[英]Unpermitted parameter using Devise Token Auth gem in Rails API
我正在使用Rails-api制作一個使用Devise_token_auth gem的測試認證應用程序。 User.rb模型看起來像
class User < ActiveRecord::Base
before_save :set_auth_token
# Include default devise modules.
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable
include DeviseTokenAuth::Concerns::User
private
def set_auth_token
if self.authentication_token.blank?
self.authentication_token = generate_authentication_token
end
end
def generate_authentication_token
loop do
token = Devise.friendly_token
break token unless User.where(authentication_token: token).first
end
end
end
routes.rb包含
mount_devise_token_auth_for 'User', at: 'auth'
我也使用DeviseTokenAuth gem定義的默認SessionsController和RegistrationsController
我的前端是在Ember-cli中制作的,我在其中使用Ember-simple-auth-devise登錄表單,Devise授權者調用rails api的/ sign_in url。 Ember simple auth包裝參數如
{"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}}
雖然rails DeviseTokenAuth期望請求參數如
{"password"=>"[FILTERED]", "email"=>"test@mail.com"}
產生的錯誤是
Processing by DeviseTokenAuth::RegistrationsController#create as JSON
Parameters: {"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}}
Unpermitted parameter: user
如果Rails DeviseTokenAuth gem接受包含在“user”中的參數 , 或者Ember-simple-auth發送未打包的參數,則問題可以得到解決 ,但不幸的是,兩者的文檔都沒有明確提及實現相同的方法。 我嘗試將Ember-simple-auth的resourceName更改為null但它不起作用
ENV['simple-auth-devise'] = {
resourceName: null,
serverTokenEndpoint: 'http://localhost:3000/auth/sign_in'
};
有沒有辦法在Ember-simple-auth-devise中發送未包裝的參數? 或者是否可以為使用DeviseTokenAuth gem生成的所有控制器允許“user”中包含的參數?
使用的版本是:
devise_token_auth (0.1.36)
devise (~> 3.5.2)
rails (~> 4.2)
"ember-simple-auth": "0.8.0"
一個解決辦法是延長ember-simple-auth/addon/authenticators/devise.js
為已完成在這里 。
在app/authenticators/devise.js
,替換:
import Devise from 'ember-simple-auth/authenticators/devise';
export default Devise.extend({});
通過:
import Ember from 'ember';
import Devise from 'ember-simple-auth/authenticators/devise';
const { RSVP: { Promise }, isEmpty, getProperties, run, get } = Ember;
export default Devise.extend({
loginEndpoint: '/auth/sign_in',
logoutEndpoint: '/auth/sign_out',
authenticate(identification, password) {
return new Promise((resolve, reject) => {
let { identificationAttributeName } = getProperties(this, 'identificationAttributeName');
let data = { password };
data[identificationAttributeName] = identification;
let requestOptions = { url: get(this, 'loginEndpoint') };
this.makeRequest(data, requestOptions).then((response) => {
if (response.ok) {
response.json().then((json) => {
let data = {
account: json,
accessToken: response.headers.get('access-token'),
expiry: response.headers.get('expiry'),
tokenType: response.headers.get('token-type'),
uid: response.headers.get('uid'),
client: response.headers.get('client')
};
if (this._validate(data)) {
run(null, resolve, data);
} else {
run(null, reject, 'Check that server response header includes data token and valid.');
}
});
} else {
response.json().then((json) => run(null, reject, json));
}
}).catch((error) => run(null, reject, error));
});
},
invalidate(data) {
return new Promise((resolve, reject) => {
let headers = {
'access-token': data.accessToken,
'expiry': data.expiry,
'token-type': data.tokenType,
'uid': data.uid,
'client': data.client
};
let requestOptions = {
url: get(this, 'logoutEndpoint'),
method: 'DELETE',
headers
};
this.makeRequest({}, requestOptions).then((response) => {
response.json().then((json) => {
if (response.ok) {
run(null, resolve, json);
} else {
run(null, reject, json);
}
});
}).catch((error) => run(null, reject, error));
});
},
_validate(data) {
let now = (new Date()).getTime();
return !isEmpty(data.accessToken) && !isEmpty(data.expiry) && (data.expiry * 1000 > now) &&
!isEmpty(data.tokenType) && !isEmpty(data.uid) && !isEmpty(data.client);
}
});
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.