问题
I am trying to build api urls for password reset via. devise_token_auth
gem.
As per the usage mentioned here, the POST request for /api/v1/auth/password
needs params email
and redirect_url
. The user matching the email param will be sent instructions on how to reset their password. redirect_url is the url to which the user will be redirected after visiting the link contained in the email. However, I am getting the following URL in the email for password reset, in which the param redirect_url
is missing, only token is present.
http://localhost/api/v1/auth/password/edit?reset_password_token=sQ1kMrdmXx47scosNhZ8
Here is a screenshot of the api from postman.
Following is the piece of log from development.log, indicating that the param is not permitted. The job thus created for sending the e-mail contained the redirect redirect_url as evident below, but it is not present in the actual e-mail
Started POST "/api/v1/auth/password" for 127.0.0.1 at 2016-03-28 20:19:26 +0530
Processing by Api::V1::Auth::PasswordsController#create as */*
Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"abcd", "config"=>"default"}
Can't verify CSRF token authenticity
Unpermitted parameters: redirect_url, config
Unpermitted parameters: redirect_url, config
User Load (0.7ms) SELECT "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email') ORDER BY "users"."id" ASC LIMIT 1
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."reset_password_token" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"]]
(0.1ms) BEGIN
SQL (0.3ms) UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4 [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"], ["reset_password_sent_at", "2016-03-28 14:49:26.255859"], ["updated_at", "2016-03-28 14:49:26.258075"], ["id", 189]]
(13.4ms) COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: fed742b9-b1aa-4a71-80bb-a95fd0626175) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "RCg24UxHcsr6QyPWV9cz", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"abcd", :client_config=>"default"}
[ActiveJob] (0.2ms) BEGIN
[ActiveJob] SQL (0.4ms) INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id" [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n job_class: ActionMailer::DeliveryJob\n job_id: fed742b9-b1aa-4a71-80bb-a95fd0626175\n queue_name: mailers\n arguments:\n - Devise::Mailer\n - reset_password_instructions\n - deliver_now\n - _aj_globalid: gid://fertility-app/User/189\n - RCg24UxHcsr6QyPWV9cz\n - email: vipin8169@gmail.com\n provider: email\n redirect_url: abcd\n client_config: default\n"], ["run_at", "2016-03-28 14:49:26.289191"], ["created_at", "2016-03-28 14:49:26.289653"], ["updated_at", "2016-03-28 14:49:26.289653"]]
[ActiveJob] (4.6ms) COMMIT
Completed 200 OK in 60ms (Views: 0.2ms | ActiveRecord: 21.2ms)
Below is the code in my controller:
#app/controllers/api/v1/auth/passwords_controller.rb
class Api::V1::Auth::PasswordsController < DeviseTokenAuth::PasswordsController
protect_from_forgery with: :null_session
before_action :configure_permitted_parameters
after_filter :set_csrf_header, only: [:create]
skip_before_action :verify_authenticity_token, only: [:create]
protected
def set_csrf_header
response.headers['X-CSRF-Token'] = form_authenticity_token
end
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) << :redirect_url
# params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token, :redirect_url)
end
end
Delayed::Job.first.handler
contains the following entry:
Delayed::Backend::ActiveRecord::Job Load (0.7ms) SELECT "delayed_jobs".* FROM "delayed_jobs" ORDER BY "delayed_jobs"."id" ASC LIMIT 1
=> "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n job_class: ActionMailer::DeliveryJob\n job_id: 7d61feef-3cee-41bc-a298-8bea20cfbf56\n queue_name: mailers\n arguments:\n - Devise::Mailer\n - reset_password_instructions\n - deliver_now\n - _aj_globalid: gid://fertility-app/User/189\n - SG7LTRWK37FMRE8dC7X7\n - email: vipin8169@gmail.com\n provider: email\n redirect_url: http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fpassword%2Fedit\n client_config: default\n"
Updated log from the development.log pasted below:
Started POST "/api/v1/auth/password?redirect_url=foo&email=vipin8169@gmail.com" for 127.0.0.1 at 2016-03-29 12:19:21 +0530
ActiveRecord::SchemaMigration Load (0.3ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Api::V1::Auth::PasswordsController#create as */*
Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"foo"}
Unpermitted parameter: redirect_url
Unpermitted parameter: redirect_url
User Load (1.2ms) SELECT "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email') ORDER BY "users"."id" ASC LIMIT 1
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."reset_password_token" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"]]
(0.2ms) BEGIN
SQL (0.6ms) UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4 [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"], ["reset_password_sent_at", "2016-03-29 06:49:22.147552"], ["updated_at", "2016-03-29 06:49:22.150433"], ["id", 189]]
(14.6ms) COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: 9131c578-6ec6-4365-848d-2aea78cd2251) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "NZgnXtSgJLXFdx2MPoEn", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"foo", :client_config=>"default"}
[ActiveJob] (0.2ms) BEGIN
[ActiveJob] SQL (1.5ms) INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id" [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n job_class: ActionMailer::DeliveryJob\n job_id: 9131c578-6ec6-4365-848d-2aea78cd2251\n queue_name: mailers\n arguments:\n - Devise::Mailer\n - reset_password_instructions\n - deliver_now\n - _aj_globalid: gid://fertility-app/User/189\n - NZgnXtSgJLXFdx2MPoEn\n - email: vipin8169@gmail.com\n provider: email\n redirect_url: foo\n client_config: default\n"], ["run_at", "2016-03-29 06:49:22.209778"], ["created_at", "2016-03-29 06:49:22.210172"], ["updated_at", "2016-03-29 06:49:22.210172"]]
[ActiveJob] (10.7ms) COMMIT
Completed 200 OK in 348ms (Views: 0.3ms | ActiveRecord: 33.3ms)
来源:https://stackoverflow.com/questions/36262609/redirect-url-is-missing-in-email-instructions-sent-to-the-user-for-password-rese