0

我将 Authlogic 与我的 Rails 应用程序一起使用,但我无法弄清楚为什么它有时无法根据易腐令牌找到用户。它通常有效,但有时不会。我使用此代码,以便在能够登录之前验证用户。但是,例如现在,我正在查看一个示例,即使当我查看用户的数据库,易腐令牌与用户的数据库相匹配。

过程是这样的:

在 users_controller #create

@user.deliver_verification_instructions!(@subdomain)

在用户模型中:

def deliver_verification_instructions!(subdomain)
  reset_perishable_token!
  Notifier.verification_instructions(self, subdomain).deliver!
end

在我的邮件中(Notifier.rb)

# email on new user registration to verify user
def verification_instructions(user,subdomain)
  @user = user
  @subdomain = subdomain
  @url  = "http://#{@subdomain.name}.foobar.com/user_verifications/#{@user.perishable_token}"
  sent_on       Time.now
  mail(:to => "#{user.first_name} <#{user.email}>",
    :subject => "Email Verification",
    :from => 'Foo <info@foobar.com>') do |format|
    format.text
    format.html
  end
end

在电子邮件视图中:

Please click the following link to verify your email address:                                           
<%= @url %>

在 User_verifications 控制器中

class UserVerificationsController < ApplicationController
  before_filter :load_user_using_perishable_token

def show
  @subdomain = Subdomain.find_by_user_name(current_subdomain)

  if @user
    @user.verify!
    flash[:notice] = "Thank you for verifying your account. You may now login."
  end
  redirect_to home_path
end

private
  def load_user_using_perishable_token
    @user = User.find_using_perishable_token(params[:id])
    flash[:notice] = "Unable to find your account." unless @user
  end
end

该代码有时会返回“无法找到您的帐户”。这意味着即使电子邮件中 ​​url 中的令牌与我在数据库中看到的相匹配,它也没有找到易腐烂的令牌。

当我查看我在 Heroku 上的日志时,我看到的都是:

2013-01-11 00:10:01+00:00 app web.1     - - Started GET "/user_verifications/lTpNRnjDw4WbyAMUyw6" for 10.253.207.217/ip-10-253-207-217.eu-west-1.compute.internal at 2013-01-11 00:10:01 +0000
2013-01-11 00:10:02+00:00 heroku router - - at=info method=GET path=/user_verifications/lTpNRnjDw4WbyAMUyw6 host=mvfd.foobar.com fwd=10.253.207.217/ip-10-253-207-217.eu-west-1.compute.internal dyno=web.1 queue=0 wait=0ms connect=10ms service=1325ms status=302 bytes=96
2013-01-11 00:10:02+00:00 app web.1     - - cache: [GET /user_verifications/lTpNRnjDw4WbyAMUyw6] miss
2013-01-11 00:10:02+00:00 app web.1     - -   Processing by UserVerificationsController#show as HTML
2013-01-11 00:10:02+00:00 app web.1     - -   Parameters: {"id"=>"lTpNRnjDw4WbyAMUyw6"}
2013-01-11 00:10:02+00:00 app web.1     - - Redirected to http://mvfd.foobar.com/home
2013-01-11 00:10:02+00:00 app web.1     - - Completed 302 Found in 1008ms

感谢您提供的任何帮助!

4

1 回答 1

2

默认情况下,Authlogic 会在 10 分钟后过期易腐令牌(出于安全考虑),因此一些用户可能会在密码重置链接过期后关注它。

您可以在用户模型中更改此设置:

class User < ActiveRecord::Base
  acts_as_authentic do |config|
    config.perishable_token_valid_for = 1.hour
  end
end

https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/acts_as_authentic/perishable_token.rb#L15-L25

或者,将不同的过期值传递给控制器​​中的 find_using_perishable_token 方法:

@user = User.find_using_perishable_token(params[:id], 1.hour)

https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/acts_as_authentic/perishable_token.rb#L55-L63

确保根据应用程序的安全要求考虑增加过期值的风险。

于 2013-04-03T16:08:59.997 回答