Question

控制器

def create
 # admin manually creates user
 UserMailer.reset_password_instructions(@user).deliver
end

user.rb

class User < ActiveRecord::Base

  before_create :generate_reset_password_token # generating devise reset token

  # Include default devise modules. Others available are:
  # :confirmable, :lockable and :omniauthable
  # :registerable,
  # :trackable,
  devise  :database_authenticatable,
          # :confirmable,
          :rememberable,
          :validatable,
          :recoverable,
          :trackable,
          :timeoutable


private

  # Generates a new random token for confirmation, and stores
  # the time this token is being generated
  def generate_reset_password_token
    raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
    @raw_confirmation_token   = raw
    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc
  end

end

user_mailer.rb

class UserMailer < ApplicationMailer
  include Devise::Mailers::Helpers

   default from: 'no-reply@identt.co'

   def reset_password_instructions(resource, opts={})
    @resource = resource
    @token    = @resource.reset_password_token
    mail(to: @resource.email, subject: "Reset Password Instructions")
   end
end

reset_password_instructions.html.erb

<p>Hello <%= @resource.email %>!</p>

<p>Someone has requested a link to change your password. You can do this through the link below.</p>

<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>

<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

此时，当管理员手动创建用户时，Password reset链接将转到电子邮件地址，我可以使用MailCatcher或letter_opener查看该地址。 http://lvh.me:3000/users/password/edit?reset_password_token=6a8bc4683fc9e5dfcc789f94f9b6bd2b1c44fd857f13662d0f0d1f6212022f81

我点击链接，它成功地带我去了编辑密码页面。当我提交表单时，ivalidation失败并显示Reset password token is invalid消息。

我在这里缺少什么......

更新：

我的Development.rb看起来像是：

Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  # In the development environment your application's code is reloaded on
  # every request. This slows down response time but is perfect for development
  # since you don't have to restart the web server when you make code changes.
  config.cache_classes = false

  # Do not eager load code on boot.
  config.eager_load = false

  # Show full error reports and disable caching.
  config.consider_all_requests_local       = true
  config.action_controller.perform_caching = false

  # Don't care if the mailer can't send.
  config.action_mailer.raise_delivery_errors = false

  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log

  # Raise an error on page load if there are pending migrations.
  config.active_record.migration_error = :page_load

  # Debug mode disables concatenation and preprocessing of assets.
  # This option may cause significant delays in view rendering with a large
  # number of complex assets.
  config.assets.debug = true

  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
  # yet still be able to expire them through the digest params.
  config.assets.digest = true

  # Adds additional error checking when serving assets at runtime.
  # Checks for improperly declared sprockets dependencies.
  # Raises helpful error messages.
  config.assets.raise_runtime_errors = true

  # Raises error for missing translations
  # config.action_view.raise_on_missing_translations = true

  # Configure letter opener to open email in browser
  # config.action_mailer.delivery_method = :letter_opener
  config.action_mailer.delivery_method = :smtp
  config.action_mailer.smtp_settings = { :address => "lvh.me", :port => 1025 }
  config.action_mailer.default_url_options = { host: 'lvh.me', port: 3000 }

  config.domain = 'lvh.me'
end

Answer 1

我的解决方案有一行代码，我通过添加手动邮件程序，操作等使其变得复杂。

要解决此问题，我只需在send_reset_password_instructions对象中调用设计user：

在控制器中

    @user.send_reset_password_instructions

解决了我的问题。

我通过删除（根据我的问题:)

来清理我的代码

user_mailer.rb文件，因此将其删除
views/user_mailer/reset_password_instructions.html.erb文件不是必需的，因此将其删除。
在User.rb模型中，移除before_action :generate_reset_password_token以及generate_reset_password_token隐私方法。
从控制器
中删除以下邮件程序行
UserMailer.reset_password_instructions(@user).deliver

Answer 2

我对此深感疯狂，终于找到了答案：

  def generate_reset_password_token
    raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
    @raw_confirmation_token   = raw
    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc
  end

此代码是正确的，您希望user将enc作为reset_password_token。保持raw变量很方便也很好。

class UserMailer < ApplicationMailer
  include Devise::Mailers::Helpers

   default from: 'no-reply@identt.co'

   def reset_password_instructions(resource, opts={})
    @resource = resource
    @token    = @resource.reset_password_token
    mail(to: @resource.email, subject: "Reset Password Instructions")
   end
end

对于此部分，您需要@token = @raw_confirmation_token（来自令牌生成器的raw），而不是@resource.reset_password_token（来自生成器的enc）。

我相信这个解决方案适用于设计3.1+，似乎他们改变了设置以增加安全性，而没有解释这两个令牌。

设计重置密码令牌无效

2 个答案: