需要旧密码才能更改新密码authlogic身份验证

时间:2014-07-03 15:15:53

标签: ruby-on-rails authlogic

我有一个_form.html.erb部分,它将用户输入发送到控制器中的update方法

<div id='myaccount-profile_name_form' class='clearfix'>
  <fieldset id="myaccount-profile" class='five columns'>
     <ul id="posting_classified_form">
       <li>
         <%= f.label :first_name %>
         <%= f.text_field :first_name, :placeholder => "First Name" %>
        </li>
        <li>
          <%= f.label :last_name %>
          <%= f.text_field :last_name %>
        </li>
        <li>
          <%= f.label :email %>
          <%= f.text_field :email %>
        </li>
        <li>
          <%= f.label :form_birth_date, "Birthday" %>
          <%= f.text_field :form_birth_date, :class => 'ui-yearpicker', :placeholder => "mm/dd/yyyy" %>
        </li>
     </ul>
  </fieldset>
</div>
<div id='myaccount-profile_form' class='clearfix' >
  <fieldset id="myaccount-profile-password" class='five '>
    <ul id="posting_classified_form">
      <li>
        <%= f.label :current_password, "Current Password", :placeholder => "We need your current password to confirm your changes", :required => true %>
        <%= f.password_field :password %>
      </li>
      <li>
        <%= f.label :password, "New Password" %>
        <%= f.password_field :password %>
      </li>
      <li>
        <%= f.label :password_confirmation, "Confirm", :style => "white-space:normal;" %>
        <%= f.password_field :password_confirmation %>
      </li>
    </ul>
  </fieldset>
  <div class="actions"><%= f.submit 'Update' , :class => 'goButton', :style => 'width:auto;float:right;'%></div>
</div>

这是控制器中的编辑/更新方法

  def edit
    @user = current_user
  end

  def update
    @user = current_user
    if @user.valid_password?(params[:user][:current_password])
      binding.pry
      @user.update_attributes(params[:user])
      flash[:notice]  = "Successfully updated user."
      redirect_to umarket_index_url
    else
      flash[:notice]  = "An error occurred while updating user please try again."
      redirect_to umarket_index_url
 #     render :edit
    end
  end 

我们正在使用authlogic gem进行身份验证。我找到了valid_password?来自authlogic doc。我想让用户只有在用户输入正确的密码后才能更改密码。

服务器日志看起来像这样

Started GET "/myaccount/overview/edit" for 127.0.0.1 at 2014-07-03 11:16:07 -0400
Processing by Myaccount::OverviewsController#edit as HTML
  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 6 LIMIT 1
  Rendered myaccount/overviews/_form.html.erb (2.7ms)
  Rendered myaccount/overviews/edit.html.erb (5.3ms)
Completed 200 OK in 16ms (Views: 5.9ms | ActiveRecord: 0.5ms)


Started PUT "/myaccount/overview" for 127.0.0.1 at 2014-07-03 11:16:14 -0400
Processing by Myaccount::OverviewsController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"b01gMlAQOJpu6Zu+mg+M4v2VYfm0AZvTAfKXa+ArJxU=", "user"=>{"first_name"=>"Judy", "last_name"=>"Ngai", "email"=>"judy.ngai1228@gmail.com", "form_birth_date"=>"spree@example.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update"}
  User Load (0.6ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 6 LIMIT 1
Redirected to http://localhost:3000/umarket
Completed 302 Found in 15ms (ActiveRecord: 0.6ms)

密码没有变化。日志中没有错误。我没有使用authlogic所以我很困惑。

2 个答案:

答案 0 :(得分:1)

我对您的代码感觉错误的是您的current_password和新密码字段在您的案例中具有相同的名称user['password']。尝试更改以下代码中指定的名称。我已粘贴操作和查看代码供您参考。

注意:Params是一个哈希值,并且它不能重复使用相同的键,这是您尝试执行的操作。只需更改名称,它应该可以正常工作。

这是代码

def update_password  
  redirect_to user_path, alert: 'The current password you entered is not correct!' and return unless current_user.valid_password?(params[:user][:current_password], true)

  current_user.password = params[:user][:password]
  current_user.password_confirmation = params[:user][:password_confirmation]
  if current_user.save
    redirect_to user_path, notice: 'Your password has been updated'
  else
    redirect_to user_path, alert: current_user.errors.to_a.join("<br>")
  end
end

表单看起来像这样

%div{style: "display: none;", class: "updatePassWord curved curved-sm"}
= form_for current_user, url: update_password_user_path, html: {id: 'changePassForm'}, method: :put do |f|
  .row{:class => "form-group"}
    = f.password_field :current_password, class: "input-sm required passwordValidator", placeholder: "#{t('form_placeholder.current_password')}"
  .row{:class => "form-group"}
    = f.password_field :password, class: "input-sm required passwordValidator", placeholder: "#{t('form_placeholder.new_password')}"
  .row{:class => "form-group"}
    = f.password_field :password_confirmation, class: "input-sm required passwordValidator", placeholder: "#{t('form_placeholder.password_confirmation')}"
  .row{:class => "form-group"}
    = f.submit "Update My Password", class: "btn btn-success btn-cons submit"

如果有帮助,请告诉我

答案 1 :(得分:0)

正如pamio写道params[:user][:old_password]对我有帮助,这是我的方法,因为我没有current_user方法。

def update
    user = User.find_by(id: params[:id])
    @check = params[:user][:password] == params[:user][:password_confirmation]
    if user and user.authenticate(params[:user][:old_password])
      if @check
        respond_to do |format|
          if @user.update(user_params)
            format.html { redirect_to @user, notice: "User " + @user.name + " was successfully updated." }
            format.json { render :show, status: :ok, location: @user }
          end
        end
      else
        flash[:notice] = "password and password confirmation didn't match!"
        render :edit
      end
    else
      flash[:notice] = "Old password didn't match!"
      render :edit
    end
  end