Ruby on rails Rails 4设计不可侵犯邀请令牌无效
我一直在跟踪,但遇到了与Desive_invitable的障碍。我正在使用Ruby on rails Rails 4设计不可侵犯邀请令牌无效,ruby-on-rails,ruby-on-rails-4,devise,multi-tenant,devise-invitable,Ruby On Rails,Ruby On Rails 4,Devise,Multi Tenant,Devise Invitable,我一直在跟踪,但遇到了与Desive_invitable的障碍。我正在使用 Rails 4.1.5 devise 3.3.0 devise_invitable 1.3.6 Postgresql 我在所选子域(mysubdomain.lvh.me:3000)上创建了一个新帐户和用户/帐户所有者,我可以从中发送用户邀请。我在匿名Chrome会话中打开邀请链接,以确保我没有登录或没有任何当前会话。单击邀请链接后,我被重定向到登录页面(mysubdomain.lvh.me:3000/users/
Rails 4.1.5
devise 3.3.0
devise_invitable 1.3.6
Postgresql
我在所选子域(mysubdomain.lvh.me:3000)上创建了一个新帐户和用户/帐户所有者,我可以从中发送用户邀请。我在匿名Chrome会话中打开邀请链接,以确保我没有登录或没有任何当前会话。单击邀请链接后,我被重定向到登录页面(mysubdomain.lvh.me:3000/users/sign_-in),并看到一个即时通知:“提供的邀请令牌无效!”
我使用的是一个非常简单的mailer视图(app/views/devise/mailer/invitation\u instructions.html.erb)
这是我的应用程序控制器的良好措施
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :load_schema, :authenticate_user!, :set_mailer_host
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :company, :email, :password, :password_confirmation, :remember_me, :image, :image_cache)}
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :last_name, :company, :email, :password_confirmation, :current_password, :image, :image_cache)}
end
private
def load_schema
Apartment::Database.switch('public')
return unless request.subdomain.present?
if current_account
Apartment::Database.switch(current_account.subdomain)
else
redirect_to root_url(subdomain: false)
end
end
def current_account
@current_account ||= Account.find_by(subdomain: request.subdomain)
end
helper_method :current_account
def set_mailer_host
subdomain = current_account ? "#{current_account.subdomain}." : ""
ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
end
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def after_invite_path_for(resource)
users_path
end
end
我更愿意发表评论,但我只有36分,不允许发表评论,所以这里有一个不完整的答案: 这是来自Desive_invitable InvitationController的代码,它正在重定向您的请求
def resource_from_invitation_token
unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
set_flash_message(:alert, :invitation_token_invalid)
redirect_to after_sign_out_path_for(resource_name)
end
end
在rails控制台中,尝试运行:
token = '3GXDmi7NntDRdhvo57q5' #the token sent in the invitation email
User.find_by_invitation_token(token, true)
并查看是否返回您的用户。也许不会,但也许这会让你更接近答案。我希望如此
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :load_schema, :authenticate_user!, :set_mailer_host
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :company, :email, :password, :password_confirmation, :remember_me, :image, :image_cache)}
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :last_name, :company, :email, :password_confirmation, :current_password, :image, :image_cache)}
end
private
def load_schema
Apartment::Database.switch('public')
return unless request.subdomain.present?
if current_account
Apartment::Database.switch(current_account.subdomain)
else
redirect_to root_url(subdomain: false)
end
end
def current_account
@current_account ||= Account.find_by(subdomain: request.subdomain)
end
helper_method :current_account
def set_mailer_host
subdomain = current_account ? "#{current_account.subdomain}." : ""
ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
end
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def after_invite_path_for(resource)
users_path
end
end
Devise.setup do |config|
config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
require 'devise/orm/active_record'
config.case_insensitive_keys = [ :email ]
config.strip_whitespace_keys = [ :email ]
config.skip_session_storage = [:http_auth]
config.stretches = Rails.env.test? ? 1 : 10
config.reconfirmable = true
config.expire_all_remember_me_on_sign_out = true
config.password_length = 8..128
config.sign_out_via = :delete
config.allow_insecure_token_lookup = true
end
def resource_from_invitation_token
unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
set_flash_message(:alert, :invitation_token_invalid)
redirect_to after_sign_out_path_for(resource_name)
end
end
token = '3GXDmi7NntDRdhvo57q5' #the token sent in the invitation email
User.find_by_invitation_token(token, true)