在我更改此用户密码并重新登录后,Devise将current_user设置为nil

时间:2019-05-28 17:52:52

标签: ruby-on-rails devise

这是我要在控制器中使用的代码:

profiles_controller.rb: 

class ProfilesController < ApplicationController
  ...


  def update

    respond_to do |format|
      # assume valid data sent (I've already tested for this)
      if @user.update(user_params)
        # password_reset? check's parameter passed to action that a check box was
        # checked (which enables/disables password/confirmation fields. If unchecked,
        # fields are disabled and no password parameters are sent to this action.
        # @user was set to current_user in a before_action already
        # inspecting @user at this point returns the same thing as current_user here
        sign_in(:user, @user) if password_reset?
        # current_user is still set to @user and is valid

        # after redirection current_user becomes nil
        format.html {
          redirect_to home_path, notice: 'Your profile was successfully updated.'
        }
      else
        format.html { render :edit }
      end
    end
  end
  ...
private
  # Never trust parameters from the scary internet, only allow the white list through.
  def user_params
    @user_params ||= params.require(:user).permit(:first_name, :last_name, :email, :phone, :password, :password_confirmation, :reset_password)
  end

  def password_reset?
    @user_params["reset_password"] == "1"
  end
end

application_controller.rb: 

class ApplicationController < ActionController::Base
...

private
...
  def require_user
    logger.debug "IN REQUIRE_USER, CURRENT_USER IS: #{current_user.inspect}"
    unless current_user
      store_location
      redirect_to new_user_session_url, notice: "That url doesn't exist."
      return false
    end
  end

  def require_admin
    # this line will actually log a user in
    #sign_in(:user, User.first) unless current_user
    logger.debug "IN REQUIRE_ADMIN, CURRENT_USER IS: #{current_user.inspect}"
    unless current_user && current_user.is_admin?
      redirect_to(home_path, notice: "That url doesn't exist.") and return false
    end
  end
...
end

development.log: 

Started PATCH "/profile" for 127.0.0.1 at 2019-05-28 10:38:45 -0700
Processing by ProfilesController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"....", "user"=>{....}, "commit"=>"Update Profile"}
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ?  [["id", 1], ["LIMIT", 1]]
  ↳ app/controllers/application_controller.rb:47
IN REQUIRE_USER, CURRENT_USER IS: #<User id: 1 ....>
   (0.1ms)  begin transaction
  ↳ app/controllers/profiles_controller.rb:16
  User Exists (0.4ms)  SELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER(?) AND "users"."id" != ? LIMIT ?  [["email", "...."], ["id", 1], ["LIMIT", 1]]
  ↳ app/controllers/profiles_controller.rb:16
  User Update (0.3ms)  UPDATE "users" SET "encrypted_password" = ?, "updated_at" = ? WHERE "users"."id" = ?  [["encrypted_password", "$2a$11...."], ["updated_at", "2019-05-28 17:38:45.346414"], ["id", 1]]
  ↳ app/controllers/profiles_controller.rb:16
   (2.3ms)  commit transaction
  ↳ app/controllers/profiles_controller.rb:16
PASSWORDS PASSED IN SO USER PASSWORD CHANGE OCCURRED
REDIRECTING TO HOME PATH
Redirected to http://localhost:3000/admin
Completed 302 Found in 121ms (ActiveRecord: 3.2ms)


Started GET "/admin" for 127.0.0.1 at 2019-05-28 10:38:45 -0700
Processing by Admin::PagesController#index as HTML
  User Load (0.2ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ?  [["id", 1], ["LIMIT", 1]]
  ↳ app/controllers/application_controller.rb:65
IN REQUIRE_ADMIN, CURRENT_USER IS: nil
Redirected to http://localhost:3000/
Filter chain halted as :require_admin rendered or redirected
Completed 302 Found in 2ms (ActiveRecord: 0.2ms)


Started GET "/" for 127.0.0.1 at 2019-05-28 10:38:45 -0700
Processing by PagesController#index as HTML
  Rendering pages/index.html.erb within layouts/application
  Rendered pages/index.html.erb within layouts/application (0.7ms)
  Rendered application/_navigation.html.erb (1.7ms)
  Rendered application/_alert.html.erb (0.3ms)
Completed 200 OK in 1152ms (Views: 1151.2ms | ActiveRecord: 0.0ms)

我四处搜寻,发现by_pass: true被传递给sign_in,但这无济于事。在用户中登录后,我也尝试过@current_user = @user@current_user是Devise控制器btw的直接实例变量),但这也无济于事。

有什么想法吗?

2 个答案:

答案 0 :(得分:2)

如果用户已经登录,Devise将忽略登录,请尝试:

if @user.saved_change_to_encrypted_password? # for rails 5+, for previous - .encrypted_password_changed?
  sign_in @user, force: true
end

答案 1 :(得分:0)

如果用户已经登录,则可以登录新会话。

Devise说 

# Sign in a user bypassing the warden callbacks and stores the user
# straight in session. This option is useful in cases the user is 
# signed in, but we want to refresh the credentials in session.

请像下面一样使用。

bypass_sign_in(@user)
相关问题
最新问题