用devise更新密码后完成401 Unauthorized

时间:2016-10-17 08:42:16

标签: ruby-on-rails ruby redirect devise http-status-code-401

当我尝试更新用户密码时,我有:

  
    

在3ms内完成401未授权(ActiveRecord:0.6ms)

  

更新正常,但我已经注销了。我希望在此更新后保留日志。

我使用了设计中的update with password方法。

Registrations_controller

 def update_password
    @user = current_user
    authorize @user, :update?
    if @user.update_with_password(user_params)
      flash[:success] = t 'edit.success'
    else
      flash[:error] = t 'flash.error_occured'
    end
    redirect_to edit_user_registration_path + "##{t('users.account.title')}"
  end

private

def user_params
    params.require(:user).permit(
      :current_password, :password, :email, :username )
end

查看代码:

  = form_for @user, url: update_password_path, html: { method: :put, role: 'form'} do |f|
    = devise_error_messages!

    = f.label t ('password.current')
    = f.password_field :current_password, autocomplete: :off

    = f.label t('password.new')
    = f.password_field :password, autocomplete: :off

    = f.submit t('button.change'), data: { disable_with: t('ajaxdoing') }

1 个答案:

答案 0 :(得分:1)

将您的update操作更改为此类

def update_password
  @user = current_user
  authorize @user, :update?
  if @user.update_with_password(user_params)
    sign_in(@user, :bypass => true)
    flash[:success] = t 'edit.success'
  else
    flash[:error] = t 'flash.error_occured'
  end
  redirect_to edit_user_registration_path + "##{t('users.account.title')}"
end

编辑:

当密码更新时,设计自动注销,因此我们无法逃避,而是我们再次登录用户并绕过warder回调。