Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/ruby-on-rails-4/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ruby on rails Rails 4设计不可侵犯邀请令牌无效_Ruby On Rails_Ruby On Rails 4_Devise_Multi Tenant_Devise Invitable - Fatal编程技术网
Fatal编程技术网
  • ruby-on-rails/
  • Ruby on rails Rails 4设计不可侵犯邀请令牌无效

Ruby on rails Rails 4设计不可侵犯邀请令牌无效

ruby-on-rails ruby-on-rails-4

Ruby on rails Rails 4设计不可侵犯邀请令牌无效,ruby-on-rails,ruby-on-rails-4,devise,multi-tenant,devise-invitable,Ruby On Rails,Ruby On Rails 4,Devise,Multi Tenant,Devise Invitable,我一直在跟踪,但遇到了与Desive_invitable的障碍。我正在使用 Rails 4.1.5 devise 3.3.0 devise_invitable 1.3.6 Postgresql 我在所选子域(mysubdomain.lvh.me:3000)上创建了一个新帐户和用户/帐户所有者,我可以从中发送用户邀请。我在匿名Chrome会话中打开邀请链接,以确保我没有登录或没有任何当前会话。单击邀请链接后,我被重定向到登录页面(mysubdomain.lvh.me:3000/users/

我一直在跟踪,但遇到了与Desive_invitable的障碍。我正在使用

Rails 4.1.5 
devise 3.3.0  
devise_invitable 1.3.6
Postgresql
我在所选子域(mysubdomain.lvh.me:3000)上创建了一个新帐户和用户/帐户所有者,我可以从中发送用户邀请。我在匿名Chrome会话中打开邀请链接,以确保我没有登录或没有任何当前会话。单击邀请链接后,我被重定向到登录页面(mysubdomain.lvh.me:3000/users/sign_-in),并看到一个即时通知:“提供的邀请令牌无效!”

我使用的是一个非常简单的mailer视图(app/views/devise/mailer/invitation\u instructions.html.erb)

这是我的应用程序控制器的良好措施

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_filter :load_schema, :authenticate_user!, :set_mailer_host
  before_filter :configure_permitted_parameters, if: :devise_controller?


  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :company, :email, :password, :password_confirmation, :remember_me, :image, :image_cache)}
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :last_name, :company, :email, :password_confirmation, :current_password, :image, :image_cache)}
  end

private
  def load_schema
    Apartment::Database.switch('public')
    return unless request.subdomain.present?

    if current_account
      Apartment::Database.switch(current_account.subdomain)
    else
      redirect_to root_url(subdomain: false)
    end
  end  

  def current_account
    @current_account ||= Account.find_by(subdomain: request.subdomain)
  end
  helper_method :current_account

  def set_mailer_host
    subdomain = current_account ? "#{current_account.subdomain}." : ""
    ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
  end

  def after_sign_out_path_for(resource_or_scope)
    new_user_session_path
  end

  def after_invite_path_for(resource)
    users_path
  end

end
我更愿意发表评论,但我只有36分,不允许发表评论,所以这里有一个不完整的答案:

这是来自Desive_invitable InvitationController的代码,它正在重定向您的请求

def resource_from_invitation_token
  unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
    set_flash_message(:alert, :invitation_token_invalid)
    redirect_to after_sign_out_path_for(resource_name)
  end
end
在rails控制台中,尝试运行:

token = '3GXDmi7NntDRdhvo57q5' #the token sent in the invitation email
User.find_by_invitation_token(token, true)
并查看是否返回您的用户。也许不会,但也许这会让你更接近答案。我希望如此

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_filter :load_schema, :authenticate_user!, :set_mailer_host
  before_filter :configure_permitted_parameters, if: :devise_controller?


  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :company, :email, :password, :password_confirmation, :remember_me, :image, :image_cache)}
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :last_name, :company, :email, :password_confirmation, :current_password, :image, :image_cache)}
  end

private
  def load_schema
    Apartment::Database.switch('public')
    return unless request.subdomain.present?

    if current_account
      Apartment::Database.switch(current_account.subdomain)
    else
      redirect_to root_url(subdomain: false)
    end
  end  

  def current_account
    @current_account ||= Account.find_by(subdomain: request.subdomain)
  end
  helper_method :current_account

  def set_mailer_host
    subdomain = current_account ? "#{current_account.subdomain}." : ""
    ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
  end

  def after_sign_out_path_for(resource_or_scope)
    new_user_session_path
  end

  def after_invite_path_for(resource)
    users_path
  end

end

Devise.setup do |config|

  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [ :email ]

  config.strip_whitespace_keys = [ :email ]

  config.skip_session_storage = [:http_auth]

  config.stretches = Rails.env.test? ? 1 : 10

  config.reconfirmable = true

  config.expire_all_remember_me_on_sign_out = true

  config.password_length = 8..128

  config.sign_out_via = :delete

  config.allow_insecure_token_lookup = true
end

def resource_from_invitation_token
  unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
    set_flash_message(:alert, :invitation_token_invalid)
    redirect_to after_sign_out_path_for(resource_name)
  end
end

token = '3GXDmi7NntDRdhvo57q5' #the token sent in the invitation email
User.find_by_invitation_token(token, true)