0

出于某种原因,当用户更新密码时,我的应用程序会跳过验证。帮我改一下。

更新方法:

def update
  if params[:user][:password]
    if current_user
      user = User.authenticate(params[:email], params[:user][:old_password])
      if user
        params[:user].delete :old_password
        if user.save
          redirect_to root_url, :notice => "Password has been changed!"
        else
          render 'edit'
        end
      else
        # old_password was incorrect
      end
    else
      # changing password while logged out
    end  
  end
end

用户型号:

class User < ActiveRecord::Base
      attr_accessible :email, :password, :password_confirmation
      attr_accessor :password
      before_save :encrypt_password
      VALID_PASSWORD_REGEX = /^(?=.*[a-zA-Z])(?=.*[0-9]).{6,}$/
      validates_confirmation_of :password
      validates :password, presence: true, format:{  with: VALID_PASSWORD_REGEX }, if: proc{ password_salt.blank? || password_hash.blank? } 
end
4

1 回答 1

0

如果您需要一种更新用户密码的方法,这可能会对您有所帮助:

https://stackoverflow.com/a/19697808/1758714

我使用 Sorcery 进行身份验证,所以代码可能需要稍作改动。

于 2013-11-05T06:20:25.537 回答