Ruby on Rail 的 Authlogic gem - 密码确认仅用于密码重置和编辑页面
我按照 github 上的 Authlogic 示例教程 进行操作,并完成所有设置并运行。但我想对密码确认进行更改。
按照教程进行操作后,您必须在注册时输入密码确认。我不希望这是必要的,因此我将 c.require_password_confirmation = false
放入 acts_as_authentic
块中。但这完全消除了密码确认。我仍然希望在“编辑用户”页面上进行密码确认,以便他们更改密码时使用。我还想将其用于“重置密码”页面(我目前尚未设置)。
我该怎么做呢?
另外,虽然不那么重要,但在“编辑用户”页面上,当前所有内容都是一种形式,只有 UsersController
中的一个 Update def。因此,如果有人想要更改其他一些信息,他们还必须输入当前密码,因为我目前已将其设置为...
def update
@user = current_user
if @user.valid_password?(params[:user][:old_password])
if @user.update_attributes(params[:user].reject{|key, value| key == "old_password"})
flash[:notice] = 'Successfully updated profile.'
render :action => :edit
else
render :action => :edit
end
else
flash[:notice] = 'Your old password is wrong.'
render :action => :edit
end
end
我最好希望拥有它,这样只需要他们输入旧密码,如果他们更改他们的电子邮件地址或输入新密码。
用户.rb
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.require_password_confirmation = false
end
attr_accessor :old_password, :reset_password
validate :old_password_valid, :on => :update, :unless => [:reset_password]
def old_password_valid
errors.add(:old_password, "You must introduce your password") unless valid_password?(old_password)
end
def require_password?
password_changed? || (crypted_password.blank? && !new_record?) || reset_password
end
def deliver_password_reset_instructions!
reset_perishable_token!
Notifier.deliver_password_reset_instructions(self)
end
end
I followed the Authlogic example tutorial at github and have everything set up and running. But I would like to make a change concerning password confirmation.
Following the tutorial, you must enter a password confirmation when registering. I don't want that to be necessary, so I put c.require_password_confirmation = false
in the acts_as_authentic
block. But that removes password confirmation entirely. I'd still like to have password confirmation for the Edit User page, for when they change their password. I'd also like to have it for the Reset Password page (which I currently do not have set up).
How do I go about doing this?
Also, though not as important, on the Edit User page, everything is currently one form, with the one Update def in the UsersController
. So if someone wants to change some other information, they also have to enter their current password as I currently have it set up as so...
def update
@user = current_user
if @user.valid_password?(params[:user][:old_password])
if @user.update_attributes(params[:user].reject{|key, value| key == "old_password"})
flash[:notice] = 'Successfully updated profile.'
render :action => :edit
else
render :action => :edit
end
else
flash[:notice] = 'Your old password is wrong.'
render :action => :edit
end
end
I'd preferably like to have it so that it only requires they enter their old password if they change their email address or enter a new password.
user.rb
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.require_password_confirmation = false
end
attr_accessor :old_password, :reset_password
validate :old_password_valid, :on => :update, :unless => [:reset_password]
def old_password_valid
errors.add(:old_password, "You must introduce your password") unless valid_password?(old_password)
end
def require_password?
password_changed? || (crypted_password.blank? && !new_record?) || reset_password
end
def deliver_password_reset_instructions!
reset_perishable_token!
Notifier.deliver_password_reset_instructions(self)
end
end
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我会这样做,添加访问器old_password,reset_password(重置密码时我们设置为true的布尔值):
现在,我们需要在更新时验证旧密码,但不重置:
到目前为止,我们已经验证了旧密码当用户更新其个人资料时,密码有效。
现在,为了询问是否输入新密码,Authlogic 添加了一个方法“require_password?”对于您的用户模型,您必须覆盖它。我这样做了:
基本上在以下情况下要求密码(和确认):1)用户更新密码,2)用户激活他们的帐户(所以他们仍然没有密码),3)用户重置密码。
希望这有帮助。
I would do it this way, add accessors old_password, reset_password (boolean that we set to true when reseting password):
Now, we need to validate the old password when updating, but not reseting:
So far, we've validated that the old password is valid when the user is updating their profile.
Now, to ask for the new password or not, Authlogic adds a method 'require_password?' to your user model, you have to override it. I did this way:
Basically asks for the password (and confirmation) when: 1) User updating password, 2) User activating their account (so they still haven't got a password), 3) user resetting password.
Hope this helps.