如何跳过 has_secure_password 验证 [英] How to skip has_secure_password validations

问题描述

在我的应用中，只有管理员才能创建新的用户记录.用户会通过电子邮件收到一个激活链接，他们可以在其中设置密码.

In my app, only admins can create new User records. The user is emailed an activation link where they set their password.

我想使用 has_secure_passord 方法(railscast):

I'd like to use the has_secure_passord method (railscast):

class User < ActiveRecord::Base
  has_secure_password
  ...
end

效果很好，但它会自动验证密码摘要的存在......因此，当管理员创建记录时，验证失败.我有没有办法只跳过自动添加的 password_digest 验证而不跳过我添加的其他验证?

Works great, but it automatically validates presence of password digest...so when the admin creates the record the validations fail. I there a way to skip just the automatically added password_digest validation without skipping the others I've added?

推荐答案

我决定进行自己的自定义身份验证.以下解决方案将验证密码，但仅在设置密码时.这允许管理员在不添加密码的情况下创建用户.

I decided to do my own custom authentication. The following solution will validate passwords but only when they are being set. This allows admins to create users without adding a password.

class User < ActiveRecord::Base
  include BCrypt

  attr_accessor :password, :password_confirmation

  validates :password, length: (6..32), confirmation: true, if: :setting_password?

  def password=(password)
    @password = password
    self.password_hash = Password.create(password)
  end

  def authenticate(password)
    password.present? && password_hash.present? && Password.new(password_hash) == password
  end

private

  def setting_password?
    password || password_confirmation
  end

end

如果有人发布的答案允许我仍然使用 has_secure_password 方法，我会接受它.

If someone posts an answer that allows me to still use the has_secure_password method, I'll accept it instead.

这篇关于如何跳过 has_secure_password 验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！