如何让 Devise 用户帐户处于未确认或锁定状态以在 AJAX 中使用?
How to get Devise user account unconfirmed or locked state to use in AJAX?
我正在尝试使用 JS 放置设计视图来处理响应。我想使用默认设计错误消息,但由于 warden.authenticate,我无法获得个别类型的错误(例如,未确认;锁定帐户)。所以,我使用 "caught" 所以它不会抛出 406 或其他错误。
我的问题:我知道 "caught[:message] == :unconfirmed" 给我用户的 "unconfirmed" 状态, "locked" 对应的符号应该是什么? :locked 不起作用,我找不到文档。
我的 Sessions_controller 是这样的:
定义创建
catched = catch(:warden) 做
self.resource = warden.authenticate :scope => resource_name
结束
if resource
# User is confirmed
sign_in(resource_name, resource)
puts "LOGGED IN!!!"
respond_to js{
set_flash_message(:success, :signed_in)
render :template => "remote_content/flashes.js.erb"
flash.discard
}
elsif caught and caught[:message] == :unconfirmed
# User is unconfirmed
puts "UNCONFIRMED ACCOUNT!!!"
# send the email or display the flash with link to send email
respond_to js{
set_flash_message(:error, :problem) #:problem is in devise.en.yml "There is problem in your account, check you email."
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
else
# User is not signed in, should be... error in credentials or locked account....
puts "ERROR IN CREDENTIALS!!!"
respond_to js{
set_flash_message(:error, :invalid)
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
end
end
flashes.js.erb/form_flashes.js.erb执行得很好,没问题!是这样的:
$('.modal').modal('hide');
// append flash to the body
$('.body').append("<%= escape_javascript raw(flash_normal) %>");
你觉得我的方法怎么样?我应该改用 CustomFailure 吗?我找不到任何 CustomFailure 或 Devise 原始示例,所以我可以用它来响应我的 JS 文件。
我通过检查 caught 发现唯一的消息是 unconfirmed 并且它从未捕获到 unlocked 状态。所以我不得不通过电子邮件获取 User 并使用设计助手 access_locked? 来获取他的信息。我知道这可能是一个安全故障,但如果它被锁定,你就不能对它做任何事情。这是上面缺少的代码部分:
...
else
## User is not signed in, should be... error in credentials or locked...
## Let's see if it's locked
# This function is only used like this (without security)
# only when the authentication already failed in that action
# but we still need to get the user in order to check if its locked
user = User.find_by email: params[:user][:email]
if !user.nil? and user.access_locked?
# The small issue: anyone can know that an email is locked without typing the password
puts "ACCOUNT LOCKED!!!"
respond_to js{
set_flash_message(:error, :locked)
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
else
## If it's not Locked, then it's error in credentials
puts "ERROR IN CREDENTIALS!!!"
respond_to js{
set_flash_message(:error, :invalid)
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
end
end
我知道这不是最漂亮的方法,但很管用。
我正在尝试使用 JS 放置设计视图来处理响应。我想使用默认设计错误消息,但由于 warden.authenticate,我无法获得个别类型的错误(例如,未确认;锁定帐户)。所以,我使用 "caught" 所以它不会抛出 406 或其他错误。 我的问题:我知道 "caught[:message] == :unconfirmed" 给我用户的 "unconfirmed" 状态, "locked" 对应的符号应该是什么? :locked 不起作用,我找不到文档。
我的 Sessions_controller 是这样的: 定义创建 catched = catch(:warden) 做 self.resource = warden.authenticate :scope => resource_name 结束
if resource
# User is confirmed
sign_in(resource_name, resource)
puts "LOGGED IN!!!"
respond_to js{
set_flash_message(:success, :signed_in)
render :template => "remote_content/flashes.js.erb"
flash.discard
}
elsif caught and caught[:message] == :unconfirmed
# User is unconfirmed
puts "UNCONFIRMED ACCOUNT!!!"
# send the email or display the flash with link to send email
respond_to js{
set_flash_message(:error, :problem) #:problem is in devise.en.yml "There is problem in your account, check you email."
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
else
# User is not signed in, should be... error in credentials or locked account....
puts "ERROR IN CREDENTIALS!!!"
respond_to js{
set_flash_message(:error, :invalid)
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
end
end
flashes.js.erb/form_flashes.js.erb执行得很好,没问题!是这样的:
$('.modal').modal('hide');
// append flash to the body
$('.body').append("<%= escape_javascript raw(flash_normal) %>");
你觉得我的方法怎么样?我应该改用 CustomFailure 吗?我找不到任何 CustomFailure 或 Devise 原始示例,所以我可以用它来响应我的 JS 文件。
我通过检查 caught 发现唯一的消息是 unconfirmed 并且它从未捕获到 unlocked 状态。所以我不得不通过电子邮件获取 User 并使用设计助手 access_locked? 来获取他的信息。我知道这可能是一个安全故障,但如果它被锁定,你就不能对它做任何事情。这是上面缺少的代码部分:
...
else
## User is not signed in, should be... error in credentials or locked...
## Let's see if it's locked
# This function is only used like this (without security)
# only when the authentication already failed in that action
# but we still need to get the user in order to check if its locked
user = User.find_by email: params[:user][:email]
if !user.nil? and user.access_locked?
# The small issue: anyone can know that an email is locked without typing the password
puts "ACCOUNT LOCKED!!!"
respond_to js{
set_flash_message(:error, :locked)
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
else
## If it's not Locked, then it's error in credentials
puts "ERROR IN CREDENTIALS!!!"
respond_to js{
set_flash_message(:error, :invalid)
render :template => "remote_content/form_flashes.js.erb"
flash.discard
}
end
end
我知道这不是最漂亮的方法,但很管用。