Ruby on rails Rails 4-带纯文本和ERB的flash警报

我不确定我对待它的方式是问题，还是雇员再培训局

现在，当用户注册时，我发送了一封激活电子邮件。如果他们还没有激活，并尝试重新登录，系统会提示他们“对不起，您未经授权”。我想将其修改为，这样他们也可以重新发送电子邮件

会话控制器

class SessionsController < ApplicationController
  def new
  end

  def create
    user = User.find_by(email: params[:session][:email].downcase)
    if user && user.authenticate(params[:session][:password])
      if user.activated?
        log_in user
        params[:session][:remember_me] == '1' ? remember(user) : forget(user)
        redirect_back_or user
      else
        message  = "Account not activated. "
        message += "Check your email for the activation link, or click" + <%= link_to "here", :controller => :user, :action => :resend_email  %>+ "to have it resent!"
        flash[:warning] = message
        redirect_to root_url
      end
    else
      flash.now[:danger] = 'Invalid email/password combination'
      render 'new'
    end
  end

  def destroy
    log_out if logged_in?
    redirect_to root_url
  end

end

class UsersController < ApplicationController
    before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
    before_action :correct_user,   only: [:edit, :update]
    before_action :admin_user,     only: :destroy

  def index
    @users = User.where(activated: true).paginate(page: params[:page])
  end

  def show
    @user = User.find(params[:id])
    redirect_to root_url and return unless @user.activated?
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)
    if @user.save
      @user.send_activation_email
      flash[:info] = "Please check your email to activate your account."
      redirect_to root_url
    else
      render 'new'
    end
  end

  def resend_email
     @user.send_activation_email
     flash[:info] = "Please check your email to activate your account."
     redirect_to root_url
  else

  def edit
    @user = User.find(params[:id])
  end

  def update
    @user = User.find(params[:id])
    if @user.update_attributes(user_params)
      flash[:success] = "Profile updated"
      redirect_to @user
    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User deleted"
    redirect_to users_url
  end

  private

    def user_params
      params.require(:user).permit(:name, :email, :password,
                                   :password_confirmation)
    end

    # Before filters

    # Confirms a logged-in user.
    def logged_in_user
      unless logged_in?
        store_location
        flash[:danger] = "Please log in."
        redirect_to login_url
      end
    end

    # Confirms the correct user.
    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_url) unless current_user?(@user)
    end

    def admin_user
      redirect_to(root_url) unless current_user.admin?
    end

end

link = view_context.instance_exec do
  ERB.new("<%= link_to 'here', :controller => :users, :action => :resend_activation %>").result(binding)
end
message  = "Account not activated. "
message += "Check your email for the activation." 
message += link  # This is for demo purposes, just needed an output

它取得了进展（我想），现在它提示我“找不到任何get资源”。我正在研究何时使用get vs post，我认为我采用了正确的方法。但是，如果在它发送电子邮件之后，它应该返回到root\u url，为什么它要引用该路径呢

再次感谢

更新#2：

我可以通过添加路由开关，并将会话控制器修改为

但现在没有电子邮件发送出去，所有东西都返回登录

heroku日志--tail

告诉我

Heroku日志

  <% flash.each do |message_type, message| %>
    <%= content_tag(:div, sanitize(message), class: "alert alert-#{message_type}") %>
  <% end %>

Rails.application.routes.draw do

  root 'static_pages#home'
  get '/home', to: 'static_pages#home'
  get '/help', to: 'static_pages#help'
  get '/about', to: 'static_pages#about'
  get '/contact', to: 'static_pages#contact'
  get '/signup', to: 'users#new'
  post '/signup', to: 'users#create'
  get    '/login',   to: 'sessions#new'
  post   '/login',   to: 'sessions#create'
  delete '/logout',  to: 'sessions#destroy'
  resources :users
  resources :account_activations, only: [:edit]
  post '/resend_activation:email'  =>  'account_activations#resend_activation',
                                        :constraints => { :email => /[^\/]+/ }
  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
end

