0

我的编程团队在 Michael Hartl 的 Rails 教程中创建了一个帐户激活功能。现在经过几周的编码,该功能停止工作。这就是完整的功能:

class AccountActivationsController < ApplicationController

#Dieser Controller ist notwendig, um einen neu registrierten Account via Aktivierungsmail zu aktivieren.

  def edit
    user = User.find_by(email: params[:email])
    if user && !user.activated? && user.authenticated?(:activation, params[:id])
      user.activate
      log_in user
      flash[:success] = "Account aktiviert!"
      redirect_to user
    else
      flash[:danger] = "Ungültiger Aktivierungslink"
      redirect_to root_url
    end
  end
end

我们从 else 循环中得到了危险信息。我们试图将问题分解为多个部分,现在我们知道条件:

user = User.find_by(email: params[:email])

不成功。

我想有一些建议,为什么这个激活链接:

http://localhost:3000/account_activations/hX1eY83-wcs8VqZcPa0H=
3g/edit?email=3Dsami.khedira%40stud.uni-hannover.de

未提供在数据库中查找用户“sami.khedira@stud.uni-hannover.de”的正确信息。我们可以看到数据库中的用户和工作前的保存功能。我还查看了该应用程序的早期版本,它在哪里工作。我没有看到功能有任何变化,所以也许我们在某处添加的东西破坏了注册,但从我的角度来看,没有任何遗漏。

此外,password_reset 功能也不起作用。

来自用户控制器的创建用户函数:

  def create
    @user = User.new(user_params)
    if @user.save
      @user.send_activation_email
      flash[:info] = "Bitte öffnen Sie Ihr E-Mail Postfach, um den Account zu aktivieren."
      redirect_to root_url
    else
      render 'new'
    end
  end

以下是我们创建摘要的方式:

class User < ApplicationRecord


  # Activates an account.
  def activate
    update_columns(activated: true, activated_at: Time.zone.now)
  end

  # Sends activation email.
  def send_activation_email
    UserMailer.account_activation(self).deliver_now
  end

  # Sets the password reset attributes.
  def create_reset_digest
    self.reset_token = User.new_token
    update_columns(reset_digest:  User.digest(reset_token), reset_sent_at: Time.zone.now)
  end

  # Sends password reset email.
  def send_password_reset_email
    UserMailer.password_reset(self).deliver_now
  end

  # Returns true if a password reset has expired.
  def password_reset_expired?
    reset_sent_at < 2.hours.ago
  end

  private

    # Converts email to all lower-case.
    def downcase_email
      self.email = email.downcase
    end

    # Creates and assigns the activation token and digest.
    def create_activation_digest
      self.activation_token  = User.new_token
      self.activation_digest = User.digest(activation_token)
    end

end

视图/用户邮件程序/Account_activation.html.erb:

<h1>Bachelorarbeitszuordnung</h1>

<p>Sehr geehrter Herr / Sehr geehrte Frau <%= @user.name %>,</p>

<p>
Sie haben sich für die Bachelorarbeit registriert! Klicken Sie auf den untenstehenden Link, um ihren Account zu aktivieren:
</p>

<%= link_to "Aktivieren", edit_account_activation_url(@user.activation_token,
                                                    email: @user.email) %>

用户邮件:

class UserMailer < ApplicationMailer


  def account_activation(user)
    @user = user
    mail to: user.email, subject: "Account activation"
  end

  def password_reset(user)
    @user = user
    mail to: user.email, subject: "Password reset"
  end
end

申请邮件:

class ApplicationMailer < ActionMailer::Base
  default from: "noreply@stud.uni-hannover.de"
  layout 'mailer'
end

这是路由文件,我已经被其他用户知道,它并不完美,但我目前不知道如何改进它。我阅读了有关 rails 路由的指南,但我不明白为什么我的路由不好:

Rails.application.routes.draw do

  resources :deadlines
  resources :preferences
  resources :institutes
  resources :users
  resources :admin, to: 'users#admin'

  get 'password_resets/new'
  get 'password_resets/edit'

  root 'static_pages#home'
  get '/home', to: 'static_pages#home'
  get '/help', to: 'static_pages#help'
  get '/about', to: 'static_pages#about'
  get '/contact', to: 'static_pages#contact'
  get '/matching', to: 'static_pages#matching'
  get '/cockpit', to: 'static_pages#cockpit'

  get '/signup', to: 'users#new'
  post '/signup',  to: 'users#create'

  get '/performance_show', to: 'users#performance_show'
  get '/performance_update', to: 'users#performance_update'

  post 'preferences/create_all', to: 'preferences#create_all'

  get '/login', to: 'sessions#new'
  post '/login', to: 'sessions#create'
  delete '/logout', to: 'sessions#destroy'

  resources :account_activations, only: [:edit]
  resources :password_resets,     only: [:new, :create, :edit, :update]

