Develop Reference

undefined method `password_confirmation=' rails 5

I have ruby on rails API
So far the logic is to devise password reset
here is code block for finding User and resting password
def update_password_by_token
#user = User.find_by_reset_password_token!(params[:id])
if #user.reset_password_sent_at < 2.hours.ago
render status: 422, json: {}
else
#user.password = params[:password]
#user.password_confirmation = params[:confirm_password]
if #user.save
render status: 200, json: {}
else
render status: 422, json: {}
end
end
end
here is android sending params to API
{
"password":"newpassword",
"confirm_password":"newpassword",
"id":"Upn0QHKNy858yMK1J8x1KA"
}
So digging deeper I took the token and fire up the rails console.
#user = User.find_by_reset_password_token!("Upn0QHKNy858yMK1J8x1KA")
User Load (1.5ms) SELECT "users".* FROM "users" WHERE
"users"."deleted_at" IS NULL AND "users"."reset_password_token" = $1
LIMIT $2 [["reset_password_token", "CtW8XFYUdX3d9J7H1rtfUQ"], ["LIMIT",
1]]
=> #<User id: 57, first_name: "abc", last_name: "def", email:
"kalamasher#gmail.com", deleted_at: nil, authentication_token:
"uTWmP41bgihmSW-Thsog", created_at: "2019-01-10 09:56:30", updated_at:
"2019-01-10 10:33:07", is_confirmed: true, firebase_token:
"caQkNMlpp2s:APA91bEr4NKSKsMJ-VCJaXLd8mxadb7...", tenant_id: 6,
is_admin: false, mobile_device: "android", user_level: "partner">
irb(main):006:0> #user.password ="new#password"
=> "new#password"
irb(main):007:0> #user.password_confirmation ="new#password"
=> "new#password"
irb(main):008:0> #user.save
(2.7ms) BEGIN
User Exists (1.6ms) SELECT 1 AS one FROM "users" WHERE "users"."email"
= $1 AND "users"."deleted_at" IS NULL AND ("users"."id" != $2) AND
"users"."tenant_id" = $3 LIMIT $4 [["email", "kalamasher#gmail.com"],
["id", 57], ["tenant_id", 6], ["LIMIT", 1]]
SQL (1.6ms) UPDATE "users" SET "encrypted_password" = $1,
"reset_password_token" = $2, "reset_password_sent_at" = $3, "updated_at"
= $4 WHERE "users"."id" = $5 [["encrypted_password",
"$2a$10$pRhNupGtOiCeCafNsdiVYuqTNYNZqI.xa2oyGmkRIybmDiYOR.f0i"],
["reset_password_token", nil], ["reset_password_sent_at", nil],
["updated_at", "2019-01-10 11:08:46.354276"], ["id", 57]]
(2.4ms) COMMIT
=> true
Updation
A NoMethodError occurred in members#update_password_by_token:
undefined method `password_confirmation=' for nil:NilClass
app/controllers/api/v1/members_controller.rb:85:in `update_password_by_token'
-------------------------------
Request:
-------------------------------
* URL : http:#####/api/members/update_password_by_token
* HTTP Method: POST
* IP address : X.X.X.X
* Parameters : {"password"=>"[FILTERED]", "confirm_password"=>"[FILTERED]", "id"=>"CtW8XFYUdX3d9J7H1rtfUQ", "format"=>"json", "controller"=>"api/v1/members", "action"=>"update_password_by_token"}
* Timestamp : 2019-01-10 10:33:55 UTC
* Server : oacsrv01
* Rails root : releases/20180531092251
* Process: 3967
-------------------------------
Session:
-------------------------------
* session id: nil
* data: {}
-------------------------------
Environment:
-------------------------------
* CONTENT_LENGTH : 75
* CONTENT_TYPE : application/x-www-form-urlencoded
* HTTP_ACCEPT : application/json, text/plain, */*
* HTTP_ACCEPT_ENCODING : gzip, deflate
* HTTP_ACCEPT_LANGUAGE : en-US,en;q=0.9,la;q=0.8
* HTTP_CONNECTION : close
* HTTP_DNT : 1
* HTTP_HOST : host
* HTTP_ORIGIN : http:
* HTTP_REFERER : http:
* HTTP_USER_AGENT : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
* HTTP_VERSION : HTTP/1.0
* HTTP_X_FORWARDED_FOR : X.X.X.X
* ORIGINAL_FULLPATH : /api/members/update_password_by_token
* ORIGINAL_SCRIPT_NAME :
* PATH_INFO : /api/members/update_password_by_token
* QUERY_STRING :
* REMOTE_ADDR : 127.0.0.1
* REQUEST_METHOD : POST
* REQUEST_PATH : /api/members/update_password_by_token
* REQUEST_URI : /api/members/update_password_by_token
* ROUTES_47174199350780_SCRIPT_NAME :
* SCRIPT_NAME :
* SERVER_NAME : server*****
* SERVER_PORT : 80
* SERVER_PROTOCOL : HTTP/1.0
* SERVER_SOFTWARE : Unicorn 5.3.1
* action_controller.instance : #<Api::V1::MembersController:0x0055cf355102c0>
