允许用户使用 Devise - Rails 4 更改密码答案

【问题标题】：Allowing user to change password with Devise - Rails 4允许用户使用 Devise - Rails 4 更改密码
【发布时间】：2014-08-07 15:12:43
【问题描述】：

我正在设置最后一点设计，需要允许用户从我的帐户页面更改密码。我已经查看了这个来自设计的https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password) 页面，但仍然无法使其正常工作。

当我单击链接以调出我的模式时，我收到以下错误。

ActionController::RoutingError (No route matches [GET] "/users/1/change_password_modal"):

当我提交更改密码请求时，我收到以下错误：

unknown attribute: current_password

我调出模态的链接是：

button.btn.btn-dashboard data-target="#change_password_modal" data-toggle="modal"

最后是我的模态

 <div class="modal fade" id="change_password_modal">
  <div class="modal-dialog">
    <div class="modal-content">
  <div class="modal-header">
    <button class="close" data-dismiss="modal">x</button>
    <h2 class="modal-title">Change Password</h2>
  </div>
    <div class="modal-body">
      <div class="flash"></div>
        <%= form_for(resource, :as => resource_name, :url => edit_user_registration_path, :html => { :method => :put }) do |f| %>
        <%= devise_error_messages! %>
        <div>
          <%= f.password_field :current_password, :autocomplete => "off", class: "sitewide-input", placeholder: "Current Password" %>
        </div>

        <div>
          <%= f.password_field :password, :autocomplete => "off", class: "sitewide-input", placeholder: "New Password" %>
        </div>

        <div>
          <%= f.password_field :password_confirmation, :autocomplete => "off", class: "sitewide-input", placeholder: "New Password Confirmation" %>
        </div>
    </div>
    <div class="modal-footer">
      <p>
        <div>
          <%= f.submit "Update", :class => 'advance-button' %>
        </div>
      </p>
  </div>
<% end %>
</div>
</div>
</div>

我已更新我的应用程序控制器以包含以下内容：

before_filter :configure_permitted_parameters, if: :devise_controller?

protected

    def configure_permitted_parameters
      devise_parameter_sanitizer.for(:sign_up) << :full_name
      devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password)}
    end

即使包含此代码，我也会得到 p>

ActiveRecord::UnknownAttributeError at /users/edit
unknown attribute: current_password

服务器日志

Started GET "/users/1/edit" for 127.0.0.1 at 2014-08-07 14:11:00 -0500
Processing by UsersController#edit as HTML
  Parameters: {"id"=>"1"}
  User Load (0.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER BY `users`.`id` ASC LIMIT 1
  Rendered users/_edit_profile.html.slim (14.0ms)
  Rendered registrations/_edit.html.erb (3.4ms)
  Rendered users/_edit_billing.html.slim (9.3ms)
  Rendered users/edit.html.slim within layouts/topthird (37.1ms)
  Rendered shared/_javascript_head.html.slim (0.0ms)
  App Load (0.4ms)  SELECT `apps`.* FROM `apps` WHERE `apps`.`user_id` = 1 ORDER BY updated_at DESC
  Rendered application/_dashboard_menu.html.slim (3.4ms)
  Rendered application/_navigation.html.slim (0.1ms)
Completed 200 OK in 129ms (Views: 126.3ms | ActiveRecord: 0.7ms)


Started GET "/__rack/swfobject.js" for 127.0.0.1 at 2014-08-07 14:11:01 -0500


Started GET "/__rack/livereload.js?host=bangner.ngrok.com" for 127.0.0.1 at 2014-08-07 14:11:01 -0500


Started GET "/__rack/web_socket.js" for 127.0.0.1 at 2014-08-07 14:11:01 -0500


Started PUT "/users/edit" for 127.0.0.1 at 2014-08-07 14:11:10 -0500
Processing by UsersController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"4QIZriwJGaeTynF8y1JYN3x5sBfhpNabYHWTBdzhRK4=", "user"=>{"current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update", "id"=>"edit"}
  User Load (0.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER BY `users`.`id` ASC LIMIT 1
   (0.1ms)  BEGIN
   (0.1ms)  ROLLBACK
Completed 500 Internal Server Error in 4ms

ActiveRecord::UnknownAttributeError - unknown attribute: utf8:
  activerecord (4.0.2) lib/active_record/attribute_assignment.rb:47:in `rescue in _assign_attribute'
  activerecord (4.0.2) lib/active_record/attribute_assignment.rb:42:in `_assign_attribute'
  activerecord (4.0.2) lib/active_record/attribute_assignment.rb:29:in `block in assign_attributes'
  activerecord (4.0.2) lib/active_record/attribute_assignment.rb:23:in `assign_attributes'
  activerecord (4.0.2) lib/active_record/persistence.rb:229:in `block in update'
  activerecord (4.0.2) lib/active_record/transactions.rb:326:in `block in with_transaction_returning_status'
  activerecord (4.0.2) lib/active_record/connection_adapters/abstract/database_statements.rb:202:in `block in transaction'
  activerecord (4.0.2) lib/active_record/connection_adapters/abstract/database_statements.rb:210:in `within_new_transaction'
  activerecord (4.0.2) lib/active_record/connection_adapters/abstract/database_statements.rb:202:in `transaction'
  activerecord (4.0.2) lib/active_record/transactions.rb:209:in `transaction'
  activerecord (4.0.2) lib/active_record/transactions.rb:323:in `with_transaction_returning_status'
  activerecord (4.0.2) lib/active_record/persistence.rb:228:in `update'
  app/controllers/users_controller.rb:31:in `update'

【问题讨论】：

标签： ruby-on-rails ruby ruby-on-rails-4 devise bootstrap-modal

【解决方案1】：

您需要将current_password 设置为application_controller.rb 上的允许参数：

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password)}
end

并跳过registration_controller.rb上的current_password：

class RegistrationsController < Devise::RegistrationsController

  protected

  def update_resource(resource, params)
    resource.update_without_password(params.except(:current_password))
  end
end

【讨论】：

【解决方案2】：

您需要将 current_password 添加到 Devise 接受的已清理参数中。你应该做这样的事情（我的 application_controller 中有它）：

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation) }
  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password)}
end

Devise 不会接受未经清理的参数，并且您可能尚未将 current_password 添加到此块中，因为您在尝试更新帐户之前不需要这样做。

您在应用程序控制器的before_filter 中调用此方法。查看设计文档以获取更多信息here。

编辑

对于模态，不要给它传递路由。它试图打开您指定的路径并抛出该错误。我的模态按钮看起来像这样：

<button class="btn btn-dashboard" data-toggle="modal" data-target="#openLists">
            <i class="glyphicon glyphicon-list-alt"> Lists</i>
</button>

如果你愿意，你可以使用 Ruby 助手来做类似的事情。

【讨论】：

在添加设计参数并更改我的模式路径后，仍然获得 current_password 的未知属性。（以上均已编辑）
我的 users_controller 在我的更新方法上出现错误，所以我尝试将 before_filter 添加到此控制器并在用户模型上添加参数，但仍然没有运气
你重启服务器了吗？
我得到另一个未知属性：未知属性：utf8
我们确实有一个使用 cancan 设置的管理员帐户，但我只是查看了我们的架构，发现它不是 current_password 而是 encrypted_password 并尝试了它并且它有效。