带有清除密码重置问题的Rails 4 [英] Rails 4 with Clearance password reset issue
问题描述
我正在使用身份验证gem'clearance'构建Rails 4应用程序.我有点遇到以下问题:
I'm building an Rails 4 app with the authentication gem 'clearance'. I'm kind of stuck with the following problem:
当用户忘记他/她的密码并想要设置新密码时,找不到该用户. (但存在于数据库中),这是服务器日志:
When an user forgets his/her password and would like to set a new password, the user is not found. (but exist in DB), this is the server log:
Started PUT "/passwords/1?token=[FILTERED]" for 127.0.0.1 at 2013-08-10 21:00:58 +0200
Processing by PasswordsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "password_reset"=>"[FILTERED]", "token"=>"[FILTERED]", "id"=>"1"}
User Load (1.1ms) SELECT "users".* FROM "users" WHERE "users"."id" IS NULL AND "users"."confirmation_token" = 'bcc6a5b49bc64628eff15bf92761fe1775ef252c' LIMIT 1
Rendered passwords/new.html.slim within layouts/application (0.9ms)
Rendered partials/_favicon_styles.html.slim (0.4ms)
User Load (0.9ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
Rendered partials/_navigation.html.slim (11.2ms)
Rendered partials/_notification.html.slim (0.1ms)
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
Rendered partials/_footer.html.slim (1.0ms)
Filter chain halted as :forbid_non_existent_user rendered or redirected
Completed 200 OK in 38ms (Views: 33.0ms | ActiveRecord: 2.3ms)
但是,当用户登录时,他或她可以更改密码,并且登录也可以正常进行..
But when a user is logged in, he or she can change password and also login works normally ..
我认为问题出在查询中,我以表格形式发送ID,但是当ID到达查询时,它说IS NULL.但是我已经为它苦苦挣扎了好几个小时,但找不到解决方法.
I think the problem is in the query, I am sending the id with the form, but when the id reaches the query it says IS NULL. But I've struggled with it for hours, but can't find the solution.
7次请求缓存也是问题吗?
Also is the 7 times request for cache a problem?
提前谢谢!
更新
如下更改了强参数和'find_user_by_id_and_confimatrion_token'方法:
Changed the strong parameters and the 'find_user_by_id_and_confimatrion_token' method as followed:
def find_user_by_id_and_confirmation_token
Clearance.configuration.user_model.
find_by_id_and_confirmation_token params[:**id**], params[:token].to_s
end
这是:user_id,这不是参数的名称.
This was :user_id, this is not the name of the params.
def password_reset_params
# if params.has_key? :user
# ActiveSupport::Deprecation.warn %{Since locales functionality was added, accessing params[:user] is no longer supported.}
# params[:user][:password]
# else
# params[:password_reset][:password]
# end
params.require(:password_reset).permit(:password_reset, :password, :token, :id)
end
但这会引发另一个错误:
But this throws in another error:
Started PUT "/passwords/1?token=[FILTERED]" for 127.0.0.1 at 2013-08-11 16:31:20 +0200
Processing by PasswordsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "password_reset"=>" [FILTERED]", "token"=>"[FILTERED]", "id"=>"1"}
User Load (1.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'd892a4698f5eff29e34378716ebd46414ad6e8cf' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'd892a4698f5eff29e34378716ebd46414ad6e8cf' LIMIT 1
(0.4ms) BEGIN
User Exists (1.0ms) SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'user@test.nl' AND "users"."id" != 1) LIMIT 1
(0.4ms) ROLLBACK
Rendered passwords/edit.html.slim within layouts/application (1.2ms)
Rendered partials/_favicon_styles.html.slim (0.3ms)
User Load (0.9ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
Rendered partials/_navigation.html.slim (4.7ms)
Rendered partials/_notification.html.slim (0.1ms)
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
Rendered partials/_footer.html.slim (0.4ms)
Completed 200 OK in 112ms (Views: 12.5ms | ActiveRecord: 4.1ms)
它表示用户已经存在,并回滚更改.因为这是更新,所以用户必须存在.
It says that the user already exists, and rollback the changes. Because this is an update, the user must exist.