* action_dispatch.backtrace_cleaner : #<Rails::BacktraceCleaner:0x0055cf347bec20>
* action_dispatch.cookies : #<ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullCookieJar:0x0055cf3553aea8>
* action_dispatch.cookies_digest :
* action_dispatch.cookies_serializer : json
* action_dispatch.encrypted_cookie_salt : encrypted cookie
* action_dispatch.encrypted_signed_cookie_salt : signed encrypted cookie
* action_dispatch.http_auth_salt : http authentication
* action_dispatch.key_generator : #<ActiveSupport::CachingKeyGenerator:0x0055cf32a45810>
* action_dispatch.logger : #<ActiveSupport::Logger:0x0055cf32b27e68>
* action_dispatch.parameter_filter : [:password]
* action_dispatch.redirect_filter : []
* action_dispatch.remote_ip : X.X.X.X
* action_dispatch.request.content_type : application/x-www-form-urlencoded
* action_dispatch.request.flash_hash :
* action_dispatch.request.formats : [#<Mime::Type:0x0055cf31200390 #synonyms=["text/x-json", "application/jsonrequest"], #symbol=:json, #string="application/json", #hash=-2441761977289553219>]
* action_dispatch.request.parameters : {"password"=>"[FILTERED]", "confirm_password"=>"[FILTERED]", "id"=>"CtW8XFYUdX3d9J7H1rtfUQ", "format"=>"json", "controller"=>"api/v1/members", "action"=>"update_password_by_token"}
* action_dispatch.request.path_parameters : {:format=>"json", :controller=>"api/v1/members", :action=>"update_password_by_token"}
* action_dispatch.request.query_parameters : {}
* action_dispatch.request.request_parameters : {"password"=>"[FILTERED]", "confirm_password"=>"[FILTERED]", "id"=>"CtW8XFYUdX3d9J7H1rtfUQ"}
* action_dispatch.request.unsigned_session_cookie: {}
* action_dispatch.request_id : efb6377f-4437-46c5-8e13-5cc40b79692f
* action_dispatch.routes : #<ActionDispatch::Routing::RouteSet:0x0055cf32ca2bf8>
* action_dispatch.secret_key_base : 0a1d165e12a2bc249fdd588b275f670198835b689324af3b36e8b9ab4fe246ec80c97c1cb6d3ba495c7d214a06eb3285f25081ce6d307d520a9c0a6bdd892872
* action_dispatch.secret_token :
* action_dispatch.show_detailed_exceptions : false
* action_dispatch.show_exceptions : true
* action_dispatch.signed_cookie_salt : signed cookie
* devise.skip_storage : true
* rack.cors : #<Rack::Cors::Result:0x0055cf35476f08>
* rack.errors : #<File:0x0055cf2f25d538>
* rack.hijack : #<Unicorn::HttpParser:0x0055cf3003b3d0>
* rack.hijack? : true
* rack.input : #<Unicorn::TeeInput:0x0055cf35421b98>
* rack.logger : #<Logger:0x0055cf2fd86810>
* rack.multiprocess : true
* rack.multithread : false
* rack.request.cookie_hash : {}
* rack.request.form_hash : {"password"=>"[FILTERED]", "confirm_password"=>"[FILTERED]", "id"=>"CtW8XFYUdX3d9J7H1rtfUQ"}
* rack.request.form_input : #<Unicorn::TeeInput:0x0055cf35421b98>
* rack.request.form_vars : [FILTERED]
* rack.request.query_hash : {}
* rack.request.query_string :
* rack.run_once : false
* rack.session : #<ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash:0x0055cf3553af48>
* rack.session.options : {:skip=>true}
* rack.tempfiles : []
* rack.url_scheme : http
* rack.version : [1, 2]
* unicorn.socket : #<Kgio::Socket:0x0055cf35421e90>
* warden : Warden::Proxy:47174220233180 #config={:default_scope=>:user, :scope_defaults=>{}, :default_strategies=>{:user=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#<Devise::Delegator:0x0055cf2fedcd18>}
-------------------------------
Backtrace:
-------------------------------
app/controllers/api/v1/members_controller.rb:85:in `update_password_by_token'
F, [2019-01-10T15:33:56.326625 #3967] FATAL -- : [efb6377f-4437-46c5-8e13-5cc40b79692f]
F, [2019-01-10T15:33:56.326751 #3967] FATAL -- : [efb6377f-4437-46c5-8e13-5cc40b79692f] NoMethodError (undefined method `password_confirmation=' for nil:NilClass):
F, [2019-01-10T15:33:56.326796 #3967] FATAL -- : [efb6377f-4437-46c5-8e13-5cc40b79692f]
F, [2019-01-10T15:33:56.327032 #3967] FATAL -- : [efb6377f-4437-46c5-8e13-5cc40b79692f] app/controllers/api/v1/members_controller.rb:85:in `update_password_by_token'
am I doing something wrong in the deployed code.
Anyone Please advise
thanks in advance

