禁止密码重置时清除失败
Clearance failure when forbidden password reset
我正在使用许可并喜欢它,但我在重置密码时遇到问题。我输入我的电子邮件以重置密码,这有效,但是当我尝试使用重置令牌导航到编辑密码页面时,我在禁止闪烁错误时失败“请仔细检查 URL 或尝试再次提交表单”,它会将我重定向回来。我在测试中遇到同样的错误。
我认为这与我的 before_action 语句有关,但我不知道如何解决它们。我已经研究过 this 之类的问题,但无济于事。
我敢肯定这是一个愚蠢的问题,但我是新手,所以非常感谢任何帮助。如果代码不够,请告诉我。
class UsersController < Clearance::UsersController
before_action :require_login, only: [:create] # does this need to be in both user controllers?
...
def user_params
params.require(:user)
end
end
这里是清关控制器。
class Clearance::UsersController < ApplicationController
before_action :require_login, only: [:create]
require 'will_paginate/array'
def new
@user = user_from_params
render template: 'users/new'
end
def create
@user = user_from_params
@user.regenerate_password
if @user.save
sign_in @user unless current_user
UserMailer.welcome_email(@user).deliver!
redirect_to users_path
else
render template: 'users/new'
end
end
def edit
@user = User.friendly.find(params[:id])
end
def update
@user = User.friendly.find(params[:id])
if @user.update(permit_params)
redirect_to @user
flash[:success] = "This profile has been updated."
else
render 'edit'
end
end
private
def avoid_sign_in
redirect_to Clearance.configuration.redirect_url
end
def url_after_create(user)
dashboards_path(user)
end
def user_from_params
user_params = params[:user] || Hash.new
is_public = check_public_params(user_params)
first_name = user_params.delete(:first_name)
last_name = user_params.delete(:last_name)
email = user_params.delete(:email)
password = user_params.delete(:password)
parish = user_params.delete(:parish)
division = user_params.delete(:division)
admin = user_params.delete(:admin)
Clearance.configuration.user_model.new(user_params).tap do |user|
user.first_name = first_name
user.last_name = last_name
user.password = password
user.email = email
user.is_public = is_public
user.parish_id = parish.to_i
user.division = division
user.admin = admin
end
end
def permit_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :is_public, :parish_id, :division, :admin)
end
end
编辑:routes.rb
的相关部分
Rails.application.routes.draw do
resources :passwords, controller: "clearance/passwords", only: [:create, :new]
resource :session, controller: "clearance/sessions", only: [:create]
resources :users, controller: "clearance/users", only: [:create] do
resource :password,
controller: "clearance/passwords",
only: [:create, :edit, :update]
end
get "/sign_in" => "clearance/sessions#new", as: "sign_in"
delete "/sign_out" => "clearance/sessions#destroy", as: "sign_out"
get "/sign_up" => "clearance/users#new", as: "sign_up"
constraints Clearance::Constraints::SignedOut.new do
root to: 'high_voltage/pages#show', id: 'landing'
end
constraints Clearance::Constraints::SignedIn.new do
# root to: 'dashboards#index', as: :signed_in_root
root to: 'high_voltage/pages#show', id: 'parish_dashboard', as: :signed_in_root
end
# constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
# root to: 'teams#index', as: :admin_root
# end
resources :users do
collection { post :import }
end
事实证明,我在密码重置中查找用户实例的方式存在冲突 link。 Clearance 只需使用 @user 即可找到用户,但由于我使用的是 FriendlyId,因此我需要将其更改为 @user.id。
所以不是...
<%= link_to 'Change My Password', edit_user_password_url(@user, token: @user.confirmation_token.html_safe) %>
我做到了
<%= link_to 'Change My Password', edit_user_password_url(@user.id, token: @user.confirmation_token.html_safe) %>
感谢 Thoughbot,感谢您带来这么棒的 gem!
我正在使用许可并喜欢它,但我在重置密码时遇到问题。我输入我的电子邮件以重置密码,这有效,但是当我尝试使用重置令牌导航到编辑密码页面时,我在禁止闪烁错误时失败“请仔细检查 URL 或尝试再次提交表单”,它会将我重定向回来。我在测试中遇到同样的错误。
我认为这与我的 before_action 语句有关,但我不知道如何解决它们。我已经研究过 this 之类的问题,但无济于事。
我敢肯定这是一个愚蠢的问题,但我是新手,所以非常感谢任何帮助。如果代码不够,请告诉我。
class UsersController < Clearance::UsersController
before_action :require_login, only: [:create] # does this need to be in both user controllers?
...
def user_params
params.require(:user)
end
end
这里是清关控制器。
class Clearance::UsersController < ApplicationController
before_action :require_login, only: [:create]
require 'will_paginate/array'
def new
@user = user_from_params
render template: 'users/new'
end
def create
@user = user_from_params
@user.regenerate_password
if @user.save
sign_in @user unless current_user
UserMailer.welcome_email(@user).deliver!
redirect_to users_path
else
render template: 'users/new'
end
end
def edit
@user = User.friendly.find(params[:id])
end
def update
@user = User.friendly.find(params[:id])
if @user.update(permit_params)
redirect_to @user
flash[:success] = "This profile has been updated."
else
render 'edit'
end
end
private
def avoid_sign_in
redirect_to Clearance.configuration.redirect_url
end
def url_after_create(user)
dashboards_path(user)
end
def user_from_params
user_params = params[:user] || Hash.new
is_public = check_public_params(user_params)
first_name = user_params.delete(:first_name)
last_name = user_params.delete(:last_name)
email = user_params.delete(:email)
password = user_params.delete(:password)
parish = user_params.delete(:parish)
division = user_params.delete(:division)
admin = user_params.delete(:admin)
Clearance.configuration.user_model.new(user_params).tap do |user|
user.first_name = first_name
user.last_name = last_name
user.password = password
user.email = email
user.is_public = is_public
user.parish_id = parish.to_i
user.division = division
user.admin = admin
end
end
def permit_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :is_public, :parish_id, :division, :admin)
end
end
编辑:routes.rb
的相关部分Rails.application.routes.draw do
resources :passwords, controller: "clearance/passwords", only: [:create, :new]
resource :session, controller: "clearance/sessions", only: [:create]
resources :users, controller: "clearance/users", only: [:create] do
resource :password,
controller: "clearance/passwords",
only: [:create, :edit, :update]
end
get "/sign_in" => "clearance/sessions#new", as: "sign_in"
delete "/sign_out" => "clearance/sessions#destroy", as: "sign_out"
get "/sign_up" => "clearance/users#new", as: "sign_up"
constraints Clearance::Constraints::SignedOut.new do
root to: 'high_voltage/pages#show', id: 'landing'
end
constraints Clearance::Constraints::SignedIn.new do
# root to: 'dashboards#index', as: :signed_in_root
root to: 'high_voltage/pages#show', id: 'parish_dashboard', as: :signed_in_root
end
# constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
# root to: 'teams#index', as: :admin_root
# end
resources :users do
collection { post :import }
end
事实证明,我在密码重置中查找用户实例的方式存在冲突 link。 Clearance 只需使用 @user 即可找到用户,但由于我使用的是 FriendlyId,因此我需要将其更改为 @user.id。
所以不是...
<%= link_to 'Change My Password', edit_user_password_url(@user, token: @user.confirmation_token.html_safe) %>
我做到了
<%= link_to 'Change My Password', edit_user_password_url(@user.id, token: @user.confirmation_token.html_safe) %>
感谢 Thoughbot,感谢您带来这么棒的 gem!