问题
I am using devise-token-auth gem on Rails 4.2, and I've added a field nickname to the User model. I am trying to implement this via an override of the gem controller
class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController
before_filter :configure_permitted_parameters
def update
#this line never shows in the logs
Rails.logger.info "I never get to run!!"
super
end
protected
# my new custom field is :nickname
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :nickname,
:email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name,
:email, :password, :password_confirmation, :nickname)
end
end
end
The routes are configured like this:
Rails.application.routes.draw do
namespace :api, constraints: { format: 'json' } do
mount_devise_token_auth_for 'User', at: 'auth', controllers: {
registrations: 'users/registrations'
}
end
end
and they seem about right:
PATCH /api/auth(.:format) users/registrations#update {:format=>"json"}
PUT /api/auth(.:format) users/registrations#update {:format=>"json"}
Then I try to call the update from curl
curl -X PUT --dump-header headers_update -H "Access-Token: 2FHhLQFtIgDfSqsTaaCH_g" -H "Uid: sample5@example.com" -H "Client: -RUtwnCfgqvqwDjYPtajQA" -H "Token-Type: Bearer" -H "Expiry: 1447713314" http://api.local.dev:3000/api/auth -d "{ \"nickname\":\"somestuff\"}"
But the update call never gets to runs. This is what shows the server after the request:
I, [2015-11-02T18:05:38.131091 #7940] INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500
I, [2015-11-02T18:05:38.131222 #7940] INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500
I, [2015-11-02T18:05:38.147209 #7940] INFO -- : Processing by Users::RegistrationsController#update as */*
I, [2015-11-02T18:05:38.147383 #7940] INFO -- : Processing by Users::RegistrationsController#update as */*
I, [2015-11-02T18:05:38.147490 #7940] INFO -- : Parameters: {"{ \"nickname\":\"somestuff\"}"=>nil}
I, [2015-11-02T18:05:38.147571 #7940] INFO -- : Parameters: {"{ \"nickname\":\"somestuff\"}"=>nil}
D, [2015-11-02T18:05:38.152778 #7940] DEBUG -- : User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1 [["uid", "sample5@example.com"]]
D, [2015-11-02T18:05:38.152934 #7940] DEBUG -- : User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1 [["uid", "sample5@example.com"]]
D, [2015-11-02T18:05:38.224790 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"}
D, [2015-11-02T18:05:38.225023 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"}
I, [2015-11-02T18:05:38.237415 #7940] INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected
I, [2015-11-02T18:05:38.237565 #7940] INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected
I, [2015-11-02T18:05:38.237741 #7940] INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms)
I, [2015-11-02T18:05:38.237860 #7940] INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms)
and the json reply to curl is:
{"status":"error","errors":["Please submit proper account update data in request"]}
For reference, here is my Gemfile
source 'https://rubygems.org'
gem 'rails', '4.2.1'
gem 'rails-api'
gem 'pg'
gem 'activerecord-postgis-adapter'
gem 'rgeo'
gem 'devise'
gem 'devise_token_auth', ">= 0.1.32.beta9" # Token based authentication for Rails JSON APIs
gem 'omniauth' # required for devise_token_auth
group :development, :test do
gem 'pry-byebug', '=1.3.3'
gem 'pry-stack_explorer'
gem 'pry-rails'
gem 'pry-remote'
# Access an IRB console on exception pages or by using <%= console %> in views
gem 'web-console', '~> 2.0'
# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
gem "rspec-rails", "~> 3.3"
end
group :test do
#gem "shoulda-matchers"
gem "factory_girl_rails"
gem 'ffaker'
end
回答1:
It worked for me.
- extract
RegistrationsControllerfromdevise-token-auth gem - create
app/controllers/users/registrations_controller.rb:
.
class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController
end
and paste the content from p.1
- add to the end of controller:
.
def sign_up_params
params.require(:registration).permit(:name, :nick, :email, :password, :password_confirmation)
end
- configure routes as you did
Update:
This change to Step 3 works with devise_token_auth v0.1.39:
def sign_up_params
permit(:name, :email, :password, :password_confirmation)
end
回答2:
You can override devise registrations controller by doing this:
class RegistrationsController < Devise::RegistrationsController
private
def sign_up_params
params.require(:user).permit(:name, :nickname, :email, :password, :password_confirmation)
end
def account_update_params
params.require(:user).permit(:name, :nickname, :email, :password, :password_confirmation, :current_password)
end
end
Then on your routes:
devise_for :users, :controllers => { registrations: 'registrations' }
来源:https://stackoverflow.com/questions/33488678/strong-parameter-override-for-devisetokenauth-controller