开发者

Devise logging out automatically after password change

问答 作者:

In Devise, if I change user's password and after it gets updated in the db, 开发者_StackOverflow社区the site immediately logs out the user. I don't want this behavior - how do i do that. please help.

I had the same problem and the following code seems to work for me.

Assume that the passwords controller is set for a singleton route. Also, assume that the authenticated model is an Account. With that, you have the following:

def update
  if current_account.update_with_password(params[:account])
    sign_in(current_account, :bypass => true)
    flash[:notice] = 'Password updated.'
    redirect_to account_path
  else
    render :action => :show
  end
end

The key ingredient is the sign_in method call which seeks to re-sign-in the account, but bypasses the warden callbacks and stores the account into the session.

You can simply set sign_in_after_reset_password in your devise.rb

config.sign_in_after_reset_password = true

Edit: As of 2020 this defaults to true

The example above did not work for me using multiple scopes in Devise.

I had to add the scope/resource name in the sign_in path for it to work, and to prevent chaos I also had to sign out the old user or else all kinds of confusion would abound.

The changes I had to make would look something like this using the above example.

def update
   if current_account.update_with_password(params[:account])
     sign_out(current_account)
     sign_in(:account, current_account, :bypass => true)
     flash[:notice] = 'Password updated.'
     redirect_to account_path
   else
     render :action => :show
   end
end

Edit to add: I believe I had to forcibly sign out the user because somewhere I overrode Devise's code in order not to have users sign out during certain actions. In hindsight; not a good idea! This approach is much better! Being that it is safer to make your own Controllers versus overriding Devise's code unless it's absolutely unavoidable.

Use this code to avoid sign out.

sign_in(current_user, :bypass => true)

Update to Bill Eisenhauer answer above-

sign_in(current_account, :bypass => true) has been deprecated use bypass_sign_in current_account instead

More details can be found here http://www.rubydoc.info/github/plataformatec/devise/Devise/Controllers/SignInOut#bypass_sign_in-instance_method

Add the following piece of code to your method in which you are updating the user's password, right after updating the user's password in the database:

def update
 . . . . .<your code>
 . . . . .<your code>

 sign_in(@user, :bypass => true)

 . . . . .<your code>
 . . . . .<your code>
end

For some reasons, current_user is not equal to @user although current_user.id is equal to @user.id. So I have to use sign_in(@user, :bypass => true).

Please refer to this answer here, I tried all the above answers. It din't work for not adding the scope. https://stackoverflow.com/a/30418266/4973585

This doesn't work - sign_in @user, bypass: true

This works - sign_in :user, @user, bypass: true

Use the registerable module, which will give you both sign up and edit user features

https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password

继续阅读:ruby-on-rails

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9