堆栈内存溢出
  简体   繁体   English

Rails 4:如何防止已登录的用户在结帐时估算电子邮件?

[英]Rails 4: How do I prevent logged in user to impute email at checkout?

 原文  2015-09-26 03:53:37       ruby-on-rails/ ruby/ ruby-on-rails-4

问题描述

I was following a tutorial for practice and found an odd issue. 我在跟随一个实践指南,发现一个奇怪的问题。 Currently the way that its setup, any guest can create a shopping cart. 当前,它的设置方式是,任何客人都可以创建购物车。 Once at the checkout, the user has to input personal info including email which will register him as well as get mailing info. 结帐后,用户必须输入个人信息,包括电子邮件,该电子邮件将对其进行注册以及获得邮件信息。

Once the user does this, he/she gets an email stating the order and to set password for their new account using the email they just setup at the checkout. 用户执行此操作后,他/她将收到一封说明订单的电子邮件,并使用他们刚在结帐时设置的电子邮件为新帐户设置密码。 Problem is, if that same user who is logged in goes to checkout another item... they have input the same information including a new email which will create a new account, and the cycle continues. 问题是,如果登录的那个用户去结帐另一个项目...他们输入了相同的信息,包括将创建新帐户的新电子邮件,并且循环继续。

The account email they just setup at the last checkout, is taken and they have to input a new email. 他们刚刚在上次结帐时设置的帐户电子邮件将被接收,他们必须输入新的电子邮件。 You can see how odd this is, theres a continuous setting up of new account whenever someone wants to checkout an account. 您会发现这很奇怪,只要有人想结帐某个帐户,就会不断设置新帐户。

I would like to prevent this so that once a user setups an account, they dont have to constantly setup a new account just to go through the checkout. 我想防止这种情况,以便一旦用户设置了帐户,他们就不必为了结帐而不断设置新帐户。 What can be done about this problem? 该问题该怎么办? Any help would be appreciated, thank you. 任何帮助,将不胜感激,谢谢。 

<h1>Checkout</h1>
<h2>You are checking out the following products:</h2>
<ul>
  <% @cart.items.each do |item| %>
    <li>
      <em>
        <%= item.quantity %>
      </em>
      <%= item.product.name %>
      <%= number_to_currency item.total_price %>
    </li>
  <% end %>
</ul>
<p>
  <strong>
    Total price:
    <%= number_to_currency @cart.total_price %>
  </strong>
</p>
<%= form_for @order_form, url: orders_path do |f| %>
  <%= render "orders/errors" %>
  <h3>Some of your personal details</h3>
  <%= f.fields_for :user, f.object.user do |u| %>
    <div class="form-group">
      <p>
        <%= u.text_field :name, placeholder: "Name", class: "form-control input-lg" %>
      </p>
      <p>
        <%= u.text_field :email, placeholder: "Email", class: "form-control" %>
        <span class="help-block">This will help you track your order more effectively.</span>
      </p>
    </div>
    <div class="form-group">
      <div class="row">
        <p class="col-md-6">
          <%= u.text_field :address, placeholder: "Address", class: "form-control" %>
        </p>
        <p class="col-md-3">
          <%= u.text_field :postal_code, placeholder: "Postal code / Zipcode", class: "form-control" %>
        </p>
        <p class="col-md-3">
          <%= u.text_field :city, placeholder: "City", class: "form-control" %>
        </p>
      </div>
      <p>
        <%= u.country_select :country, { priority_countries: [ "GB", "US", "DE", "ES", "PT" ] }, { class: "form-control" } %>
      </p>
      <p>
        <%= u.text_field :phone, class: "form-control", placeholder: "Phone" %>
      </p>
    </div>
  <% end %>
  <div id="dropin"></div>
  <p>
    <%= f.submit "Place order", class: "btn btn-primary" %>
  </p>
<% end %>
<script>

  braintree.setup("#{@client_token}", 'dropin', {
    container: 'dropin'
  });

