Ruby on rails 设计确认电子邮件正在发送到邮件,如果用户不';我不能确认邮件吗?
我正在使用这个装置。 在我能够在没有电子邮件确认的情况下登录之前。 然后我必须为我的申请设置电子邮件确认。 因此,我在user.rb上添加了confirmable,并对designe用户迁移进行了更改。 此外,我还对designe.rb文件进行了更改。 另外,我在config/environment/development.rb文件中以smtp的形式为邮件程序进行了设置 我认为mailer的设置是正确的,但问题是: 当用户注册为新用户时,带有确认令牌的邮件将发送给该用户。但即使不点击邮件链接,用户也可以登录。 如果用户可以在没有确认令牌的情况下登录,那么邮件设置有什么用处? 如果用户不验证邮件确认令牌,如何防止其登录?Ruby on rails 设计确认电子邮件正在发送到邮件,如果用户不';我不能确认邮件吗?,ruby-on-rails,ruby,devise,Ruby On Rails,Ruby,Devise,我正在使用这个装置。 在我能够在没有电子邮件确认的情况下登录之前。 然后我必须为我的申请设置电子邮件确认。 因此,我在user.rb上添加了confirmable,并对designe用户迁移进行了更改。 此外,我还对designe.rb文件进行了更改。 另外,我在config/environment/development.rb文件中以smtp的形式为邮件程序进行了设置 我认为mailer的设置是正确的,但问题是: 当用户注册为新用户时,带有确认令牌的邮件将发送给该用户。但即使不点击邮件链接,用
我已经厌倦了定制可确认控制器,但结果是一样的 应用程序\u控制器.rb
# frozen_string_literal: true
# Router entry point
require 'json_web_token'
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :make_action_mailer_use_request_host_and_protocol
# before_action :authenticate_user!, :set_mailer_host
protect_from_forgery with: :exception
respond_to :html, :json
def index
render template: 'application'
end
def not_found
render json: { error: 'not_found' }
end
def authorize_request
header = request.headers['Authorization']
header = header.split(' ').last if header
begin
@decoded = JsonWebToken.decode(header)
@current_user = User.find(@decoded[:user_id])
rescue ActiveRecord::RecordNotFound => e
render json: { errors: e.message }, status: :unauthorized
rescue JWT::DecodeError => e
render json: { errors: e.message }, status: :unauthorized
end
end
protected
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def signed_in?
!!current_user
end
helper_method :current_user, :signed_in?
def current_user=(user)
session[:user_id] = user&.id
@current_user = user
end
def configure_permitted_parameters
update_attrs = [:password, :password_confirmation, :current_password]
devise_parameter_sanitizer.permit :account_update, keys: update_attrs
devise_parameter_sanitizer.permit(:login, keys: [ :email, :password ])
end
private
def make_action_mailer_use_request_host_and_protocol
ActionMailer::Base.default_url_options[:protocol] = request.protocol
ActionMailer::Base.default_url_options[:host] = request.host_with_port
end
end
module Api
module V1
class AuthenticationController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize_request, except: :login
# POST /auth/login
def login
@user = User.find_by_email(params[:email])
if @user&.valid_password?(params[:password])
token = JsonWebToken.encode(user_id: @user.id)
time = Time.now + 24.hours.to_i
render json: { token: token, exp: time.strftime("%m-%d-%Y %H:%M"),
username: @user.username, user_id: @user.id }, status: :ok
else
render json: { error: 'unauthorized' }, status: :unauthorized
end
end
private
def login_params
params.permit(:email, :password)
end
end
end
end
module Api
module V1
class UsersController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize_request, except: :create
# GET /users
def index
@users = User.all
render json: @users, status: :ok
end
def create
# render plain: params.inspect
@user = User.new(user_params)
# render plain: user_params.insp
if @user.save
render json: @user, status: :created
else
render json: { errors: @user.errors.full_messages },
status: :unprocessable_entity
end
end
def update
user = User.find(params[:id])
if user.update(user_params)
render json: user, status: :created
else
render json: { errors: user.errors.full_messages },
status: :unprocessable_entity
end
end
def show
user = User.find(params[:id])
if !user.nil?
