堆栈内存溢出
  简体   繁体   English

设计:如何使电子邮件确认令牌无效或取消?

[英]Devise: How do I invalidate or cancel an email confirmation token?

 原文  2013-09-10 02:50:05       ruby-on-rails/ security/ email/ devise

问题描述

In Devise 2.2.3 and Rails 3.2.x, I want to create a routine whereby users can manually invalidate a confirmation token/email that they may have sent to the wrong email address. 在Devise 2.2.3和Rails 3.2.x中,我想创建一个例程,使用户可以手动使可能已发送到错误电子邮件地址的确认令牌/电子邮件无效。

I'm thinking I need to nullify the unconfirmed email and the confirmation token. 我在想我需要取消未确认的电子邮件和确认令牌。 Is this right? 这是正确的吗?

I don't see anything on Google or the Devise documentation about this procedure. 我没有在Google或Devise文档中看到有关此过程的任何内容。

Scenario: 场景:

  1. Existing user changes their email. 现有用户更改了他们的电子邮件。
  2. User realizes they just sent an email to their ex-wife. 用户意识到他们只是向前妻发送了一封电子邮件。 : ) Or whatever. : ) 管他呢。
  3. User doesn't want ex to have control over their account. 用户不希望ex拥有对其帐户的控制权。
  4. User quickly cancels the procedure, thereby protecting their security. 用户迅速取消该程序,从而保护其安全性。

Thanks! 谢谢!

3 个解决方案

解决方案1
 5 已采纳  2013-09-12 05:43:24

Since I don't want to unconfirm the user, I ended up doing this: 由于我不想取消确认用户,因此我这样做了: 

def cancel_change_email!
  self.confirmation_token = nil
  self.unconfirmed_email = nil
  self.save!
end

Seems to work. 似乎可以工作。 I threw this method into a module I'm including into the User model, but you can put it right into the user model if that's how you roll. 我将此方法放入了包含在User模型中的模块中,但是如果您采用这种方式,则可以将其正确放入用户模型中。 I guess this is easy enough, but I kinda figured it'd be built in to Devise. 我想这很容易,但是我有点想它会内置到Devise中。

解决方案2
 2  2013-09-10 04:18:13

I don't think Devise provides a method for it, but you can do it yourself like this: 我不认为Devise提供了一种方法,但是您可以自己这样做: 

user = User.find(1)
user.confirmation_token = nil
user.confirmed_at = nil
user.save!

解决方案3
 1  2013-09-10 04:26:37

Yes, you can just manually nil stuff out in some sort of callback and then resend the confirmation instructions. 是的,您可以手动在某些回调中清除所有内容,然后重新发送确认说明。 But, you can also achieve this using Devise's support for reconfirmable, which can be used when a user changes their email address. 但是,您还可以使用Devise对reconfirmable的支持来实现此目的,该支持可在用户更改其电子邮件地址时使用。 If this is set the user is required to "reconfirm" their account, and you can even delay the email change until they successfully confirm again. 如果设置了此选项,则要求用户“重新确认”他们的帐户,您甚至可以延迟电子邮件更改,直到他们再次成功确认为止。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Rails设计,如何跳过确认电子邮件但仍然生成确认令牌? - Rails Devise, how to skip the confirmation email but still generate a confirmation token? 如何使用Devise设置电子邮件确认? - How do I set up email confirmation with Devise? 如何使用 devise_token_auth 跳过 email 确认? - how to skip email confirmation using devise_token_auth? 设计+电子邮件确认令牌,设置初始密码 - Devise + email confirmation token, to set initial password Devise 令牌认证确认 email 链接已过期 - Devise Token Auth confirmation email link expired rails 3 + devise:如何使 email 确认链接使用安全 https(不是 http) - rails 3 + devise: how do I make the email confirmation links use secure https (not http) 如何自定义Devise的“重新发送确认电子邮件” - How can I customize Devise's “resend confirmation email” Rails-使用devise_token_auth的设备未发送确认电子邮件 - Rails - devise with devise_token_auth not sending confirmation email 如何通过电子邮件确认和ng-token-auth和devise-token-auth的密码重置链接重定向到正确的URL? - How do I get redirected to the right url with emailed confirmation and password reset links with ng-token-auth and devise-token-auth? Rails 3,设计,即使设计未设置为可确认,如何发送确认电子邮件? - Rails 3, devise, how can I send the confirmation email even if devise is not set to confirmable?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM