问题描述
对于一个新的Web应用程序,我只需要在我的注册页面(仅管理员)上一个电子邮件字段即可.
For the purpose of a new web app, I would need on my sign up page (which is administrator only) just only one email field.
问题是我完全是新手,所以即使像这样的基础知识对我来说也很难...
The thing is that I'm totally new at rails and so even basics things like that are for me really difficult...
我通过使用 has_secure_password 方法的Railscast#270创建了身份验证.现在,一切都很好,除了我不需要所有这些废话...我还想使用Action Mailer将生成的密码发送到他的电子邮件地址.十六进制(8)密码将是完美的(我见过 SecureRandom ,但它似乎已被贬值)
I created my authentification using Railscast #270 which uses has_secure_password method.For now, everything works great except that I dont need all this bullcrap...I also want to use Action Mailer to send the generated password to his email adress.A hex(8) password would be perfect (I have seen SecureRandom but it seems to be depreciated)
Users_Controller:
Users_Controller:
class UsersController < ApplicationController
skip_before_filter :is_connected?, :only => [:new, :create]
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save
# Tell the Mailer to send a welcome Email after save
Mailer.confirm_email(@user).deliver
redirect_to root_url, :notice => "Signed up!"
else
render "new"
end
end
end
User_model:
User_model:
class User < ActiveRecord::Base
attr_accessible :email
has_secure_password
validates_presence_of :password, :email, :on => :create
end
就目前而言,在我看来,我有2个字段.但是正如我之前所说,我只想要一个.我想继续使用has_secure_password,它似乎为哈希/盐提供了很好的安全性.
For now, in my view, I have 2 fields. But as I said earlier, I only want one.I would like to keep using has_secure_password which seems to offer a pretty good security regarding hash/salt.
推荐答案
Rails提供了ActiveSupport::SecureRandom
,它(取决于Ruby版本)只是通向Ruby SecureRandom
的桥梁,还是在旧版本的Ruby上重新实现(如果我的记忆是正确的SecureRandom
已在1.8.7中添加)
Rails provides ActiveSupport::SecureRandom
which either (depending on the Ruby version) is just a bridge to Ruby's SecureRandom
or reimplemented it on older versions of Ruby (if my memory is correct SecureRandom
was added in 1.8.7)
现在,Rails支持的所有Ruby版本都具有内置的SecureRandom
ActiveSupport::SecureRandom
,并且不再推荐使用. SecureRandom
本身无处可寻-
Now that all of the versions of Ruby that Rails supports have SecureRandom
built-in ActiveSupport::SecureRandom
is no longer needed and has been deprecated. SecureRandom
itself is going nowhere -
require 'securerandom'
SecureRandom.hex(8)
应该很好(您可能想考虑SecureRandom.urlsafe_base64
来更紧凑地表示相同数量的实际随机性)
should do fine (you might want to consider SecureRandom.urlsafe_base64
for a more compact representation of the same amount of actual randomness)
这篇关于随机生成的密码Rails 3.1的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!