render json: user, status: :ok
else
render json: {errors: user.errors.full_messages}, status: :unprocessable_entity
end
end
def destroy
user = User.find(params[:id])
if user.destroy
render json: {success: "deleted successfully"}, status: :ok
else
render json: {errors: user.errors.full_messages}, status: :not_acceptable
end
end
private
def find_user
@user = User.find_by_username!(params[:_username])
rescue ActiveRecord::RecordNotFound
render json: { errors: 'User not found' }, status: :not_found
end
def user_params
params.permit(
:first_name, :last_name, :username, :email, :password, :password_confirmation
)
end
end
end
end
class RegistrationsController < Devise::RegistrationsController
skip_before_action :require_no_authentication
def update_resource(resource, params)
if resource.encrypted_password.blank?
resource.email = params[:email] if params[:email]
if !params[:password].blank? && params[:password] == params[:password_confirmation]
resource.password = params[:password]
resource.save
end
if resource.valid?
resource.update_without_password(params)
end
else
resource.update_with_password(params)
end
end
end
class User < ApplicationRecord
# has_secure_password
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable, password_length: 8..36
has_many :identities
has_one :testimonials
has_many :questions
has_many :answers
def facebook
identities.where(provider: 'facebook').first
end
def facebook_client
@facebook_client ||= Facebook.client(access_token: facebook.accesstoken)
end
def twitter
identities.where(provider: 'twitter').first
end
def twitter_client
@twitter_client ||= Twitter.client(access_token: twitter.accesstoken)
end
def google_oauth2
identities.where(provider: 'google_oauth2').first
end
def google_oauth2_client
unless @google_oauth2_client
@google_oauth2_client = Google::APIClient.new(application_name: '',
application_version: '')
@google_oauth2_client.authorization.update_token!(access_token: google_oauth2.accesstoken,
refresh_token: google_oauth2.refreshtoken)
end
@google_oauth2_client
end
#validation for users
validates :username, presence: true, uniqueness: {case_sensitive: false}
# validates_format_of :username, with: /^[a-zA-Z0-9_\.]*$/, :multiline => true
validates :email, presence: true, uniqueness: {case_senstive: false}
PASSWORD_FORMAT = /\A
(?=.{8,}) # Must contain 8 or more characters
(?=.*\d) # Must contain a digit
(?=.*[a-z]) # Must contain a lower case character
(?=.*[A-Z]) # Must contain an upper case character
(?=.*[[:^alnum:]]) # Must contain a symbol
/x
validates :password,
presence: true,
# length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT, message: 'must contain 8 Characters with at least One Lowercase, One Uppercase, One Number and One Special Character' },
confirmation: true,
on: :create
validates :password_confirmation,
presence: true
validates :password,
# allow_nil: true,
# length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT, message: 'must contain 8 Characters with at least one Uppercase, One Number and One Special Character' },
confirmation: true,
on: :update
end
#冻结的字符串文字:true
#路由器入口点
需要“json\u web\u令牌”
类ApplicationControllere
呈现json:{errors:e.message},状态::未经授权
rescue JWT::DecodeError=>e
呈现json:{errors:e.message},状态::未经授权
结束
结束
受保护的
def当前用户
@当前用户| |=用户。查找用户(id:session[:user|id])
结束
def已登录?
