堆棧內存溢出
  簡體   English   中英

設計強力參數消毒劑

[英]Devise strong parameter sanitizer

 原文  2013-11-18 05:47:10       ruby-on-rails/ devise/ strong-parameters

問題描述

我在嘗試使用devise時自定義我的輸入參數。 我已盡力遵循有關該主題的設計文檔 我還在Google上廣泛搜索了一些有用的文章,例如這篇文章。 最后,當我填寫表格並點擊提交時,返回的是新用戶頁面上的“ sign_up”表格。 當我在控制台中檢查db時,沒有添加新用戶,並且下面列出了帶有相關代碼的服務器日志。 如果您想查看其他任何代碼,請讓我知道,並及時提出問題。 任何幫助都將受到贊賞。

服務器日志: 

Started GET "/users/sign_up
utf8=%E2%9C%93&authenticity_token=lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8%3D&user%5Bemail%5D=kit%40kit.com&user%5Bhandle%5D=kit&user%5Bpassword%5D=[FILTERED]&user%5Bpassword_confirmation%5D=[FILTERED]&commit=Sign+Up" for 127.0.0.1 at 2013-11-17 21:01:31 -0800
Processing by Devise::RegistrationsController#new as HTML
Parameters: {"utf8"=>"✓",  "authenticity_token"=>"lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8=", "user"=>{"email"=>"kit@kit.com", "handle"=>"kit", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign Up"}
Rendered devise/shared/_links.erb (0.3ms)
Rendered devise/registrations/new.html.erb within layouts/application (3.7ms)
Completed 200 OK in 10ms (Views: 9.0ms | ActiveRecord: 0.0ms)

我的應用程序控制器: 

class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
 protect_from_forgery with: :exception


 protected

 def devise_parameter_sanitizer
    if resource_class == User
      User::ParameterSanitizer.new(User, :user, params)
    else
      super # Use the default one
    end
 end
end

User_sanitizer: 

class User::ParameterSanitizer < Devise::ParameterSanitizer

private
def account_sign_in
    default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password) 
end

def account_sign_up
    default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password) 
end

def account_account_update
    default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password) 
end
end

application.html.erb 

<!DOCTYPE html>
<html>
<head>
  <title>Meowit</title>
  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <%= csrf_meta_tags %>
</head>
<body>


<nav class="navbar navbar-default" role="navigation">
  <!-- Brand and toggle get grouped for better mobile display -->
  <div class="navbar-header">
    <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
      <span class="sr-only">Toggle navigation</span>
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
    </button>
    <a class="navbar-brand" href="<%= root_path %>">MeowIT</a>
  </div>

  <!-- Collect the nav links, forms, and other content for toggling -->
  <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
    <ul class="nav navbar-nav">
        <li><a href="<%= meows_path %>">Feed</a></li>



    </ul>
    <ul class="nav navbar-nav navbar-right">
        <li>

        <% if user_signed_in? %>
            <li class="dropdown">
        <a href="" class="dropdown-toggle" data-toggle="dropdown">Account<b class="caret"></b></a>
        <ul class="dropdown-menu">
          <li><%= "#{current_user.email}" %></li>
          <li><%= link_to "Edit", edit_user_registration_path %></li>
          <li><%= link_to("Logout", destroy_user_session_path, :method => :delete) %></li>
        </ul>
      </li>
        <% else %>
            <li><%= link_to("Login  ", new_user_session_path) %></li>
        <% end %>

  </div><!-- /.navbar-collapse -->
</nav>

  <% if flash[:success] %>
    <div class='alert alert-success'>
      <%= flash[:success] %>
    </div>
  <% end %>

  <% if flash[:info] %>
    <div class='alert alert-info'>
      <%= flash[:info] %>
    </div>
  <% end %>

  <% if flash[:warning] %>
    <div class='alert alert-warning'>
      <%= flash[:warning] %>
    </div>
  <% end %>

  <% if flash[:danger] %>
    <div class='alert alert-danger'>
      <%= flash[:danger] %>
    </div>
  <% end %>


    <div class="container">

      <%= yield %>
    </div>
  </body>
</html>

sanitizers.rb: 

require "#{Rails.application.root}/lib/user_sanitizer.rb"

new.html.erb(在views / devise / registrations內部): 

<div class="row">
  <div class="col-lg-6">
    <div class="well">
      <form class="bs-example form-horizontal">
        <fieldset>
        <legend>Sign Up</legend>
        <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
          <%= f.error_notification %>


              <%= f.label :Email, class: "col-lg-2 control-label" %>
              <div class="col-lg-10">
                <%= f.text_field :email, :required => true, :autofocus => true, class: "form-control" %>
              </div>

                  <br>
                  <br>
                  <br>

              <%= f.label :"Name", class: "col-lg-2 control-label" %>
              <div class="col-lg-10">
                <%= f.text_field :handle, :required => false, class: "form-control" %>
              </div>


                  <br>
                  <br>
                  <br>

              <%= f.label :Password, class: "col-lg-2 control-label" %>
              <div class="col-lg-10">
                <%= f.password_field :password, :required => true, class: "form-control" %>
              </div>


                  <br>
                  <br>
                  <br>

              <%= f.label :"Password Confirmation", class: "col-lg-2 control-label" %>
              <div class="col-lg-10">
                  <%= f.password_field :password_confirmation, :required => true, class: "form-control" %>
              </div>

                  <br>
                  <br>

              <div class="col-lg-10 col-lg-offset-2">
                <%= f.button :submit, "Sign Up", class: "btn btn-primary" %>
              </div>

        <% end %>


        </fieldset>
      </form>
    </div>
  </div>
</div>

        <%= render "devise/shared/links" %>

編輯(1)

在app / controllers類RegistrationsController <Devise :: RegistrationsController中創建了新文件registrations_controller.rb 

      private

        def configure_devise_params
          devise_parameter_sanitizer.for(:sign_up) do |u|
            u.permit(:email, :password, :password_confirmation)
          end
        end
    end

修改了route.rb中的devies_for路由,使其指向新控制器。 

  devise_for :users, :controllers => {:registrations => "registrations"}

最后,我在應用程序控制器中注釋掉了對devise_parameter_sanitizer的引用,並刪除了 

    require "#{Rails.application.root}/lib/user_sanitizer.rb"

在sanitizers.rb中

2 個解決方案

解決方案1
 1  2013-12-24 20:18:45

不知道您是否仍然需要幫助,但是通過刪除帶前綴的帳戶,我能夠使消毒器正常工作。

在您的user_sanitizer.rb內部,從您的方法中刪除“帳戶”。 

def sign_in
    ...
end  

def sign_up
    ...
end

這樣做對我有用。

解決方案2
 0  2013-11-18 05:50:53

您可以將其添加到設計注冊控制器 

private

def configure_devise_params
  devise_parameter_sanitizer.for(:sign_up) do |u|
    u.permit(:email, :password, :password_confirmation)
  end
end

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Devise Parameter Sanitizer無法與Cucumber / Capybara / Rspec一起使用 如何測試設計參數消毒劑 "Rails 5,用於#的未定義方法“for”" 嘗試向消毒劑添加參數時設計拋出異常 NameError(未定義的局部變量或方法`devise_parameter_sanitizer&#39; “devise_parameter_sanitizer.permit”上的“未定義方法‘concat’” devise_parameter_sanitizer.sanitize() 方法是做什么用的? 它與 devise_parameter_sanitizer.for() 方法有何不同? 在rails4中設置`devise_parameter_sanitizer`后無法通過Devise登錄 應用強參數后,設計完成401在1ms內未授權 Devise的強項不是將字段輸入列入白名單
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM