在 RoR 中覆盖偏执的验证码设计安全控制器
Overriding paranoid verification code devise security controller in RoR
我遵循了这些步骤:
在 Gemfile 中添加:
gem 'devise-security', '~> 0.16.0'
运行 这个命令:
rails generate devise_security:install
在资源模型文件中添加paranoid_verification:
class User < ApplicationRecord
rolify
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable, :invitable, :confirmable,
:recoverable, :validatable, :saml_authenticatable, :paranoid_verification
自定义路线:
devise_for :users,
path: '',
path_names: {
sign_in: 'signin',
registration: 'signup',
confirmation: 'verification',
},
controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations',
confirmations: 'users/confirmations',
passwords: 'users/passwords',
invitations: 'users/invitations',
verification_code: 'users/paranoid_verification_code',
},
skip: [:unlocks, :omniauth_callbacks, :saml_authenticatable],
defaults: { format: :json }
在app/controllers/users/paranoid_verification_code_controller.rb:
中添加我自己的控制器
# frozen_string_literal: true
class Users::ParanoidVerificationCodeController < Devise::ParanoidVerificationCodeController
skip_before_action :handle_paranoid_verification
prepend_before_action :authenticate_scope!, only: [:show, :update]
但rake路线仍然显示以下内容:
user_paranoid_verification_code GET /verification_code(.:format) devise/paranoid_verification_code#show {:format=>:json}
PATCH /verification_code(.:format) devise/paranoid_verification_code#update {:format=>:json}
PUT /verification_code(.:format) devise/paranoid_verification_code#update {:format=>:json}
我做错了什么??其他控制器(可邀请、可注册等)虽然可以正常工作
原来应该是
paranoid_verification_code: 'users/paranoid_verification_code',
我遵循了这些步骤:
在 Gemfile 中添加:
gem 'devise-security', '~> 0.16.0'
运行 这个命令:
rails generate devise_security:install
在资源模型文件中添加paranoid_verification:
class User < ApplicationRecord
rolify
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable, :invitable, :confirmable,
:recoverable, :validatable, :saml_authenticatable, :paranoid_verification
自定义路线:
devise_for :users,
path: '',
path_names: {
sign_in: 'signin',
registration: 'signup',
confirmation: 'verification',
},
controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations',
confirmations: 'users/confirmations',
passwords: 'users/passwords',
invitations: 'users/invitations',
verification_code: 'users/paranoid_verification_code',
},
skip: [:unlocks, :omniauth_callbacks, :saml_authenticatable],
defaults: { format: :json }
在app/controllers/users/paranoid_verification_code_controller.rb:
中添加我自己的控制器# frozen_string_literal: true
class Users::ParanoidVerificationCodeController < Devise::ParanoidVerificationCodeController
skip_before_action :handle_paranoid_verification
prepend_before_action :authenticate_scope!, only: [:show, :update]
但rake路线仍然显示以下内容:
user_paranoid_verification_code GET /verification_code(.:format) devise/paranoid_verification_code#show {:format=>:json}
PATCH /verification_code(.:format) devise/paranoid_verification_code#update {:format=>:json}
PUT /verification_code(.:format) devise/paranoid_verification_code#update {:format=>:json}
我做错了什么??其他控制器(可邀请、可注册等)虽然可以正常工作
原来应该是
paranoid_verification_code: 'users/paranoid_verification_code',