Rails 教程 — 9.3.3 Current_User [英] Rails Tutorial — 9.3.3 Current_User

问题描述

所以我正在关注 Rails 教程，并且我'已经到了我们想要使用 sign_in SessionHelper 登录用户的部分.

So I'm following the Rails Tutorial, and I've gotten to the portion where we want to sign a user in with a sign_in SessionHelper.

问题 1:

  module SessionsHelper

  def sign_in(user)
    cookies.permanent.signed[:remember_token] = [user.id, user.salt]
    current_user = user
  end

  def current_user=(user) #set current_user
    @current_user = user
  end

  def current_user #get current_user
    @current_user
  end

我遇到困难的是以下部分:

What I'm having difficulty with is the part that reads:

问题在于它完全无法解决我们的问题:使用该代码，用户的登录状态将被忘记:只要用户转到另一个页面.

The problem is that it utterly fails to solve our problem: with the code the user's signin status would be forgotten: as soon as the user went to another page.

我不明白这是怎么回事?我继续阅读并理解添加的代码确保@current_user 永远不会为零.但是如果我们只是在第 5 行建立它，我看不到 current_user 将如何恢复为 nil.

I don't understand how this is true? I read on and understand the added code makes sure @current_user is never nil. But I'm not seeing how current_user would revert to nil if we just established it in 5th line.

问题 2:

更新后的代码如下:

module SessionsHelper

  def sign_in(user) #in helper because used in view & controller
    cookies.permanent.signed[:remember_token] = [user.id, user.salt]
    current_user = user
  end

  def current_user=(user) #set current_user
    @current_user = user
  end

  def current_user #get current_user
    @current_user ||= user_from_remember_token #<-- short-circuit evaluation
  end

  private

    def user_from_remember_token
      User.authenticate_with_salt(*remember_token) #*=use [] instead of 2 vars
    end

    def remember_token
      cookies.signed[:remember_token] || [nil, nil]
    end
end

在remember_token helper 中，为什么使用cookies.signed[] 而不是cookies.permanent.signed[] &为什么它不使用我们刚刚学到的 ||= 运算符?

In the remember_token helper, why does it use cookies.signed[] instead of cookies.permanent.signed[] & why doesn't it use ||= operator we just learned about?

问题 3:

为什么我们需要authenticate_with_salt?如果我认证 &sign_in 可以看到id &来自传递给它的用户的盐属性，为什么我们需要双重检查它?什么样的情况会引发混淆?

Why do we need to authenticate_with_salt? If I authenticate & sign_in can see the id & salt attributes from the user who was passed to it, why do we need to double_check it? What kind of situation would trigger a mixup?

推荐答案

请记住，像 @current_user 这样的实例变量仅在请求期间设置.控制器和视图处理程序实例是专门为一次性渲染而创建的.

Remember that instance variables like @current_user are only set for the duration of the request. The controller and view handler instances are created specifically for rendering once and once only.

通常很容易假设，因为您在某处设置了一个变量，它会在未来的某个时间点继续工作，但事实并非如此.要在请求之间保留某些内容，您需要将其存储在某个地方，最方便的地方是 session 工具.

It is often easy to presume that because you've set a variable somewhere that it will continue to work at some point in the future, but this is not the case. To preserve something between requests you need to store it somewhere, and the most convenient place is the session facility.

这个例子中缺少的东西是:

What's missing in this example is something along the lines of:

def current_user
  @current_user ||= User.find_by_remember_token(cookies[:remember_token])
end

通常，最好使用写访问器来映射您作为示例给出的 sign_in 方法的功能:

Generally it's a good idea to use the write accessor to map out the functionality of the sign_in method you've given as an example:

def current_user=(user)
  cookies.permanent.signed[:remember_token] = [user.id, user.salt]
  @current_user = user
end

奇怪的是，当分配当前用户的行为应该与暗示相同时，有一种特定的登录"方法.

It's odd that there is a specific "sign in" method when the act of assigning the current user should be the same thing by implication.

不过，从风格来看，当一个用户正在查看另一个用户时，调用这些方法 session_user 而不是 current_user 可能更有意义.根据您的观点，当前"可以表示我当前正在查看的用户"或我当前登录的用户"，这会导致混淆.会话"更具体.

From a matter of style, though, it might be more meaningful to call these methods session_user as opposed to current_user for those situations when one user is viewing another. "Current" can mean "user I am currently viewing" or "user I am currently logged in as" depending on your perspective, which causes confusion. "Session" is more specific.

更新:

响应你的附录，使用cookies读取和cookies.permanent赋值的原因与使用flash.now很相似code> 赋值，flash 读取..permanent 和 .now 部分旨在在执行赋值运算符时使用.

In response to your addendum, the reason for using cookies to read and cookies.permanent to assign is much the same as using flash.now to assign, and flash to read. The .permanent and .now parts are intended to be used when exercising the assignment operator.

这篇关于Rails 教程 — 9.3.3 Current_User的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！