如何创建没有密码的用户并稍后使用 Devise 表单进行设置?
How to create user without password and set it later with Devise form?
我正在构建一个 Rails 应用程序,我想在 rails 控制台上创建没有密码的用户,收到一封确认电子邮件,然后单击 link确认邮件,在我的网站上设置密码。 (我正在使用 Devise)
这是我到目前为止尝试过的方法:
app/models/user.rb
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :confirmable
protected
def password_required?
confirmed? ? super : false
end
end
app/controllers/users/confirmations_controller.rb
class Users::ConfirmationsController < Devise::ConfirmationsController
protected
def after_confirmation_path_for(resource_name, resource)
sign_in(resource)
edit_registration_path(resource)
end
end
我特地做了 sign_in(resource) 因为我希望人们在这个过程中登录。
app/controllers/users_controller.rb
class UsersController < ApplicationController
def create
end
end
目前,当我通过 rails 控制台创建用户,然后单击确认 link,我最终进入设计视图,编辑我的帐户(更具体地说是我的密码),这很好,但我无法验证表单,因为我必须填写我以前的密码才能更改它。但是由于我在创建过程中没有设置任何密码,所以我卡住了!
关于我如何做到这一点有什么想法吗?
谢谢
编辑
如评论中所述,我尝试使用"forgot my password" link。它有效,但在设置密码后,用户必须登录(因此再次输入密码)。在我看来,这可能不是一个很好的客户体验,这就是为什么我想知道是否有一种方法可以做到这一点,正如我在 post 中所解释的那样,或者一种在用户设置后登录的方法第一次输入他的密码。
更新
根据一些建议,我对我的文件进行了一些更改,但我仍然收到错误消息,提示当前密码不能为空。这是我的代码:
routes.rb
Rails.application.routes.draw do
root to: 'page#index'
devise_for :users, path: '', path_names: { sign_in: 'sign_in', sign_out:
'sign_out'}, controllers: { confirmations: 'users/confirmations',
registrations: 'users/registrations' }
end
app/controllers/users/confirmations_controller.rb
class Users::ConfirmationsController < Devise::ConfirmationsController
def update_resource(resource, params)
if resource.encrypted_password.present?
super
else
resource.update(params)
end
end
protected
def after_confirmation_path_for(resource_name, resource)
sign_in(resource)
edit_registration_path(resource)
end
end
user.rb
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :confirmable
protected
def password_required?
confirmed? ? super : false
end
end
app/views/devise/registrations/edit.html.erb
<h2>Edit your account</h2>
<div>
<%= devise_error_messages! %>
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
<p><%= current_user.first_name %> <%= current_user.last_name %></p>
<p>Email address: <strong><%= current_user.email %></strong></p>
<div class="container mb-5">
<div class="row">
<%= f.label :password %>
</div>
<div class="row">
<%= f.password_field :password, autofocus: true, class: 'form-control', :required => 'required' %>
</div>
</div>
<div class="container mb-5">
<div class="row">
<%= f.label :password_confirmation %>
</div>
<div class="row">
<%= f.password_field :password_confirmation, autofocus: true, class: 'form-control', :required => 'required' %>
</div>
</div>
<div class="container text-center mb-3">
<%= f.submit "Update", class: 'navbar-cta' %>
</div>
<% end %>
</div>
日志
Started GET "/edit" for ::1 at 2020-01-20 18:06:29 +0100
Processing by Users::RegistrationsController#edit as HTML
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = ORDER BY "users"."id" ASC LIMIT [["id", 33], ["LIMIT", 1]]
Rendering devise/registrations/edit.html.erb within layouts/application
DEPRECATION WARNING: [Devise] `DeviseHelper.devise_error_messages!`
is deprecated and it will be removed in the next major version.
To customize the errors styles please run `rails g devise:views` and modify the
`devise/shared/error_messages` partial.
(called from _app_views_devise_registrations_edit_html_erb___445667363343301985_70311530657080 at /Users/victor/Documents/SaaS projects/ChurnTarget/app/views/devise/registrations/edit.html.erb:6)
Rendered devise/registrations/edit.html.erb within layouts/application (Duration: 7.3ms | Allocations: 1979)
Rendered layouts/_google_analytics.html.erb (Duration: 0.4ms | Allocations: 164)
[Webpacker] Everything's up-to-date. Nothing to do
Rendered page/_navbar.html.erb (Duration: 1.9ms | Allocations: 669)
Rendered page/_footer.html.erb (Duration: 0.8ms | Allocations: 162)
Completed 200 OK in 226ms (Views: 221.6ms | ActiveRecord: 0.5ms | Allocations: 61076)
Started PUT "/" for ::1 at 2020-01-20 18:07:00 +0100
Processing by Users::RegistrationsController#update as HTML
Parameters: {"authenticity_token"=>"99pJ5XaS5k5NQmba31GrTu5+jeN57mdPV51XlG6WFJoizS/5rbeLerzmTQv+kbsPIPorjH9fjAz3ihPxXENo1w==", "user"=>{"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = ORDER BY "users"."id" ASC LIMIT [["id", 33], ["LIMIT", 1]]
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT [["id", 33], ["LIMIT", 1]]
Unpermitted parameter: :password_confirmation
Rendering devise/registrations/edit.html.erb within layouts/application
DEPRECATION WARNING: [Devise] `DeviseHelper.devise_error_messages!`
is deprecated and it will be removed in the next major version.
