停止发布到外部服务以查找用户ID
[英]Stopping Post to external service looking for User ID
问题描述
I'm not really sure how to describe this issue so will try to be clear. 
我不太确定如何描述此问题,因此请尝试弄清楚。
We have a page in our Rails application where our customers can update their credit card details. 我们在Rails应用程序中有一个页面,客户可以在其中更新其信用卡详细信息。 The form posts to an external service to verify the details. 表单过帐到外部服务以验证详细信息。 Then redirects back to us transparently. 然后透明地重定向回我们。
Initially I had the form in it's own controller for testing (working perfectly) but I've just moved it within my users_controller. 最初,我在自己的控制器中拥有用于测试的表格(可以正常运行),但我只是将其移至users_controller中。
The form posts and redirects to a confirm action which does some checks. 表单过帐并重定向到确认动作,该动作会进行一些检查。 When I post from within the users controller, I get an error: 当我从用户控制器内发布时,出现错误:
Couldn't find User with id=k2hx5p36w3g9rxsz
Which in fact is the id of the transaction. 实际上,这就是交易的ID。 Not the user. 不是用户。
The url looks like this: 网址看起来像这样:
http://localhost:8080/settings/confirm?http_status=200&id=k2hx5p36w3g9rxsz&kind=update_payment_method&hash=9c85b12c1242cd58de27b2582c934e34a0e9455e6
In my controller, I have this: 在我的控制器中,我有这个:
def billing
@user = current_user
@credit_card = current_user.default_credit_card
@tr_data = CreditCard::TransparentRedirect.update_credit_card_data(:redirect_url => confirm_credit_card_info_url, :payment_method_token => @credit_card.token)
...
end
def credit_card_confirm
@user = current_user
@result = CreditCard::TransparentRedirect.confirm(request.query_string)
if @result.success?
redirect_to user_billing_path, :notice => "Credit card updated"
else
render :action => "billing"
end
end
And in my routes: 在我的路线上:
match '/settings/confirm' => 'users#credit_card_confirm', :as => :confirm_credit_card_info
What can I do to avoid it taking the ID as the User ID? 如何避免将ID作为用户ID?
1 个解决方案
解决方案1
1 已采纳 2012-10-24 11:02:31
You probably have something like a before_filter or cancan which takes the id from params and tries to load the corresponding object. 您可能有一个诸如before_filter或cancan类的东西,它从参数中获取ID并尝试加载相应的对象。 This is a common practice in controllers. 这是控制器中的常见做法。
The point is that params contains a merge of: 关键是params包含以下内容的合并:
- the named params that are set from the router (
/users/:id)从路由器( /users/:id)设置的命名参数 - the query string, as converted by http://apidock.com/rails/Rack/Utils/parse_nested_query 查询字符串,由http://apidock.com/rails/Rack/Utils/parse_nested_query转换
- the body if present, as above or converted from JSON/XML as needed. 正文(如果存在)(如上所述)或根据需要从JSON / XML转换而成。
So GET /users/1 and GET /users?id=1 have the same effect. 因此GET /users/1和GET /users?id=1具有相同的效果。
The solution is to understand in which specific piece of your code the id is used to load a User. 解决方案是了解ID用来加载用户代码的特定部分。 If it is your code (or otherwise skippable), then skip the filter or whatever appropriate for the credit_card_confirm action, if it is not your code, you have to use a separate controller. 如果是您的代码(或其他可跳过的代码),则跳过过滤器或任何适合credit_card_confirm操作的内容,如果不是您的代码,则必须使用单独的控制器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.