Destroy_with_password始终返回false [英] Destroy_with_password always returns false

问题描述

以现有问题为基础，逐步解决需要密码才能使用Ruby gem Devise的 destroy_with_password 删除用户帐户.

Building off of an existing question that walks through how to require a password to delete a user account using the Ruby gem Devise's destroy_with_password.

我的销毁动作如下:

def destroy
  @user = User.find(current_user.id)
  if @user.destroy_with_password(user_params)
      redirect_to root_url, notice: "User deleted."
  else
      redirect_to root_url
      flash[:notice] = "Couldn't delete"
  end
end

def user_params
   params.require(:user).permit(:first_name, :last_name, :password, 
                                :password_confirmation, :current_password... (etc) )
end

和表格:

<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :delete }) do |f| %>
    <%= f.password_field :current_password, autocomplete: "off" %>
    <%= f.button :submit %>
<% end %>

重定向有效，但是即使输入了正确的密码而不删除帐户，它仍会重定向.

The redirect works, but it redirects even when the correct password is inputted without deleting the account.

我运行 binding.pry ，并且 @ user.destroy_with_password(user_params)始终返回false.

I run binding.pry, and @user.destroy_with_password(user_params) always returns false.

如果我打开 user_params ，则会返回以下内容:

If I open user_params this is what is returned:

<ActionController::Parameters {"current_password"=>"123456"} permitted: true>

推荐答案

根据官方文档 destroy_with_password 接受 current_password 参数，因此无需传递整个user_params 只需传递 current_password ，执行此操作

According to the official docs destroy_with_password accepts current_password argument, so instead of passing the whole user_params just pass the current_password, do this

@user.destroy_with_password(user_params[:current_password])

ruby​​doc中的更多信息

More info in rubydoc

Devise :: Models :: DatabaseAuthenticatable#destroy_with_password

尝试一下.

这篇关于Destroy_with_password始终返回false的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！