在我的应用程序中登录时,用户将仅提供电子邮件,不需要密码。我想使用 devise/warden 进行身份验证。
class Users::SessionsController < Devise::SessionsController
include ExpireExistingToken
def new
super
end
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message!(:notice, :signed_in)
sign_in(resource_name, resource)
yield resource if block_given?
resource.update(language: Constant::SUPPORTED_LANGUAGES.key(params['locale'])) if params['locale'].present?
resource.send_otp(force_expire: true) if resource.email_verified?
respond_with resource, location: after_sign_in_path_for(resource)
flash.delete(:notice)
end
def destroy
session.delete(:is_otp_verified)
super
end
end
# frozen_string_literal: true
# Responsible for token expiration
module ExpireExistingToken
extend ActiveSupport::Concern
included do
before_action :remove_existing_token, only: :new
end
protected
def remove_existing_token
uuid = session[:uuid]
usr = User.find_by(uuid: uuid) if uuid
return unless usr
usr.send(:clear_reset_password_token)
usr.save
session.delete(:uuid)
end
end
我尝试覆盖 valid_password?在用户模型中,但它不起作用。请帮我解决这个问题。
您可以尝试覆盖
Devise
需要密码的验证方法并在保存过程中返回 false
。如果您只想针对特定资源或功能禁用它,则需要在保存期间从表单发送 virtual attribute
。
class User < ActiveRecord::Base
attr_accessor :skip_validation
protected
def password_required?
return false if skip_validation
super
end
end
set_user
:
post '/sign_up' do
user = PgUser.new(id, pg_connection)
env['warden'].set_user(user)
redirect '/'
end