[英]Devise: Unpermitted parameters
I don't know why, but the following code just stopped working (I didn't even notice how it happened)我不知道为什么,但以下代码停止工作(我什至没有注意到它是如何发生的)
routes.rb路由文件
devise_for :users, components: {registrations: 'registrations', sessions: 'sessions'}
registations_controller.rb registry_controller.rb
class RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up).push(:name, :surname, :username, :email, :avatar)
devise_parameter_sanitizer.for(:account_update).push(:name, :surname, :email, :avatar)
end
end
As I said, everything worked fine before, but now I'm getting:正如我所说,以前一切正常,但现在我得到:
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"lvuPOmTRqv6XUQ/O1g4Q9VNvzD7DgGCHocY/OlAvKHEIvWAHvlS982hxSZZzzAESCpmL5QTUcTLw/c9ME/sUFQ==", "user"=>{"name"=>"John", "surname"=>"Doe", "username"=>"foobar", "email"=>"foobar@example.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Register"}
Unpermitted parameters: name, surname, email
Cofiguration:配置:
PS: Now I finally understand why should I cover my code with unit-tests and use Travis CI PS:现在我终于明白为什么我应该用单元测试覆盖我的代码并使用 Travis CI
The for
method has been deprecated since 4.1. for
方法自 4.1 起已被弃用。 Use this instead:改用这个:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
attributes = [:name, :surname,:username, :email, :avatar]
devise_parameter_sanitizer.permit(:sign_up, keys: attributes)
devise_parameter_sanitizer.permit(:account_update, keys: attributes)
end
end
I think you should try "configure_permitted_parameters" method in application controller instead of registration controller.我认为您应该在应用程序控制器而不是注册控制器中尝试“configure_permitted_parameters”方法。
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up).push(:name, :surname,:username, :email, :avatar)
devise_parameter_sanitizer.for(:account_update).push(:name, :surname, :email, :avatar)
end
end
along the 4.5.0 documentation:沿着 4.5.0 文档:
In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your ApplicationController:
如果你想允许额外的参数(lazy way™),你可以在 ApplicationController 中使用一个简单的 before 过滤器来实现:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
end
end
works for me (with Rails 5.2.1).对我有用(使用 Rails 5.2.1)。
With nested parameters (untested):使用嵌套参数(未经测试):
nested attributes (say you're using accepts_nested_attributes_for), then you will need to tell devise about those nestings and types:
嵌套属性(假设您正在使用 accepts_nested_attributes_for),那么您将需要告诉设计这些嵌套和类型:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name,
address_attributes: [:country, :state, :city, :area, :postal_code]])
end
end
I also experienced this issue while using the Devise gem.我在使用Devise gem 时也遇到了这个问题。 It was caused because I added an
email_confirmation
parameter to the users
model in my Rails application without whitelisting the parameter in the users_controller
.因为我增加了一个它是造成
email_confirmation
参数的users
在我的Rails应用程序模型,而在白名单参数users_controller
。
Here's how I solved it:这是我解决它的方法:
users_controller
users_controller
email_confirmation
parameter to the list of permitted parameters in the users_params
action.email_confirmation
参数添加到users_params
操作中允许的参数列表。 That's all.就这样。
I hope this helps我希望这有帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.