  # Routes für die Buttons der GAMS Berechnung
  post 'read_matching', to: 'static_pages#read_matching'
  post 'delete_matching', to: 'static_pages#delete_matching'
  post 'optimize', to: 'static_pages#optimize'

  # Route für Button zum Löschen aller Studenten
  delete 'delete_all', to: 'users#delete_all'

  #Route für Page zum Löschen des eigenen Accounts.
  get 'delete_account', to: 'users#delete_account'
  delete 'delete_account_sure', to: 'users#delete_account_sure'

end

这是我的日志。它从用户“Sami Khedira”的注册开始:

Started POST "/users" for 127.0.0.1 at 2018-03-13 17:41:09 +0100
Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"hbZ8A9CWC60nyXYd3nf6Dv0M+d/ViCp0PJ8AmG/fI5ZvyE+hFBt5n8W54gg9yNqZQTfSuOa8PyUD16a3qoRGsg==", "user"=>{"name"=>"Sami Khedira", "mat_number"=>"1234567", "email"=>"sami.khedira@stud.uni-hannover.de", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Erstelle meinen Account"}
  [1m[35m (1.0ms)[0m  [1m[36mbegin transaction[0m
  [1m[36mUser Exists (3.0ms)[0m  [1m[34mSELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER(?) LIMIT ?[0m  [["email", "sami.khedira@stud.uni-hannover.de"], ["LIMIT", 1]]
  [1m[35mSQL (0.8ms)[0m  [1m[32mINSERT INTO "users" ("name", "email", "created_at", "updated_at", "password_digest", "activation_digest", "mat_number") VALUES (?, ?, ?, ?, ?, ?, ?)[0m  [["name", "Sami Khedira"], ["email", "sami.khedira@stud.uni-hannover.de"], ["created_at", "2018-03-13 16:41:10.395281"], ["updated_at", "2018-03-13 16:41:10.395281"], ["password_digest", "$2a$10$2BLl1RzF2SOPB9/S5y.oC.W3vUY64GX9jOtd9EfOhrhs3Wnd7Z0Ky"], ["activation_digest", "$2a$10$MaFRiFb195HRm8AQ14OU.ey5ds5qDvR9nznFLBgClNXM21VqQh0AK"], ["mat_number", 1234567]]
  [1m[35m (11.9ms)[0m  [1m[36mcommit transaction[0m
  Rendering user_mailer/account_activation.html.erb within layouts/mailer
  Rendered user_mailer/account_activation.html.erb within layouts/mailer (29.8ms)
  Rendering user_mailer/account_activation.text.erb within layouts/mailer
  Rendered user_mailer/account_activation.text.erb within layouts/mailer (7.8ms)
UserMailer#account_activation: processed outbound mail in 80.2ms
Sent mail to sami.khedira@stud.uni-hannover.de (31.7ms)
Date: Tue, 13 Mar 2018 17:41:11 +0100

From: noreply@stud.uni-hannover.de

To: sami.khedira@stud.uni-hannover.de

Message-ID: <5aa7ff27a2570_3afe126dc7462164@studi-VirtualBox.mail>

Subject: Account activation

Mime-Version: 1.0

Content-Type: multipart/alternative;

 boundary="--==_mimepart_5aa7ff279cbd7_3afe126dc74620d2";

 charset=UTF-8

Content-Transfer-Encoding: 7bit





----==_mimepart_5aa7ff279cbd7_3afe126dc74620d2

Content-Type: text/plain;

 charset=UTF-8

Content-Transfer-Encoding: quoted-printable



Sehr geehrter Herr Sami Khedira,

Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:

<a href=3D"http://localhost:3000/account_activations/hX1eY83-wcs8VqZcPa0H=
3g/edit?email=3Dsami.khedira%40stud.uni-hannover.de">Aktivieren</a>



----==_mimepart_5aa7ff279cbd7_3afe126dc74620d2

Content-Type: text/html;

 charset=UTF-8

Content-Transfer-Encoding: quoted-printable



<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8" />
    <style>
      /* Email styles need to be inline */
    </style>
  </head>

