Rails devise_token_auth gem,如何设置密码重置链接? [英] Rails devise_token_auth gem, how do I set password reset link?
问题描述
我在使用此gem的密码重置功能时遇到问题. https://github.com/lynndylanhurley/devise_token_auth
I have a problem for using password reset function of this gem. https://github.com/lynndylanhurley/devise_token_auth
这是来自文档.
/password/edit GET
通过密码重置令牌验证用户.此路由是目的地密码重置确认的URL.此路线必须包含reset_password_token和redirect_url参数.这些值将被设置自动通过由生成的确认电子邮件密码重置请求."
"Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain reset_password_token and redirect_url params. These values will be set automatically by the confirmation email that is generated by the password reset request."
当用户忘记密码时,他们可以输入注册的电子邮件,并且会通过电子邮件收到密码重置链接.
When users forget theirs passwords, they can enter their registered email, and they will receive a password reset link via email.
params =电子邮件和重定向链接( https://example.com/api/auth/password/edit )
params = email and redirect link (https://example.com/api/auth/password/edit)
我可以通过电子邮件发送密码重置链接,但是当我单击该链接或电子邮件中的更改我的密码"时,它会跳转到带有令牌的重定向地址.
I can send a password reset link via email, but when I click the link or "Change my password" in the email, it jump to the redirect address with token.
它显示您要查找的页面不存在".
And it shows the "The page you were looking for doesn't exist."
这可能是路线错误或其他原因,但我不知道.我什至不确定是否应该为重定向链接设置"/password/edit".
This might be routes errror or something, but I don't know. I am not even sure if I should set "/password/edit" for redirect link.
这是github的相关链接 https://github.com/lynndylanhurley/devise_token_auth/issues/604
This is the related link for the github https://github.com/lynndylanhurley/devise_token_auth/issues/604
我是否缺少某些内容,还是应该为重定向链接部分设置其他地址?
Am I missing something, or should I set a different address for redirect link part?
推荐答案
如上所述,devise_token_auth具有三个API调用,用于重置密码.
As noted above, devise_token_auth has three API's calls to make for resetting a password.
POST /auth/password
Params: 'email', 'redirect_url'
例如:
curl -v -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST https://myapp.com/auth/password -d '{"email":"foo@gmail.com", "redirect_url": "https://myapp.com/auth/sign_in"}'
请注意,给出的 redirect_url 必须与您希望用户用来确认和重置密码的端点相对应.
Note that the redirect_url given must correspond to the endpoint you want the user taken to for confirming and resetting their password.
例如如果要重定向到iOS应用程序中的某个位置,请在 redirect_url 定义中使用该应用程序方案的URL.例如.在iOS上手动执行此操作:
E.g. if wanting redirect to somewhere within an iOS app, use the URL for that app scheme in the redirect_url definition. E.g. to manually do this on iOS:
curl -v -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST https://myapp.com/auth/password -d '{"email":"foo@gmail.com", "redirect_url": "myappStoreAppName://auth/password/edit"}'
2.GET调用以验证密码重置令牌(在电子邮件中单击)
GET /auth/password/edit
Params: 'password_reset_token', 'redirect_url'
E.g. via our iOS app would produce an email link like this: https://myapp.com/auth/password/edit?config=default&redirect_url=myappStoreName%3A%2F%2Fauth%2Fpassword%2Fedit&reset_password_token=Qv6mkLuoy9zN-Y1pKghB
如果这是来自Web应用程序,则"redirect_to"链接应指向可以填写 password 和 password_confirmation 表单的表单.如果密码重置电子邮件链接指向一个移动应用程序,则由该应用程序来创建密码重置表格.
If this is from a web app, the 'redirect_to' link should point to a form where a password and password_confirmation form can be filled out. If the password reset email link points to a mobile app, it's up to that app to create the password reset form.
在此步骤中最重要的是知道发出请求的客户端将从Rails应用中获取 Access-Token HEADER.
Most important in this step is knowing that the client making the request will get back an Access-Token HEADER from the Rails app.
此访问令牌需要保存,因为客户端将在下一个请求中使用此访问令牌,以在用户更改密码时保持用户身份验证.
This Access-Token needs to be saved, because it's what the client will use in the next request to keep the user authenticated while the user changes their password.
PUT /auth/password
Head: 'uid: VALUE', 'client: VALUE', 'access-token: VALUE', 'token-type: Bearer'
Params: 'password', 'password_confirmation'
请注意此PUT调用需要提供的HEAD值.这样可以确保我们(现在已通过身份验证的用户)有权执行密码更改,并确保即使更改密码后我们的用户也可以继续保持身份验证.
Note the HEAD values that need to be supplied for this PUT call. These ensure our (now authenticated user) has permission to execute a change of password, and ensure that our user can continue to remain authenticated even after changing their password.
例如通过卷曲:
curl -v -H 'Content-Type: application/json' -H 'uid: foo@gmail.com' -H 'client: U9FIDbiDbYVulsi1dBpxOQ' -H 'access-token: JbGQi97FTAwsW4n6SZ9aYQ' -H 'Accept: application/json' -X PUT https://myapp.com/auth/password -d '{"password": "foobar", "password_confirmation": "foobar"}'
这篇关于Rails devise_token_auth gem,如何设置密码重置链接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