Check your User model has password_digest attribute. password_confirmation method require your User model has a password_digest attribute.
In order to use this method, in your User model, add has_secure_password method as follow,
class User < ApplicationRecord
has_secure_password
end
has_secure_password method will add password_digest attribute if your User model has password_digest.
Fyi, below is part of secure_password.rb in ActiveModel
module ClassMethods
# Adds methods to set and authenticate against a BCrypt password.
# This mechanism requires you to have a +password_digest+ attribute.
#
# The following validations are added automatically:
# * Password must be present on creation
# * Password length should be less than or equal to 72 bytes
# * Confirmation of password (using a +password_confirmation+ attribute)
#
# If password confirmation validation is not needed, simply leave out the
# value for +password_confirmation+ (i.e. don't provide a form field for
# it). When this attribute has a +nil+ value, the validation will not be
# triggered.

Finally after spending a day I sort it out and its working now.
The only solution was "excluding password_confirmation" from the function.
and now the updated code for password update_password_by_token function is as follows.
def update_password_by_token
#user = User.find_by_reset_password_token!(params[:id])
if #user.present?
if #user.reset_password_sent_at < 2.hours.ago
render status: 422, json: {}
else
#user.password = params[:password]
if #user.save
render status: 200, json: {}
else
render status: 422, json: {}
end
end
end
end
Once again Thanks to everybody who tried to help me in the context.
I posted the answer so it may help someone in the future.

