Change password on devise user
Question
I am trying to build a custom reset password functionality. I have a form on my view
<div class="form-group">
<%= f.label :password %>
<%= f.password_field :password, autofocus: true, title:"Enter your email", name:"password", id:"password", class:"form-control" %>
<span class="help-block small">Password</span>
</div>
<div class="form-group">
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, autofocus: true, title:"Enter your email", name:"password_confirmation", id:"password_confirmation", class:"form-control" %>
<span class="help-block small">Confirm Password</span>
</div>
<div class="actions"><%= f.submit "Update Password", class:"btn btn-success btn-block" %></div>
Then on my controller I am trying to change the password and password_confirmation fields.
@user.update_attributes({:password => params[:password], :password_confirmation => params[:password_confirmation]})
it seems that the password is changing but when I am trying to login I can't !
1 answers
solution1
0 2015-11-12 18:05:27
You appear to be referencing the posted parameters directly within params, rather than through the strong parameters reference that has permitted their submission.
For example the strong parameters definition in your controller should probably be something like
def user_params
params.require(:user).permit(:password, :password_confirmation)
end
Then refer to the parameters with user_params[:password] , etc, rather than params directly.
This has the dual effect that only whitelisted parameters are accepted, and that the user[password] and user[password_confirmation] parameters are more easily accessible.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.