案例一:
当我发送邀请电子邮件和用户接受邀请时,他需要使用字段:password和:confirm_password更新自己的密码
好吧一切正常。
配置/初始化/ devise_auth_token.rb
# By default sending current password is not needed for the password update.
# Uncomment to enforce current_password param to be checked before all
# attribute updates. Set it to :password if you want it to be checked only if
# password is updated.
config.check_current_password_before_update = :attributes
案例二:
当我以用户身份登录并需要更改密码时,我会将下一个字段设为:current_password,:password,:password_confirmation
在这种情况下,案例一无效,因为他需要放:current_password,我该如何解决这个问题?
在这两种情况下,我们都使用路线
PUT /v1/auth/password(.:format) devise_token_auth/passwords#update
当用户接受邀请并设置新密码时,如何避免:current_password,并且当用户只想更改自己的密码时允许设置:current_password?
module Api::V1
class InvitationsController < Devise::InvitationsController
include InvitableMethods
before_action :authenticate_user!, only: :create
before_action :resource_from_invitation_token, only: [:edit, :update]
def create
User.invite!(invite_params, current_user)
render json: { success: ['User created.'] }, status: :created
end
def edit
redirect_to "#{client_api_url}?invitation_token=#{params[:invitation_token]}"
end
def update
user = User.accept_invitation!(accept_invitation_params)
if @user.errors.empty?
render json: { success: ['User updated.'] }, status: :accepted
else
render json: { errors: user.errors.full_messages },
status: :unprocessable_entity
end
end
private
def invite_params
params.permit(user: [:email, :invitation_token, :provider, :skip_invitation])
end
def accept_invitation_params
params.permit(:password, :password_confirmation, :invitation_token)
end
end
end
的routes.rb
Rails.application.routes.draw do
root to: 'api/V1/welcome#home'
scope module: 'api' do
namespace :v1 do
mount_devise_token_auth_for 'User', at: 'auth', skip: [:invitations]
devise_for :users, path: 'auth', only: [:invitations],
controllers: { invitations: 'api/v1/invitations' }
end
end
end