  <body>
    <h1>Bachelorarbeitszuordnung</h1>

<p>Sehr geehrter Herr Sami Khedira,</p>

<p>
Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:
</p>

<a href=3D"http://localhost:3000/account_activations/hX1eY83-wcs8VqZcPa0H=
3g/edit?email=3Dsami.khedira%40stud.uni-hannover.de">Aktivieren</a>

  </body>
</html>


----==_mimepart_5aa7ff279cbd7_3afe126dc74620d2--


Redirected to http://localhost:3000/
Completed 302 Found in 1972ms (ActiveRecord: 65.1ms)


Started GET "/" for 127.0.0.1 at 2018-03-13 17:41:11 +0100
Processing by StaticPagesController#home as HTML
  Rendering static_pages/home.html.erb within layouts/application
  Rendered static_pages/home.html.erb within layouts/application (22.8ms)
  Rendered layouts/_rails_default.html.erb (604.6ms)
  Rendered layouts/_shim.html.erb (0.4ms)
  Rendered layouts/_header.html.erb (7.5ms)
  Rendered layouts/_footer.html.erb (3.8ms)
Completed 200 OK in 765ms (Views: 755.8ms | ActiveRecord: 0.0ms)  

Started GET "/" for 127.0.0.1 at 2018-03-13 17:47:23 +0100
Processing by StaticPagesController#home as HTML
  Rendering static_pages/home.html.erb within layouts/application
  Rendered static_pages/home.html.erb within layouts/application (965.2ms)
  Rendered layouts/_rails_default.html.erb (11813.6ms)
  Rendered layouts/_shim.html.erb (66.2ms)
  Rendered layouts/_header.html.erb (194.1ms)
  Rendered layouts/_footer.html.erb (53.3ms)
Completed 200 OK in 14350ms (Views: 14125.1ms | ActiveRecord: 0.0ms)

非常感谢!

编辑:用户 bkunzi01 建议我与 params[:user][:email] 交换(电子邮件:params[:email])。这给了我以下错误: 错误信息

日志文件:

Started POST "/users" for 127.0.0.1 at 2018-03-14 02:07:04 +0100
Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"6vTYSvvGONUEC7hEP/C/AqEHAeQ+oQToqHQGKuBsM7ozw/N+w11mWnIb1x4Io5CWU/eYpYwncObyWWC+zKY4Jg==", "user"=>{"name"=>"Sami Khedira", "mat_number"=>"12345678", "email"=>"samikhedira@stud.uni-hannover.de", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Erstelle meinen Account"}
   (0.1ms)  begin transaction
  User Exists (1.9ms)  SELECT  1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER(?) LIMIT ?  [["email", "samikhedira@stud.uni-hannover.de"], ["LIMIT", 1]]
  SQL (14.4ms)  INSERT INTO "users" ("name", "email", "created_at", "updated_at", "password_digest", "activation_digest", "mat_number") VALUES (?, ?, ?, ?, ?, ?, ?)  [["name", "Sami Khedira"], ["email", "samikhedira@stud.uni-hannover.de"], ["created_at", "2018-03-14 01:07:04.901137"], ["updated_at", "2018-03-14 01:07:04.901137"], ["password_digest", "$2a$10$whjEx3oPnLxyNFZomWst4uCAPqweV0jBtN342mlx.sJwAm6A4JD7a"], ["activation_digest", "$2a$10$EG9MOsxQYUJC2//VGj6Iyu1CB7/39NP3mMpv1BjE2QrYx2WeZCM7K"], ["mat_number", 12345678]]
   (62.6ms)  commit transaction
  Rendering user_mailer/account_activation.html.erb within layouts/mailer
  Rendered user_mailer/account_activation.html.erb within layouts/mailer (9.2ms)
  Rendering user_mailer/account_activation.text.erb within layouts/mailer
  Rendered user_mailer/account_activation.text.erb within layouts/mailer (9.3ms)
UserMailer#account_activation: processed outbound mail in 142.7ms
Sent mail to samikhedira@stud.uni-hannover.de (116.4ms)
Date: Wed, 14 Mar 2018 02:07:05 +0100
From: noreply@stud.uni-hannover.de
To: samikhedira@stud.uni-hannover.de
Message-ID: <5aa875b964bd3_4c5f1f7f0d42644@studi-VirtualBox.mail>
Subject: Account activation
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f";
 charset=UTF-8
Content-Transfer-Encoding: 7bit


