Rails Devise:设置密码重置令牌并重定向用户 [英] Rails Devise: Set password reset token and redirect user

问题描述

在针对某个用例的应用中，我创建了一个新用户(以编程方式设置密码)并向他们发送确认电子邮件.

我希望他们能够在确认后立即更改密码(无需进入系统生成的我不想发送的密码)

实际上我想要
1) 系统使用生成的密码创建一个新用户帐户.
2) 系统发送确认邮件.
3) 用户点击确认并被重定向以输入他们的密码(有效地将它们发送到如下所示的 URL)

<a href="http://localhost:3000/users/password/edit?reset_password_token=v5Q3oQGbsyqAUUxyqLtb">更改我的密码</a>

任何帮助/指针都会很棒.

解决方案

一种简单的方法，让用户只需一个步骤即可使用您提供的链接确认电子邮件地址并设置初始密码...

发送您的应用生成的一封电子邮件，包括 reset_password_token，并考虑用户拥有该令牌以确认该电子邮件地址的有效性.

在系统帐户生成代码中，假设用户模型设置为 :recoverable 和 :database_authenticable 设计模块...

acct = User.newacct.password = User.reset_password_token #实际上不会被使用...acct.reset_password_token = User.reset_password_tokenacct.email = "user@usercompany.com" #假设用户将使用此字段标识自己#设置您可能需要的其他帐户字段帐户保存

在设置初始密码时，使用户的设备重置密码视图更清晰一些.

views/devise/passwords/edit.html.erb

<代码>...<%= "true" == params[:initial] ?"设置您的密码" : "重置您的密码" %>...

生成的电子邮件

嗨 <%= @user.name %>已为您生成一个帐户.请访问 www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @user.reset_password_token %>设置您的密码.

无需在您的用户模型中包含 :confirmable Devise 模块，因为如果电子邮件中没有 reset_password_token，您的应用程序创建的帐户将无法访问.

Devise 将处理提交并清除 reset_password_token 字段.

有关reset_password_token 方法和朋友的详细信息，请参阅devise_gem_folder/lib/devise/models/recoverable.rb 和database_authenticable.rb.>

如果您想使用 Devise :confirmable 模块而不是这种方法，请参阅 设计维基页面.

In my app for a certain use case I create a new user (programmatically set the password) and send them a confirmation email.

I would like them to be able to change their password immediately after confirming (without having to enter the system generated one which I don't want to send them)

In effect I would like
1) System creates a new user account with generated password.
2) System sends confirmation email.
3) User clicks confirmation and is redirected to enter in their password (effectively send them to a URL like below)

<a href="http://localhost:3000/users/password/edit?reset_password_token=v5Q3oQGbsyqAUUxyqLtb">Change my password</a>

Any help / pointers would be great.

解决方案

A simple way to have just one step for users to confirm email address and set initial password using the link you proposed...

Send one email your app generates, including a reset_password_token, and consider user's possession of that token confirmation of the validity of that email address.

In system account generation code, assuming User model is set up with :recoverable and :database_authenticatable Devise modules...

acct = User.new
acct.password = User.reset_password_token #won't actually be used...  
acct.reset_password_token = User.reset_password_token 
acct.email = "user@usercompany.com" #assuming users will identify themselves with this field
#set other acct fields you may need
acct.save

Make the devise reset password view a little clearer for users when setting initial password.

views/devise/passwords/edit.html.erb

...
<%= "true" == params[:initial] ? "Set your password" : "Reset your password" %>
...  

Generated Email

Hi <%= @user.name %>
An account has been generated for you.
Please visit www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @user.reset_password_token %> to set your password.

No need to include :confirmable Devise module in your User model, since accounts created by your app won't get accessed without the reset_password_token in the email.

Devise will handle the submit and clear the reset_password_token field.

See devise_gem_folder/lib/devise/models/recoverable.rb and database_authenticatable.rb for details on reset_password_token method and friends.

If you want to use Devise :confirmable module rather than this approach, see the Devise wiki page.

这篇关于Rails Devise:设置密码重置令牌并重定向用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！