[英]devise_token_auth update request
Hello I'm using the devise_auth_token
gem, and testing my server with postman with a PUT request to /
following this indications : 您好,我正在使用
devise_auth_token
gem,并使用邮递员通过以下指示向/
发出PUT请求来测试我的服务器:
Account updates.
帐户更新。 This route will update an existing user's account settings.
此路由将更新现有用户的帐户设置。 The default accepted params are password and
password_confirmation
, but this can be customized using thedevise_parameter_sanitizer
system.默认接受的参数是password和
password_confirmation
,但是可以使用devise_parameter_sanitizer
系统对其进行自定义。 Ifconfig.check_current_password_before_update
is set to:attributes
thecurrent_password
param is checked before any update, if it is set to:password
thecurrent_password
param is checked only if the request updates user password.如果
config.check_current_password_before_update
设置为:attributes
,则在任何更新之前检查current_password
参数,如果设置为:password
,则仅在请求更新用户密码时才检查current_password
参数。
I made this request -> 我提出了这个要求->
Header : 标头:
"access-token": "wwwww",
"token-type": "Bearer",
"client": "xxxxx",
"expiry": "yyyyy",
"uid": "zzzzz"
Body : 身体 :
{
"name": "MI NOMBRE",
"nickname": "MI APODO",
"role": "MI ROL"
}
and i get this error : Please submit proper account update data in request body.
并且我收到此错误:
Please submit proper account update data in request body.
This are my permited params in application_controller.rb
: 这是我在
application_controller.rb
允许的参数:
protect_from_forgery with: :null_session
before_filter :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :password_confirmation
devise_parameter_sanitizer.for(:account_update) do |user_params|
user_params.permit(:role, :email, :nickname, :name, :password, :password_confirmation)
end
end
My server message : 我的伺服器讯息:
Processing by DeviseTokenAuth::RegistrationsController#update as */*
Can't verify CSRF token authenticity
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."uid" = ? LIMIT 1 [["uid", "test2@gmail.com"]]
Filter chain halted as :validate_account_update_params rendered or redirected
Completed 422 Unprocessable Entity in 85ms (Views: 0.2ms | ActiveRecord: 0.5ms)
In case your testing this on local machine you'll probably need to allow cross site requests first. 如果您在本地计算机上对此进行测试,则可能需要先允许跨站点请求。 Update your
Gemfile
and run bundle install
: 更新您的
Gemfile
并运行bundle install
:
group :development do
gem 'rack-cors'
end
in config/environments/development.rb
add following: 在
config/environments/development.rb
添加以下内容:
config.middleware.insert_before 0, Rack::Cors do
# allow all origins in development
allow do
origins '*'
resource '*',
:headers => :any,
:methods => [:get, :post, :delete, :put, :options],
:expose => ['access-token', 'expiry', 'token-type', 'uid', 'client'],
:max_age => 0
end
end
Then on client side there are multiple libraries you can use. 然后在客户端上可以使用多个库。 All of them would store the
auth-token
on client (cookies, session store, ...) and then inject token into each request. 它们都将
auth-token
存储在客户端(cookie,会话存储等),然后将令牌注入每个请求中。 Depending on your stack you can choose from: 根据您的堆栈,您可以选择:
Basically the validation looks like this (image from ng-token-auth
): 基本上,验证如下所示(
ng-token-auth
图像):
When client HTML was rendered on server (Rails) it was common practice to include CSRF tag somewhere in page layout: 当客户端HTML在服务器(Rails)上呈现时,通常的做法是在页面布局中的某处包括CSRF标签:
<%= csrf_meta_tag %>
If you really want do do this with postman and let's say you have just JSON API, you can do set token in application_controller.rb
: 如果您真的想用邮递员这样做,并且假设您只有JSON API,则可以在
application_controller.rb
设置令牌:
before_action :set_token
def set_token
response.headers['X-XSRF-TOKEN'] = form_authenticity_token
end
now when you send GET /
you'll be able to retrieve 现在,当您发送
GET /
您将能够检索
X-XSRF-TOKEN: Tjbsg1RYL6bBoCK1u1As8/SO09V+vZ+IOyfNrRXdyfNb9DeWjwnArv6IZkyr2+ayMchwywXPyausYOQhWNGK1g==
from response headers. 来自响应头。 And afterwards you have to use it for submitting
PUT
request. 然后,您必须使用它来提交
PUT
请求。 That's just to illustrate how this works, using some library for managing tokens is a better idea. 只是为了说明它是如何工作的,使用一些库来管理令牌是一个更好的主意。
In case someone is looking for a solution, after setting up cross site requests using gem 'rack-cors'. 如果有人正在寻找解决方案,请使用gem'rack-cors'设置跨站点请求。
In application_controller.rb
add following: 在
application_controller.rb
添加以下内容:
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:name, :password_confirmation])
devise_parameter_sanitizer.permit(:account_update, keys: [:name, :nickname, :image])
end
Tested and works in Rails 5.2.1 经过测试并在Rails 5.2.1中工作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.