Ruby on rails Rails 4-带纯文本和ERB的flash警报
我不确定我对待它的方式是问题,还是雇员再培训局 现在,当用户注册时,我发送了一封激活电子邮件。如果他们还没有激活,并尝试重新登录,系统会提示他们“对不起,您未经授权”。我想将其修改为,这样他们也可以重新发送电子邮件 会话控制器Ruby on rails Rails 4-带纯文本和ERB的flash警报,ruby-on-rails,ruby,Ruby On Rails,Ruby,我不确定我对待它的方式是问题,还是雇员再培训局 现在,当用户注册时,我发送了一封激活电子邮件。如果他们还没有激活,并尝试重新登录,系统会提示他们“对不起,您未经授权”。我想将其修改为,这样他们也可以重新发送电子邮件 会话控制器 class SessionsController < ApplicationController def new end def create user = User.find_by(email: params[:session][:email
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
if user.activated?
log_in user
params[:session][:remember_me] == '1' ? remember(user) : forget(user)
redirect_back_or user
else
message = "Account not activated. "
message += "Check your email for the activation link, or click" + <%= link_to "here", :controller => :user, :action => :resend_email %>+ "to have it resent!"
flash[:warning] = message
redirect_to root_url
end
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
log_out if logged_in?
redirect_to root_url
end
end
class UsersController < ApplicationController
before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
def index
@users = User.where(activated: true).paginate(page: params[:page])
end
def show
@user = User.find(params[:id])
redirect_to root_url and return unless @user.activated?
end
def new
@user = User.new
end
def create
@user = User.new(user_params)
if @user.save
@user.send_activation_email
flash[:info] = "Please check your email to activate your account."
redirect_to root_url
else
render 'new'
end
end
def resend_email
@user.send_activation_email
flash[:info] = "Please check your email to activate your account."
redirect_to root_url
else
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to @user
else
render 'edit'
end
end
def destroy
User.find(params[:id]).destroy
flash[:success] = "User deleted"
redirect_to users_url
end
private
def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation)
end
# Before filters
# Confirms a logged-in user.
def logged_in_user
unless logged_in?
store_location
flash[:danger] = "Please log in."
redirect_to login_url
end
end
# Confirms the correct user.
def correct_user
@user = User.find(params[:id])
redirect_to(root_url) unless current_user?(@user)
end
def admin_user
redirect_to(root_url) unless current_user.admin?
end
end
link = view_context.instance_exec do
ERB.new("<%= link_to 'here', :controller => :users, :action => :resend_activation %>").result(binding)
end
message = "Account not activated. "
message += "Check your email for the activation."
message += link # This is for demo purposes, just needed an output
它取得了进展(我想),现在它提示我“找不到任何get资源”。我正在研究何时使用get vs post,我认为我采用了正确的方法。但是,如果在它发送电子邮件之后,它应该返回到root\u url,为什么它要引用该路径呢
再次感谢
更新#2:
我可以通过添加路由开关,并将会话控制器修改为
但现在没有电子邮件发送出去,所有东西都返回登录
heroku日志--tail
告诉我
Heroku日志
<% flash.each do |message_type, message| %>
<%= content_tag(:div, sanitize(message), class: "alert alert-#{message_type}") %>
<% end %>
Rails.application.routes.draw do
root 'static_pages#home'
get '/home', to: 'static_pages#home'
get '/help', to: 'static_pages#help'
get '/about', to: 'static_pages#about'
get '/contact', to: 'static_pages#contact'
get '/signup', to: 'users#new'
post '/signup', to: 'users#create'
get '/login', to: 'sessions#new'
post '/login', to: 'sessions#create'
delete '/logout', to: 'sessions#destroy'
resources :users
resources :account_activations, only: [:edit]
post '/resend_activation:email' => 'account_activations#resend_activation',
:constraints => { :email => /[^\/]+/ }
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
end
