使用Ruby on Rails进行设计 - 强制用户首次登录时更改密码 [英] Devise with Ruby on Rails - Force user to change password on first login
问题描述
我写了一个程序来检查用户是否更改了密码并将其放在我的application_controller.rb中:
def check_changed_pass
@user = current_user
如果@ user.pass_changed == @ user.created_at #make确保用户在访问内部页面之前已经更改了密码
redirect_to edit_user_registration_path,alert:您必须在首次登录之前更改密码
end
end
然后在我的internal_controller.rb(用于需要用户登录的所有内部用户):
before_action:check_changed_pass
到目前为止这么好,但尝试更新pass_changed时出现了问题在正确的时间,我尝试过各种配置,但是我找不到放置这个代码的位置,以便在更新密码时触发,而不是每次更新用户模型,包括e非常登录和注销,当我只希望它的触发,如果密码更新。
如果我放置before_save:update_pass_change,只有:[:编辑,更新] 在我的控制器中,它不会在密码更新中触发,如果我将其放在用户模型中,我必须将该过程放在模型中,然后它不会接收current_user,因为它不在模型。理想的情况是,如果Devise与after_dassword_authentication钩子类似,则为after_password_edit挂钩。我不得不覆盖Devise的registrations_controller.rb删除该行
prepend_before_filter:require_no_authentication,只有:[:cancel]
让管理员用户能够添加新用户。我尝试在那里放置update_pass_change,但似乎没有触发before_save进行密码编辑。
在application_controller.rb
def update_pass_change#记录用户已经更改了密码
/ pre>
,除非current_user.pass_changed!= current_user.created_at
current_user.pass_changed = Time.now
end
end
类似的未回答的问题: Ruby on Rails:Devise - 首次登录时的密码更改
解决方案您可以使用对您的模型进行回调并检查,保存前,如果更改包含您的密码属性。这样的一个例子:
class User< ActiveRecord :: Base
before_save:check_password_changed
private
def check_password_changed
self.pass_changed = Time.now if changed.include? 'encrypted_password'
end
end
I have a RoR application (Rails 4.2, Ruby 2.2.0) running Devise. I have set it up so that admin users (identified the "is_admin" boolean I added to the user model) are able to create new user account, provide them with a generated password and confirmation email. This is all working properly. I have also added the datetime column pass_changed which should be updated when a user changes their password, and then checked against created_at to make sure that the password has changed since the account was created. If the two dates are equal then the user is redirected to the password change form.
I wrote a procedure for checking that the user has changed their password and placed it in my application_controller.rb:
def check_changed_pass @user = current_user if @user.pass_changed == @user.created_at #make sure user has changed their password before accessing internal pages redirect_to edit_user_registration_path, alert: "You must change your password before logging in for the first time" end end
Then in my internal_controller.rb (used for all internal that require the user to be logged in:
before_action :check_changed_pass
So far so good, but the problem comes with attempting to update pass_changed at the right time. I have tried various configurations, but I can't find where to put this code so that it triggers when a password is updated, but not every time the user model is updated, which includes every login and logout, when I only want it to trigger if the password gets updated.
If I place "before_save :update_pass_change, only: [:edit, :update]" in my controller it doesn't trigger on a password update, and if I place it in the User model, I have to put the procedure in the model as well and then it won't pick up current_user as its not available in the model. The ideal thing would be if Devise had a hook for after_password_edit similar to the after_database_authentication hook. I had to override Devise's registrations_controller.rb to remove the line
prepend_before_filter :require_no_authentication, only: [ :cancel]
So that admin users would be able to add new users. I tried placing update_pass_change there, but it doesn't seem to trigger before_save on a password edit.
In application_controller.rb
def update_pass_change # records that the user has changed their password unless current_user.pass_changed != current_user.created_at current_user.pass_changed = Time.now end end
Similar unanswered question: Ruby on Rails: Devise - password change on first login
解决方案You could use a callback on your model and check, before save, if the changes includes your password attribute. Something like this:
class User < ActiveRecord::Base before_save :check_password_changed private def check_password_changed self.pass_changed = Time.now if changed.include? 'encrypted_password' end end
这篇关于使用Ruby on Rails进行设计 - 强制用户首次登录时更改密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!