我是 Rails 新手,我试图仅在用户将变量email_activation_token设置为true. 出于某种原因,我创建了 if 语句,但它允许用户登录,不管它是否有价值!我去了 sqlitebrowser 并检查了我的数据库,我创建的用户确实email_activation_token设置为 false。
注意两件事。我正在使用 HAML,并且我有一个 cookie 来保持用户登录。
(任何包含该主题教程链接的答案都会加分,因为它会有所帮助)
应用程序/控制器/sessions_controller.rb
def create
user = User.authenticate(params[:email], params[:password])
if user.email_activation_token = true
if user
if params[:remember_me]
cookies.permanent[:auth_token] = user.auth_token
else
cookies[:auth_token] = user.auth_token
end
redirect_to root_url, :notice => "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
else
flash.now.alert = "You account has not been activated yet check your email!"
render "new"
end
end
应用程序/控制器/users_controller
class UsersController < ApplicationController
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save
UserMailer.registration_confirmation(@user).deliver
redirect_to root_url, :notice => "Signed up!"
else
render "new"
end
def accept_invitation
@user = User.find_by_email_activation_token!(params[:token])
@user.email_activation_token = true
redirect_to root_url, :notice => "Email has been verified."
end
end
end
应用程序/视图/会话/new.html.haml
%h1 Log in
= form_tag sessions_path do
%p
= label_tag :email
= text_field_tag :email, params[:email]
%p
= label_tag :password
= password_field_tag :password
%p.button
%input{name: "commit", type: "submit", value: "Log in"}
.field
= label_tag :remember_me
= check_box_tag :remember_me, 1, params[:remember_me]
%p
= link_to "forgotten password?", new_password_reset_path
应用程序/模型/user.rb
class User < ActiveRecord::Base
attr_accessible :email, :password, :password_confirmation
attr_accessor :password
before_save :encrypt_password
before_save { |user| user.email = email.downcase }
before_create { generate_token(:auth_token) }
# before_create { generate_token(:email_activation_token) }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
VALID_PASSWORD_REGEX = /^(?=.*[a-zA-Z])(?=.*[0-9]).{6,}$/
validates_confirmation_of :password
validates :password, :on => :create, presence: true, format: { with: VALID_PASSWORD_REGEX }
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
def self.authenticate(email, password)
user = find_by_email(email)
if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
user
else
nil
end
end
def send_password_reset
generate_token(:password_reset_token)
self.password_reset_sent_at = Time.zone.now
save!
UserMailer.password_reset(self).deliver
end
def encrypt_password
if password.present?
self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
end
end
def generate_token(column)
begin
self[column] = SecureRandom.urlsafe_base64
end while User.exists?(column => self[column])
end
end
应用程序/配置/路由.rb
LootApp::Application.routes.draw do
get "password_resets/new"
get "sessions/new"
resources :users
resources :sessions
resources :password_resets
resources :email_activations
resources :users do
collection do
get :accept_invitation
end
end
# get "users/new"
get "static_pages/home"
get "static_pages/help"
root to: 'static_pages#home'
match "sign_up", to: "users#new"
match '/help', to: 'static_pages#help'
match '/log_in', to: 'sessions#new'
match '/log_out', to: 'sessions#destroy'
end