1. 首頁
  2. 問答
  3. Has_secure_password檢查驗證但不對密碼重置(不保存密碼,也不包含錯誤消息)

Has_secure_password檢查驗證但不對密碼重置(不保存密碼,也不包含錯誤消息)

2015-04-22 32 views
1

對於新的註冊和用戶配置文件更新,has_secure_password正確檢查驗證。這包括密碼的長度和檢查密碼確認是否匹配。Has_secure_password檢查驗證但不對密碼重置(不保存密碼,也不包含錯誤消息)

我怎樣纔能有相同的密碼重置? (這用於工作,但由於某種原因不再)

但是,密碼重置資源似乎不檢查這些驗證。在通過電子郵件發送密碼重設鏈接後,我可以填寫密碼過短和/或密碼確認不匹配,然後仍然重定向,就好像重設的密碼已保存並顯示(閃存? )消息表示新密碼已保存。我甚至可以將確認密碼留空。所以它似乎沒有檢查密碼重置的驗證。另一方面,即使它生成了一個成功的消息,它實際上不會保存新密碼(因爲它不應該通過驗證,所以不應該)。

當我嘗試這個新的註冊或更新我現有的配置文件時,它會生成一個錯誤消息,如Password confirmation doesn't match PasswordPassword is too short (minimum is 6 characters),因爲它應該。

有沒有人知道我的代碼有什麼問題,所以它不能與密碼重置?我不知道在哪裏尋找原因,因爲我希望has_secure_password自動管理這個。兩個用戶模型包括:

attr_accessor :remember_token, :activation_token, :reset_token 
has_secure_password 
validates :password, length: { minimum: 6 }, allow_blank: true

密碼重置編輯視圖包括(對於其它用戶類型的第二觀點是相似的):

<%= form_for(@member, url: password_reset_path(params[:id])) do |f| %> 
    <%= render 'shared/error_messages', object: f.object %> 
    <%= hidden_field_tag :email, @member.email %> 
    <%= f.label :password %> 
    <%= f.password_field :password, class: 'form-control' %> 
    <%= f.label :password_confirmation, "Confirmation" %> 
    <%= f.password_field :password_confirmation, class: 'form-control' %> 
    <%= f.submit "Update password", class: "btn btn-primary" %> 
<% end %>

,密碼重置控制器是:

class PasswordResetsController < ApplicationController 
    before_action :get_user, only: [:edit, :update] 
    before_action :valid_user, only: [:edit, :update] 
    before_action :check_expiration, only: [:edit, :update] 

    def new 
    end 

    def create 
    @member = Member.find_by(email: params[:password_reset][:email].downcase) 
    @organization = Organization.find_by(email: params[:password_reset][:email].downcase) 
    if @organization 
     @organization.create_reset_digest 
     @organization.send_password_reset_email 
     flash[:info] = "An email is sent to you with password reset instructions" 
     redirect_to root_url 
    elsif @member 
     @member.create_reset_digest 
     @member.send_password_reset_email 
     flash[:info] = "An email is sent to you with password reset instructions" 
     redirect_to root_url 
    else 
     flash.now[:danger] = "Email address not found" 
     render 'new' 
    end 
    end 

    def edit 
    if @organization 
     render action: "editorg" 
    elsif @member 
     render action: "editmem" 
    else 
     redirect_to root_url 
    end 
    end 

    def update 
    if password_blank? 
     flash.now[:danger] = "Password can't be blank" 
     if @organization 
     render 'editorg' 
     elsif @member 
     render 'editmem' 
     else 
     redirect_to root_url 
     end 
    elsif 
     if @organization 
     @organization.update_attributes(passreset_params) 
     log_in("organization", @organization) 
     flash[:success] = "Your password has been reset." 
     redirect_to @organization 
     elsif @member 
     @member.update_attributes(passreset_params) 
     log_in("member", @member) 
     flash[:success] = "Your password has been reset." 
     redirect_to @member 
     end 
    else 
     redirect_to root_url 
    end 
    end 


    private 

    def passreset_params 
     if @organization 
     params.require(:organization).permit(:password, :password_confirmation) 
     elsif @member 
     params.require(:member).permit(:password, :password_confirmation) 
     end 
    end 

    # Returns true if password is blank. 
    def password_blank? 
     if @organization 
     params[:organization][:password].blank? 
     elsif @member 
     params[:member][:password].blank? 
     end 
    end 

    # Before filters 

    def get_user 
     @member = Member.find_by(email: params[:email]) 
     @organization = Organization.find_by(email: params[:email]) 
    end 

    # Confirms a valid user. 
    def valid_user 
     if @organization 
     unless (@organization && @organization.activated? && @organization.authenticated?(:reset, params[:id])) 
      redirect_to root_url 
     end 
     elsif @member 
     unless (@member && @member.activated? && @member.authenticated?(:reset, params[:id])) 
      redirect_to root_url 
     end 
     else 
     flash[:danger] = "Not a valid user." 
     redirect_to root_url 
     end 
    end 

    # Checks expiration of reset token. 
    def check_expiration 
     if @organization 
     if @organization.password_reset_expired? 
      flash[:danger] = "Password reset has expired." 
      redirect_to new_password_reset_url 
     end 
     elsif @member 
     if @member.password_reset_expired? 
      flash[:danger] = "Password reset has expired." 
      redirect_to new_password_reset_url 
     end 
     end 
    end 
end

來源

2015-04-22 Nick

回答

0

找到解決方案。在密碼重置控制器中,def update的後半部分需要額外的if-else語句來說明更新失敗。所以這意味着:

else 
    if @organization 
    if @organization.update_attributes(passreset_params) 
     log_in("organization", @organization) 
     flash[:success] = "Your password has been reset." 
     redirect_to @organization 
    else 
     render 'editorg' 
    end 
    elsif @member 
    if @member.update_attributes(passreset_params) 
     log_in("member", @member) 
     flash[:success] = "Your password has been reset." 
     redirect_to @member 
    else 
     render 'editmem' 
    end 
    else 
    flash.now[:danger] = "Update failed." 
    redirect_to root_url 
    end 
end

來源

2015-04-22 14:53:35 Nick

相關問題

 相關問題