ruby-on-rails - 如何使用 devise_auth_token gem 获取与 rails-api 应用程序一起使用的 reset_password

Question

我制作了一个新的 rails-api 应用程序，其中集成了 devise_auth_token。目前注册，忘记密码正在工作。但是无法重置密码。

邮件中发送的确认 url 给出了 success:false 响应。

下面是确认网址

http://localhost:3000/auth/password/edit?config=default&redirect_url=foo&reset_password_token=P2a62x8mS9yP9ukeTSZ-

这里是重置邮件的服务器日志

Started GET "/auth/password/edit?config=default&redirect_url=foo&reset_password_token=[FILTERED]" for ::1 at 2015-09-24 14:41:21 +0530 Processing by DeviseTokenAuth::PasswordsController#edit as /
Parameters: {"config"=>"default", "redirect_url"=>"foo", "reset_password_token"=>"[FILTERED]"} Unpermitted parameters: config, redirect_url User Load (0.2ms) SELECT users.* FROM users WHERE users.reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users.id ASC LIMIT 1 Completed 404 Not Found in 5ms (Views: 0.3ms | ActiveRecord: 0.2ms)

Here is the confirmation email which is getting sent on password reset.

Started POST "/auth/password?email=user@user.com&redirect_url=foo" for ::1 at 2015-09-24 14:04:05 +0530 Processing by

DeviseTokenAuth::PasswordsController#create as / Parameters: {"email"=>"user@user.com", "redirect_url"=>"foo"} Unpermitted parameter: redirect_url Unpermitted parameter: redirect_url User Load (66.5ms) SELECT users.* FROM users WHERE (BINARY uid = 'user@user.com' AND provider='email') ORDER BY users.id ASC LIMIT 1 User Load (9.8ms) SELECT users.* FROM users WHERE users.reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users.id ASC LIMIT 1 (0.1ms) BEGIN SQL (17.7ms) UPDATE users SET reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15', reset_password_sent_at = '2015-09-24 08:34:05', updated_at = '2015-09-24 08:34:05' WHERE users.id = 6 (63.9ms) COMMIT
Rendered /home/anjan/.rvm/gems/ruby-2.2.3/gems/devise_token_auth-0.1.34/app/views/devise/mailer/reset_password_instructions.html.erb (16.2ms)

Devise::Mailer#reset_password_instructions: processed outbound mail in 424.3ms

Sent mail to user@user.com (64.4ms) Date: Thu, 24 Sep 2015 14:04:06 +0530 From: account@qzick.com Reply-To: account@qzick.com To: user@user.com Message-ID: <5603b57e80ae0_1cb520cceb4374ed@anjanbetsy.mail> Subject: Reset password instructions Mime-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit email: user@user.com provider: email redirect-url: foo client-config: default

Hello user@user.com!

Someone has requested a link to change your password. You can do this through the link below.

Change my password

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

Completed 200 OK in 979ms (Views: 0.6ms | ActiveRecord: 158.1ms)

伙计们将不胜感激 nay 帮助。即使在邮件中发送的 token 与生成的 token 不同，这有什么问题吗？应该是这样吗？

下面是我的用户模型。

{"token"=>"$2a$10$l766Mu/s8IUIHi9r3sz40ODQk2R.YDo283JQ.82Lijb3fjJ5Unqgq", "expiry"=>1444283710}, "H2Cqp2kIt56BYikqXp1HgA"=>{"token"=>"$2a$10$upMCA8ZKLXvq9VjVaz2Vp.sZu7zr2lSTCFrxWnBmg4wC2gQrW9sIW", "expiry"=>1444293849}}, created_at: "2015-09-24 05:55:10", updated_at: "2015-09-24 08:44:09">

这是我的用户模型文件，如下所示

class User < ActiveRecord::Base
  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :omniauthable
  include DeviseTokenAuth::Concerns::User
  #Deleted ":confirmable," from above
end

下面是我的架构。

ActiveRecord::Schema.define(version: 20150921074353) do

  create_table "users", force: :cascade do |t|
    t.string   "provider",               limit: 255,   default: "email", null: false
    t.string   "uid",                    limit: 255,   default: "",      null: false
    t.string   "encrypted_password",     limit: 255,   default: "",      null: false
    t.string   "reset_password_token",   limit: 255
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          limit: 4,     default: 0,       null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip",     limit: 255
    t.string   "last_sign_in_ip",        limit: 255
    t.string   "confirmation_token",     limit: 255
    t.datetime "confirmed_at"
    t.datetime "confirmation_sent_at"
    t.string   "unconfirmed_email",      limit: 255
    t.string   "name",                   limit: 255
    t.string   "nickname",               limit: 255
    t.string   "image",                  limit: 255
    t.string   "email",                  limit: 255
    t.text     "tokens",                 limit: 65535
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  add_index "users", ["email"], name: "index_users_on_email", using: :btree
  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
  add_index "users", ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true, using: :btree

end

我的 PasswordController 文件如下:

class PasswordController < ApplicationController
  config.action_controller.action_on_unpermitted_parameters = :log
end

Answer 1

我在解决这个问题时也遇到了一些疯狂的困难。这是我必须做的才能让它与 AngularJS 前端和 Rails 一起工作:

覆盖 PasswordsController create , update , edit , 和 after_resetting_password_path_for

对于 create和 update功能，主要问题是我需要它来呈现 json 响应，所以它说的是 respond_with resource我改为render json: resource, status: <status>, && return (您可以将资源和状态更改为您的应用程序所需的内容，与 render 方法相同)

对于 edit , 而不是使用 after_sending_reset_password_instructions_path_for ，我从电子邮件中获取了重定向 URL，然后简单地执行了 redirect_to params[:redirect_url]

我改变了after_resetting_password_path_for重定向我希望用户登录的位置。

我还必须更改 reset_password_instructions.html.erb模板。包含 edit_password_url 的行:

<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: 'default', redirect_url: message['redirect-url'].to_s+'?reset_token='+@token).html_safe %></p>

然后在routes.rb ，我必须让设计知道使用我的 Controller :

mount_devise_token_auth_for 'User', at: 'auth', controllers: { passwords: 'passwords' }

希望对您有所帮助!