我在我的应用中使用devise invitable,由于某种原因,我无法接受邀请。检查日志时,我一直看到以下消息:
Filter chain halted as :resource_from_invitation_token rendered or redirected
在检查Devise代码时,我看到的功能是:
def resource_from_invitation_token
unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
set_flash_message(:alert, :invitation_token_invalid) if is_flashing_format?
redirect_to after_sign_out_path_for(resource_name)
end
end
导致该问题的部分是因为resource_class.find_by_invitation_token(params[:invitation_token], true),因为我尝试运行User.find_by_invitation_token(TOKEN, true)时,它在控制台中显示为nil。
当我拉起有问题的用户并检查其:invitation_token时,它不等于尝试接受邀请时要检查的值
# User that is attempting to accept the invitation
> #<User id: 20786, email: "email_goes_here", created_at: "2018-11-06 19:39:29", updated_at: "2018-11-06 19:39:29", admin: false, employee: false, is_client: true, user_type: 5.0, location_id: 1, auth_token: nil, unlock: nil, deleted_at: nil, user_types_id: nil>
# Token from activation email
2.3.4 :003 > token = "GajU3sLy3r5exmzfqWKw"
=> "GajU3sLy3r5exmzfqWKw"
# Should return the user, but instead returns nil
2.3.4 :004 > User.find_by_invitation_token(token, true)
User Load (4.8ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["invitation_token", "b821be248a157559b10b7e5b908effd9fa13ec158cfb26b8d908cbad7f57f59e"], ["LIMIT", 1]]
=> nil
# Should return value being used in find_by_invitation_token "b821be248a1..." but returns something else
2.3.4 :006 > User.last.invitation_token
User Load (1.1ms) SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT $1 [["LIMIT", 1]]
=> "fc56c527eba7fcf0b821a1289bf9083563527cd41612057521e173f26930f7f4"
答案 0 :(得分:0)
以防万一将来有人遇到这个问题,这是我对Devise Invitable的理解:
在用户的初始INVITE上,它会创建原始令牌值(在邀请对象上的临时访问者值raw_invitation_token,然后将其散列到模型的invitation_token字段中。
因此,URL中的值是“原始”令牌,然后出于安全目的,Devise Invitable进行单向哈希查找,以查看raw_invitation_token->单向哈希算法->模型的{{ 1}}数据库中的值将返回任何内容。
如果找不到基于该查找的任何值,则它默默失败。