假设我当前的密码是1234,并且长度必须至少为4个字符。
我在表单中有3个输入字段:
new password
new password confirmation
current password
当我使用update_with_password和输入
new password: 5678
new password confirmation: 5678
current paswword: 1234
它成功更新
例如,如果我使用
new password: 12
new password confirmation: 23
current password: 1234
我遇到了多个设计错误:密码太短,密码不匹配等。
当我使用update_without_password时,我希望我只需删除current password field,一切都会保持不变。
相反,如果我这样做并给出输入:
new password: 12
new password confirmation: 34
我收到消息account updated successfully和用户记录未更新
这是我的控制者:
class Users::RegistrationsController < Devise::RegistrationsController
def edit
@images = Dir.glob("public/assets/images/users/#{current_user.id}/med/*")
end
def update
if params[:image_file_path]
ff = File.open("public/"+params[:image_file_path])
resource.image = ff
resource.save!
end
self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
resource_updated = resource.update_without_password(account_update_params)
yield resource if block_given?
if resource_updated
if is_flashing_format?
flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
:update_needs_confirmation : :updated
set_flash_message :notice, flash_key
end
sign_in resource_name, resource, bypass: true
respond_with resource, location: after_update_path_for(resource)
else
@images = Dir.glob("public/assets/images/users/#{current_user.id}/med/*")
clean_up_passwords resource
respond_with resource
end
end
private
def sign_up_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :telephone, :image, :address, :birthday)
end
def account_update_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :telephone, :image, :image_file_path, :address, :birthday)
end
protected
def update_resource(resource, params)
resource.update_without_password(params)
end
def after_update_path_for(resource)
edit_user_registration_path
end
end
这是我的观点:
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: {method: :put }) do |f| %>
<div class="form-group">
<%= f.label :password, "Change Password", class: 'control-label' %>
<i>(leave blank if you don't want to change it)</i><br />
<%= f.password_field :password, autocomplete: "off", class: 'form-control' %>
</div>
<div class="form-group">
<%= f.label :password_confirmation, "New Password Confirmation", class: 'control-label' %><br />
<%= f.password_field :password_confirmation, autocomplete: "off", class: 'form-control' %>
</div>
<%= f.submit "Save", class: 'btn btn-success' %>
<%end%>
答案 0 :(得分:3)
在不询问当前密码的情况下更新记录属性。 从不允许更改当前密码。如果您使用此方法,则应该覆盖此方法以保护您不希望在没有密码的情况下更新的其他属性。
它可能会默默地忽略您请求中的password和password_confirmation参数。