ruby - What is a secure way for user to update password, can't get form_for to call the right action in Rails 4? -

-

I have a form where I want to make the user change my password. I do not like Devise or anything like that. Do not use Before changing your password, I want to enter my current password, and I want to do it safely. The form looks something like this: 

  -------------------- I present password I --------- ----------- -------------------- I password I ---------------- ---- -------------------- I confirm the password I ------------------- - - ------------- I submit to ---------------

My In UsersController, I have two ways, which look like this: 

  def edit_password end def change_password # is probably not correct, but I have to make sure that the user is changing password First present pass Password is correct if @ user.authenticate (params [: current_password]) response_to do | Format | If @ user.update_attributes (user_params) format.html {redirect_to (@user ,: notice = & gt; 'your account was successfully updated'}} format.json {response_with_bip (@user)} and format.html {rendere : Action = & gt; "edit"} format.json {response_with_bip (@user)} end end else redirect_to edit_user_path (@user), notice: "your current password was incorrect" End End

The form appears in my editing mode, my paths look like this: 

  Resources: Users receive 'edit_password': By adding 'users # edit_password' to 'change_password' : "Users # change_password" en D

My form looks like this: 

  = form_for URL: url = & gt; User_change_password_path (@user); f | .form-group = f.label: current_password = f.text_field: current_password .form-group = f.label: password = f.password_field: password .form-group = f.label: password_confirmation = f.password_field: password_confirmation .form - Responses = f.submit "Update Account"

In my user model I have attr_accessor: current_password .

When I click Submit I currently get this error: 

  No routes matched [patch] "/ user / 1 / change_password"

So, how can I work it out, my current view is safe, and if not, what should I change?

To fix the issue of routes, please change it on your config / routes.rb: By entering 'change_password': "users # change_password"

with: 

  patch 'change_password' For: "users # change_password"

Because clearly the patch alias is not defined.

The way you are doing is very standard, authenticate with old password and then change it.

Maybe you want to delete the ID from the URL and just want to change the password of the current user, but I have no problem with this because you are demanding the current password.


Comments

Post a Comment

Popular posts from this blog

apache - 504 Gateway Time-out The server didn't respond in time. How to fix it? -

-
Using a form submission on an embedded iframe , the customer downloads a compressed log file Requested. The request was sent to the server, which is the compressed log files, perform some database operations and returns a compressed file. After just 2 minutes, 504 gateway time-out server did not respond timely message on browser net panel How to fix this error? The log files were taking a long time to compress, and timeout was set to 2min The error was fixed by extending the file file: # # timeout: The number of seconds before getting the time out. # # # Timeout 120 timeout 600
Read more

c# - .net WebSocket: CloseOutputAsync vs CloseAsync -

-
We have a working ASP.NET Web API REST service, which is one of the methods of our controller, HTTPTTEX. .) Socket handler code looks something like this ... Public async task socket handler (AspNetWebSocketContext context) {_webSocket = context.WebSocket; ... while (! Cts.IsCancellationRequested) {WebSocketReceiveResult Results = _webSocket.ReceiveAsync (Input Segment, cts.Token) .Result; WebSocketsStateCollusocketState = _webSocket.State; If (result.MessageType == WebSocketMessageType.Close || currentSocketState == WebSocketState.CloseReceived) {// What should I use. CloseAysnc () or. CloseOutputAsync ()? _webSocket.CloseOutputAsync (WebSocketCloseStatus.NormalClosure, "Client Requested", cts.Token). Wait (); } If (currentSocketState == WebSocketState.Open) {...}}} .What is the difference between .CooseAsync () and CloseOutputAysnc ()? I tried both of them and they both seemed to work fine but some difference should be the same they both describe very similar to...
Read more

c++ - How to properly scale qgroupbox title with stylesheet for high resolution display? -

-
I am trying to apply a stylesheet for QGroupBox (QT4.8), which works on the normal screen ( 96 dpi) high resolution screen (Yoga 2 Pro, 3200x1800, 275 dpi, windows 8.1). The following style looks good on the 275 dpi screen, but the top margins on a regular 96 dpi screen are far too big. QGroupBox {border: 1px solid red; Range radius: 7px; Margin-top: 12x; } QGroupBox :: Title {subcontrol-origin: margin; Subcontrol-position: left above; Padding-left: 10px; Padding-right: 10px; } Changing the top-margin has an effect, but I did not get a proper setting which works on both screens. If I shorten the value, the content of the group box overlaps with the title on 275 dpi screen. I was also playing with units "East", "PX", "MX", "PT". Reading the document I would have guessed, "2 X" was the correct solution, which should be scaled with different screen resolutions. Without the stylesheet, the groupbox works well on both screens. ...
Read more