2016-08-24T09:44:48.990703+00:00 app[web.1]: I, [2016-08-24T09:44:48.990609 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Started GET "/resend_activation/test@example.com" for 100.15.65.126 at 2016-08-24 09:44:48 +0000
2016-08-24T09:44:48.992317+00:00 app[web.1]: I, [2016-08-24T09:44:48.992217 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Processing by StaticPagesController#home as 
2016-08-24T09:44:48.992394+00:00 app[web.1]: I, [2016-08-24T09:44:48.992349 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Parameters: {"email"=>"test@example.com"}
2016-08-24T09:44:48.997712+00:00 app[web.1]: I, [2016-08-24T09:44:48.997648 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendering static_pages/home.html.erb within layouts/application
2016-08-24T09:44:48.999032+00:00 app[web.1]: I, [2016-08-24T09:44:48.998965 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendered static_pages/home.html.erb within layouts/application (1.1ms)
2016-08-24T09:44:49.010260+00:00 app[web.1]: I, [2016-08-24T09:44:49.010186 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendered layouts/_shim.html.erb (0.4ms)
2016-08-24T09:44:49.010516+00:00 app[web.1]: I, [2016-08-24T09:44:49.010461 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendered layouts/_shim.html.erb (0.0ms)
2016-08-24T09:44:49.010642+00:00 app[web.1]: I, [2016-08-24T09:44:49.010591 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendered layouts/_headElement.html.erb (7.6ms)
2016-08-24T09:44:49.020206+00:00 app[web.1]: D, [2016-08-24T09:44:49.020136 #5] DEBUG -- : [8cfcee3c-133c-489e-8877-523578821d67]   User Load (1.8ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2  [["id", 103], ["LIMIT", 1]]
2016-08-24T09:44:49.020630+00:00 app[web.1]: I, [2016-08-24T09:44:49.020565 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendered layouts/_header.html.erb (3.8ms)
2016-08-24T09:44:49.025024+00:00 app[web.1]: I, [2016-08-24T09:44:49.024957 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67]   Rendered layouts/_footer.html.erb (0.7ms)
2016-08-24T09:44:49.025337+00:00 app[web.1]: I, [2016-08-24T09:44:49.025273 #5]  INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Completed 200 OK in 33ms (Views: 26.1ms | ActiveRecord: 1.8ms)

---

它找到并呈现该成员，但不再发送邮件。我想这是因为我必须建立get路线，以使其“工作”？

具有以下代码：

    message += 
      "..."" +
      <%= link_to "here", :controller => :user, :action => :resend_email  %> + 
      "..."

顺便说一下，如果您自己编译ERB，则可以在控制器中使用它：

link = ERB.new("<%= view_context.link_to(...) %>").result(binding)

值得一提的是，如果您在控制器中创建自定义html字符串（就像您在这里使用flash所做的那样），当您在视图上显示文本时，您将需要添加一些自定义方法以使html显示为真实的html：

# in controller
flash[:test] = "<span>some html</span>"

# in view
<%= raw flash[:test].html_safe %>

控制器中的

#
flash[：test]=“一些html”
#鉴于

这样，只会显示文本

some html

，而不会显示整个字符串

some html

有一个原因是

raw

和

html\u safe

是必要的，这是因为打印html存在安全风险，而Rails的设计使打印更加困难

---

假设您的用户将用户名设置为

“警报（“黑客”）”

，该字符串以某种方式将其作为真正的html显示在页面上。您可能只是让您的用户接触到XSS（跨站点脚本），这是您不想做的。因此，请确保在使用

raw.html\u safe

时，不会显示用户生成的任何内容

您的路由之所以告诉您

id=nil

是因为您的

：激活\u令牌

是该路由中的

id

，它不存储在数据库中，它实际上是使用

attr\u访问器创建的。相反，将
：activation\u token
存储为数据库中的一列
 非常感谢你提供的所有信息，你引导我进行了一场势均力敌的追逐，这让我非常接近。我不知道html_-safe（或我发现相关的清理功能）。我现在很接近了，如果你能看看我即将发布的更新，我会非常感激。你解决过这个问题吗？
link = "#{view_context.link_to 'here', :controller => :user, :action => :resend_email}"

link = ERB.new("<%= view_context.link_to(...) %>").result(binding)

link = view_context.instance_exec do
  ERB.new("<%= link_to(...) %>").result(binding)
end

link = view_context.instance_exec do
  "#{link_to(...)}"
end

# in controller
flash[:test] = "<span>some html</span>"

# in view
<%= raw flash[:test].html_safe %>