Destroy_with_password始终返回false [英] Destroy_with_password always returns false
问题描述
以现有问题为基础,逐步解决需要密码才能使用Ruby gem Devise的 destroy_with_password
删除用户帐户.
Building off of an existing question that walks through how to require a password to delete a user account using the Ruby gem Devise's destroy_with_password
.
我的销毁动作如下:
def destroy
@user = User.find(current_user.id)
if @user.destroy_with_password(user_params)
redirect_to root_url, notice: "User deleted."
else
redirect_to root_url
flash[:notice] = "Couldn't delete"
end
end
def user_params
params.require(:user).permit(:first_name, :last_name, :password,
:password_confirmation, :current_password... (etc) )
end
和表格:
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :delete }) do |f| %>
<%= f.password_field :current_password, autocomplete: "off" %>
<%= f.button :submit %>
<% end %>
重定向有效,但是即使输入了正确的密码而不删除帐户,它仍会重定向.
The redirect works, but it redirects even when the correct password is inputted without deleting the account.
我运行 binding.pry
,并且 @ user.destroy_with_password(user_params)
始终返回false.
I run binding.pry
, and @user.destroy_with_password(user_params)
always returns false.
如果我打开 user_params
,则会返回以下内容:
If I open user_params
this is what is returned:
<ActionController::Parameters {"current_password"=>"123456"} permitted: true>
推荐答案
根据官方文档 destroy_with_password
接受 current_password
参数,因此无需传递整个user_params
只需传递 current_password
,执行此操作
According to the official docs destroy_with_password
accepts current_password
argument, so instead of passing the whole user_params
just pass the current_password
, do this
@user.destroy_with_password(user_params[:current_password])
rubydoc中的更多信息
More info in rubydoc
Devise :: Models :: DatabaseAuthenticatable#destroy_with_password
尝试一下.
这篇关于Destroy_with_password始终返回false的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!