4

控制器

def create
 # admin manually creates user
 UserMailer.reset_password_instructions(@user).deliver
end

用户.rb

class User < ActiveRecord::Base

  before_create :generate_reset_password_token # generating devise reset token

  # Include default devise modules. Others available are:
  # :confirmable, :lockable and :omniauthable
  # :registerable,
  # :trackable,
  devise  :database_authenticatable,
          # :confirmable,
          :rememberable,
          :validatable,
          :recoverable,
          :trackable,
          :timeoutable


private

  # Generates a new random token for confirmation, and stores
  # the time this token is being generated
  def generate_reset_password_token
    raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
    @raw_confirmation_token   = raw
    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc
  end

end

user_mailer.rb

class UserMailer < ApplicationMailer
  include Devise::Mailers::Helpers

   default from: 'no-reply@identt.co'

   def reset_password_instructions(resource, opts={})
    @resource = resource
    @token    = @resource.reset_password_token
    mail(to: @resource.email, subject: "Reset Password Instructions")
   end
end

reset_password_instructions.html.erb

<p>Hello <%= @resource.email %>!</p>

<p>Someone has requested a link to change your password. You can do this through the link below.</p>

<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>

<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

此时,当管理员手动创建用户时,Password reset链接将转到电子邮件地址,我可以看到使用MailCatcheror letter_openerhttp://lvh.me:3000/users/password/edit?reset_password_token=6a8bc4683fc9e5dfcc789f94f9b6bd2b1c44fd857f13662d0f0d1f6212022f81

我点击了链接,它成功地让我编辑了密码页面。当我提交表单时,验证失败并Reset password token is invalid显示消息。

我在这里想念什么......

更新:

我的 Development.rb 看起来像:

Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb.

  # In the development environment your application's code is reloaded on
  # every request. This slows down response time but is perfect for development
  # since you don't have to restart the web server when you make code changes.
  config.cache_classes = false

  # Do not eager load code on boot.
  config.eager_load = false

  # Show full error reports and disable caching.
  config.consider_all_requests_local       = true
  config.action_controller.perform_caching = false

  # Don't care if the mailer can't send.
  config.action_mailer.raise_delivery_errors = false

  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log

  # Raise an error on page load if there are pending migrations.
  config.active_record.migration_error = :page_load

  # Debug mode disables concatenation and preprocessing of assets.
  # This option may cause significant delays in view rendering with a large
  # number of complex assets.
  config.assets.debug = true

  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
  # yet still be able to expire them through the digest params.
  config.assets.digest = true

  # Adds additional error checking when serving assets at runtime.
  # Checks for improperly declared sprockets dependencies.
  # Raises helpful error messages.
  config.assets.raise_runtime_errors = true

  # Raises error for missing translations
  # config.action_view.raise_on_missing_translations = true

  # Configure letter opener to open email in browser
  # config.action_mailer.delivery_method = :letter_opener
  config.action_mailer.delivery_method = :smtp
  config.action_mailer.smtp_settings = { :address => "lvh.me", :port => 1025 }
  config.action_mailer.default_url_options = { host: 'lvh.me', port: 3000 }

  config.domain = 'lvh.me'
end
4

2 回答 2

3

我的解决方案只有一行代码,我通过添加手动邮件程序、操作等使代码变得复杂。

为了解决这个问题,我只需要send_reset_password_instructionsuser对象中调用设计:

在控制器中

    @user.send_reset_password_instructions

解决了我的问题。

我通过删除来清理我的代码(根据我的问题:)

  • user_mailer.rb文件不再需要,所以删除它

  • views/user_mailer/reset_password_instructions.html.erb文件不是必需的,所以删除它。

  • User.rb模型中,删除before_action :generate_reset_password_token以及generate_reset_password_token私有方法。

  • 从控制器中删除下面的邮件行

    UserMailer.reset_password_instructions(@user).deliver

于 2015-11-23T09:07:21.640 回答
3

我对此深感疯狂,终于找到了答案:

  def generate_reset_password_token
    raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
    @raw_confirmation_token   = raw
    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc
  end

这段代码是对的,你user希望. 将变量放在手边也很好。encreset_password_tokenraw

class UserMailer < ApplicationMailer
  include Devise::Mailers::Helpers

   default from: 'no-reply@identt.co'

   def reset_password_instructions(resource, opts={})
    @resource = resource
    @token    = @resource.reset_password_token
    mail(to: @resource.email, subject: "Reset Password Instructions")
   end
end

对于这一部分,您想要@token = @raw_confirmation_tokenraw来自令牌生成器),而不是@resource.reset_password_tokenenc来自生成器)。

我相信此解决方案适用于设计 3.1+,似乎他们更改了设置以增加安全性,而没有解释这两个令牌。

于 2016-03-29T21:39:50.647 回答