Forçage de paramètre fort pour le contrôleur DeviseTokenAuth

Question

J'utilise devise-token-auth gem sur Rails 4.2, et j'ai ajouté un champ nickname au modèle User. Je suis en train de mettre en œuvre ce par un remplacement du contrôleur gemme

class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController 

    before_filter :configure_permitted_parameters 

    def update 
    #this line never shows in the logs 
    Rails.logger.info "I never get to run!!" 
    super 
    end 

    protected 

    # my new custom field is :nickname 
    def configure_permitted_parameters 
    devise_parameter_sanitizer.for(:sign_up) do |u| 
     u.permit(:name, :nickname, 
     :email, :password, :password_confirmation) 
    end 
    devise_parameter_sanitizer.for(:account_update) do |u| 
     u.permit(:name, 
     :email, :password, :password_confirmation, :nickname) 
    end 
    end 
end 

Les itinéraires sont configurés comme ceci:

Rails.application.routes.draw do 
    namespace :api, constraints: { format: 'json' } do 
     mount_devise_token_auth_for 'User', at: 'auth', controllers: { 
      registrations: 'users/registrations' 
     } 
    end 
    end 

et ils semblent sur le droit:

PATCH /api/auth(.:format)     users/registrations#update {:format=>"json"} 
PUT /api/auth(.:format)     users/registrations#update {:format=>"json"} 

Alors je tente appeler la mise à jour de curl

curl -X PUT --dump-header headers_update -H "Access-Token: 2FHhLQFtIgDfSqsTaaCH_g" -H "Uid: sample5@example.com" -H "Client: -RUtwnCfgqvqwDjYPtajQA" -H "Token-Type: Bearer" -H "Expiry: 1447713314" http://api.local.dev:3000/api/auth -d "{ \"nickname\":\"somestuff\"}" 

Mais l'appel de mise à jour ne parvient jamais à s'exécuter. C'est ce que montre le serveur après la demande:

I, [2015-11-02T18:05:38.131091 #7940] INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500 
I, [2015-11-02T18:05:38.131222 #7940] INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500 
I, [2015-11-02T18:05:38.147209 #7940] INFO -- : Processing by Users::RegistrationsController#update as */* 
I, [2015-11-02T18:05:38.147383 #7940] INFO -- : Processing by Users::RegistrationsController#update as */* 
I, [2015-11-02T18:05:38.147490 #7940] INFO -- : Parameters: {"{ \"nickname\":\"somestuff\"}"=>nil} 
I, [2015-11-02T18:05:38.147571 #7940] INFO -- : Parameters: {"{ \"nickname\":\"somestuff\"}"=>nil} 
D, [2015-11-02T18:05:38.152778 #7940] DEBUG -- : User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1 [["uid", "sample5@example.com"]] 
D, [2015-11-02T18:05:38.152934 #7940] DEBUG -- : User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1 [["uid", "sample5@example.com"]] 
D, [2015-11-02T18:05:38.224790 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"} 
D, [2015-11-02T18:05:38.225023 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"} 
I, [2015-11-02T18:05:38.237415 #7940] INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected 
I, [2015-11-02T18:05:38.237565 #7940] INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected 
I, [2015-11-02T18:05:38.237741 #7940] INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms) 
I, [2015-11-02T18:05:38.237860 #7940] INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms) 

et la réponse JSON à curl est:

{"status":"error","errors":["Please submit proper account update data in request"]} 

Pour référence, voici mon Gemfile

source 'https://rubygems.org' 


gem 'rails', '4.2.1' 

gem 'rails-api' 

gem 'pg' 
gem 'activerecord-postgis-adapter' 
gem 'rgeo' 
gem 'devise' 
gem 'devise_token_auth', ">= 0.1.32.beta9" # Token based authentication for Rails JSON APIs 
gem 'omniauth' # required for devise_token_auth 

group :development, :test do 
    gem 'pry-byebug', '=1.3.3' 
    gem 'pry-stack_explorer' 
    gem 'pry-rails' 
    gem 'pry-remote' 

    # Access an IRB console on exception pages or by using <%= console %> in views 
    gem 'web-console', '~> 2.0' 

    # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring 
    gem 'spring' 

    gem "rspec-rails", "~> 3.3" 
end 

group :test do 

    #gem "shoulda-matchers" 
    gem "factory_girl_rails" 
    gem 'ffaker' 
end 

Answer 1

Vous pouvez remplacer concevoir contrôleur d'enregistrements en faisant ceci:

class RegistrationsController < Devise::RegistrationsController 

    private 

    def sign_up_params 
    params.require(:user).permit(:name, :nickname, :email, :password, :password_confirmation) 
    end 

    def account_update_params 
    params.require(:user).permit(:name, :nickname, :email, :password, :password_confirmation, :current_password) 
    end 
end 

ensuite sur vos routes:

devise_for :users, :controllers => { registrations: 'registrations' } 

Answer 2

Il a travaillé pour moi.

1. extrait RegistrationsController de devise-token-auth gem
2. créer app/controllers/users/registrations_controller.rb:

.

class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController 

end 

et collez le contenu de p.1

3. ajouter à la fin du contrôleur:

.

def sign_up_params    
    params.require(:registration).permit(:name, :nick, :email, :password, :password_confirmation) 

end 

4. routes configure comme vous l'avez

Mise à jour:

Ce changement à l'étape 3 fonctionne avec devise_token_auth v0.1.39: def sign_up_params permit(:name, :email, :password, :password_confirmation) end