问题
In the below case, i am trying to use strong parameters. I want to require email_address, password
and permit remember_me
fields.
But using like below it only allows the LAST line in the method Ex:- In below case it only take params.permit(:remember_me)
private
def registration_params
params.require(:email_address)
params.require(:password)
params.permit(:remember_me)
end
Another Ex:- In this below case, if i rearrange it like below it will take only params.require(:email_address)
where am i going wrong ?
def registration_params
params.require(:password)
params.permit(:remember_me)
params.require(:email_address)
end
UPDATE Params hash be like
{
"utf8" => "✓",
"email_address" => "test1@gmail.com",
"password" => "password123",
"remember_me" => "true",
"commit" => "Log in",
"controller" => "registration",
"action" => "sign_in"
}
回答1:
Ok found the answer through a friend ...one way to do this is
params.require(:email_address)
params.require(:password)
params.permit(
:email_address,
:password,
:remember_me
)
Works good.
回答2:
Stong parameters are to prevent mass-assignment to Active Record models. Your parameters should be set up in a model backed form. Example from the Michael Hartl Tutorial:
REGISTRATION FORM
<%= form_for(@user) do |f| %>
<%= f.label :name %>
<%= f.text_field :name %>
<%= f.label :email %>
<%= f.email_field :email %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.label :password_confirmation, "Confirmation" %>
<%= f.password_field :password_confirmation %>
<%= f.submit "Create my account", class: "btn btn-primary" %>
<% end %>
This will create a parameter that looks like:
PARAMS
{
"utf8" => "✓",
"user" => { email: "test1@gmail.com", name:"Test Name", password: "password", password_confirmation: "password" },
"remember_me" => "true",
"commit" => "Log in",
"controller" => "registration",
"action" => "sign_in"
}
Then in your registration controller you can use strong parameters like:
STRONG PARAMETERS
params.require(:user).permit(:name, :email, :password, :password_confirmation)
It looks like in your case, you are handling a log in, in which case, you only need to use regular parameters to capture the login information.
SESSION CREATION
def sign_in
email = params[:email]
password = params[:password]
if User.authenticate!(email, password)
# do something
else
# do something different
end
end
回答3:
Edit:
Here is the Rails way for you to handle logins and, I believe, cases where you need to 'require' multiple parameters and provide errors back to the user.
Unlike using strong params, this approach provides feedback to the user (using validation errors) when parameters are missing or blank. This is more user-friendly than throwing an exception.
Create an
ActiveModel
(notActiveRecord
) form backing object. This form backing object is where you specify which fields are required and when a call tovalid?
is performed, these fields will be validated.With this, you will get nice user-friendly errors if:
- email is missing
- password is missing
- email and password do not match
models/session.rb
class Session include ActiveModel::Model attr_accessor :password, :email, :remember_me validates_presence_of :password, :email # these fields are required! def authenticate return false unless valid? # this checks that required params # are present and adds errors to the # errors object if not if User.authenticate(:password, :email) # validate credentials true else errors.add(:email, "and password didn't match") # wrong credentials. add error! false end end end
Create the controller. Here is what your controller would look like for logging in a user:
app/controllers/sessions_controller.rb
class SessionsController < ApplicationController # GET /login def new @session = Session.new end # POST /login def create @session = Session.new(login_params) if @session.authenticate # do whatever you need to do to log the user in # set remember_me cookie, etc. redirect_to '/success', notice: 'You are logged in' else render :new # shows the form again, filled-in and with errors end end private def login_params params.require(:session).permit(:email, :password, :remember_me) end end
Set up the view
app/views/sessions/new.html.erb
<% if @session.errors.any? %> <ul> <% @session.errors.full_messages.each do |msg| %> <li><%= msg %></li> <% end %> </ul> <% end %> <%= form_for @session, :url => login_path do |f| %> <div> <%= f.label :email, 'Email:' %> </div> <div> <%= f.text_field :email %> </div> <div> <%= f.label :password, 'Password:' %> </div> <div> <%= f.password_field :password %> </div> <div> <%= f.label :remember_me, 'Remember Me?' %> <%= f.check_box :remember_me %> </div> <div> <%= f.submit %> </div> <% end %>
Lastly, make sure the routes are configured
config/routes.rb
get 'login' => 'sessions#new' post 'login' => 'sessions#create'
回答4:
2020 solution:
def registration_params
params.require([:email_address, :password]) #require all of these
params.permit(:email_address, :password, :remember_me) #return hash
end
来源:https://stackoverflow.com/questions/32613499/multiple-require-permit-strong-parameters-rails-4