2016-08-24T09:44:48.990703+00:00 app[web.1]: I, [2016-08-24T09:44:48.990609 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Started GET "/resend_activation/test@example.com" for 100.15.65.126 at 2016-08-24 09:44:48 +0000
2016-08-24T09:44:48.992317+00:00 app[web.1]: I, [2016-08-24T09:44:48.992217 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Processing by StaticPagesController#home as
2016-08-24T09:44:48.992394+00:00 app[web.1]: I, [2016-08-24T09:44:48.992349 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Parameters: {"email"=>"test@example.com"}
2016-08-24T09:44:48.997712+00:00 app[web.1]: I, [2016-08-24T09:44:48.997648 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendering static_pages/home.html.erb within layouts/application
2016-08-24T09:44:48.999032+00:00 app[web.1]: I, [2016-08-24T09:44:48.998965 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendered static_pages/home.html.erb within layouts/application (1.1ms)
2016-08-24T09:44:49.010260+00:00 app[web.1]: I, [2016-08-24T09:44:49.010186 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendered layouts/_shim.html.erb (0.4ms)
2016-08-24T09:44:49.010516+00:00 app[web.1]: I, [2016-08-24T09:44:49.010461 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendered layouts/_shim.html.erb (0.0ms)
2016-08-24T09:44:49.010642+00:00 app[web.1]: I, [2016-08-24T09:44:49.010591 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendered layouts/_headElement.html.erb (7.6ms)
2016-08-24T09:44:49.020206+00:00 app[web.1]: D, [2016-08-24T09:44:49.020136 #5] DEBUG -- : [8cfcee3c-133c-489e-8877-523578821d67] User Load (1.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 103], ["LIMIT", 1]]
2016-08-24T09:44:49.020630+00:00 app[web.1]: I, [2016-08-24T09:44:49.020565 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendered layouts/_header.html.erb (3.8ms)
2016-08-24T09:44:49.025024+00:00 app[web.1]: I, [2016-08-24T09:44:49.024957 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Rendered layouts/_footer.html.erb (0.7ms)
2016-08-24T09:44:49.025337+00:00 app[web.1]: I, [2016-08-24T09:44:49.025273 #5] INFO -- : [8cfcee3c-133c-489e-8877-523578821d67] Completed 200 OK in 33ms (Views: 26.1ms | ActiveRecord: 1.8ms)
它找到并呈现该成员,但不再发送邮件。我想这是因为我必须建立get路线,以使其“工作”?具有以下代码:
message +=
"..."" +
<%= link_to "here", :controller => :user, :action => :resend_email %> +
"..."
顺便说一下,如果您自己编译ERB,则可以在控制器中使用它:
link = ERB.new("<%= view_context.link_to(...) %>").result(binding)
值得一提的是,如果您在控制器中创建自定义html字符串(就像您在这里使用flash所做的那样),当您在视图上显示文本时,您将需要添加一些自定义方法以使html显示为真实的html:
# in controller
flash[:test] = "<span>some html</span>"
# in view
<%= raw flash[:test].html_safe %>
控制器中的#
flash[:test]=“一些html”
#鉴于
这样,只会显示文本some html
,而不会显示整个字符串some html
有一个原因是raw
和html\u safe
是必要的,这是因为打印html存在安全风险,而Rails的设计使打印更加困难
假设您的用户将用户名设置为
“警报(“黑客”)”
,该字符串以某种方式将其作为真正的html显示在页面上。您可能只是让您的用户接触到XSS(跨站点脚本),这是您不想做的。因此,请确保在使用raw.html\u safe
时,不会显示用户生成的任何内容 您的路由之所以告诉您id=nil
是因为您的:激活\u令牌
是该路由中的id
,它不存储在数据库中,它实际上是使用attr\u访问器创建的。相反,将:activation\u token
存储为数据库中的一列 非常感谢你提供的所有信息,你引导我进行了一场势均力敌的追逐,这让我非常接近。我不知道html_-safe(或我发现相关的清理功能)。我现在很接近了,如果你能看看我即将发布的更新,我会非常感激。你解决过这个问题吗?
link = "#{view_context.link_to 'here', :controller => :user, :action => :resend_email}"
link = ERB.new("<%= view_context.link_to(...) %>").result(binding)
link = view_context.instance_exec do
ERB.new("<%= link_to(...) %>").result(binding)
end
link = view_context.instance_exec do
"#{link_to(...)}"
end
# in controller
flash[:test] = "<span>some html</span>"
# in view
<%= raw flash[:test].html_safe %>