更新2
我仍在尝试解决此问题,这里是编辑密码的登录用户与通过密码忘记方法(未登录)之间的区别
I'm still trying to fix this issue, here the difference between a logged in user who's editing their password, and via password forget method (not logged in)
已登录用户更改密码
Started PATCH "/admin/users/1" for 127.0.0.1 at 2013-08-13 16:12:07 +0200
Processing by Admin::UsersController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"password"=>" [FILTERED]", "password_confirmation"=>"[FILTERED]"}, "id"=>"1"}
User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = 'f1078c2b74f6b3b3c9950b87a5b927db3f2bffcd' LIMIT 1
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1(0.4ms)
BEGIN
User Exists (1.0ms) SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'info@netventief.nl' AND "users"."id" != 1) LIMIT 1
SQL (1.6ms) UPDATE "users" SET "encrypted_password" = $1, "updated_at" = $2 WHERE "users"."id" = 1 [["encrypted_password", "$2a$10$F4p6N0va/TY2nKOiXOSQ7e23NnHPyDytQZ6EvhtGd7FJ2oTMVFbSS"], ["updated_at", Tue, 13 Aug 2013 16:12:07 CEST +02:00]](12.6ms)
COMMIT
Rendered admin/users/edit.html.slim within layouts/application (8.7ms)
Rendered partials/_favicon_styles.html.slim (0.3ms)
Rendered partials/_olderbrowser.html (0.0ms)
Rendered partials/_navigation.html.slim (2.6ms)
Rendered partials/_notification.html.slim (0.1ms)
Rendered partials/_footer.html.slim (0.1ms)
Completed 200 OK in 167ms (Views: 23.0ms | ActiveRecord: 17.3ms)
忘记密码并输入新密码的用户
Started PUT "/passwords/1?token=[FILTERED]" for 127.0.0.1 at 2013-08-13 16:58:45 +0200
Processing by PasswordsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"password"=>"[FILTERED]"}, "token"=>"[FILTERED]", "id"=>"1"}
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'b198361b098c1bf110a2171dd7f00258d9ca9240' LIMIT 1
CACHE
(0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."confirmation_token" = 'b198361b098c1bf110a2171dd7f00258d9ca9240' LIMIT 1
(0.3ms)BEGIN
User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'info@netventief.nl' AND "users"."id" != 1) LIMIT 1
(0.2ms) ROLLBACK
Rendered passwords/edit.html.slim within layouts/application (1.4ms)
Rendered partials/_favicon_styles.html.slim (0.3ms)
Rendered partials/_olderbrowser.html (0.0ms)
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
Rendered partials/_navigation.html.slim (5.0ms)
Rendered partials/_notification.html.slim (0.1ms)
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '' LIMIT 1
Rendered partials/_footer.html.slim (0.5ms)
Completed 200 OK in 102ms (Views: 14.7ms | ActiveRecord: 2.0ms)
仍然希望使用Put/Patch方法和所有缓存警报.对我来说,这似乎非常相似..我尝试使用修补程序http方法,但无济于事.
Still expect the Put/Patch method and all the cache alerts. This seems pretty the same to me .. I have tried to use the patch http method, but it didn't help.
更新3
也是我的控制器代码,它与Clearance :: PasswordsController几乎相同.删除了我的问题未调用的方法.
Also my controller code, its pretty much the same as Clearance::PasswordsController. Removed methods that are not called by my problem.
require 'active_support/deprecation'
class PasswordsController < ApplicationController
skip_before_filter :authorize, :only => [:create, :edit, :new, :update]
before_filter :forbid_missing_token, :only => [:edit, :update]
before_filter :forbid_non_existent_user, :only => [:edit, :update]
def edit
@user = find_user_for_edit
render :template => 'passwords/edit'
end
def update
@user = find_user_for_update
if @user.update_attributes( password: password_reset_params )
sign_in @user
redirect_to url_after_update
else
flash_failure_after_update
render :template => 'passwords/edit'
end
end
private
def password_reset_params
if params.has_key? :user
ActiveSupport::Deprecation.warn %{Since locales functionality was added, accessing params[:user] is no longer supported.}
params[:user][:password]
else
params[:password_reset][:password]
end
end
def find_user_by_id_and_confirmation_token
Clearance.configuration.user_model.
find_by_id_and_confirmation_token params[:id], params[:token].to_s
end
def find_user_for_edit
find_user_by_id_and_confirmation_token
end
def find_user_for_update
find_user_by_id_and_confirmation_token
end
def forbid_missing_token
if params[:token].to_s.blank?
flash_failure_when_forbidden
render :template => 'passwords/new'
end
end
def forbid_non_existent_user
unless find_user_by_id_and_confirmation_token
flash_failure_when_forbidden
render :template => 'passwords/new'
end
end
end
推荐答案
您应该跟踪从以下位置触发以下SQL查询的位置:
You should track down where the following SQL query is being triggered from:
User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'info@netventief.nl' AND "users"."id" != 1) LIMIT 1
这是导致保存失败的行.我的猜测是,在调用@user.update_attributes时会触发用户模型上的验证或其他回调.验证/回调失败,这导致保存失败.
This is the line that is causing your save to fail. My guess is that you have a validation or some other callback on your User model that is firing when you are calling @user.update_attributes. The validation/callback is failing, which is causing the save to fail.
这篇关于带有清除密码重置问题的Rails 4的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