To customize the errors styles please run `rails g devise:views` and modify the
`devise/shared/error_messages` partial.
(called from _app_views_devise_registrations_edit_html_erb___445667363343301985_70311530657080 at /Users/victor/Documents/SaaS projects/ChurnTarget/app/views/devise/registrations/edit.html.erb:6)
Rendered devise/shared/_error_messages.html.erb (Duration: 2.0ms | Allocations: 441)
Rendered devise/registrations/edit.html.erb within layouts/application (Duration: 7.5ms | Allocations: 1514)
Rendered layouts/_google_analytics.html.erb (Duration: 0.1ms | Allocations: 8)
[Webpacker] Everything's up-to-date. Nothing to do
Rendered page/_navbar.html.erb (Duration: 0.1ms | Allocations: 15)
Rendered page/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
Completed 200 OK in 208ms (Views: 40.7ms | ActiveRecord: 1.1ms | Allocations: 20837)
告诉我您是否还想查看其他文件。
module Users
class RegistrationsController < ::Devise::ConfirmationsController
protected
# By default Devise requires a password check on update.
# this override checks if there is stored password so that
# a confirmed user without a password can add their password
def update_resource(resource, params)
if resource.encrypted_password.present?
super
else
resource.update(params)
end
end
end
end
update_resource 在 Devise::ConfirmationsController#update. By default it calls resource.update_with_password(params) 中被调用,如果当前密码无效,它会与参数一起运行并添加验证错误。它不受 password_required? 的影响,因为这个特殊的 "validation" 是作为控制器流程的一部分完成的。
如果没有保存密码,这只是绕过它。
您还需要配置路由:
devise_for :users, controllers: {
confirmations: 'users/confirmations',
registrations: 'users/registrations'
}
完全不同的解决方案是使用 Devise::Invitable,它提供了您可能正在寻找的功能。
它为您提供了一个 /users/invitation/new 路径,其中包含一个表单,您可以填写该表单来邀请用户。保存用户记录,然后用户通过接受邀请完成注册过程。
如果您真的想要,您可以从控制台发送邀请:
User.invite!(email: 'someone@example.com')
但实际上我只想使用 Pundit 或 CanCanCan 设置一些基本授权来锁定邀请控制器并通过 GUI 完成。无论如何你很可能会需要它。
我正在构建一个 Rails 应用程序,我想在 rails 控制台上创建没有密码的用户,收到一封确认电子邮件,然后单击 link确认邮件,在我的网站上设置密码。 (我正在使用 Devise)
这是我到目前为止尝试过的方法:
app/models/user.rb
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :confirmable
protected
def password_required?
confirmed? ? super : false
end
end
app/controllers/users/confirmations_controller.rb
class Users::ConfirmationsController < Devise::ConfirmationsController
protected
def after_confirmation_path_for(resource_name, resource)
sign_in(resource)
edit_registration_path(resource)
end
end
我特地做了 sign_in(resource) 因为我希望人们在这个过程中登录。
app/controllers/users_controller.rb
class UsersController < ApplicationController
def create
end
end
目前,当我通过 rails 控制台创建用户,然后单击确认 link,我最终进入设计视图,编辑我的帐户(更具体地说是我的密码),这很好,但我无法验证表单,因为我必须填写我以前的密码才能更改它。但是由于我在创建过程中没有设置任何密码,所以我卡住了!
关于我如何做到这一点有什么想法吗?
谢谢
编辑
如评论中所述,我尝试使用"forgot my password" link。它有效,但在设置密码后,用户必须登录(因此再次输入密码)。在我看来,这可能不是一个很好的客户体验,这就是为什么我想知道是否有一种方法可以做到这一点,正如我在 post 中所解释的那样,或者一种在用户设置后登录的方法第一次输入他的密码。
更新
根据一些建议,我对我的文件进行了一些更改,但我仍然收到错误消息,提示当前密码不能为空。这是我的代码:
routes.rb
Rails.application.routes.draw do
root to: 'page#index'
devise_for :users, path: '', path_names: { sign_in: 'sign_in', sign_out:
'sign_out'}, controllers: { confirmations: 'users/confirmations',
registrations: 'users/registrations' }
end
app/controllers/users/confirmations_controller.rb
class Users::ConfirmationsController < Devise::ConfirmationsController
def update_resource(resource, params)
if resource.encrypted_password.present?
super
else
resource.update(params)
end
end
protected
def after_confirmation_path_for(resource_name, resource)
sign_in(resource)
edit_registration_path(resource)
end
end
user.rb
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :confirmable
protected
def password_required?
