ActionController :: InvalidAuthenticityToken在RegistrationsController#create中 [英] ActionController::InvalidAuthenticityToken in RegistrationsController#create
问题描述
这是我正在收到的错误。
ActionController :: InvalidAuthenticityToken
Rails.root:/ home / example / app
应用跟踪|框架跟踪|完全追踪
请求
参数:
{utf8=>✓,
user=> {email=>example@gmail.com,
password=>[FILTERED],
password_confirmation=>[FILTERED]},
x=>0,
y=>0}
这是我的注册控制器
class RegistrationsController< Devise :: RegistrationsController
prepend_before_filter:require_no_authentication,:only => [:new,:create,,cancel]
prepend_before_filter:authenticate_scope !,:only => $($)
$ b before_filter:configure_permitted_parameters
prepend_view_path'app / views / devise'
#GET / resource / sign_up
def new
build_resource({})
respond_with self.resource
end
#POST / resource
def create
build_resource(sign_up_params)
如果resource.save
如果resource.active_for_authentication?
set_flash_message:notice,:signed_up if is_navigational_format?
sign_up(resource_name,resource)
respond_with resource,:location => after_sign_up_path_for(resource)
else
set_flash_message:notice,:signed_up_but _#{resource.inactive_message}如果is_navigational_format?
expire_session_data_after_sign_in!
respond_with resource,:location => after_inactive_sign_up_path_for(资源)
end
else
clean_up_passwords资源
respond_to do | format |
format.json {render:json => resource.errors,:status => :unprocessable_entity}
format.html {respond_with resource}
end
end
end
#GET / resource / edit
def edit
render:edit
end
#PUT / resource
#我们需要使用资源的副本,因为我们不想更改
#当前用户到位。
def update
self.resource = resource_class.to_adapter.get!(send(:current _#{resource_name})to_key)
prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to? :unconfirmed_email)
如果update_resource(resource,account_update_params)
如果is_navigational_format?
flash_key = update_needs_confirmation?(resource,prev_unconfirmed_email)?
:update_needs_confirmation::updated
set_flash_message:notice,flash_key
end
sign_in resource_name,resource,:bypass => true
respond_with resource,:location => after_update_path_for(resource)
else
clean_up_passwords资源
respond_with资源
end
end
#DELETE / resource
def destroy
resource.destroy
Devise.sign_out_all_scopes? sign_out:sign_out(resource_name)
set_flash_message:notice,:destroy如果is_navigational_format?
respond_with_navigational(resource){redirect_to after_sign_out_path_for(resource_name)}
end
#GET / resource / cancel
#强制会话数据通常在符号
#现在要过期如果用户想要在进程中间
#cancel oauth签入/ up,
#删除所有OAuth会话数据,这是有用的。
def取消
expire_session_data_after_sign_in!
redirect_to new_registration_path(resource_name)
end
protected
#自定义字段
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up )do | u |
u.permit(:first_name,:last_name,
:email,:password,,password_confirmation)
end
end
def update_needs_confirmation? ,以前)
resource.respond_to?(:pending_reconfirmation?)&&
resource.pending_reconfirmation? &安培;&安培;
以前!= resource.unconfirmed_email
end
#默认情况下,我们需要对更新进行密码检查。
#您可以在自己的RegistrationsController中覆盖此方法。
def update_resource(resource,params)
resource.update_with_password(params)
end
#构建在会话中传递的设计资源。用于将
#临时会话数据移动到新创建的用户。
def build_resource(hash = nil)
self.resource = resource_class.new_with_session(hash || {},session)
end
#注册。您可以在自己的
#RegistrationsController中覆盖此方法。
def sign_up(resource_name,resource)
sign_in(resource_name,resource)
end
#注册后使用的路径。您需要在您自己的注册控制器中覆盖此方法
#。
def after_sign_up_path_for(资源)
after_sign_in_path_for(资源)
end
#注册不活动帐户后使用的路径。您需要在您自己的RegistrationsController中覆盖
#这个方法。
def after_inactive_sign_up_path_for(资源)
respond_to?(:root_path)? root_path:/
end
#更新资源后要使用的默认网址。您需要在您自己的RegistrationsController中覆盖
#这个方法。
def after_update_path_for(资源)
signed_in_root_path(resource)
end
#验证当前范围,并从会话中获取当前资源。
def authenticate_scope!
