ruby-on-rails - 升级到 devise 3.1 => 获取重置密码 token 无效

Question

解决方案

感谢这个gist在史蒂文·哈曼的帮助下，我成功了。devise_mail_helpers.rb

module Features
  module MailHelpers

    def last_email
      ActionMailer::Base.deliveries[0]
    end

    # Can be used like:
    #  extract_token_from_email(:reset_password)
    def extract_token_from_email(token_name)
      mail_body = last_email.body.to_s
      mail_body[/#{token_name.to_s}_token=([^"]+)/, 1]
    end

  end
end

我将文件 devise_mail_helpers.rb 添加到与功能规范相同的文件夹中，并编写了此规范。

require 'devise_mail_helpers.rb'
include Features
include MailHelpers
describe "PasswordResets" do
  it "emails user when requesting password reset" do
    user = FactoryGirl.create(:user)
    visit root_url
    find("#login_link").click
    click_link "Forgot your password?"
    fill_in "Email", :with => user.email
    click_button "Send instructions"
    current_path.should eq('/users/sign_in')
    page.should have_content("You will receive an email with instructions about how to reset your password in a few minutes.")
    last_email.to.should include(user.email)
    token = extract_token_from_email(:reset_password) # Here I call the MailHelper form above
    visit edit_password_url(reset_password_token: token)
    fill_in "user_password", :with => "foobar"
    fill_in "user_password_confirmation", :with => "foobar1"
    find('.signup_firm').find(".submit").click
    page.should have_content("Password confirmation doesn't match Password")
  end
 end

这会照顾规范，使其在浏览器中工作，请查看下面戴夫的答案。

原始问题

在我的 Rails 4 应用程序中，我已将 devise 升级到 3.1 并运行 rails s，然后我得到了:

`raise_no_secret_key': Devise.secret_key was not set. 
 Please add the following to your Devise initializer: (RuntimeError)
 config.secret_key = '--secret--'

我将 key 添加到设备初始值设定项中。

此后，当我尝试重置密码时，出现以下错误

Reset password token is invalid

电子邮件中发送的 token 似乎不正确。其他一切都正常。我登录和退出就像一把热刀切过黄油。

更新

现在我猜想它一定是与 reset_password_token 加密有关的东西，来自功能规范:

user = FactoryGirl.create(:user, 
 :reset_password_token => "something", 
 :reset_password_sent_at => 1.hour.ago)
visit edit_password_url(user, :reset_password_token => 
  user.reset_password_token)
fill_in "user_password", :with => "foobar"
click_button "Change my password"
page.should have_content("Password confirmation doesn't match Password")

发生的错误是:

Failure/Error: page.should have_content
("Password confirmation doesn't match Password")        
expected to find text "Password confirmation doesn't match Password" in 
"Reset password token is invalid"

对我缺少的东西有什么想法吗？

Answer 1

您评论了my similar question不久前，我找到了一个可能对您也有帮助的答案。

升级到 Devise 3.1.0 在我有一段时间没有碰过的 View 中留下了一些“瑕疵”。根据this blog post ，您需要更改您的 Devise 邮件程序以使用 @token而不是旧的@resource.confirmation_token .

在 app/views/<user>/mailer/reset_password_instructions.html.erb 中找到此内容并将其更改为:

<p>Hello <%= @resource.email %>!</p>
<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

这应该可以解决您遇到的任何基于 token 的确认问题。这也可能解决任何解锁或确认 token 问题。