DeviseTokenAuth控制器的强参数覆盖 [英] Strong parameter override for DeviseTokenAuth controller
问题描述
我在Rails 4.2中使用 devise-token-auth gem,而且我添加了一个字段昵称
到用户
模型。我试图经由宝石控制器
类用户:: RegistrationsController<的重写来实现这一点; DeviseTokenAuth :: RegistrationsController
before_filter:configure_permitted_parameters
def update
#这行从来没有在日志中显示
Rails.logger.info我从来没有跑步!!
超级
结束
保护
#我的新自定义字段是:昵称
def configure_permitted_parameters
devise_parameter_sanitizer.for(( sign_up)do | u |
u.permit(:name,:nickname,
:email,:password,,password_confirmation)
end
devise_parameter_sanitizer.for(:account_update)do | u |
u.permit(:name,
:email,:password,:password_confirmation,,nickname)
end
end
end
路由配置如下:
Rails.application.routes.draw do
命名空间:api,constraints:{format:'json'} do
mount_devise_token_auth_for'User',at:'auth',controllers:{
注册:'用户/注册'
}
结束
结束
他们似乎是正确的:
PATCH /api/auth(.:format)users / registrations#update {:format = >json}
PUT /api/auth(.:format)users / registrations#update {:format =>json}
然后我尝试从 curl调用更新
curl -X PUT --dump-header headers_update -H访问令牌:2FHhLQFtIgDfSqsTaaCH_g-HUid:sample5 @ e xample.com-H客户端:-RUtwnCfgqvqwDjYPtajQA-H令牌类型:承载-H到期:1447713314http://api.local.dev:3000/api/auth -d{\昵称\:\somestuff\}
但更新通话永远不会运行。这是请求后显示的服务器:
I,[2015-11-02T18:05:38.131091#7940] INFO - :在2015-11-02 18:05:38 -0500
I,[2015-11-02T18:05:38.131222#7940]开始PUT/ api / auth为127.0.0.1 INFO - :开始PUT/ api / auth为127.0.0.1在2015-11-02 18:05:38 -0500
我,[2015-11-02T18:05:38.147209#7940] INFO - :处理由用户::注册控制器#更新为* / *
I,[2015-11-02T18:05:38.147383#7940] INFO - :用户处理::注册控制器#更新为* / *
I,[2015-11-02T18:05:38.147490#7940] INFO - :参数:{{\nickname\:\somestuff\}=> nil}
I,[2015-11-02T18:05:38.147571#7940] INFO - :参数:{{\nickname\:\somestuff\}=> nil}
D,[2015-11-02T18:05:38.152778#7940]调试 - :用户负载(0.7ms)SELECTusers。* FROMusersWHEREusers。uid= $ 1 LIMIT 1 [[ uid,sample5@example.com]]
D,[2015-11-02T18:05:38 .152934#7940] DEBUG - :User Load(0.7ms)SELECTusers。* FROMusersWHEREusers。uid= $ 1 LIMIT 1 [[uid,sample5@example.com ]]
D,[2015-11-02T18:05:38.224790#7940]调试 - :不允许参数:{昵称:somestuff}
D,[2015-11-02T18: 05:38.225023#7940]调试 - :未经许可的参数:{昵称:somestuff}
I,[2015-11-02T18:05:38.237415#7940] INFO - :过滤链暂停为: validate_account_update_params渲染或重定向
I,[2015-11-02T18:05:38.237565#7940] INFO - :过滤链停止为:validate_account_update_params呈现或重定向
I,[2015-11-02T18:05 :38.237741#7940] INFO - :完成422个不可处理的实体在90ms(视图:0.3ms | ActiveRecord:0.7ms)
I,[2015-11-02T18:05:38.237860#7940] INFO - :完成422个不可处理的实体在90ms(视图:0.3ms | ActiveRecord:0.7ms)
,json回复 curl
是:
{status:error,errors:[请提交正确的帐户更新数据请求]}
为了参考,这里是我的 Gemfile
源'https://rubygems.org'
gem'rails','4.2.1'
gem'rails-api'
gem'pg'
gem'activerecord-postgis-adapter'
gem'rgeo'
gem'devise'
gem'devise_token_auth',> = 0.1.32.beta9#Rails JSON API的令牌认证
gem'omniauth'#需要devise_token_auth
group:development,:test do
gem'pry-byebug','= 1.3.3'
gem'pry-stack_explorer'
gem'pry-rails'
gem撬远程
#访问上例外页或通过使用<的IRB控制台;%=控制台%GT;在视图中
gem'web-console','〜> 2.0'
#Spring通过保持应用程序在后台运行,加快开发速度。阅读更多:https://github.com/rails/spring
gem'spring'
gemrspec-rails,〜> 3.3
end
group:test do
#gemshoulda-matchers
gemfactory_girl_rails
gem'ffaker'
end
它适用于我。
注册控制器
从 devise-token-auth gem
app / controllers / users / registrations_controller.rb
:
类用户:: RegistrationsController< DeviseTokenAuth :: RegistrationsController
end
并粘贴第1页的内容
- 添加到控制器的末尾:
- 路由配置为你做了
- extract
RegistrationsController
fromdevise-token-auth gem
- create
app/controllers/users/registrations_controller.rb
: - add to the end of controller:
- configure routes as you did
醇>
。
def sign_up_params
params.require(:registration).permit(:name ,:nick::email,,password,,password_confirmation)
end
更新:
第3步的更改适用于devise_token_auth v0.1.39:
def sign_up_params
permit(名,:电子邮件,:密码,:password_confirmation)
端
I am using devise-token-auth gem on Rails 4.2, and I've added a field nickname
to the User
model. I am trying to implement this via an override of the gem controller
class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController
before_filter :configure_permitted_parameters
def update
#this line never shows in the logs
Rails.logger.info "I never get to run!!"
