使用Ruby on Rails进行设计 - 强制用户首次登录时更改密码 [英] Devise with Ruby on Rails - Force user to change password on first login

问题描述

我有一个运行Devise的RoR应用程序（Rails 4.2，Ruby 2.2.0）。我已经设置了，以便管理员用户（标识为我添加到用户模型中的is_admin布尔值）能够创建新的用户帐户，为他们提供生成的密码和确认电子邮件。这一切都正常工作。我还添加了datetime列pass_changed，当用户更改密码时应该更新datetime列，然后检查created_at以确保自从创建帐户以来密码已更改。如果两个日期相等，则用户被重定向到密码更改表单。

我写了一个程序来检查用户是否更改了密码并将其放在我的application_controller.rb中：

  def check_changed_pa​​ss 
 @user = current_user 
如果@ user.pass_changed == @ user.created_at #make确保用户在访问内部页面之前已经更改了密码
 redirect_to edit_user_registration_path，alert：您必须在首次登录之前更改密码
 end 
 end 
  

然后在我的internal_controller.rb（用于需要用户登录的所有内部用户）：

  before_action：check_changed_pa​​ss 
  

到目前为止这么好，但尝试更新pass_changed时出现了问题在正确的时间，我尝试过各种配置，但是我找不到放置这个代码的位置，以便在更新密码时触发，而不是每次更新用户模型，包括e非常登录和注销，当我只希望它的触发，如果密码更新。

如果我放置before_save：update_pass_change，只有：[：编辑，更新] 在我的控制器中，它不会在密码更新中触发，如果我将其放在用户模型中，我必须将该过程放在模型中，然后它不会接收current_user，因为它不在模型。理想的情况是，如果Devise与after_dassword_authentication钩子类似，则为after_password_edit挂钩。我不得不覆盖Devise的registrations_controller.rb删除该行

  prepend_before_filter：require_no_authentication，只有：[：cancel] 
  

让管理员用户能够添加新用户。我尝试在那里放置update_pass_change，但似乎没有触发before_save进行密码编辑。

在application_controller.rb

  def update_pass_change＃记录用户已经更改了密码
，除非current_user.pass_changed！= current_user.created_at 
 current_user.pass_changed = Time.now 
 end 
 end 
  / pre> 
 
 
类似的未回答的问题： Ruby on Rails：Devise  - 首次登录时的密码更改 
解决方案
您可以使用对您的模型进行回调并检查，保存前，如果更改包含您的密码属性。这样的一个例子：
  class User< ActiveRecord :: Base 
 before_save：check_password_changed 
 
 private 
 def check_password_changed 
 self.pass_changed = Time.now if changed.include？ 'encrypted_pa​​ssword'
 end 
 end 
  
 
I have a RoR application (Rails 4.2, Ruby 2.2.0) running Devise. I have set it up so that admin users (identified the "is_admin" boolean I added to the user model) are able to create new user account, provide them with a generated password and confirmation email. This is all working properly. I have also added the datetime column pass_changed which should be updated when a user changes their password, and then checked against created_at to make sure that the password has changed since the account was created. If the two dates are equal then the user is redirected to the password change form. 

I wrote a procedure for checking that the user has changed their password and placed it in my application_controller.rb:
def check_changed_pass
@user = current_user
    if @user.pass_changed == @user.created_at #make sure user has changed their password before accessing internal pages
    redirect_to edit_user_registration_path, alert: "You must change your password before logging in for the first time"
    end
end
Then in my internal_controller.rb (used for all internal that require the user to be logged in:
before_action :check_changed_pass
So far so good, but the problem comes with attempting to update pass_changed at the right time. I have tried various configurations, but I can't find where to put this code so that it triggers when a password is updated, but not every time the user model is updated, which includes every login and logout, when I only want it to trigger if the password gets updated.

If I place "before_save :update_pass_change, only: [:edit, :update]" in my controller it doesn't trigger on a password update, and if I place it in the User model, I have to put the procedure in the model as well and then it won't pick up current_user as its not available in the model. The ideal thing would be if Devise had a hook for after_password_edit similar to the after_database_authentication hook. I had to override Devise's registrations_controller.rb to remove the line 
prepend_before_filter :require_no_authentication, only: [ :cancel]
So that admin users would be able to add new users. I tried placing update_pass_change there, but it doesn't seem to trigger before_save on a password edit. 

In application_controller.rb
def update_pass_change # records that the user has changed their password
    unless current_user.pass_changed != current_user.created_at
    current_user.pass_changed = Time.now
    end
end
Similar unanswered question: Ruby on Rails: Devise - password change on first login
解决方案
You could use a callback on your model and check, before save, if the changes includes your password attribute. Something like this:  
class User < ActiveRecord::Base
  before_save :check_password_changed

  private
  def check_password_changed
    self.pass_changed = Time.now if changed.include? 'encrypted_password'
  end
end


                        
这篇关于使用Ruby on Rails进行设计 - 强制用户首次登录时更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！