Rails Devise在重置密码中调用POST而不是PUT

时间:2019-06-27 21:24:00

标签: ruby-on-rails rest devise erb devise-recoverable

我正在使用devise进行身份验证,并且恢复密码表单存在问题,该表单的链接是通过电子邮件发送的。当我定义新密码时,表单将发送POST请求,而不是PUT。它使用“电子邮件不能为空”通知重定向到用户/密码#。

因此,edit.html.erb具有方法::放置,但不起作用。 <%= form_for(resource, as: resource_name, url: user_password_path(resource_name), html: { method: :put }) do |f| %>

我整天都被困在这里,还没有找到出路

这是完整的edit.html.erb

<h2>Change your password</h2>

<%= form_for(resource, as: resource_name, url: user_password_path(resource_name),  method: :PUT) do |f| %>
  <%= render "devise/shared/error_messages", resource: resource %>
  <%= f.hidden_field :reset_password_token %>

  <div class="field">
    <%= f.label :password, "New password" %><br />
    <% if @minimum_password_length %>
      <em>(<%= @minimum_password_length %> characters minimum)</em><br />
    <% end %>
    <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
  </div>

  <div class="field">
    <%= f.label :password_confirmation, "Confirm new password" %><br />
    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
  </div>

  <div class="actions">
    <%= f.submit "Change my password" %>
  </div>
<% end %>

这是生成的表单

<h2>Change your password</h2>

<form class="new_user" id="new_user" action="/user/password.user" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="&#x2713;" /><input type="hidden" name="_method" value="patch" /><input type="hidden" name="authenticity_token" value="Zf5rxkU11tVmt4i8hDpFPDL5y+/jzRQT/O/si6RnraidCN5vxofmVS1abO4nJ8iqlncZfCRr1jdLjMfxwMx45A==" />

  <input type="hidden" value="xk6EkLsyxCyvvpDyY6Ug" name="user[reset_password_token]" id="user_reset_password_token" />

  <div class="field">
    <label for="user_password">New password</label><br />
      <em>(6 characters minimum)</em><br />
    <input autofocus="autofocus" autocomplete="new-password" type="password" name="user[password]" id="user_password" />
  </div>

  <div class="field">
    <label for="user_password_confirmation">Confirm new password</label><br />
    <input autocomplete="new-password" type="password" name="user[password_confirmation]" id="user_password_confirmation" />
  </div>

  <div class="actions">
    <input type="submit" name="commit" value="Change my password" data-disable-with="Change my password" />
  </div>
</form>

我的密码控制器

# frozen_string_literal: true

# Deals with user login and generates JWT
class User::PasswordsController < Devise::PasswordsController
  prepend_before_action :require_no_authentication
  # Render the #edit only if coming from a reset password email link
  append_before_action :assert_reset_token_passed, only: :edit
  skip_before_action :verify_authenticity_token

  respond_to :json
  wrap_parameters :user

  before_action :configure_permitted_parameters, if: :devise_controller?




  def create
   super
  end

  def edit 
    super
  end

  def update 
    super
  end

  def new 
    super
  end

end

我的路线.rb

constraints subdomain: 'api' do
    scope module: 'user' do
      devise_for  :users,
                  path: '/user',
                  path_names: {
                    registration: 'signup',
                    sign_in: 'login',
                    sign_out: 'logout'
                  },
                  controllers: {
                    sessions: 'user/sessions',
                    registrations: 'user/registrations',
                    passwords: 'user/passwords'
                  }

服务器日志

enter image description here 预先感谢

1 个答案:

答案 0 :(得分:1)

我使用Devise密码重置功能遇到了同样的问题。我将Devise添加到API Rails应用程序(config.api_only = true)中,显然Rack::MethodOverride中间件负责API的隐藏方法属性,并将该请求更改为PUT / PATCH请求,未包含在API中-仅中间件堆栈。结果,该请求仍将它作为POST请求发送到主应用。

我向config/application.rb添加了以下行,从而解决了该问题:

config.middleware.insert_after Rack::Runtime, Rack::MethodOverride