.authenticate!(auth_options)
sign_in(resource_name, resource)
render :status => 200, :json => resource.to_json
end
结束
是否有其他方法可以提取尝试登录的用户的信息,或者是否有其他方法可以显示相同的错误?
试试这个。将尝试通过电子邮件查找用户,不区分大小写。
user = User.where("upper(email) = '?'", params[:user][:email].upcase).first
然后你可以尝试 user.confirmed?
如果 user
不是 nil
如果您查看 Devise::SessionsController
(或任何设计控制器),您可以看到它产生:
class Devise::SessionsController < DeviseController
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message!(:notice, :signed_in)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
end
这让子类可以在不覆盖整个方法的情况下进入流程。
class MySessionsController < DeviseController
def create
# taps into the yield right after the user is authenticated by warden
super do |user|
if user.banned?
# 500 is the wrong response code
# it means that the server is broken and cannot respond to the request
render json: { error: true, message: 'Your account has been suspended. Please contact us for more information.' },
status: 401 and return
elsif user.requires_confirmation?
render json: { error: true, message: 'Please confirm your registered email to access your account.'},
status: 401 and return
end
end
end
end
与其使用代码常量(您真的要在每次用户被禁止时重新部署应用程序吗?),不如在用户上使用标志 table 来表示用户是否被禁止。
同样,确定何时必须确认用户的业务逻辑应该在模型层处理:
class User < ApplicationRecord
# ...
def requires_confirmation?
if user.confirmed? || user.created_at < 3.days.ago
false
else
true
end
end
end