Can't figure out how to update users with devise_token_auth gem

Question

I'm working on a rails API that is meant to work with a VUE frontend. This is my first time working with rails as an API only.

I'm familiar with using devise for user authentication in other rails apps.

Our sign in works, same with logout. I can't figure out how to edit and delete users though.

My rake routes shows this:

        new_api_user_session GET      /api/v1/auth/sign_in(.:format)                            devise_token_auth/sessions#new
            api_user_session POST     /api/v1/auth/sign_in(.:format)                            devise_token_auth/sessions#create
    destroy_api_user_session DELETE   /api/v1/auth/sign_out(.:format)                           devise_token_auth/sessions#destroy
       new_api_user_password GET      /api/v1/auth/password/new(.:format)                       devise_token_auth/passwords#new
      edit_api_user_password GET      /api/v1/auth/password/edit(.:format)                      devise_token_auth/passwords#edit
           api_user_password PATCH    /api/v1/auth/password(.:format)                           devise_token_auth/passwords#update
cancel_api_user_registration GET      /api/v1/auth/cancel(.:format)                             devise_token_auth/registrations#cancel
   new_api_user_registration GET      /api/v1/auth/sign_up(.:format)                            devise_token_auth/registrations#new
  edit_api_user_registration GET      /api/v1/auth/edit(.:format)                               devise_token_auth/registrations#edit
       api_user_registration PATCH    /api/v1/auth(.:format)                                    devise_token_auth/registrations#update

My routes.rb is like so:

Rails.application.routes.draw do

  root 'home#index'

  namespace :api do
    scope :v1 do
      resource :profile, only: [:show]
      mount_devise_token_auth_for "User", at: 'auth'

     ## other code
    end
  end

end

I'm testing the api using CURL. The following command can successfully log in:

curl -X POST -v -H 'Content-Type: application/json' http://localhost:3000/api/v1/auth/sign_in -d '{"email": "test@example.com", "password": "password"}'

That works OK.

The route for updating a user should be http://localhost:3000/api/v1/auth/

The sign in gives me the client and access-token values. When I pop those into the following curl command I expect the user to update. The attribute that I'm trying to update is "sortOrder".

curl -X PATCH -v -H 'Content-Type: application/json' -H 'access-token: XUbhcAgWlVnARf9Ps4rjR' -H 'client: Lxg5us7MpUyAuM5xQGNuqg'  -H 'uid: test@example.com' http://localhost:3000/api/v1/auth/ -d '{"sortOrder": "DESC"}'

From that command, my rails log shows:

Started PATCH "/api/v1/auth/" for 127.0.0.1 at 2018-12-26 12:10:53 -0800
Processing by DeviseTokenAuth::RegistrationsController#update as */*
  Parameters: {"sortOrder"=>"DESC", "registration"=>{"sortOrder"=>"DESC"}}
  User Load (0.6ms)  SELECT  `users`.* FROM `users` WHERE `users`.`uid` = 'test@example.com' LIMIT 1
Unpermitted parameter: registration
Completed 404 Not Found in 101ms (Views: 0.3ms | ActiveRecord: 0.6ms)

The output from the curl command is:

*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3000 (#0)
> PATCH /api/v1/auth/ HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> access-token: XUbhcAgWlVnARf9Ps4rjR
> client: Lxg5us7MpUyAuM5xQGNuqg
> uid: test@example.com
> Content-Length: 50
> 
* upload completely sent off: 50 out of 50 bytes
< HTTP/1.1 404 Not Found
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Type: application/json; charset=utf-8
< Cache-Control: no-cache
< X-Request-Id: 1e5e61f6-1226-43dc-b8b3-30a576b0c03a
< X-Runtime: 0.104965
< Vary: Origin
< Transfer-Encoding: chunked
< 
* Connection #0 to host localhost left intact
{"success":false,"errors":["User not found."],"status":"error"}

I'm not sure what I'm missing here. With this devise set up I don't have access to the devise/registrations controller. I could probably create my own but this should work. I haven't been able to find documentation for the devise_token_auth gem that addresses user updates and delete.

The result that I'm getting seems to be "user not found". I've tried several ways to get the user UID, email and id in the request but nothing seems to work. Has anyone experienced this before?

Answer 1

Looks like the user does not get saved somehow. I would try adding :create to the resource :profile, only: [:show, :create] in routes.rb. I am just learning RoR an Devise so I can't say that it is a 100% cure but worth a try. Following the same logic, you can add the :edit and :destroy actions to edit/delete profile/user.