ruby-on-rails – Rails会在24小时内过期密码

取自我正在开发的应用程序：

app / models / user.rb(假设你的名字是你的名字)：

def password_should_expire?
  # your logic goes here,remember it should return false after the password has been reset
end

应用程序/控制器/ application_controller.rb

before_filter :check_password_expiry
def check_password_expiry
  return if !current_user || ["sessions","passwords"].include?(controller_name)
  # do nothing if not logged in,or viewing an account-related page
  # otherwise you might lock them out completely without being able to change their password
  if current_user.password_should_expire?
    @expiring_user = current_user # save him for later
    @expiring_user.generate_reset_password_token! # this is a devise method
    sign_out(current_user) # log them out and force them to use the reset token to create a new password
    redirect_to edit_password_url(@expiring_user,:reset_password_token => @expiring_user.reset_password_token,:forced_reset => true)
  end
end