我正在构建一个具有 3 个模型(客户、积分、管理员)的应用程序。客户有积分,积分属于客户。然后 Admin 将 user_name 和 password_hash 作为属性,通过 Bcrypt 存储密码。一旦客户通过电话号码搜索自己,他们的积分就会出现。但是要添加积分,管理员必须使用密码(4 位代码)登录,然后才能访问添加积分。
我在如何仅通过密码而不是用户名和密码找到管理员时遇到了麻烦。
class AdminsController < ApplicationController
def new
@admin = Admin.new
end
def create
@Admin = Admin.new(admin_params)
if @admin.save
redirect_to root_path
else
flash[:error] = "incorrect data, please check form"
render new_admin_path
end
end
def login
@customer = Customer.find(params[:id])
# Need to get the input password
params[:password]
# Change the inputed password into a password hash
# inputed_password_hash (NEED HELP HERE)
# Compare the password hash with password hashes in the Admin model/database
# to see if it exists.
# if true, send to add points page
# if false, send back to customer page
if Admin.find_by(password_hash: inputed_password_hash)
redirect_to new_points_path
else
render customer_path
end
end
private
def admin_params
params.require(:admin).permit(:user_name, :password, :password_confirmation)
end
end