I am new to Rails and have setup devise with a User model with email and password with also a React frontend. My aim is to consume the signup/signin endpoints in a React app instead of using the default Rails view. When I go to http://localhost:3000/users/sign_up I can create an account and also see the data in PGadmin. However, I want to create a React based view for the forms and use the endpoint of the devise. I am trying to test the signup api using Postman but gives me an error 422 Unprocessable entity. Not sure what params to pass in Rails.
http://localhost:3000/users/sign_up
Used:
{
"user": {
"email": "test2#test.com",
"password": "test"
}
}
and
{
"email": "test2#test.com",
"password": "test"
}
First, you are in developement mode, so turn off the token authenticity (and turn on again if on product mode) for Postman requests, by add to app/controllers/application_controller.rb:
class ApplicationController < ActionController::Base
protect_from_forgery with: :null_session
end
Then, config Postman like this:
Type of request = POST
Url = http://127.0.0.1:3000/users
Body with form-data, with after keys, values
Key: user[email]. Value: test2#gmail.com
Key: user[password]. Value: secret
Key: user[password_confirmation]. Value: secret
Click on Send button you will bypass register page and get desire results (such as new user registration informations from Postgres if you not set the Confirmation mode in Devise User)!
Go on!
Related
I'm trying to create an authentication flow using Auth Code Grant where I've added necessary omniauth strategy for Docusign to create /auth/docusign routes in Rails API only application.
Here are the steps followed
I'm issuing a request to the route from VueJS client.
window.open("http://localhost:4000/auth/docusign", "targetWindow", "width=350,height=250")
After user enters credentials and on successful login I'm calling the callback:
class SessionsController < Devise::SessionsController
def docusign
internal_destroy
#success = false
userinfo = request.env['omniauth.auth']
request_info = request.env['omniauth.params']
if userinfo
info = userinfo.info
cred = userinfo.credentials
user = User.find_by(email: info['email']) || User.find_by(id: session[:user_id])
if user
organization = user.organization
organization.organization_providers.where(provider_name: 'Docusign').destroy_all
OrganizationProvider.create(email: info['email'], token_expires_at: Time.at(cred['expires_at']), token_expires_at: Time.now, provider_name: 'Docusign', organization_id: organization.id, token: cred.token)
#success = true
end
end
render 'sessions/docusign'
end
end
I'd like to pass some params (which I'm accessing in the callback as request.env['omniauth.params']) for executing some backend tasks in the method.
When I try window.open("http://localhost:4000/auth/docusign?email='"+email+"'", "targetWindow", "width=350,height=250")
It says that the url doesn't match with any redirect urls
I have also tried passing in redirect_to('/auth/docusign', query: query) but on doing so, it doesn't open in a browser due to CORS.
I'm also trying to set it in session cookie, but since it's an API only server, I'm still working towards setting up cookie store.
Question
Which is the best way to achieve this? To pass some params in the callback and retrieve it.
Then the execution flow continues on the Rails server and the window serves a page with an appropriate response as per authentication status. However during this time, the client window which started the request is not aware of the authentication outcome.
Question
How can I communicate to the VueJS client that the authentication process is completed?
Question
Am I doing the above flow correctly or are there any better ways to achieve the same?
Thanks in advance
You need to log into your DocuSign Developer Account, Click on Admin and go on the left nav down to "API and Keys" where you can find the integration key you set. Did you set one?
If you did, you should find it and then add the redirectUri to the OAuth settings for that key (client ID in OAuth).
That is why DocuSign login tells you that the redirectURI doesn't match. You can add http://localhost:4000/auth to the list and that should work for your local env.
You cannot past custom variables on the redirectUri, it has to match exactly to the one you entered. If you need to pass values to it, there's a way to do that using state.
Here is how the URL should look, notice the &state= part of it:
https://account-d.docusign.com/oauth/auth?
response_type=code
&scope=YOUR_REQUESTED_SCOPES
&client_id=YOUR_INTEGRATION_KEY
&state=YOUR_CUSTOM_STATE
&redirect_uri=YOUR_REDIRECT_URI
&login_hint=YOUR_LOGIN_HINT
You can put whatever you want in there (URI encoded of course) and that value would come back to you when redirected back also with &state= parameter.
This solves the problem and allows you to pass arguments back to your redirect URI.
I'm using devise_token_auth gem in my Rails 5 API application.
For testing all devise token routes i use Postman.
When I try to update a user account using PUT method on route "https://localhost:3000/auth", I fill the body of request with that:
{"data":{"name":"user1"}}
or
{"user":{"name":"user1"}}
the response comes back with "success" status and JSON representation of a user with the same (not updated) "name" attribute.
Does it mean that devise_token_auth does not provide such functionality and a have to overrride the User controller and a model ?
the first step is get tokens valids and after add the headers in the PUT request and add in the body this json format:
{
"name": "newname"
}
The URL for login in devise token is:
http://localhost:3000/auth/sign_in
For update params for example name copy in the body and do not forget add the values in the header
I hope you solve your problem
I am trying to update a user via PUT to /auth
via the docs:
Account updates. This route will update an existing user's account settings. The default accepted params are password and password_confirmation, but this can be customized using the devise_parameter_sanitizer system. If config.check_current_password_before_update is set to :attributes the current_password param is checked before any update, if it is set to :password the current_password param is checked only if the request updates user password.
It clearly needs something beyond just password and password_params as an identifier but neither email, id, or uid work. Also tried submitting with root user ie:
{
"user": {
"email": ""
}
}
but this also does not work.
I cannot figure out what this is expecting. Not sure if I am missing something obvious. Could anyone give me an example of the json format which this is expecting?
I have a form on an site1.com that POST a devise user object to site2.com/users.
It works but the user is not signed in. I see it may be related because there's no CSRF token on the form on site1.com.
I'm a bit lost in how to solve this. Should I do an ajax call from site1.com to site2.com before the POST just to retrieve the CSRF? Any idea what would be a preferred way to do this?
depending on your site2 if it supports, you can post JSON over http
something like this
{"username": "", "password": "password", "application": ""}
it will be up to your second site how it processes.
I wanna create a new customer through activeresource. without authentication_key its not a big deal. i'm using devise authentication and cancan.
customer = Customer.create(:fname=>'sampath , :last_name=>'munasinghe' ,:auth_token=>'af34afafasfasfasaf')
if I use above code to create a new customer , xml request to web server is
Parameters: {"customer"=>{"first_name"=>'sampath', "last_name"=>"munasinghe", "auth_token"=>"af34afafasfasfasaf"}}
problem id auth_token wrapped by the customer model. so , authentication failed and returned 401 response.
is there any solution to create this format of request?
Parameters: {"customer"=>{"first_name"=>'sampath', "last_name"=>"munasinghe"}, "auth_token"=>"af34afafasfasfasaf"}}
note : auth_token is outside the customer block.
thanks
For json the simplest way to do that is setting Customer.include_root_in_json to false.
Then use this code:
customer = Customer.create(:customer => [:fname=>'sampath' , :last_name=>'munasinghe'],:auth_token=>'af34afafasfasfasaf')