Rails错过了与河豚的param密码

时间:2021-11-04 12:36:25

I am using the blowfish gem to encrypt passwords for my users (user model).

我正在使用blowfish gem为我的用户加密密码(用户模型)。

in the schema I don't have a password field anymore but in the rails console I can (and have to) run user.password = "xxx" and user.password_confirmation = "xxx" in order to be able to call user.save. This works in the rails console but I have a webform where a user is logically able to edit his/her password.

在模式中我不再有密码字段但是在rails控制台中我可以(并且必须)运行user.password =“xxx”和user.password_confirmation =“xxx”以便能够调用user.save 。这适用于rails控制台,但我有一个webform,用户在逻辑上可以编辑他/她的密码。

This is my edit.html.erb

这是我的edit.html.erb

 <%= form_for(@user) do |f| %>
    <%= render(:partial => "form", :locals => {:f => f}) %> 
    <%= submit_tag("Edit User") %>
 <% end %>

the parital in _form.html.erb that pertains to passwords is this

有关密码的_form.html.erb中的parital就是这个

 <table>
   ...
 <tr>
    <th>Password</th>
    <td><%= f.text_field(:password) %></td>
 </tr>
 <tr>
    <th>Confirm Password</th>
    <td><%= f.text_field(:password_confirmation)%></td>
 </tr>

In my users_controller.rb I require login password password_confirmation like this

在我的users_controller.rb中,我需要像这样的登录密码password_confirmation

    def update
       @user = User.find(params[:id])
       @user.update_attributes(user_params)
       if @user.save
         flash[:notice] = "Update Successful"
         redirect_to(:action => 'show', :id => @user.id)
       else
         flash[:notice] = "Error Updating"
         render('edit')
        end  
     end

and

private

私人的

def user_params
  r = params.require(:user)
  r.require(:login)
  r.require(:password)
  r.require(:password_confirmation)
  r.permit(:first_name, :last_name, :login, :password, :password_confirmation)
end

The issue is not when I submit a complete form, that updates fine. The issue is that when I leave the password field empty, instead of rendering the edit form again it gives me a Action Controller: Exception param not found: password and points to the r.require(:password) line of the user_params function

当我提交完整的表格时,问题不在于更新。问题是,当我将密码字段留空时,不再渲染编辑表单,而是给我一个动作控制器:找不到异常参数:密码并指向user_params函数的r.require(:password)行

EDIT

编辑

I commented the two require lines out and validate the presence of login,password,password_confirmation in the model. However now I get this error

我评论了两个需要行,并验证模型中是否存在login,password,password_confirmation。但是现在我收到了这个错误

undefined methoduser' for #pointing to the@user.upadte_attributes(user_params)` line.

undefined methoduser'用于#pointing到@user.upadte_attributes(user_params)行。

I still need to require :user and then .permit(.....) for the strong parameters in Rails 4 right?

我仍然需要:用户然后.permit(.....)对于Rails 4中的强参数吧?

EDIT 2 -- Update Method in users_controller.rb

编辑2 - users_controller.rb中的更新方法

def update
  @user = User.find(params[:id])
  if @user.update_attributes(user_params)
    flash[:notice] = "Update Successful"
    redirect_to(user_path(@user.id))
  else
    flash[:notice] = "Error Updating"
    render('edit')
  end  
 end

and user params private

和用户params私人

def user_params
  params.require(:user).permit(:first_name, :last_name, :login, :password, :password_confirmation, :position, :pictureString)
end

The Error Message:

错误消息:

undefined method `user' for #<User:0x007f4d482b1af0>
Extracted source (around line #36):
34 def update
35 @user = User.find(params[:id])
36 if @user.update_attributes(user_params)
37  flash[:notice] = "Update Successful"
38  redirect_to(user_path(@user.id))
39 else

app/controllers/users_controller.rb:36:in `update'

EDIT

编辑

Some further investigation revealed this:

一些进一步的调查显示:

If I leave the .permit(....) out of the user_params function (i.e. have it only read params[:user]) then I don't get the undefined method error but the expected forbidden attributes error. Maybe this helps you find what's wrong.

如果我将.permit(....)从user_params函数中删除(即只让它读取params [:user]),那么我没有得到未定义的方法错误,但是预期的禁止属性错误。也许这有助于你找到错误的地方。

1 个解决方案

#1


0  

Strong Parameters are not meant for form validation. They are meant for security purposes to replace the attr_accessible macro used at the model level.

强参数不适用于表单验证。它们用于安全目的,以替换模型级别使用的attr_accessible宏。

Form validation should either either be performed client side, or by passing the params to some model that performs the validation (which will in turn call update_attributes if deemed valid).

表单验证应该在客户端执行,或者通过将params传递给执行验证的某个模型(如果认为有效则将调用update_attributes)。

#1


0  

Strong Parameters are not meant for form validation. They are meant for security purposes to replace the attr_accessible macro used at the model level.

强参数不适用于表单验证。它们用于安全目的,以替换模型级别使用的attr_accessible宏。

Form validation should either either be performed client side, or by passing the params to some model that performs the validation (which will in turn call update_attributes if deemed valid).

表单验证应该在客户端执行,或者通过将params传递给执行验证的某个模型(如果认为有效则将调用update_attributes)。