设计:将任何用户密码更改为admin

时间:2013-07-15 16:16:50

标签: ruby-on-rails-3 devise

所以这看起来很简单,我有一个控制器动作,如下所示:

class Admin::UsersController < Admin::BaseController
...
def update_password
  @user = User.find(params[:user][:id])
  @user.password = params[:user][:password]
  if @user.save!
    Notifier.admin_password_change(@user).deliver
    flash[:success] = "Password Changed!"
    redirect_to edit_admin_user_path(@user)
  else
    render "edit"
  end
end
end

它似乎永远不会起作用。我需要更先进的东西吗?这是我在rails控制台中看到的内容:

Started PUT "/admin/users/update_password" for 127.0.0.1 at 2013-07-15 10:01:50 -0600
Processing by Admin::UsersController#update_password as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"ipedx2MJDZTQct6I4FUObrzDpMNl3pQWNVr9Ez7bDVc=", "user"=>{"id"=>"226", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Change Password"}
  (6.8ms)  ALTER SESSION SET EDITION = EPACT_REDESIGN
  User Load (8.4ms)  SELECT "CRED_APP_USERS".* FROM "CRED_APP_USERS" WHERE "CRED_APP_USERS"."ID_NUMBER" = 10040 AND ROWNUM <= 1
  CodeModel Load (9.1ms)  SELECT "CRED_CODES".* FROM "CRED_CODES" WHERE (table_name = 'CRED_VEHICLES' OR table_name = 'CRED_FLEET')
  User Load (3.6ms)  SELECT "CRED_APP_USERS".* FROM "CRED_APP_USERS" WHERE "CRED_APP_USERS"."ID_NUMBER" = :a1 AND ROWNUM <= 1  [["id_number", "226"]]
  (3.3ms)  UPDATE "CRED_APP_USERS" SET "ENCRYPTED_PASSWORD" = 'ENCRYPTED PASSWORD STRING', "MODIFY_DT" = TO_DATE('2013-07-15 16:01:50','YYYY-MM-DD HH24:MI:SS') WHERE "CRED_APP_USERS"."ID_NUMBER" = 226
 Rendered notifier/admin_password_change.erb (0.1ms)

Sent mail to random@person.com (22ms)
...

我在这里做错了什么?电子邮件在控制台中打印出来,:success闪存出现在屏幕顶部,但密码没有更改。

1 个答案:

答案 0 :(得分:3)

不能说我理解为什么,但是我需要设置一个password_reset_token,然后才有效。以下是该方法现在的样子:

def update_password
  @user = User.find(params[:user][:id])
  @user.reset_password_token = 'temp'
  @user.save!
  if @user.reset_password!(params[:user][:password], params[:user][:password_confirmation])
    Notifier.admin_password_change(@user).deliver
    flash[:success] = "Password Changed!"
    redirect_to edit_admin_user_path(@user)
  else
    render "edit"
  end
end

reset_password!方法运行时,令牌被吹走了。我在文档中找不到任何需要reset_password_token的内容,但似乎是必需的。我不会说这段代码很漂亮,但解决方案有效。如果其他人想出更好的东西,我会改变我的答案。

相关问题
最新问题