!!当前用户
结束
helper\u方法:当前用户::已登录?
def当前用户=(用户)
会话[:user\u id]=用户和.id
@当前用户=用户
结束
def配置\u允许的\u参数
更新\u属性=[:密码,:密码\u确认,:当前密码]
设计\参数\消毒器。许可:帐户\更新,密钥:更新\属性
设计参数消毒器。许可证(:登录,密钥:[:电子邮件,:密码])
结束
私有的
def make_action_mailer_use_request_host_和_协议
ActionMailer::Base.default\u url\u options[:protocol]=request.protocol
ActionMailer::Base.default\u url\u options[:host]=带有\u端口的request.host\u
结束
结束
# frozen_string_literal: true
# Router entry point
require 'json_web_token'
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :make_action_mailer_use_request_host_and_protocol
# before_action :authenticate_user!, :set_mailer_host
protect_from_forgery with: :exception
respond_to :html, :json
def index
render template: 'application'
end
def not_found
render json: { error: 'not_found' }
end
def authorize_request
header = request.headers['Authorization']
header = header.split(' ').last if header
begin
@decoded = JsonWebToken.decode(header)
@current_user = User.find(@decoded[:user_id])
rescue ActiveRecord::RecordNotFound => e
render json: { errors: e.message }, status: :unauthorized
rescue JWT::DecodeError => e
render json: { errors: e.message }, status: :unauthorized
end
end
protected
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def signed_in?
!!current_user
end
helper_method :current_user, :signed_in?
def current_user=(user)
session[:user_id] = user&.id
@current_user = user
end
def configure_permitted_parameters
update_attrs = [:password, :password_confirmation, :current_password]
devise_parameter_sanitizer.permit :account_update, keys: update_attrs
devise_parameter_sanitizer.permit(:login, keys: [ :email, :password ])
end
private
def make_action_mailer_use_request_host_and_protocol
ActionMailer::Base.default_url_options[:protocol] = request.protocol
ActionMailer::Base.default_url_options[:host] = request.host_with_port
end
end
module Api
module V1
class AuthenticationController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize_request, except: :login
# POST /auth/login
def login
@user = User.find_by_email(params[:email])
if @user&.valid_password?(params[:password])
token = JsonWebToken.encode(user_id: @user.id)
time = Time.now + 24.hours.to_i
render json: { token: token, exp: time.strftime("%m-%d-%Y %H:%M"),
username: @user.username, user_id: @user.id }, status: :ok
else
render json: { error: 'unauthorized' }, status: :unauthorized
end
end
private
def login_params
params.permit(:email, :password)
end
end
end
end
module Api
module V1
class UsersController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize_request, except: :create
# GET /users
def index
@users = User.all
render json: @users, status: :ok
end
def create
# render plain: params.inspect
@user = User.new(user_params)
# render plain: user_params.insp
if @user.save
render json: @user, status: :created
else
render json: { errors: @user.errors.full_messages },
status: :unprocessable_entity
end
end
def update
user = User.find(params[:id])
if user.update(user_params)
render json: user, status: :created
else
render json: { errors: user.errors.full_messages },
status: :unprocessable_entity
end
end
def show
user = User.find(params[:id])
if !user.nil?
render json: user, status: :ok
else
render json: {errors: user.errors.full_messages}, status: :unprocessable_entity
end
end
def destroy
user = User.find(params[:id])
if user.destroy
render json: {success: "deleted successfully"}, status: :ok
else
render json: {errors: user.errors.full_messages}, status: :not_acceptable
end
end
private
def find_user
@user = User.find_by_username!(params[:_username])
rescue ActiveRecord::RecordNotFound
render json: { errors: 'User not found' }, status: :not_found
end
def user_params
params.permit(
:first_name, :last_name, :username, :email, :password, :password_confirmation
)
end
end
end
end
class RegistrationsController < Devise::RegistrationsController
skip_before_action :require_no_authentication
def update_resource(resource, params)
if resource.encrypted_password.blank?
resource.email = params[:email] if params[:email]
if !params[:password].blank? && params[:password] == params[:password_confirmation]
resource.password = params[:password]
resource.save
end
if resource.valid?
