我已经使用Devise gem向一个小型User类添加了一些参数,并且遇到了current_password的问题。在我的帐户更新表单中,我收到错误"无法删除"当我更新帐户并输入当前密码时。该帐户随后未更新。我怀疑它正在某处删除输入,然后被读为空白。但是我不确定。我在下面列出了我认为相关的任何内容。
用户模型:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :about_me
has_many :microposts
end
应用程序控制器:
class ApplicationController < ActionController::Base
protect_from_forgery
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email)}
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email)}
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :about_me, :email, :password, :password_confirmation, :current_password)}
end
end
密码控制器:
class Users::PasswordsController < Devise::PasswordsController
def resource_params
params.require(:user).permit(:email, :password, :password_confirmation, :current_password)
end
private :resource_params
end
注册控制器
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:username, :about_me, :email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:username, :about_me, :email, :password, :password_confirmation, :current_password)
end
end
end
设计路线:
devise_for :users, :controllers => {:registrations => "users/registrations", :passwords => "users/passwords" }
有问题的观点(标准设计/注册/编辑表格):
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
<%= f.error_notification %>
<div class="form-inputs">
<%= f.input :email, required: true, autofocus: true %>
<%= f.input :username, required: false, autofocus: true %>
<%= f.input :about_me, required: false, autofocus: true %>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
<% end %>
<%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
<%= f.input :password_confirmation, required: false %>
<%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
</div>
<div class="form-actions">
<%= f.button :submit, "Update" %>
</div>
<% end %>
<h3>Cancel my account</h3>
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
同样,问题是当输入确认更改的密码时,错误消息&#34;不能为空白&#34;出现在该字段旁边。有任何想法吗?谢谢
答案 0 :(得分:1)
这是我过去遇到麻烦的问题,需要一些解决方法。默认情况下,Devise的:registerable模块允许用户更改其信息,并且需要输入:password和:password_confirmation参数。据我了解,您正在尝试要求用户输入并确认他们的:current_password。
为了实现您正在寻找的行为,您必须覆盖Devise的RegistrationsController。我也不认为你需要PasswordsController,因为Devise的RegistrationsController会为你处理。您需要编写并实施一种方法来检查用户:current_password的有效性,然后通过update操作将其重定向到正确的位置。您可以在Users::RegistrationController类中编写以下私有方法:
def needs_password?(user, params)
user.email != params[:user][:email] ||
params[:user][:password].present? ||
params[:user][:password_confirmation].present?
end
然后在update中修改您的User::RegistrationsController方法,如下所示:
class Users::RegistrationsController < Devise::RegistrationsController
def update
@user = User.find(current_user.id)
successfully_updated = if needs_password?(@user, params)
@user.update_with_password(devise_parameter_sanitizer.sanitize(:account_update))
else
# remove the virtual current_password attribute
# update_without_password doesn't know how to ignore it
params[:user].delete(:current_password)
@user.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
end
if successfully_updated
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case their password changed
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
希望这会有所帮助。您还可以参考Devise的文档,了解如何执行此操作:https://github.com/plataformatec/devise/wiki/How-To%3a-Allow-users-to-edit-their-account-without-providing-a-password。