super
end
protected
# my new custom field is :nickname
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :nickname,
:email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name,
:email, :password, :password_confirmation, :nickname)
end
end
end
The routes are configured like this:
Rails.application.routes.draw do
namespace :api, constraints: { format: 'json' } do
mount_devise_token_auth_for 'User', at: 'auth', controllers: {
registrations: 'users/registrations'
}
end
end
and they seem about right:
PATCH /api/auth(.:format) users/registrations#update {:format=>"json"}
PUT /api/auth(.:format) users/registrations#update {:format=>"json"}
Then I try to call the update from curl
curl -X PUT --dump-header headers_update -H "Access-Token: 2FHhLQFtIgDfSqsTaaCH_g" -H "Uid: sample5@example.com" -H "Client: -RUtwnCfgqvqwDjYPtajQA" -H "Token-Type: Bearer" -H "Expiry: 1447713314" http://api.local.dev:3000/api/auth -d "{ \"nickname\":\"somestuff\"}"
But the update call never gets to runs. This is what shows the server after the request:
I, [2015-11-02T18:05:38.131091 #7940] INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500
I, [2015-11-02T18:05:38.131222 #7940] INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500
I, [2015-11-02T18:05:38.147209 #7940] INFO -- : Processing by Users::RegistrationsController#update as */*
I, [2015-11-02T18:05:38.147383 #7940] INFO -- : Processing by Users::RegistrationsController#update as */*
I, [2015-11-02T18:05:38.147490 #7940] INFO -- : Parameters: {"{ \"nickname\":\"somestuff\"}"=>nil}
I, [2015-11-02T18:05:38.147571 #7940] INFO -- : Parameters: {"{ \"nickname\":\"somestuff\"}"=>nil}
D, [2015-11-02T18:05:38.152778 #7940] DEBUG -- : User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1 [["uid", "sample5@example.com"]]
D, [2015-11-02T18:05:38.152934 #7940] DEBUG -- : User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1 [["uid", "sample5@example.com"]]
D, [2015-11-02T18:05:38.224790 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"}
D, [2015-11-02T18:05:38.225023 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"}
I, [2015-11-02T18:05:38.237415 #7940] INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected
I, [2015-11-02T18:05:38.237565 #7940] INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected
I, [2015-11-02T18:05:38.237741 #7940] INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms)
I, [2015-11-02T18:05:38.237860 #7940] INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms)
and the json reply to curl
is:
{"status":"error","errors":["Please submit proper account update data in request"]}
For reference, here is my Gemfile
source 'https://rubygems.org'
gem 'rails', '4.2.1'
gem 'rails-api'
gem 'pg'
gem 'activerecord-postgis-adapter'
gem 'rgeo'
gem 'devise'
gem 'devise_token_auth', ">= 0.1.32.beta9" # Token based authentication for Rails JSON APIs
gem 'omniauth' # required for devise_token_auth
group :development, :test do
gem 'pry-byebug', '=1.3.3'
gem 'pry-stack_explorer'
gem 'pry-rails'
gem 'pry-remote'
# Access an IRB console on exception pages or by using <%= console %> in views
gem 'web-console', '~> 2.0'
# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
gem "rspec-rails", "~> 3.3"
end
group :test do
#gem "shoulda-matchers"
gem "factory_girl_rails"
gem 'ffaker'
end
It worked for me.
.
class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController
end
and paste the content from p.1
.
def sign_up_params
params.require(:registration).permit(:name, :nick, :email, :password, :password_confirmation)
end
Update:
This change to Step 3 works with devise_token_auth v0.1.39:
def sign_up_params
permit(:name, :email, :password, :password_confirmation)
end
这篇关于DeviseTokenAuth控制器的强参数覆盖的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!