I am using the blowfish gem to encrypt passwords for my users (user
model).
我正在使用blowfish gem为我的用户加密密码(用户模型)。
in the schema I don't have a password
field anymore but in the rails console I can (and have to) run user.password = "xxx"
and user.password_confirmation = "xxx"
in order to be able to call user.save
. This works in the rails console but I have a webform where a user is logically able to edit his/her password.
在模式中我不再有密码字段但是在rails控制台中我可以(并且必须)运行user.password =“xxx”和user.password_confirmation =“xxx”以便能够调用user.save 。这适用于rails控制台,但我有一个webform,用户在逻辑上可以编辑他/她的密码。
This is my edit.html.erb
这是我的edit.html.erb
<%= form_for(@user) do |f| %>
<%= render(:partial => "form", :locals => {:f => f}) %>
<%= submit_tag("Edit User") %>
<% end %>
the parital in _form.html.erb
that pertains to passwords is this
有关密码的_form.html.erb中的parital就是这个
<table>
...
<tr>
<th>Password</th>
<td><%= f.text_field(:password) %></td>
</tr>
<tr>
<th>Confirm Password</th>
<td><%= f.text_field(:password_confirmation)%></td>
</tr>
In my users_controller.rb
I require login password password_confirmation
like this
在我的users_controller.rb中,我需要像这样的登录密码password_confirmation
def update
@user = User.find(params[:id])
@user.update_attributes(user_params)
if @user.save
flash[:notice] = "Update Successful"
redirect_to(:action => 'show', :id => @user.id)
else
flash[:notice] = "Error Updating"
render('edit')
end
end
and
和
private
私人的
def user_params
r = params.require(:user)
r.require(:login)
r.require(:password)
r.require(:password_confirmation)
r.permit(:first_name, :last_name, :login, :password, :password_confirmation)
end
The issue is not when I submit a complete form, that updates fine. The issue is that when I leave the password field empty, instead of rendering the edit form again it gives me a Action Controller: Exception
param not found: password
and points to the r.require(:password)
line of the user_params
function
当我提交完整的表格时,问题不在于更新。问题是,当我将密码字段留空时,不再渲染编辑表单,而是给我一个动作控制器:找不到异常参数:密码并指向user_params函数的r.require(:password)行
EDIT
编辑
I commented the two require lines out and validate the presence of login,password,password_confirmation in the model. However now I get this error
我评论了两个需要行,并验证模型中是否存在login,password,password_confirmation。但是现在我收到了这个错误
undefined method
user' for #pointing to the
@user.upadte_attributes(user_params)` line.
undefined methoduser'用于#pointing到@user.upadte_attributes(user_params)行。
I still need to require :user
and then .permit(.....)
for the strong parameters in Rails 4 right?
我仍然需要:用户然后.permit(.....)对于Rails 4中的强参数吧?
EDIT 2 -- Update Method in users_controller.rb
编辑2 - users_controller.rb中的更新方法
def update
@user = User.find(params[:id])
if @user.update_attributes(user_params)
flash[:notice] = "Update Successful"
redirect_to(user_path(@user.id))
else
flash[:notice] = "Error Updating"
render('edit')
end
end
and user params
private
和用户params私人
def user_params
params.require(:user).permit(:first_name, :last_name, :login, :password, :password_confirmation, :position, :pictureString)
end
The Error Message:
错误消息:
undefined method `user' for #<User:0x007f4d482b1af0>
Extracted source (around line #36):
34 def update
35 @user = User.find(params[:id])
36 if @user.update_attributes(user_params)
37 flash[:notice] = "Update Successful"
38 redirect_to(user_path(@user.id))
39 else
app/controllers/users_controller.rb:36:in `update'
EDIT
编辑
Some further investigation revealed this:
一些进一步的调查显示:
If I leave the .permit(....)
out of the user_params
function (i.e. have it only read params[:user]
) then I don't get the undefined method error but the expected forbidden attributes
error. Maybe this helps you find what's wrong.
如果我将.permit(....)从user_params函数中删除(即只让它读取params [:user]),那么我没有得到未定义的方法错误,但是预期的禁止属性错误。也许这有助于你找到错误的地方。
1 个解决方案
#1
0
Strong Parameters are not meant for form validation. They are meant for security purposes to replace the attr_accessible
macro used at the model level.
强参数不适用于表单验证。它们用于安全目的,以替换模型级别使用的attr_accessible宏。
Form validation should either either be performed client side, or by passing the params to some model that performs the validation (which will in turn call update_attributes
if deemed valid).
表单验证应该在客户端执行,或者通过将params传递给执行验证的某个模型(如果认为有效则将调用update_attributes)。
#1
0
Strong Parameters are not meant for form validation. They are meant for security purposes to replace the attr_accessible
macro used at the model level.
强参数不适用于表单验证。它们用于安全目的,以替换模型级别使用的attr_accessible宏。
Form validation should either either be performed client side, or by passing the params to some model that performs the validation (which will in turn call update_attributes
if deemed valid).
表单验证应该在客户端执行,或者通过将params传递给执行验证的某个模型(如果认为有效则将调用update_attributes)。