我有一个使用电子邮件和密码进行正常 Devise 登录的网站。
然后我完成了添加 Omniauth / SSO 的教程:
https://github.com/heartcombo/devise/wiki/OmniAuth:-概述
现在 当某些用户选择使用“使用 Google 登录”时,我想禁用这些用户使用电子邮件和密码进行正常登录(以增强安全性)。
我怎样才能实现这一目标?
我面临着类似的情况,我不确定是否有一种干净的方法可以做到这一点。
我正在按照
krsyoung# user.rb
def valid_password?(password)
return false if sso_enabled?
super
end
额外:由于我必须禁止
unlockresetting passwords# also in user.rb
def send_reset_password_instructions?
email_login_enabled? # your logic can go here
end
def send_reset_password_instructions
# still show the `send_paranoid_instructions` message
# "If your email address exists in our database,
# you will receive a password recovery link at your email
# address in a few minutes."
return unless send_reset_password_instructions?
super
end
def send_unlock_instructions?
email_login_enabled? # your logic can go here
end
def send_unlock_instructions
# Still shows the `send_paranoid_instructions`
# "If your account exists, you will receive an email
# with instructions for how to unlock it in a few minutes."
return unless send_unlock_instructions?
super
end
active_for_authentication?falseomniauth选项1:
active_for_authentication?false当用户尝试使用omniauth流程登录并在
active_for_authentication?在omniauth流程中:
session[:omniauth_login] = true
并在
active_for_authentication?def active_for_authentication?
super && (!omniauth_user? || session[:omniauth_login])
end
它将允许普通用户登录,阻止omniauth用户通过密码登录,并允许omniauth用户使用omniauth流(设置会话的地方)登录。登录后也重置会话。
选项2:
您可以覆盖
sessions_controllerclass SessionsController < Devise::SessionsController
def create
#Allow login with password for all except omniauth users
#Define your own logic inside omniauth_user?
if omniauth_user?(sign_in_params)
redirect_to new_user_session_path, alert: "You can't login using password"
return
end
super
end
end