Rails Devise：设置密码重置令牌并重定向用户

发布于 2024-11-05 01:48:34 字数 382 浏览 2 评论 0原文

在我的应用程序中，针对特定用例，我创建一个新用户（以编程方式设置密码）并向他们发送一封确认电子邮件。

我希望他们能够在确认后立即更改密码（无需输入我不想发送给他们的系统生成的密码）

实际上我希望
1) 系统创建一个新的用户帐户并生成密码。
2) 系统发送确认邮件。
3）用户单击确认并被重定向以输入密码（有效地将他们发送到如下所示的 URL）

<a href="http://localhost:3000/users/password/edit?reset_password_token=v5Q3oQGbsyqAUUxyqLtb">Change my password</a>

任何帮助/指示都会很棒。

原文

In my app for a certain use case I create a new user (programmatically set the password) and send them a confirmation email.

I would like them to be able to change their password immediately after confirming (without having to enter the system generated one which I don't want to send them)

In effect I would like
1) System creates a new user account with generated password.
2) System sends confirmation email.
3) User clicks confirmation and is redirected to enter in their password (effectively send them to a URL like below)

<a href="http://localhost:3000/users/password/edit?reset_password_token=v5Q3oQGbsyqAUUxyqLtb">Change my password</a>

Any help / pointers would be great.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

窝囊感情。 2024-11-12 01:48:34

一种简单的方法，让用户只需一步即可使用您建议的链接确认电子邮件地址并设置初始密码...

发送您的应用程序生成的一封电子邮件，包括重置密码令牌，并考虑用户拥有该令牌，确认该令牌的有效性电子邮件。

在系统帐户生成代码中，假设用户模型设置有 :recoverable 和 :database_authenticatable 设计模块...

acct = User.new
acct.password = User.reset_password_token #won't actually be used...  
acct.reset_password_token = User.reset_password_token 
acct.email = "[email protected]" #assuming users will identify themselves with this field
#set other acct fields you may need
acct.save

在设置初始密码时，使设计重置密码视图对用户来说更清晰。

view/devise/passwords/edit.html.erb

...
<%= "true" == params[:initial] ? "Set your password" : "Reset your password" %>
...

生成的电子邮件

Hi <%= @user.name %>
An account has been generated for you.
Please visit www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @user.reset_password_token %> to set your password.

无需在您的用户模型中包含 :confirmable Devise 模块，因为如果电子邮件中没有 reset_password_token，则无法访问您的应用程序创建的帐户。

Devise 将处理提交并清除 Reset_password_token 字段。

有关 reset_password_token 方法和朋友的详细信息，请参阅 devise_gem_folder/lib/devise/models/recoverable.rb 和 database_authenticable.rb。

如果您想使用 Devise :confirmable 模块而不是这种方法，请参阅设计 wiki 页面。

A simple way to have just one step for users to confirm email address and set initial password using the link you proposed...

Send one email your app generates, including a reset_password_token, and consider user's possession of that token confirmation of the validity of that email address.

In system account generation code, assuming User model is set up with :recoverable and :database_authenticatable Devise modules...

acct = User.new
acct.password = User.reset_password_token #won't actually be used...  
acct.reset_password_token = User.reset_password_token 
acct.email = "[email protected]" #assuming users will identify themselves with this field
#set other acct fields you may need
acct.save

Make the devise reset password view a little clearer for users when setting initial password.

views/devise/passwords/edit.html.erb

...
<%= "true" == params[:initial] ? "Set your password" : "Reset your password" %>
...

Generated Email

Hi <%= @user.name %>
An account has been generated for you.
Please visit www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @user.reset_password_token %> to set your password.

No need to include :confirmable Devise module in your User model, since accounts created by your app won't get accessed without the reset_password_token in the email.

Devise will handle the submit and clear the reset_password_token field.

See devise_gem_folder/lib/devise/models/recoverable.rb and database_authenticatable.rb for details on reset_password_token method and friends.

If you want to use Devise :confirmable module rather than this approach, see the Devise wiki page.

回复收藏 0 原文

孤独患者 2024-11-12 01:48:34

在 Rails 4.1 中，对 Anatortoise House 回复的以下修改有效：

user = User.new
user.password = SecureRandom.hex #some random unguessable string
raw_token, hashed_token = Devise.token_generator.generate(User, :reset_password_token)
user.reset_password_token = hashed_token
user.reset_password_sent_at = Time.now.utc
user.email = '[email protected]'
user.save!
# Use a mailer you've written, such as:
AccountMailer.set_password_notice(user, raw_token).deliver

电子邮件视图有此链接：

www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @raw_token %>

In Rails 4.1, the following modification of Anatortoise House's reply works:

user = User.new
user.password = SecureRandom.hex #some random unguessable string
raw_token, hashed_token = Devise.token_generator.generate(User, :reset_password_token)
user.reset_password_token = hashed_token
user.reset_password_sent_at = Time.now.utc
user.email = '[email protected]'
user.save!
# Use a mailer you've written, such as:
AccountMailer.set_password_notice(user, raw_token).deliver

The email view has this link:

www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @raw_token %>

回复收藏 0 原文

眉目亦如画i 2024-11-12 01:48:34

这是我的邮件预览片段

class Devise::MailerPreview < ActionMailer::Preview
  def reset_password_instructions
    user = User.last
    token = user.send(:set_reset_password_token)
    Devise::Mailer.reset_password_instructions(user, token)
  end
end

Here is my snippet for mailer preview

class Devise::MailerPreview < ActionMailer::Preview
  def reset_password_instructions
    user = User.last
    token = user.send(:set_reset_password_token)
    Devise::Mailer.reset_password_instructions(user, token)
  end
end

回复收藏 0 原文