设计:创建没有密码的用户 [英] Devise: Create users without password
问题描述
在我们的应用中,我们有普通用户。但是,我们希望能够邀请某些人。请注意,邀请直接耦合到用户,因为我们希望能够为这些用户设置某些设置。 (我们正在减轻客户从我们的旧软件到新的)。
In our application we have normal users. However, we want to be able to make invitations, to invite certain people. Note that an invitation is directly coupled to a user, as we want to be able to set certain settings for these users already. (We are mitigating clients from our old software to the new).
所以:
- 管理员应该能够创建一个新的用户,更改其设置。
- 当有人使用他们的
invitation_token链接时,他们应该看到一个表单,他们可以为他们设置密码帐户。
- An admin should be able to create a new user and change its settings.
- When someone follows a link with their
invitation_token, they should see a form where they can set a password for their account.
我遇到的麻烦是如何启用管理员创建用户帐户,绕过正常的密码验证。如果需要设置默认密码,这将是一个可怕的解决方案,因为这会造成严重的安全漏洞。
What I am having trouble with, is how to enable the admin to create an user account, bypassing the normal password validation. It would be a horrible solution if a default password would need to be set, as this would create a severe security flaw.
如何在Devise中创建新的用户,而不提供一个密码?
How to create a new User in Devise without providing a password?
推荐答案
至少有两种方法可以做你想要的:
There are at least two ways to do what you want:
1)使用 validate:false禁用验证:false 选项:
user.save(validate: false)
但这将跳过所有字段的验证密码)。在这种情况下,您应该确保所有其他字段都有效。
But this will skip validation of all fields (not only password). In this case you should make sure that all other fields are valid.
2)Overload Devise的 password_required? / p>
2) Overload Devise's password_required? method
class User < ActiveRecord::Base
attr_accessor :skip_password_validation # virtual attribute to skip password validation while saving
protected
def password_required?
return false if skip_password_validation
super
end
end
## Saving:
#
user.skip_password_validation = true
user.save
但是,我建议您不要在特定情况下创建没有密码的用户。我会创建一些额外的表(例如:邀请),并存储所有必需的信息,包括要确认后要分配给用户的字段。
But I advise you to not create users without password in your particular case. I would create some additional table (for example: invitations) and store all required information including the fields that you want to be assigned to a user after confirmation.
这篇关于设计:创建没有密码的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
