Fatal编程技术网
  • ruby-on-rails/
  • Ruby on rails 3.0.2设计恢复密码。未经授权。轨道

Ruby on rails 3.0.2设计恢复密码。未经授权。轨道

ruby-on-rails passwords

Ruby on rails 3.0.2设计恢复密码。未经授权。轨道,ruby-on-rails,devise,passwords,customization,Ruby On Rails,Devise,Passwords,Customization,我在恢复新密码时遇到问题。我已经安装了邮件发送程序,并且我很好地收到了密码说明。当我在电子邮件中单击“重置密码”链接时,我会进入“更改新密码”页面。但是,当我输入一个新密码时,我得到一个“请检查以下问题”,没有错误,并且密码没有更改 当我检查日志时,我看到: 2013-10-08T17:10:35.118663+00:00 app[web.1]: Started PUT "/users/password" for 24.87.52.189 at 2013-10-08 17:10:35 +0000

我在恢复新密码时遇到问题。我已经安装了邮件发送程序,并且我很好地收到了密码说明。当我在电子邮件中单击“重置密码”链接时,我会进入“更改新密码”页面。但是,当我输入一个新密码时,我得到一个“请检查以下问题”,没有错误,并且密码没有更改

当我检查日志时,我看到:

2013-10-08T17:10:35.118663+00:00 app[web.1]: Started PUT "/users/password" for 24.87.52.189 at 2013-10-08 17:10:35 +0000
2013-10-08T17:10:35.354246+00:00 app[web.1]: Processing by Devise::PasswordsController#update as HTML
2013-10-08T17:10:35.354246+00:00 app[web.1]:   Parameters: {"utf8"=>"✓", "authenticity_token"=>"7LQ4VtOfwDZTV2tw4YwPoj8sqD6UGeCd5NvQkdANrH0=", "user"=>{"reset_password_token"=>"    [FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Change my password"}
2013-10-08T17:10:35.354246+00:00 app[web.1]:   Rendered devise/shared/_links.erb (0.4ms)
2013-10-08T17:10:35.354246+00:00 app[web.1]:   Rendered devise/passwords/edit.html.erb within layouts/application (5.2ms)
2013-10-08T17:10:35.354246+00:00 app[web.1]:   Rendered layouts/_shim.html.erb (0.0ms)
2013-10-08T17:10:35.354246+00:00 app[web.1]:   Rendered layouts/_footer.html.erb (0.6ms)
2013-10-08T17:10:35.354246+00:00 app[web.1]: Completed 200 OK in 232ms (Views: 8.9ms | ActiveRecord: 0.0ms)
2013-10-08T17:10:35.741022+00:00 heroku[router]: at=info method=GET path=/users/password host=skalefree.net fwd="24.87.52.189" dyno=web.1 connect=1ms service=20ms status=302 bytes=101
2013-10-08T17:10:35.725344+00:00 app[web.1]: Started GET "/users/password" for 24.87.52.189 at 2013-10-08 17:10:35 +0000
2013-10-08T17:10:35.883843+00:00 app[web.1]:   Rendered devise/sessions/new.html.erb within layouts/application (9.6ms)
2013-10-08T17:10:35.883843+00:00 app[web.1]:   Rendered layouts/_shim.html.erb (0.0ms)
2013-10-08T17:10:35.883843+00:00 app[web.1]:   Rendered layouts/_header.html.erb (1.3ms)
2013-10-08T17:10:35.883843+00:00 app[web.1]:   Rendered layouts/_footer.html.erb (1.0ms)
2013-10-08T17:10:35.883843+00:00 app[web.1]: Completed 200 OK in 23ms (Views: 19.6ms | ActiveRecord: 0.0ms)
2013-10-08T17:10:35.354246+00:00 app[web.1]:   Rendered layouts/_header.html.erb (0.9ms)
2013-10-08T17:10:35.735631+00:00 app[web.1]:   Parameters: {"id"=>"password"}
2013-10-08T17:10:35.883843+00:00 app[web.1]: Processing by Devise::SessionsController#new as */*
**2013-10-08T17:10:35.735631+00:00 app[web.1]: Completed 401 Unauthorized in 3ms**
2013-10-08T17:10:35.735631+00:00 app[web.1]: Processing by UsersController#show as */*
2013-10-08T17:10:35.883843+00:00 app[web.1]:   Rendered devise/shared/_links.erb (0.5ms)
2013-10-08T17:10:35.856371+00:00 app[web.1]: Started GET "/users/sign_in" for 24.87.52.189 at 2013-10-08    17:10:35 +0000
2013-10-08T17:09:38.753083+00:00 heroku[router]: at=info method=GET path=/users/sign_in host=www.skalefree.net fwd="24.87.52.189" dyno=web.1 connect=14ms service=45ms status=200 bytes=3688
2013-10-08T17:10:35.892408+00:00 heroku[router]: at=info method=GET path=/users/sign_in host=skalefree.net fwd="24.87.52.189" dyno=web.1 connect=2ms service=40ms status=200 bytes=3783
正如你所看到的,我有一个301。有人知道这个问题的解决办法吗

以下是我的路线:

devise_for :users, skip: :registrations

devise_scope :user do

  resource :registration,

  only: [:new, :create, :edit, :update],

  path: 'users',

  path_names: { new: 'sign_up' },

  controller: 'devise/registrations',

  as: :user_registration do

    get :cancel

  end

end
和我的用户模型:

devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
和我的初始值设定项:

config.reset_password_keys = [ :email ]
提前感谢您的帮助

未经授权的文件似乎来自:

Started GET "/users/password" for 24.87.52.189 at 2013-10-08 17:10:35 +0000
...
   Parameters: {"id"=>"password"}
并且没有用户具有:id密码或类似的东西。这基本上意味着它没有正确重定向,或者您正在覆盖某些内容。时间表应如下所示:

输入电子邮件地址并单击“发送说明”按钮:

Started POST "/users/password" for 127.0.0.1 at 2013-10-08 14:22:02 -0400
Processing by Devise::PasswordsController#create as HTML
单击电子邮件中的链接以重置密码:

Started GET "/users/password/edit?reset_password_token=[FILTERED]" for 127.0.0.1 at 2013-10-08 14:22:19 -0400
Processing by Devise::PasswordsController#edit as HTML
提交带有密码和确认的表格:

Started PUT "/users/password" for 127.0.0.1 at 2013-10-08 14:22:24 -0400
Processing by Devise::PasswordsController#update as HTML
...
Redirected to <some-url-here>
Completed 302 Found in 243ms (ActiveRecord: 6.9ms)
考虑将设计升级到一个更新的版本,看看它是否仍然无效。code>3.1.xHello,Desive 3.1带来了新的安全更改,这似乎使实现更加复杂。我最初是在3.1,我下调了评级,希望这就是解决方案。我需要一个前置过滤器来让这个方法工作吗?我应该为(用户)使用什么变量?当前用户?您只需在应用程序控制器中定义它
user
是刚刚登录的Desive资源(因此是当前用户),据我所知,问题仍然存在,日志看起来也一样。为什么它会启动对“/users/password”的get请求,为什么由“UsersController#show”处理该请求。这会导致未经授权的错误。如果它向用户/密码发送get请求,它不应该由Desive中的密码控制器处理吗?不,Desive没有get/users/password路径。由于某种原因,它正在重定向到那里!我不能告诉你为什么。您可以暂时为它创建一个新的路由作为一种补丁,以指向另一个URL。您的意思是像my routes.rb中这样?设计范围:用户确实获得“密码”,:to=>“findposts”#findyou“结束 
def after_sign_in_path_for(user)
  some_path
end