設計：允許用戶重置密碼只有

Question

我有一個漂亮的標準User模型與設計。管理員在模型上使用布爾值:admin進行控制，而非管理員的用戶不能自行管理（即只有管理員可以對用戶進行更改）。

我想要的是允許用戶重置他們的密碼，如果他們忘記了。他們會輸入他們的電子郵件地址，然後通過電子郵件發送令牌，以授予他們訪問權限以更改它。我已經開始了一個解決方案，但我真的不知道如何繼續。

user.rb

class User < ActiveRecord::Base 
    devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable 
    attr_accessor :current_password 
    attr_accessible :name, :password, :password_confirmation, :current_password, :email, :remember_me, :ftp, :colour1, :colour2, :logo, :logo2, :address, :url, :disclosure, :general_advice, :facebook, :twitter, :brand_id, :analytics 
    attr_protected :admin 
    validates_uniqueness_of :email, :ftp 
    belongs_to :brand 
    has_many :docs 
    has_many :orders, :through => :docs 
    has_attached_file :logo 
    has_attached_file :logo2 
end 

class Ability 
    include CanCan::Ability 
    def initialize(user) 
    user ||= User.new #guesting 
    if user.admin? 
     can :manage, :all 
    else 
     can :manage, :recoverable 
    end 
    end 
end 

而這裏的方法：

def reset 
    @idiot = User.where(:email => params[:email]).first 
    unless @idiot.nil? 
     Notifier.send_reset_notice(@idiot).deliver 
     @idiot.send_reset_password_instructions 
     redirect_to new_user_session_url 
    else 
     redirect_to new_user_session_url, :flash => { :error => "That email address matches no user." } 
    end 
end 

用戶收到的電子郵件設計，但點擊該鏈接將用戶帶到應用程序的根，而不是一密碼重置表單。我不知道如何從這裏開始。有什麼想法嗎？乾杯!

UPDATE

相關路線：

devise_for :users, :path => "d" 
devise_scope :user do 
    get '/sign_in' => 'devise/sessions#new' 
    get '/sign_out' => 'devise/sessions#destroy' 
end 

Answer 1

首先，創建控制器手柄設計:: PasswordsController

class PasswordusersController < Devise::PasswordsController 
    prepend_before_filter :require_no_authentication 
    append_before_filter :assert_reset_token_passed, :only => :edit 

    def new 
    super 
    end 

    def create 
    self.resource = resource_class.send_reset_password_instructions(resource_params) 

    if successfully_sent?(resource) 
     redirect_to root_path, :notice => "Instruction has been send to your email" 
    else 
     respond_with(resource) 
    end 
    end 

    def edit 
    super 
    end 

    def update 
    self.resource = resource_class.reset_password_by_token(resource_params) 

    if resource.errors.empty? 
     resource.unlock_access! if unlockable?(resource) 
     flash_message = resource.active_for_authentication? ? :updated : :updated_not_active 
     set_flash_message(:notice, flash_message) if is_navigational_format? 
     sign_in(resource_name, resource) 
     redirect_to login_path, :notice => "Password has been change" 
    else 
     respond_with resource 
    end 
    end 

    protected 

    def after_sending_reset_password_instructions_path_for(resource_name) 
     root_path 
    end 

    def assert_reset_token_passed 
     super 
    end 

    def unlockable?(resource) 
     super 
    end 

end 

比，運行色器件

副本生成視圖從對routes.rbviews/passwordusers

您可以配置如：

devise_scope :user do 
get '/reset_password' => "passowrdusers#new", :as => :reset_password 
get '/new_password' => "passwordusers#edit", :as => :new_password 
end 

編輯鏈接devise/mailer/reset_password_instructions.html.erb

<p><%= link_to 'Change My Password', new_password_path(@resource, :reset_password_token => @resource.reset_password_token) %></p> 

最終，對視圖的形式登錄添加此

<%= link_to "Forgot Password?", reset_password_url(resource_name) %> 

UPDATE上routes.rb

您可以配置如：

devise_scope :user do 
get '/reset_password' => "passowrdusers#new", :as => :reset_password 
get '/new_password' => "passwordusers#edit", :as => :new_password 
post '/send_email' => 'passwordusers#create', :as => :create_password 
put '/change' => 'passwordusers#update', :as => :update_password 
end 

上

<%= form_for("user", :url => create_password_path(resource_name), :html => { :method => :post }) do |f| %> 

上views/passwordusers/edit.html.erb

<%= form_for("user", :url => update_password_path(resource_name), :html => { :method => :put }) do |f| %>