发送(:authenticate _#{resource_name}!,:force => true)
self.resource = send(:current _#{resource_name})
end
def sign_up_params
devise_parameter_sanitizer.sanitize(:sign_up)
end
def account_update_params
devise_parameter_sanitizer.sanitize(:account_update)
end
end
这是我的会话控制器
class SessionsController< DeviseController
prepend_before_filter:require_no_authentication,:only => [:new,:create]
prepend_before_filter:allow_params_authentication !,:only => :创建
prepend_before_filter {request.env [devise.skip_timeout] = true}
prepend_view_path'app / views / devise'
#GET / resource / sign_in
def new
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
respond_with(resource,serialize_options(resource))
end
#POST / resource / sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice,:signed_in)if is_navigational_format?
sign_in(resource_name,resource)
respond_to do | format |
format.json {render:json => {},:status => :ok}
format.html {respond_with resource,:location => after_sign_in_path_for(resource)}
end
end
#DELETE / resource / sign_out
def destroy
redirect_path = after_sign_out_path_for(resource_name)
signed_out =(Devise.sign_out_all_scopes?sign_out:sign_out(resource_name))
set_flash_message:notice,:signed_out if signed_out&&& is_navigational_format?
#我们实际上需要硬编码为Rails默认响应者不
#支持返回空请求响应
respond_to do | format |
format.all {head:no_content}
format.any(* navigational_formats){redirect_to redirect_path}
end
end
protected
def sign_in_params
devise_parameter_sanitizer.sanitize(:sign_in)
end
def serialize_options(resource)
methods = resource_class.authentication_keys.dup
methods = methods.keys if methods.is_a?(Hash)
methods<<< :password if resource.respond_to?(:password)
{:methods =>方法,:only => [:password]}
end
def auth_options
{:scope => resource_name,:recall => #{controller_path} #new}
end
end
注册表单
<%= form_for(:user,:html => {:id =>'register_form'} ,:url => user_registration_path,:remote =>:true,:format =>:json)do | f | %GT;
< div class =name_input_container>
< div class =name_input_cell>
<%= f.email_field:email,:placeholder => email%>
<%= f.password_field:password,:placeholder => password,:title => 8+个字符%>
<%= f.password_field:password_confirmation,:placeholder => 确认密码%>
< div class =option_buttons>
< div class =already_registered>
<%= link_to已注册?,'#',:class => 'already_registered',:id => 'already_registered',:view => 'login'%>
< / div>
<%= image_submit_tag('modals / account / register_submit.png',:class =>'go')%>
< div class =clear>< / div>
< / div>
<%end%>
Per 评论在核心 application_controller.rb
,将 protect_from_forgery
设置为以下内容:
code> protect_from_forgery with::null_session
另外 a href =http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html>文档,只需声明 protect_from_forgery
没有:与
参数将默认使用:null_session
protect_from_forgery#与上述相同
更新:
这似乎是一个记录的错误在Devise的行为。 Devise的作者建议禁用 protect_from_forgery
在特定的控制器操作上引发这个异常:
#app / controllers / users / registrations_controller.rb
class RegistrationsController < Devise :: RegistrationsController
skip_before_filter:verify_authenticity_token,:only => :创建
end
Hi I am using Devise for my user authentication suddenly my new user registration was not working.
this was error I am getting.
ActionController::InvalidAuthenticityToken
Rails.root: /home/example/app
Application Trace | Framework Trace | Full Trace
Request
Parameters:
{"utf8"=>"✓",
"user"=>{"email"=>"example@gmail.com",
"password"=>"[FILTERED]",
"password_confirmation"=>"[FILTERED]"},
"x"=>"0",
"y"=>"0"}
this is my registrations controller
class RegistrationsController < Devise::RegistrationsController
prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
before_filter :configure_permitted_parameters
prepend_view_path 'app/views/devise'
# GET /resource/sign_up
def new
build_resource({})
respond_with self.resource
end
# POST /resource
def create
build_resource(sign_up_params)
if resource.save
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_navigational_format?
sign_up(resource_name, resource)
respond_with resource, :location => after_sign_up_path_for(resource)
else
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
expire_session_data_after_sign_in!
respond_with resource, :location => after_inactive_sign_up_path_for(resource)
end
else
clean_up_passwords resource
respond_to do |format|
format.json { render :json => resource.errors, :status => :unprocessable_entity }
format.html { respond_with resource }
end
end
end
# GET /resource/edit
def edit
render :edit
end
# PUT /resource
# We need to use a copy of the resource because we don't want to change
# the current user in place.
def update
self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
if update_resource(resource, account_update_params)
if is_navigational_format?
flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
:update_needs_confirmation : :updated
set_flash_message :notice, flash_key
end
sign_in resource_name, resource, :bypass => true
respond_with resource, :location => after_update_path_for(resource)
else
clean_up_passwords resource
respond_with resource
end
end
# DELETE /resource
def destroy
resource.destroy
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
set_flash_message :notice, :destroyed if is_navigational_format?
