在 Authlogic 中强制验证空白密码
我正在向使用 Authlogic 的 Rails 应用程序添加密码重置功能。我遵循此处的指南: http://www .binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ 一切都按我想要的方式工作,除了一件事:密码重置表单接受空白密码,但根本不接受改变他们。
我一直在四处寻找,并了解到这是预期的默认行为,因为它允许您使用户编辑表单仅在输入新密码时更改用户的密码,否则忽略它。但在这种情况下,我特别想强制验证密码,就像用户最初注册时一样。我已经找到了解决此问题的两种可能的解决方案,但无法弄清楚如何实现其中任何一个。
1) 有人在 Google 网上论坛上问了同样的问题:
Ben 的响应是使用 @user.validate_password = true 强制验证密码。我尝试了此操作,但收到未定义的方法错误:undefined method 'validate_password_field=' for #。
2) 似乎有一个名为 ignore_blank_passwords 的 Authlogic 配置选项。它记录在此处:
模块:Authlogic::ActsAsAuthentic::Password::Config#ignore_blank_passwords
这看起来可行,但我的理解是这是一个全局的您在用户模型中的初始 acts_as_authentic 调用中使用的配置选项,我不想在应用程序范围内更改它,因为我确实有一个针对需要空白密码的用户的常规编辑表单默认情况下会被忽略。
有人找到解决这个问题的方法吗?我在 Authlogic 1.4.1 的更改日志中看到 validate_password= ,从那时起它就没有被删除。我只是错误地使用它吗?有没有办法在每个请求的基础上使用 ignore_blank_passwords ?
I'm adding a password reset feature to my Rails application that uses Authlogic. I was following the guide here: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ and everything works as I'd like except for one thing: the password reset form accepts blank passwords and simply doesn't change them.
I've been searching around, and have learned that this is the intended default behavior because it allows you to make user edit forms that only change the user's password if they enter a new one, and ignore it otherwise. But in this case, I specifically want to enforce validation of the password like when a user initially registers. I've found two possible solutions for this problem but haven't been able to figure out how to implement either of them.
1) Someone asked this same question on Google Groups:
User model saves with blank password
Ben's response was to use @user.validate_password = true to force validation of the password. I tried this but I get an undefined method error: undefined method 'validate_password_field=' for #<User>.
2) There seems to be an Authlogic configuration option called ignore_blank_passwords. It is documented here:
Module: Authlogic::ActsAsAuthentic::Password::Config#ignore_blank_passwords
This looks like it would work, but my understanding is that this is a global configuration option that you use in your initial acts_as_authentic call in the User model, and I don't want to change it application-wide, as I do have a regular edit form for users where I want blank passwords to be ignored by default.
Anyone found a solution to this? I see validate_password= in the change log for Authlogic 1.4.1 and nothing about it having been removed since then. Am I simply using it incorrectly? Is there a way to use ignore_blank_passwords on a per-request basis?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这是一个旧线程,但由于尚未得到答复,我将发布此内容。
我已经设法比其他解决方案做得更干净一点,用我自己的解决方案“帮助”authlogic 验证。
我将其添加到用户:
您可以通过创建
attr_accessor并使用:if => 将其减少到两行。 :password_required(无询问),但我更喜欢带有询问符号的其他语法。然后你的控制器动作可以像这样完成:
这将产生局部效果;应用程序的其余部分不会受到影响(除非
password_required在其他地方设置为 true)。我希望它有帮助。
This is kind of an old thread, but since it is unanswered I'll post this.
I've managed to do it a bit more cleanly than the other solutions, "helping" authlogic validations with my own.
I added this to user:
You can reduce it to two lines by making an
attr_accessorand using:if => :password_required(no interrogation), but I prefer this other syntax with the interrogation sign.Then your controller action can be done like this:
This will have a local effect; the rest of the application will not be affected (unless
password_requiredis set to true in other places, that is).I hope it helps.
这就是我所做的。
现在,在控制器中,将
ignore_blank_passwords属性设置为 false。在这里,您是在 AuthLogic 的范围内工作。您不必更改验证逻辑。
This what I did.
Now in your controller, set the
ignore_blank_passwordsattribute to false.Here, you are working within the confines of AuthLogic. You don't have to change the validation logic.
使用模型而不是对象来设置此属性。
Use model, not object for setting this property.
也许测试控制器中的参数值? (航空代码):
Maybe test the value of the parameter in the controller? (air code):
除了 zetetic 的解决方案之外,您还可以这样做:
您基本上是在检查 authlogic 是否更改了用户记录(如果密码为空则不会更改)。在 else 块中,您可以检查密码是否为空,并向用户记录添加适当的错误消息或显示闪现消息。
Apart from zetetic's solution you could do it this way:
You're basically checking if authlogic changed the user record (which it doesn't if the password is empty). In the else block you can check if the password was blank and add an appropriate error message to the user record or display a flash message.