时间戳

首页 > 解决方案 > rails devise recaptcha prepend_before_action :check_captcha 不工作?

ruby-on-rails - rails devise recaptcha prepend_before_action :check_captcha 不工作?

问题描述

发生的事情是即使验证码验证失败,用户也可以登录这是我关于用户的路线:

      devise_for :users, controllers: {
        sessions: 'users/sessions',
        registrations: 'users/registrations',
        passwords: 'users/passwords'
      }
    resources :users

这是我的相关 app/controllers/users/sessions_controller.rb 代码:


    prepend_before_action :check_captcha, only: [:create]
    
        def check_captcha
          return if !verify_recaptcha # verify_recaptcha(action: 'login') for v3
    
          self.resource = resource_class.new sign_in_params
    
          respond_with_navigational(resource) do
            flash.discard(:recaptcha_error) # We need to discard flash to avoid showing it on the next page reload
            render :new
          end
        end

我的 config/rechaptcha.rb 包含环境检查并根据环境传递不同的密钥:


    Recaptcha.configure do |config|
      if Rails.env.development?
          config.site_key  = '6L..Bg'
          config.secret_key = '6L..WG'
      elsif Rails.env.production?
          config.site_key  = '6L...b'
          config.secret_key = '6L.gy'
      end
    end

标签: ruby-on-railsdeviserecaptcha

解决方案

如果验证码失败,您的方法会从回调中返回并继续操作

return if !verify_recaptcha

所以你需要把它改写成这样

def check_captcha
  unless verify_recaptcha
    self.resource = resource_class.new sign_in_params
    respond_with_navigational(resource) do
      flash.discard(:recaptcha_error)
      render :new
    end
  end
end

推荐阅读