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
end
# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.
def cancel
expire_session_data_after_sign_in!
redirect_to new_registration_path(resource_name)
end
protected
# Custom Fields
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:first_name, :last_name,
:email, :password, :password_confirmation)
end
end
def update_needs_confirmation?(resource, previous)
resource.respond_to?(:pending_reconfirmation?) &&
resource.pending_reconfirmation? &&
previous != resource.unconfirmed_email
end
# By default we want to require a password checks on update.
# You can overwrite this method in your own RegistrationsController.
def update_resource(resource, params)
resource.update_with_password(params)
end
# Build a devise resource passing in the session. Useful to move
# temporary session data to the newly created user.
def build_resource(hash=nil)
self.resource = resource_class.new_with_session(hash || {}, session)
end
# Signs in a user on sign up. You can overwrite this method in your own
# RegistrationsController.
def sign_up(resource_name, resource)
sign_in(resource_name, resource)
end
# The path used after sign up. You need to overwrite this method
# in your own RegistrationsController.
def after_sign_up_path_for(resource)
after_sign_in_path_for(resource)
end
# The path used after sign up for inactive accounts. You need to overwrite
# this method in your own RegistrationsController.
def after_inactive_sign_up_path_for(resource)
respond_to?(:root_path) ? root_path : "/"
end
# The default url to be used after updating a resource. You need to overwrite
# this method in your own RegistrationsController.
def after_update_path_for(resource)
signed_in_root_path(resource)
end
# Authenticates the current scope and gets the current resource from the session.
def authenticate_scope!
send(:"authenticate_#{resource_name}!", :force => true)
self.resource = send(:"current_#{resource_name}")
end
def sign_up_params
devise_parameter_sanitizer.sanitize(:sign_up)
end
def account_update_params
devise_parameter_sanitizer.sanitize(:account_update)
end
end
and this is my sessions controller
class SessionsController < DeviseController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
prepend_before_filter :allow_params_authentication!, :only => :create
prepend_before_filter { request.env["devise.skip_timeout"] = true }
prepend_view_path 'app/views/devise'
# GET /resource/sign_in
def new
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
respond_with(resource, serialize_options(resource))
end
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.json { render :json => {}, :status => :ok }
format.html { respond_with resource, :location => after_sign_in_path_for(resource) }
end
end
# DELETE /resource/sign_out
def destroy
redirect_path = after_sign_out_path_for(resource_name)
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
set_flash_message :notice, :signed_out if signed_out && is_navigational_format?
# We actually need to hardcode this as Rails default responder doesn't
# support returning empty response on GET request
respond_to do |format|
format.all { head :no_content }
format.any(*navigational_formats) { redirect_to redirect_path }
end
end
protected
def sign_in_params
devise_parameter_sanitizer.sanitize(:sign_in)
end
def serialize_options(resource)
methods = resource_class.authentication_keys.dup
methods = methods.keys if methods.is_a?(Hash)
methods << :password if resource.respond_to?(:password)
{ :methods => methods, :only => [:password] }
end
def auth_options
{ :scope => resource_name, :recall => "#{controller_path}#new" }
end
end
this is registration form
<%= form_for(:user, :html => {:id => 'register_form'}, :url => user_registration_path, :remote => :true, :format => :json) do |f| %>
<div class="name_input_container">
<div class="name_input_cell">
<%= f.email_field :email, :placeholder => "email" %>
<%= f.password_field :password, :placeholder => "password", :title => "8+ characters" %>
<%= f.password_field :password_confirmation, :placeholder => "confirm password" %>
<div class="option_buttons">
<div class="already_registered">
<%= link_to 'already registered?', '#', :class => 'already_registered', :id => 'already_registered', :view => 'login' %>
</div>
<%= image_submit_tag('modals/account/register_submit.png', :class => 'go') %>
<div class="clear"></div>
</div>
<% end %>
Per the comments in the core application_controller.rb
, set protect_from_forgery
to the following:
protect_from_forgery with: :null_session
Alternatively, per the docs, simply declaring protect_from_forgery
without a :with
argument will utilize :null_session
by default:
protect_from_forgery # Same as above
UPDATE:
This seems to be a documented bug in the behavior of Devise. The author of Devise suggests disabling protect_from_forgery
on the particular controller action that's raising this exception:
# app/controllers/users/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
skip_before_filter :verify_authenticity_token, :only => :create
end
这篇关于ActionController :: InvalidAuthenticityToken在RegistrationsController#create中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!