我正在为自己写一个应用程序,所以我没有急于求成,我唯一的目标是正确地做事。 对于身份验证我使用设计,但我结果是定制它很多。 我已经看到Rails 3.1中出现了一些很好的功能,可以更容易地实现auth。
一般来说,什么时候Devise会停止使用并开始妨碍你? 这是我目前的定制列表,当然除了视图,但我仍然想实现至少SEO友好的URL。
# model/User.rb
#this method is called by devise to check for "active" state of the model
def active?
#remember to call the super
#then put our own check to determine "active" state using
#our own "is_active" column
super and self.is_active?
end
protected #====================================================================
# find in db the user with username or email login
def self.find_record(login)
where(attributes).where(["name = :value OR email = :value", { :value => login }]).first
end
# allow no case sensitive email
# (saved downcase, fetched downcase)
def self.find_for_authentication(conditions)
conditions[:email].downcase!
super(conditions)
end
# find the user in the db by username or email
def self.find_for_database_authentication(conditions)
login = conditions.delete(:login)
where(conditions).where(["name = :value OR email = :value", { :value => login }]).first
end
# Attempt to find a user by it's email. If a record is found, send new
# password instructions to it. If not user is found, returns a new user
# with an email not found error.
def self.send_reset_password_instructions(attributes={})
recoverable = find_recoverable_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
recoverable.send_reset_password_instructions if recoverable.persisted?
recoverable
end
def self.find_recoverable_or_initialize_with_errors(required_attributes, attributes, error=:invalid)
case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
attributes = attributes.slice(*required_attributes)
attributes.delete_if { |key, value| value.blank? }
if attributes.size == required_attributes.size
if attributes.has_key?(:login)
login = attributes.delete(:login)
record = find_record(login)
else
record = where(attributes).first
end
end
unless record
record = new
required_attributes.each do |key|
value = attributes[key]
record.send("#{key}=", value)
record.errors.add(key, value.present? ? error : :blank)
end
end
record
end
# password not required on edit
# see: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
def password_required?
new_record?
end
# controllers/registrations_controller.rb
# devise controller for registration
class RegistrationsController < Devise::RegistrationsController
# update_attributes (with final S) without providing password
# overrides devise
# see: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
def update
# Devise use update_with_password instead of update_attributes.
# This is the only change we make.
if resource.update_attributes(params[resource_name])
set_flash_message :notice, :updated
# Line below required if using Devise >= 1.2.0
sign_in resource_name, resource, :bypass => true
redirect_to after_update_path_for(resource)
else
clean_up_passwords(resource)
render_with_scope :edit
end
end
end
谢谢
答案 0 :(得分:4)
我暂时坚持设计,你的变化并不大。但是,我会设计并将您所做的更改提取到新功能中。然后尝试让他们自己设计。这样维护它们不会落在你身上,它可能落在许多人身上。
维护一个完整的身份验证系统可能是一个真正令人头痛的问题,并最终重新发明轮子。只需要一个错误就可以让你大开眼界。
此外,您的新find_for_authentication
方法,现在已经在设计中得到支持,放入您的设计初始化程序......
config.case_insensitive_keys = [ :email ]
答案 1 :(得分:0)
好问题 - 我的观点可能是,只要它使事情变得更容易,它就是有用的。您总是可以在github上进行fork设计并在某种程度上将您的自定义放在那里 - 这就是我在一个项目中所做的。我对自己的身份验证感到有些紧张,因为正确认证是非常重要的,特别是如果其他人想看到他们不应该看到的东西。但我有兴趣看看别人的想法。