</script>

class OrderTransaction

  def initialize order, nonce
    @order = order
    @nonce = nonce
  end

  def execute
    @result = Braintree::Transaction.sale(
      amount: order.total_price,
      payment_method_nonce: nonce
    )
  end

  def ok?
    @result.success?
  end

  private

  attr_reader :order, :nonce
end

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  validates_presence_of :name, :address, :city, :country, :postal_code

  def full_address
  <<EOF
#{address}
#{postal_code} #{city}
#{country}
EOF
  end
end

class OrdersController < ApplicationController
  before_filter :initialize_cart

  def index
    @orders = Order.order(created_at: :desc).all
  end

  def create
    @order_form = OrderForm.new(
      user: User.new(order_params[:user]),
      cart: @cart
    )

    if @order_form.save
      notify_user
      if charge_user
        redirect_to root_path, notice: "Thank you for placing the order."
      else
        flash[:warning] = <<EOF
Your order ID is #{@order_form.order.id}.
<br/>
Something went wrong.
EOF
        redirect_to new_payment_order_path(@order_form.order)
      end
    else
      render "carts/checkout"
    end
  end

  def update
    @order = Order.find params[:id]
    @previous_state = @order.state

    if @order.update state_order_params
      notify_user_about_state
      redirect_to orders_path, notice: "Order was updated."
    end
  end

  def new_payment
    @order = Order.find params[:id]
    @client_token = Braintree::ClientToken.generate
  end

  def pay
    @order = Order.find params[:id]
    transaction = OrderTransaction.new @order, params[:payment_method_nonce]
    transaction.execute
    if transaction.ok?
      redirect_to root_path, notice: "Thank you for placing the order."
    else
      render "orders/new_payment"
    end
  end

  private

  def notify_user
    @order_form.user.send_reset_password_instructions
    OrderMailer.order_confirmation(@order_form.order).deliver
  end

  def notify_user_about_state
    OrderMailer.state_changed(@order, @previous_state).deliver
  end

  def order_params
    params.require(:order_form).permit(
      user: [ :name, :phone, :address, :city, :country, :postal_code, :email ]
    )
  end


def charge_user(order) 
transaction = OrderTransaction.new order, params[:payment_method_nonce] 
transaction.execute 
transaction.ok? 
end

  def state_order_params
    params.require(:order).permit(:state)
  end
end

class OrderMailer < ActionMailer::Base
    default from: "sxxxxxx@gmail.com"

  def order_confirmation order
    @order = order
    mail to: order.user.email, subject: "Your order (##{order.id})"
  end

  def state_changed order, previous_state
    @order = order
    @previous_state = previous_state

    mail to: order.user.email, subject: "Your order (##{order.id}) has changed!"
  end

end

1 个解决方案

解决方案1
 1 已采纳  2015-09-26 09:09:06

Remove the input from the view, with an if statement similar to this one in the controller. 在控制器中使用类似于if的if语句从视图中删除输入。

have a look at devises, user_signed_in? 看看设计,user_signed_in? or current_user methods. 或current_user方法。

Also in the first controller you would proceed like this 同样在第一个控制器中,您将像这样继续 

def create

    order_user == user_signed_in? ? current_user : User.new(order_params[:user])

    @order_form = (
      user: order_user,
      cart: @cart
    )
[...]

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过用户的电子邮件地址过滤Rails对象? - How do I filter rails objects by user's email address? 如果我的用户未登录,如何防止Ajax执行? - How do I prevent Ajax from executing if my user isn't logged in? 如何检查用户是否已登录javascript - How do I check if user is logged in javascript 如何防止Rails用户意外地认证为错误的用户? - How do I prevent Rails users from accidentally authenticating as the wrong user? 如何防止用户被保存在轨道上 ruby 中相关 model 的验证中? - How do I prevent a user from being saved on a validation on an associated model in ruby on rails? 如何将电子邮件连接到Rails中的表单? - How do I connect an email to a form in Rails? 如何从 Rails 论坛应用程序中的帖子评论中提取用户的电子邮件? - How do I extract the user's email from a comment on a post in a rails forum app? 我如何通过用户名而不是Rails 3.1中的ruby来查找用户? - How do I find user by username rather than email in ruby on rails 3.1? 使用Rails Omniauth gem和Google OpenID时,如何不要求用户发送电子邮件 - How do I NOT require user's email when using Rails Omniauth gem and Google OpenID 仅当用户登录匹配电子邮件时,Ruby On Rails API更新记录 - Ruby On Rails API Update Record Only If User Logged In Matches Email
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM