我正在为我的rails应用创建密码重置令牌。
在我的用户控制器中,使用BCrypt-Ruby,rails脚手架通过内置的验证/保存来处理所有事情。但是,现在我遇到了一些困难。
在我的ResetToken控制器中,我有这个方法:
def do_reset
@token = ResetToken.find_by(token: params[:id])
if request.post?
user = @token.user
user.password = params[:password]
user.password_confirmation = params[:password_confirmation]
if user.save
redirect_to shop_url
end
else
end
end
和相应视图中的此表单:
<%= form_tag do %>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<%= label_tag :password %><br>
<%= password_field :password, class: "form-control" %>
</div>
<div class="col-md-6">
<%= label_tag :password_confirmation %>
<%= password_field :password_confirmation, class: "form-control" %>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<%= submit_tag "Update Password", class: "btn btn-primary pull-left push-bottom" %>
</div>
</div>
<% end %>
现在自动验证仍然有效。 (如果密码不匹配,它仍会触发验证)。但是,更新密码后似乎无法登录。它仍然看起来就像密码正在被哈希,但我更新后无法登录。我错过了什么?
这是关于用户密码的附加信息。正如我上面提到的,我正在使用BCrypt-Ruby gem。:
来自架构的
create_table "users", force: true do |t|
t.string "first_name"
t.string "last_name"
t.string "email"
t.string "password_digest"
...
end
来自rails控制台
2.0.0p247 :001 > u = User.find_by(email: 'drew.j.wyatt@gmail.com')
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = 'drew.j.wyatt@gmail.com' LIMIT 1
=> #<User id: 1, first_name: "Drew", last_name: "Wyatt", email: "drew.j.wyatt@gmail.com", password_digest: "$2a$10$gPW4PHLZgT5o2OqTlLJt0ObsdfFlnDKxSAuYHIOntaPx...", created_at: "2014-05-03 02:24:26", updated_at: "2014-06-23 01:06:20">
2.0.0p247 :002 > u.password_digest
=> "$2a$10$gPW4PHLZgT5o2OqTlLJt0ObsdfFlnDKxSAuYHIOntaPxDZSxIQrC6"
用户模型(安全密码是触发bcrypt散列的原因)
class User < ActiveRecord::Base
validates :email, presence: true, uniqueness: true
validates :first_name, :last_name, :phone, :address, :city, :state, :zip, presence: :true
validates_with UserValidator
has_secure_password
has_many :orders
has_many :commissions, class_name: Order, foreign_key: :distributor_id
belongs_to :distributor_level
belongs_to :referred_by, class_name: User
end