如何理解rails 4中的身份验证?(:activation,params [:id])?

时间:2015-04-08 16:59:50

标签: ruby-on-rails-4 rails-authorization

我正在阅读Michael Hartl的rails教程,我在第10章authenticated?(:activation, params[:id])无法理解这一行

根据作者的说法,此行用于比较activation_digesttoken这表示该令牌可在params[:id]

获取

这是我感到困惑的地方。 params[:id]检索用户ID他们如何将ID与activation_digest进行比较?

然而authenticated?(:remember, cookies[:remember_token])非常有意义 对我来说。  任何人 ?非常感谢您的帮助!

相关代码如下所示:

account_activations_controller.rb

class AccountActivationsController < ApplicationController
    def edit
    user = User.find_by(email: params[:email])
    if user && !user.activated? && user.authenticated?(:activation, params[:id])
      user.activate
      log_in user
      flash[:success] = "Account activated!"
      redirect_to user
    else
      flash[:danger] = "Invalid activation link"
      redirect_to root_url
    end
  end
end

的routes.rb

Rails.application.routes.draw do
  get 'password_resets/new'

  get 'password_resets/edit'

  get 'sessions/new'

  get 'users/new'

  root             'static_pages#home'
  get 'help'    => 'static_pages#help'
  get 'about'   => 'static_pages#about'
  get 'contact' => 'static_pages#contact'
  get 'signup'  => 'users#new'
  get    'login'   => 'sessions#new'
  post   'login'   => 'sessions#create'
  delete 'logout'  => 'sessions#destroy'
  resources :users
  resources :account_activations, only: [:edit]
  resources :password_resets,     only: [:new, :create, :edit, :update]

User.rb

class User < ActiveRecord::Base
    attr_accessor :remember_token, :activation_token, :reset_token
  before_save   :downcase_email
    before_create :create_activation_digest
    validates :name,   presence: true, length: { maximum: 50 }
    VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
    validates :email,  presence: true, length: { maximum: 255 },
                       format: { with: VALID_EMAIL_REGEX },
                       uniqueness: { case_sensitive: false }
    has_secure_password
    validates :password, length: { minimum:6 }, allow_blank: true

class << self
    # Returns the hash digest of the given string.
  def digest(string)
    cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
                                                  BCrypt::Engine.cost
    BCrypt::Password.create(string, cost: cost)
  end

    # Returns a random token.
  def new_token
    SecureRandom.urlsafe_base64
  end
end

  # Remembers a user in the database for use in persistent sessions.
  def remember
    self.remember_token = User.new_token
    update_attribute(:remember_digest, User.digest(remember_token))
  end

  # Returns true if the given token matches the digest.
  def authenticated?(remember_token)
    return false if remember_digest.nil?
    BCrypt::Password.new(remember_digest).is_password?(remember_token)
  end

  # Returns true if the given token matches the digest.
  def authenticated?(attribute, token)
    digest = send("#{attribute}_digest")
    return false if digest.nil?
    BCrypt::Password.new(digest).is_password?(token)
  end

  # Forgets a user.
  def forget
    update_attribute(:remember_digest, nil)
  end

  # Activates an account.
  def activate
    update_attribute(:activated,    true)
    update_attribute(:activated_at, Time.zone.now)
  end

  # Sends activation email.
  def send_activation_email
    UserMailer.account_activation(self).deliver_now
  end

  # Sets the password reset attributes.
  def create_reset_digest
    self.reset_token = User.new_token
    update_attribute(:reset_digest,  User.digest(reset_token))
    update_attribute(:reset_sent_at, Time.zone.now)
  end

  # Sends password reset email.
  def send_password_reset_email
    UserMailer.password_reset(self).deliver_now
  end

private
# Converts email to all lower-case.
def downcase_email
  self.email = email.downcase
end

# Creates and assigns the activation token and digest.
def create_activation_digest
  self.activation_token  = User.new_token
  self.activation_digest = User.digest(activation_token)
 end
end

1 个答案:

答案 0 :(得分:1)

我将它发布在ruby on rails talk google上,最后有人回答了我的问题。对于那些阅读Michael Hartl的书的人来说,你可能会觉得这很有用。

无论如何,params[:id]的整点与routes.rb文件有关,它表明它与路由生成的url有关。在这种情况下 。我正在使用RESTful urls in rails

让我们说如果网址是:     https://www.examples.com/account_activations/token_fFb_F94mgQtmlSvRFGsITw/edit?email=michael%40michaelhartl.com

然后params [:id]将是&#34; token_fFb_F94mgQtmlSvRFGsITw&#34;

可以在Click here to check

找到更好的解释

我的问题是我弄错了&#34;:id&#34;在 params [:id] 中作为用户表中的数字id属性。希望你不会像我一样犯同样的错误。祝你好运!