1

我允许用户使用 OmniAuth 使用 Facebook 和 Google 登录,也允许他们使用电子邮件创建帐户。除了用户能够更新其帐户信息的部分外,一切正常。

我添加了一个名为 username 的字段,其中 sign_up 和 sign_in 处理 Ok,对于更新,如果用户使用 facebook 登录,我不想要求用户输入密码,但我不断收到 ForbiddenAttributesError。

这是我写的代码。

class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters, if: :devise_controller?    

  def update
    @provider = Provider.find_by_user_id(current_user.id)
    @user = User.find(current_user.id)
    email_changed = current_user.email != params[resource_name][:email]
    is_omniauth_account = @provider.blank?

    successfully_updated = if is_omniauth_account
      resource.update_with_password(params[resource_name])
    else
      resource.update_without_password(params[resource_name])
    end

    if successfully_updated
      # Sign in the user bypassing validation in case his password changed
      sign_in @user, :bypass => true
      redirect_to root_path
    else
      clean_up_passwords(resource)
      render_with_scope :edit
    end
  end

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password) }
  end

  def resource_params
    params.require(:user).permit(:username, :email, :password, :password_confirmation, :current_password)
  end
  private :resource_params
end
4

2 回答 2

1

看起来您已经定义了处理强参数的方法,但您没有在update操作中使用它。

试试这个:

successfully_updated = if is_omniauth_account
  resource.update_with_password(resource_params)
else
  resource.update_without_password(resource_params)
end
于 2013-07-03T10:46:52.373 回答
1

这个解决方案成功了,但我仍然有问题我不确定在运行时删除参数是否是一个好习惯

class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters, if: :devise_controller?

  def update
    @provider = Provider.find_by_user_id(current_user.id)
    @user = User.find(current_user.id)
    email_changed = current_user.email != resource_params[:email]
    is_omniauth_account = !@provider.blank?
    successfully_updated = if is_omniauth_account
      devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation) }
      resource.update_without_password(devise_parameter_sanitizer.for(:account_update))      
    else
      resource.update_with_password(devise_parameter_sanitizer.for(:account_update))
    end

    if successfully_updated
      # Sign in the user bypassing validation in case his password changed
      sign_in @user, :bypass => true
      redirect_to root_path
    else
      clean_up_passwords(resource)
      render :edit
    end
  end

  def create
    super
    UserMailer.welcome(@user).deliver

  end

  protected
  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password) }
  end
end
于 2013-07-04T07:46:50.493 回答