I am using the blowfish gem to encrypt passwords for my users (user model).

我正在使用blowfish gem为我的用户加密密码（用户模型）。

in the schema I don't have a password field anymore but in the rails console I can (and have to) run user.password = "xxx" and user.password_confirmation = "xxx" in order to be able to call user.save. This works in the rails console but I have a webform where a user is logically able to edit his/her password.

在模式中我不再有密码字段但是在rails控制台中我可以（并且必须）运行user.password =“xxx”和user.password_confirmation =“xxx”以便能够调用user.save 。这适用于rails控制台，但我有一个webform，用户在逻辑上可以编辑他/她的密码。

This is my edit.html.erb

这是我的edit.html.erb

 <%= form_for(@user) do |f| %>
    <%= render(:partial => "form", :locals => {:f => f}) %> 
    <%= submit_tag("Edit User") %>
 <% end %>

the parital in _form.html.erb that pertains to passwords is this

有关密码的_form.html.erb中的parital就是这个

 <table>
   ...
 <tr>
    <th>Password</th>
    <td><%= f.text_field(:password) %></td>
 </tr>
 <tr>
    <th>Confirm Password</th>
    <td><%= f.text_field(:password_confirmation)%></td>
 </tr>

In my users_controller.rb I require login password password_confirmation like this

在我的users_controller.rb中，我需要像这样的登录密码password_confirmation

    def update
       @user = User.find(params[:id])
       @user.update_attributes(user_params)
       if @user.save
         flash[:notice] = "Update Successful"
         redirect_to(:action => 'show', :id => @user.id)
       else
         flash[:notice] = "Error Updating"
         render('edit')
        end  
     end

and

和

private

私人的

def user_params
  r = params.require(:user)
  r.require(:login)
  r.require(:password)
  r.require(:password_confirmation)
  r.permit(:first_name, :last_name, :login, :password, :password_confirmation)
end

The issue is not when I submit a complete form, that updates fine. The issue is that when I leave the password field empty, instead of rendering the edit form again it gives me a Action Controller: Exception param not found: password and points to the r.require(:password) line of the user_params function

当我提交完整的表格时，问题不在于更新。问题是，当我将密码字段留空时，不再渲染编辑表单，而是给我一个动作控制器：找不到异常参数：密码并指向user_params函数的r.require（：password）行

EDIT

编辑

I commented the two require lines out and validate the presence of login,password,password_confirmation in the model. However now I get this error

我评论了两个需要行，并验证模型中是否存在login，password，password_confirmation。但是现在我收到了这个错误

undefined methoduser' for #pointing to the@user.upadte_attributes(user_params)` line.

undefined methoduser'用于#pointing到@user.upadte_attributes（user_params）行。

I still need to require :user and then .permit(.....) for the strong parameters in Rails 4 right?

我仍然需要：用户然后.permit（.....）对于Rails 4中的强参数吧？

EDIT 2 -- Update Method in users_controller.rb

编辑2 - users_controller.rb中的更新方法

def update
  @user = User.find(params[:id])
  if @user.update_attributes(user_params)
    flash[:notice] = "Update Successful"
    redirect_to(user_path(@user.id))
  else
    flash[:notice] = "Error Updating"
    render('edit')
  end  
 end

and user params private

和用户params私人

def user_params
  params.require(:user).permit(:first_name, :last_name, :login, :password, :password_confirmation, :position, :pictureString)
end

The Error Message:

错误消息：

undefined method `user' for #<User:0x007f4d482b1af0>
Extracted source (around line #36):
34 def update
35 @user = User.find(params[:id])
36 if @user.update_attributes(user_params)
37  flash[:notice] = "Update Successful"
38  redirect_to(user_path(@user.id))
39 else

app/controllers/users_controller.rb:36:in `update'

EDIT

编辑

Some further investigation revealed this:

一些进一步的调查显示：

If I leave the .permit(....) out of the user_params function (i.e. have it only read params[:user]) then I don't get the undefined method error but the expected forbidden attributes error. Maybe this helps you find what's wrong.

如果我将.permit（....）从user_params函数中删除（即只让它读取params [：user]），那么我没有得到未定义的方法错误，但是预期的禁止属性错误。也许这有助于你找到错误的地方。

1 个解决方案

#1

---