----==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Sehr geehrter Herr Sami Khedira,

Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:

<a href=3D"http://localhost:3000/account_activations/WFJAfA0Ed4h-eL13PApg=
ng/edit?email=3Dsamikhedira%40stud.uni-hannover.de">Aktivieren</a>


----==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8" />
    <style>
      /* Email styles need to be inline */
    </style>
  </head>

  <body>
    <h1>Bachelorarbeitszuordnung</h1>

<p>Sehr geehrter Herr / Sehr geehrte Frau Sami Khedira,</p>

<p>
Sie haben sich f=C3=BCr die Bachelorarbeit registriert! Klicken Sie auf d=
en untenstehenden Link, um ihren Account zu aktivieren:
</p>

<a href=3D"http://localhost:3000/account_activations/WFJAfA0Ed4h-eL13PApg=
ng/edit?email=3Dsamikhedira%40stud.uni-hannover.de">Aktivieren</a>

  </body>
</html>

----==_mimepart_5aa875b94bfdf_4c5f1f7f0d4257f--

Redirected to http://localhost:3000/
Completed 302 Found in 1177ms (ActiveRecord: 128.8ms)


Started GET "/" for 127.0.0.1 at 2018-03-14 02:07:05 +0100
Processing by StaticPagesController#home as HTML
  Rendering static_pages/home.html.erb within layouts/application
  Rendered static_pages/home.html.erb within layouts/application (6.4ms)
  Rendered layouts/_rails_default.html.erb (234.4ms)
  Rendered layouts/_shim.html.erb (0.6ms)
  Rendered layouts/_header.html.erb (12.3ms)
  Rendered layouts/_footer.html.erb (1.9ms)
Completed 200 OK in 305ms (Views: 301.8ms | ActiveRecord: 0.0ms)


Started GET "/account_activations/WFJAfA0Ed4h-eL13PApg=ng/edit?email=3Dsamikhedira%40stud.uni-hannover.de" for 127.0.0.1 at 2018-03-14 02:07:44 +0100
Processing by AccountActivationsController#edit as HTML
  Parameters: {"email"=>"3Dsamikhedira@stud.uni-hannover.de", "id"=>"WFJAfA0Ed4h-eL13PApg=ng"}
Completed 500 Internal Server Error in 5ms (ActiveRecord: 0.0ms)



NoMethodError (undefined method `[]' for nil:NilClass):

app/controllers/account_activations_controller.rb:6:in `edit'
4

2 回答 2

3

您可以转换电子邮件并使其网址安全,如下所示。只要您验证数据库中所有电子邮件的唯一性,您应该没问题。希望这可以帮助。

Base64.urlsafe_encode64("uglas@stud.uni-hannover.de")
# "dWdsYXNAc3R1ZC51bmktaGFubm92ZXIuZGU=" 

Base64.urlsafe_decode64("dWdsYXNAc3R1ZC51bmktaGFubm92ZXIuZGU=")
#  "uglas@stud.uni-hannover.de"

因此,无论您在哪里生成激活链接,都应在此处进行 64 位转换,以便新链接现在看起来像:

http://localhost:3000/account_activations/9rxXuiQEEXmeOnqcS_m-=
VQ/edit?email="dWdsYXNAc3R1ZC51bmktaGFubm92ZXIuZGU="

现在,当你得到你的时,params[:email]你可以像这样简单地将它转换回来:

user = User.find_by(Base64.urlsafe_decode64(params[:email]))
于 2018-03-13T15:30:17.147 回答
0

我通过将 View/Mailer 设置回旧版本解决了这个问题。

在这里,您可以看到顶部的成功链接和底部的错误链接之间的区别!

http://localhost:3000/account_activations/iTIWL74dAzPlsVckrOc6Uw/edit?email=dana%40stud.uni-hannover.de

http://localhost:3000/account_activations/iTIWL74dAzPlsVckrOc6Uw/edit?ema=il=3Ddana%40stud.uni-hannover.de

从一开始就认为 3D 导致问题的建议是正确的。我什至没有更改激活链接。在电子邮件文本中添加一个德语字母“ü”就足够了。这搞砸了链接。我不太了解这种联系,但现在一切都很好。我希望将来有人能从我的经历中受益。

向所有帮助过的人致敬,你们是英雄!

于 2018-03-14T10:14:29.650 回答