需要舊密碼更改新密碼authlogic認證

Question

我有一個_form.html.erb部分，將用戶輸入發送到更新方法在控制器

<div id='myaccount-profile_name_form' class='clearfix'> 
    <fieldset id="myaccount-profile" class='five columns'> 
    <ul id="posting_classified_form"> 
     <li> 
     <%= f.label :first_name %> 
     <%= f.text_field :first_name, :placeholder => "First Name" %> 
     </li> 
     <li> 
      <%= f.label :last_name %> 
      <%= f.text_field :last_name %> 
     </li> 
     <li> 
      <%= f.label :email %> 
      <%= f.text_field :email %> 
     </li> 
     <li> 
      <%= f.label :form_birth_date, "Birthday" %> 
      <%= f.text_field :form_birth_date, :class => 'ui-yearpicker', :placeholder => "mm/dd/yyyy" %> 
     </li> 
    </ul> 
    </fieldset> 
</div> 
<div id='myaccount-profile_form' class='clearfix' > 
    <fieldset id="myaccount-profile-password" class='five '> 
    <ul id="posting_classified_form"> 
     <li> 
     <%= f.label :current_password, "Current Password", :placeholder => "We need your current password to confirm your changes", :required => true %> 
     <%= f.password_field :password %> 
     </li> 
     <li> 
     <%= f.label :password, "New Password" %> 
     <%= f.password_field :password %> 
     </li> 
     <li> 
     <%= f.label :password_confirmation, "Confirm", :style => "white-space:normal;" %> 
     <%= f.password_field :password_confirmation %> 
     </li> 
    </ul> 
    </fieldset> 
    <div class="actions"><%= f.submit 'Update' , :class => 'goButton', :style => 'width:auto;float:right;'%></div> 
</div> 

這是在控制器編輯/更新方法

def edit 
    @user = current_user 
    end 

    def update 
    @user = current_user 
    if @user.valid_password?(params[:user][:current_password]) 
     binding.pry 
     @user.update_attributes(params[:user]) 
     flash[:notice] = "Successfully updated user." 
     redirect_to umarket_index_url 
    else 
     flash[:notice] = "An error occurred while updating user please try again." 
     redirect_to umarket_index_url 
#  render :edit 
    end 
    end 

我們使用authlogic gem來進行身份驗證。我找到了valid_password？來自authlogic doc。我想讓用戶只有在用戶輸入正確的密碼後才能更改密碼。

服務器日誌看起來是這樣

Started GET "/myaccount/overview/edit" for 127.0.0.1 at 2014-07-03 11:16:07 -0400 
Processing by Myaccount::OverviewsController#edit as HTML 
    User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 6 LIMIT 1 
    Rendered myaccount/overviews/_form.html.erb (2.7ms) 
    Rendered myaccount/overviews/edit.html.erb (5.3ms) 
Completed 200 OK in 16ms (Views: 5.9ms | ActiveRecord: 0.5ms) 


Started PUT "/myaccount/overview" for 127.0.0.1 at 2014-07-03 11:16:14 -0400 
Processing by Myaccount::OverviewsController#update as HTML 
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"b01gMlAQOJpu6Zu+mg+M4v2VYfm0AZvTAfKXa+ArJxU=", "user"=>{"first_name"=>"Judy", "last_name"=>"Ngai", "email"=>"judy.ngai1228@gmail.com", "form_birth_date"=>"spree@example.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"} 
    User Load (0.6ms) SELECT "users".* FROM "users" WHERE "users"."id" = 6 LIMIT 1 
Redirected to http://localhost:3000/umarket 
Completed 302 Found in 15ms (ActiveRecord: 0.6ms) 

的密碼並沒有得到改變。日誌中沒有錯誤。我不使用authlogic，所以我很困惑。

Answer 1

我對你的代碼感覺錯誤的是你的current_password和新密碼字段有user['password']你的情況。嘗試更改下面代碼中指定的名稱。我粘貼了動作和視圖代碼供您參考。

注：Params是一個散列，它不能有相同的密鑰重複，這是你想要做的。只需更改名稱，它應該可以正常工作。

下面是代碼

def update_password 
    redirect_to user_path, alert: 'The current password you entered is not correct!' and return unless current_user.valid_password?(params[:user][:current_password], true) 

    current_user.password = params[:user][:password] 
    current_user.password_confirmation = params[:user][:password_confirmation] 
    if current_user.save 
    redirect_to user_path, notice: 'Your password has been updated' 
    else 
    redirect_to user_path, alert: current_user.errors.to_a.join("<br>") 
    end 
end 

而且形式如下

%div{style: "display: none;", class: "updatePassWord curved curved-sm"} 
= form_for current_user, url: update_password_user_path, html: {id: 'changePassForm'}, method: :put do |f| 
    .row{:class => "form-group"} 
    = f.password_field :current_password, class: "input-sm required passwordValidator", placeholder: "#{t('form_placeholder.current_password')}" 
    .row{:class => "form-group"} 
    = f.password_field :password, class: "input-sm required passwordValidator", placeholder: "#{t('form_placeholder.new_password')}" 
    .row{:class => "form-group"} 
    = f.password_field :password_confirmation, class: "input-sm required passwordValidator", placeholder: "#{t('form_placeholder.password_confirmation')}" 
    .row{:class => "form-group"} 
    = f.submit "Update My Password", class: "btn btn-success btn-cons submit" 

讓我知道這是否有助於

Answer 2

由於pamio寫道params[:user][:old_password]對我來說是有益的，這是我的方法，因爲我沒有current_user方法。

def update 
    user = User.find_by(id: params[:id]) 
    @check = params[:user][:password] == params[:user][:password_confirmation] 
    if user and user.authenticate(params[:user][:old_password]) 
     if @check 
     respond_to do |format| 
      if @user.update(user_params) 
      format.html { redirect_to @user, notice: "User " + @user.name + " was successfully updated." } 
      format.json { render :show, status: :ok, location: @user } 
      end 
     end 
     else 
     flash[:notice] = "password and password confirmation didn't match!" 
     render :edit 
     end 
    else 
     flash[:notice] = "Old password didn't match!" 
     render :edit 
    end 
    end