confirmed? ? super : false
end
end
app/views/devise/registrations/edit.html.erb
<h2>Edit your account</h2>
<div>
<%= devise_error_messages! %>
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
<p><%= current_user.first_name %> <%= current_user.last_name %></p>
<p>Email address: <strong><%= current_user.email %></strong></p>
<div class="container mb-5">
<div class="row">
<%= f.label :password %>
</div>
<div class="row">
<%= f.password_field :password, autofocus: true, class: 'form-control', :required => 'required' %>
</div>
</div>
<div class="container mb-5">
<div class="row">
<%= f.label :password_confirmation %>
</div>
<div class="row">
<%= f.password_field :password_confirmation, autofocus: true, class: 'form-control', :required => 'required' %>
</div>
</div>
<div class="container text-center mb-3">
<%= f.submit "Update", class: 'navbar-cta' %>
</div>
<% end %>
</div>
日志
Started GET "/edit" for ::1 at 2020-01-20 18:06:29 +0100
Processing by Users::RegistrationsController#edit as HTML
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = ORDER BY "users"."id" ASC LIMIT [["id", 33], ["LIMIT", 1]]
Rendering devise/registrations/edit.html.erb within layouts/application
DEPRECATION WARNING: [Devise] `DeviseHelper.devise_error_messages!`
is deprecated and it will be removed in the next major version.
To customize the errors styles please run `rails g devise:views` and modify the
`devise/shared/error_messages` partial.
(called from _app_views_devise_registrations_edit_html_erb___445667363343301985_70311530657080 at /Users/victor/Documents/SaaS projects/ChurnTarget/app/views/devise/registrations/edit.html.erb:6)
Rendered devise/registrations/edit.html.erb within layouts/application (Duration: 7.3ms | Allocations: 1979)
Rendered layouts/_google_analytics.html.erb (Duration: 0.4ms | Allocations: 164)
[Webpacker] Everything's up-to-date. Nothing to do
Rendered page/_navbar.html.erb (Duration: 1.9ms | Allocations: 669)
Rendered page/_footer.html.erb (Duration: 0.8ms | Allocations: 162)
Completed 200 OK in 226ms (Views: 221.6ms | ActiveRecord: 0.5ms | Allocations: 61076)
Started PUT "/" for ::1 at 2020-01-20 18:07:00 +0100
Processing by Users::RegistrationsController#update as HTML
Parameters: {"authenticity_token"=>"99pJ5XaS5k5NQmba31GrTu5+jeN57mdPV51XlG6WFJoizS/5rbeLerzmTQv+kbsPIPorjH9fjAz3ihPxXENo1w==", "user"=>{"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = ORDER BY "users"."id" ASC LIMIT [["id", 33], ["LIMIT", 1]]
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = LIMIT [["id", 33], ["LIMIT", 1]]
Unpermitted parameter: :password_confirmation
Rendering devise/registrations/edit.html.erb within layouts/application
DEPRECATION WARNING: [Devise] `DeviseHelper.devise_error_messages!`
is deprecated and it will be removed in the next major version.
To customize the errors styles please run `rails g devise:views` and modify the
`devise/shared/error_messages` partial.
(called from _app_views_devise_registrations_edit_html_erb___445667363343301985_70311530657080 at /Users/victor/Documents/SaaS projects/ChurnTarget/app/views/devise/registrations/edit.html.erb:6)
Rendered devise/shared/_error_messages.html.erb (Duration: 2.0ms | Allocations: 441)
Rendered devise/registrations/edit.html.erb within layouts/application (Duration: 7.5ms | Allocations: 1514)
Rendered layouts/_google_analytics.html.erb (Duration: 0.1ms | Allocations: 8)
[Webpacker] Everything's up-to-date. Nothing to do
Rendered page/_navbar.html.erb (Duration: 0.1ms | Allocations: 15)
Rendered page/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
Completed 200 OK in 208ms (Views: 40.7ms | ActiveRecord: 1.1ms | Allocations: 20837)
告诉我您是否还想查看其他文件。
module Users
class RegistrationsController < ::Devise::ConfirmationsController
protected
# By default Devise requires a password check on update.
# this override checks if there is stored password so that
# a confirmed user without a password can add their password
def update_resource(resource, params)
if resource.encrypted_password.present?
super
else
resource.update(params)
end
end
end
end
update_resource 在 Devise::ConfirmationsController#update. By default it calls resource.update_with_password(params) 中被调用,如果当前密码无效,它会与参数一起运行并添加验证错误。它不受 password_required? 的影响,因为这个特殊的 "validation" 是作为控制器流程的一部分完成的。
如果没有保存密码,这只是绕过它。
您还需要配置路由:
devise_for :users, controllers: {
confirmations: 'users/confirmations',
registrations: 'users/registrations'
}
完全不同的解决方案是使用 Devise::Invitable,它提供了您可能正在寻找的功能。
它为您提供了一个 /users/invitation/new 路径,其中包含一个表单,您可以填写该表单来邀请用户。保存用户记录,然后用户通过接受邀请完成注册过程。
如果您真的想要,您可以从控制台发送邀请:
User.invite!(email: 'someone@example.com')
但实际上我只想使用 Pundit 或 CanCanCan 设置一些基本授权来锁定邀请控制器并通过 GUI 完成。无论如何你很可能会需要它。