0

当我生成通过活动管理员忘记密码发送的重置密码链接时,我可以更改密码并登录到仪表板,但是当我再次尝试使用相同的链接更改密码时,它什么也不做并重定向到同一页面。即使我输入空密码,它也不会显示错误。我希望它显示令牌已过期的错误

每次提交表单时都会生成相同的日志。

AdminUser Load (0.6ms) SELECT "admin_users".* FROM "admin_users" WHERE "admin_users"."reset_password_token" = '14ad4bc9d075cbb5ed8057c9518848e448e56beab6430ff1d3c7459771a79662' ORDER BY "admin_users"."id" ASC LIMIT 1 [["reset_password_token", "14ad4bc9d075cbb5ed8057c9518848e448e56beab6430ff1d3c7459771a79662"] ] method=PUT path=/admin/password format=html controller=ActiveAdmin::Devise::PasswordsController action=update status=200 duration=606.45 view=570.88 db=0.64 time=2016-07-26 12:25:20 UTC category=web ip=127.0.0.1 params={"admin_user"=>{"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "reset_password_token"=>"[FILTERED]"} , "提交"=>"修改我的密码”}

我不知道为什么我给出 200 状态。知道我应该从哪里开始寻找吗?

4

1 回答 1

0

我重写了deviseupdate方法Devise::PasswordsController并添加了一行来显示错误flash[:error] = resource.errors.full_messages.to_sentence ,如果resource.errors.empty?为 false,它基本上不会显示错误。

这是更新的方法

 # PUT /resource/password
  def update
    self.resource = resource_class.reset_password_by_token(resource_params)
    yield resource if block_given?

    if resource.errors.empty?
      resource.unlock_access! if unlockable?(resource)
      if Devise.sign_in_after_reset_password
        flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
        set_flash_message(:notice, flash_message) if is_flashing_format?
        sign_in(resource_name, resource)
      else
        set_flash_message(:notice, :updated_not_active) if is_flashing_format?
      end
      respond_with resource, location: after_resetting_password_path_for(resource)
    else
      flash[:error] = resource.errors.full_messages.to_sentence
      set_minimum_password_length
      respond_with resource
    end
  end
于 2016-07-28T06:50:06.247 回答