当我尝试更新用户密码时,我有:
在3ms内完成401未授权(ActiveRecord:0.6ms)
更新正常,但我已经注销了。我希望在此更新后保留日志。
我使用了设计中的update with password
方法。
Registrations_controller
def update_password
@user = current_user
authorize @user, :update?
if @user.update_with_password(user_params)
flash[:success] = t 'edit.success'
else
flash[:error] = t 'flash.error_occured'
end
redirect_to edit_user_registration_path + "##{t('users.account.title')}"
end
private
def user_params
params.require(:user).permit(
:current_password, :password, :email, :username )
end
查看代码:
= form_for @user, url: update_password_path, html: { method: :put, role: 'form'} do |f|
= devise_error_messages!
= f.label t ('password.current')
= f.password_field :current_password, autocomplete: :off
= f.label t('password.new')
= f.password_field :password, autocomplete: :off
= f.submit t('button.change'), data: { disable_with: t('ajaxdoing') }
答案 0 :(得分:1)
将您的update
操作更改为此类
def update_password
@user = current_user
authorize @user, :update?
if @user.update_with_password(user_params)
sign_in(@user, :bypass => true)
flash[:success] = t 'edit.success'
else
flash[:error] = t 'flash.error_occured'
end
redirect_to edit_user_registration_path + "##{t('users.account.title')}"
end
编辑:
当密码更新时,设计自动注销,因此我们无法逃避,而是我们再次登录用户并绕过warder回调。