resource.update_without_password(params)
end
else
resource.update_with_password(params)
end
end
end
class User < ApplicationRecord
# has_secure_password
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable, password_length: 8..36
has_many :identities
has_one :testimonials
has_many :questions
has_many :answers
def facebook
identities.where(provider: 'facebook').first
end
def facebook_client
@facebook_client ||= Facebook.client(access_token: facebook.accesstoken)
end
def twitter
identities.where(provider: 'twitter').first
end
def twitter_client
@twitter_client ||= Twitter.client(access_token: twitter.accesstoken)
end
def google_oauth2
identities.where(provider: 'google_oauth2').first
end
def google_oauth2_client
unless @google_oauth2_client
@google_oauth2_client = Google::APIClient.new(application_name: '',
application_version: '')
@google_oauth2_client.authorization.update_token!(access_token: google_oauth2.accesstoken,
refresh_token: google_oauth2.refreshtoken)
end
@google_oauth2_client
end
#validation for users
validates :username, presence: true, uniqueness: {case_sensitive: false}
# validates_format_of :username, with: /^[a-zA-Z0-9_\.]*$/, :multiline => true
validates :email, presence: true, uniqueness: {case_senstive: false}
PASSWORD_FORMAT = /\A
(?=.{8,}) # Must contain 8 or more characters
(?=.*\d) # Must contain a digit
(?=.*[a-z]) # Must contain a lower case character
(?=.*[A-Z]) # Must contain an upper case character
(?=.*[[:^alnum:]]) # Must contain a symbol
/x
validates :password,
presence: true,
# length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT, message: 'must contain 8 Characters with at least One Lowercase, One Uppercase, One Number and One Special Character' },
confirmation: true,
on: :create
validates :password_confirmation,
presence: true
validates :password,
# allow_nil: true,
# length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT, message: 'must contain 8 Characters with at least one Uppercase, One Number and One Special Character' },
confirmation: true,
on: :update
end
模块Api
模块V1
类AuthenticationController<应用程序控制器
在\u操作之前跳过\u:验证\u真实性\u令牌
在\u操作之前:授权\u请求,除了::login
#POST/auth/login
def登录
@用户=用户。通过电子邮件查找(参数[:电子邮件])
如果@user&密码有效?(参数[:密码])
token=JsonWebToken.encode(user_id:@user.id)
time=time.now+24.hours.to_i
呈现json:{token:token,exp:time.strftime(“%m-%d-%Y%H:%m”),
用户名:@user.username,用户\u id:@user.id},状态::ok
其他的
呈现json:{error:'unauthorized'},状态::unauthorized
结束
结束
私有的
def登录参数
参数许可证(:电子邮件,:密码)
结束
结束
结束
结束
# frozen_string_literal: true
# Router entry point
require 'json_web_token'
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :make_action_mailer_use_request_host_and_protocol
# before_action :authenticate_user!, :set_mailer_host
protect_from_forgery with: :exception
respond_to :html, :json
def index
render template: 'application'
end
def not_found
render json: { error: 'not_found' }
end
def authorize_request
header = request.headers['Authorization']
header = header.split(' ').last if header
begin
@decoded = JsonWebToken.decode(header)
@current_user = User.find(@decoded[:user_id])
rescue ActiveRecord::RecordNotFound => e
render json: { errors: e.message }, status: :unauthorized
rescue JWT::DecodeError => e
render json: { errors: e.message }, status: :unauthorized
end
end
protected
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def signed_in?
!!current_user
end
helper_method :current_user, :signed_in?
