设计确认令牌无效

时间:2015-06-04 17:03:27

标签: ruby-on-rails devise

我的问题与转换到Devise 3.1+无关,我已在电子邮件视图中使用@token变量。

问题是,通过电子邮件发送的确认令牌不是好的。如果我尝试在控制台上执行此操作

u = User.last.send_confirmation_instructions
the_token_from_the_email = xxx #a copy paste from the email
token_digest = Devise.token_generator.digest(User, :confirmation_token, the_token_from_the_email)
u.confirmation_token == token_digest
# false

它失败了......知道可能导致这种情况的原因吗?

电子邮件中的令牌看起来像3D7vDawAysHXKmM6YS-Mhb db / after摘要中的标记看起来像6e8d045e084910d0cfb67b73679da12981221f52eeb984776f969f3c2d475937

编辑:

这是发生了什么

  1. 用户点击sign_up,输入他的登录信息
  2. 我们检查登录远程LDAP,如果我们找到他,那么他在远程LDAP上的条目被复制到我们的LDAP,如果它已经不存在(没有数据库查询),我们发送给他一封电子邮件新密码

  3. 然后,在rails数据库上创建用户的帐户(如果它尚不存在),将发出以下命令(请注意用户has_many :clients并在{{}}中检查客户端模型{1}} 

    confirmation_required?

  4. 然后使用令牌MOPED: 127.0.0.1:27017 QUERY database=intranet_rails_development collection=users selector={"confirmation_token"=>"IOciN4PmF4IPddFfDx3p2Q=="} flags=[] limit=-1 skip=0 batch_size=nil fields={:_id=>1} runtime: 0.5599ms MOPED: 127.0.0.1:27017 QUERY database=intranet_rails_development collection=users selector={"confirmation_token"=>"IOciN4PmF4IPddFfDx3p2Q=="} flags=[] limit=-1 skip=0 batch_size=nil fields={:_id=>1} runtime: 0.3061ms MOPED: 127.0.0.1:27017 COMMAND database=intranet_rails_development command={:count=>"clients", :query=>{"user_id"=>BSON::ObjectId('55744fd46a65004c95000000')}} runtime: 0.3512ms MOPED: 127.0.0.1:27017 QUERY database=intranet_rails_development collection=users selector={"$query"=>{"confirmation_token"=>"b3606f731762a75314f52467993c09fdcd99124ca6357fca6b52a694f159cd9b"}, "$orderby"=>{:_id=>1}} flags=[] limit=-1 skip=0 batch_size=nil fields=nil runtime: 0.4727ms MOPED: 127.0.0.1:27017 INSERT database=intranet_rails_development collection=users documents=[{"_id"=>BSON::ObjectId('55744fd46a65004c95000000'), "confirmation_token"=>"b3606f731762a75314f52467993c09fdcd99124ca6357fca6b52a694f159cd9b", "ldap_groups_cache"=>["Intervenants"], "last_ldap_groups_check"=>2015-06-07 14:06:12 UTC, "gender_cd"=>0, "login"=>"tarasiuk", "from_tpt_ldap"=>false, "tpt"=>false, "superadmin"=>false, "first_name"=>"Orest", "last_name"=>"Somename", "email"=>"blblabla@domain.fr", "updated_at"=>2015-06-07 14:06:12 UTC, "created_at"=>2015-06-07 14:06:12 UTC, "confirmation_sent_at"=>2015-06-07 14:06:13 UTC}] flags=[] COMMAND database=intranet_rails_development command={:getlasterror=>1, :w=>1} runtime: 0.5337ms MOPED: 127.0.0.1:27017 COMMAND database=intranet_rails_development command={:count=>"clients", :query=>{"user_id"=>BSON::ObjectId('55744fd46a65004c95000000')}} runtime: 0.3471ms Rendered devise/mailer/confirmation_instructions.html.erb (1.3ms)

    5. 发送确认电子邮件

  5. 然后是最终查询

    confirmation_token=3DHJTJ34o1XKEL-EFn8B4j"

  6. 然后使用确认令牌

    进行GET 
    MOPED: 127.0.0.1:27017 QUERY        database=intranet_rails_development collection=clients selector={"user_id"=>BSON::ObjectId('55744fd46a65004c95000000')} flags=[] limit=0 skip=0 batch_size=nil fields=nil runtime: 0.6091ms
Redirected to [address]
Completed 302 Found in 2522ms

1 个答案:

答案 0 :(得分:0)

好的,事实证明我实际上有一个默认值,该确认令牌搞砸了一切

field :confirmation_token, default: SecureRandom.base64

然后在另外几个错误(包括Devise 3.5.1中引入的错误)​​后,我终于能够使其正常工作

相关问题
最新问题