def current_user=(user)
session[:user_id] = user&.id
@current_user = user
end
def configure_permitted_parameters
update_attrs = [:password, :password_confirmation, :current_password]
devise_parameter_sanitizer.permit :account_update, keys: update_attrs
devise_parameter_sanitizer.permit(:login, keys: [ :email, :password ])
end
private
def make_action_mailer_use_request_host_and_protocol
ActionMailer::Base.default_url_options[:protocol] = request.protocol
ActionMailer::Base.default_url_options[:host] = request.host_with_port
end
end
module Api
module V1
class AuthenticationController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize_request, except: :login
# POST /auth/login
def login
@user = User.find_by_email(params[:email])
if @user&.valid_password?(params[:password])
token = JsonWebToken.encode(user_id: @user.id)
time = Time.now + 24.hours.to_i
render json: { token: token, exp: time.strftime("%m-%d-%Y %H:%M"),
username: @user.username, user_id: @user.id }, status: :ok
else
render json: { error: 'unauthorized' }, status: :unauthorized
end
end
private
def login_params
params.permit(:email, :password)
end
end
end
end
module Api
module V1
class UsersController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :authorize_request, except: :create
# GET /users
def index
@users = User.all
render json: @users, status: :ok
end
def create
# render plain: params.inspect
@user = User.new(user_params)
# render plain: user_params.insp
if @user.save
render json: @user, status: :created
else
render json: { errors: @user.errors.full_messages },
status: :unprocessable_entity
end
end
def update
user = User.find(params[:id])
if user.update(user_params)
render json: user, status: :created
else
render json: { errors: user.errors.full_messages },
status: :unprocessable_entity
end
end
def show
user = User.find(params[:id])
if !user.nil?
render json: user, status: :ok
else
render json: {errors: user.errors.full_messages}, status: :unprocessable_entity
end
end
def destroy
user = User.find(params[:id])
if user.destroy
render json: {success: "deleted successfully"}, status: :ok
else
render json: {errors: user.errors.full_messages}, status: :not_acceptable
end
end
private
def find_user
@user = User.find_by_username!(params[:_username])
rescue ActiveRecord::RecordNotFound
render json: { errors: 'User not found' }, status: :not_found
end
def user_params
params.permit(
:first_name, :last_name, :username, :email, :password, :password_confirmation
)
end
end
end
end
class RegistrationsController < Devise::RegistrationsController
skip_before_action :require_no_authentication
def update_resource(resource, params)
if resource.encrypted_password.blank?
resource.email = params[:email] if params[:email]
if !params[:password].blank? && params[:password] == params[:password_confirmation]
resource.password = params[:password]
resource.save
end
if resource.valid?
resource.update_without_password(params)
end
else
resource.update_with_password(params)
end
end
end
class User < ApplicationRecord
# has_secure_password
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable, password_length: 8..36
has_many :identities
has_one :testimonials
has_many :questions
has_many :answers
def facebook
identities.where(provider: 'facebook').first
end
def facebook_client
@facebook_client ||= Facebook.client(access_token: facebook.accesstoken)
end
def twitter
identities.where(provider: 'twitter').first
end
def twitter_client
@twitter_client ||= Twitter.client(access_token: twitter.accesstoken)
end
def google_oauth2
identities.where(provider: 'google_oauth2').first
end
def google_oauth2_client
unless @google_oauth2_client
@google_oauth2_client = Google::APIClient.new(application_name: '',
application_version: '')
@google_oauth2_client.authorization.update_token!(access_token: google_oauth2.accesstoken,
refresh_token: google_oauth2.refreshtoken)
end
@google_oauth2_client
end
#validation for users
validates :username, presence: true, uniqueness: {case_sensitive: false}
# validates_format_of :username, with: /^[a-zA-Z0-9_\.]*$/, :multiline => true
validates :email, presence: true, uniqueness: {case_senstive: false}
PASSWORD_FORMAT = /\A
(?=.{8,}) # Must contain 8 or more characters
(?=.*\d) # Must contain a digit
(?=.*[a-z]) # Must contain a lower case character
(?=.*[A-Z]) # Must contain an upper case character
(?=.*[[:^alnum:]]) # Must contain a symbol
/x
validates :password,
presence: true,
# length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT, message: 'must contain 8 Characters with at least One Lowercase, One Uppercase, One Number and One Special Character' },
confirmation: true,
on: :create
validates :password_confirmation,
presence: true
validates :password,
# allow_nil: true,
# length: { in: Devise.password_length },
format: { with: PASSWORD_FORMAT, message: 'must contain 8 Characters with at least one Uppercase, One Number and One Special Character' },
confirmation: true,
on: :update
end
模块Api
模块V1
类UsersController