It is necessary to generate the swagger json correctly for generate SDK

The problem is that I need the documentation to show that it is possible to transfer the field colums in the form of an array and in it the following fields (name, description, created_at, updated_at, author). json is successfully generated but in the swagger-editor documentation it is not visible these fields
/**
* #SWG\Get(path="/articles",
* tags={"Article"},
* summary="Get all Articles",
* description="Show list of Articles",
* operationId="all",
* produces={"application/json"},
* #SWG\Parameter(
* name="columns",
* in="query",
* description="get specific columns",
* required=false,
* type="array",
* collectionFormat="multi",
* #SWG\Items(
* type="string",
* #SWG\Property(property="name", type="string"),
* #SWG\Property(property="description", type="string"),
* #SWG\Property(property="author", type="string"),
* #SWG\Property(property="created_at", type="string"),
* #SWG\Property(property="updated_at)", type="string")
* )
* ),
* #SWG\Response(response="200"),
* #SWG\Response(response=500)
* ),
* )
*/

SWAGGER-PHP error when generating .json I can not load the values from my model

Hi guys I tried to eliminate this error that persists when I generate the swagger.json, the error says:
[WARN] [Syntax Error] Expected Value, got '#' in
\App\Http\Controllers... and in my code, OHH iM WORKING WITH LUMEN.
/**
* #SWG\Put(
* path="/v1/resource/{id1}/rsc/{id2}",
* summary="Update ...",
* operationId="update",
* tags={"Update"},
*
*
* #SWG\Response(response=200, description="Json [client] "),
* #SWG\Response(response=404, description="Recurso no encontrado"),
* #SWG\Response(response=500, description="[error] Error interno del servidor"),
* #SWG\Parameter(
* name="id1",
* in="path",
* description="Id1.",
* required=true,
* type="integer"
* ),
* #SWG\Parameter(
* name="id2",
* in="path",
* description="Id2",
* required=true,
* type="integer"
* ),
* #SWG\Parameter(
* name="JSON update body",
* in="body",
* description="Request.",
* required=true,
* #SWG\Schema(type="array",#Model(type=vendor\LibModel\DAO\src\Model\Hospital))
* )
* )
*/
public function update($id1,$id2, Request $request){...}
When I check the json does not generate the definitions -> "definitions": {}.
My model defined it in the following way, I do not know if the problem is that my model is under a different namespace because it is defined as a vendor or something declarative that I lack:
/**
* Class Hospital
*
*
* #SWG\Definition(
* definition="Hospital"
* )
*
*/
class Hospital extends Model
{
/**
* #SWG\Property(format="string")
* #var string
*/
protected $name;
/**
* #SWG\Property(format="string")
* #var string
*/
protected $email;
..and in my view of swagger m an ERROR appears ... I think it's because it does not load the values of the model, thanks to who can help me

The doctrine parser complains about #Model which is not part of swagger-php.
The swagger-php notation is:
* #SWG\Parameter(
* name="JSON update body",
* in="body",
* description="Request.",
* required=true,
* #SWG\Schema(
* type="array",
* #SWG\Items(ref="#/definitions/Hospital")
* )
* )
I've wan't to use NelmioApiDocBundle (which uses that #Model annotation) check their guides to see how to set that up.

swagger Couldn't find constant type

I am having a little trouble generating my json file. Here is what I am trying to compiler that is giving me an error, some code has changed to protect my work:
/**
* #SWG\Post(
* path="/path", * summary="summary of post",
* #SWG\Response(
* response=100,description="Success" * ),
* #SWG\Parameter(
* name="parameters",
* description="parameters are passed",
* in="body",
* #SWG\Schema(
* type="object",
* required={
* "req1",
* "req2",
* "req3",
* },
* properties={
* "req1"={
* type="number",
* format="int64"
* },
* "req2"={
* type="string"
* },
* "req3"={
* type="string"
* },
* "param1"={
* type="string"
* },
* "param2"={
* type="number",
* format="int64"
* },
* "param3"={
* type="string"
* },
* "param4"={
* type="string"
* },
* "param5"={
* type="string"
* },
* "param6"={
* type="string"
* },
* "param7"={
* type="string"
* },
* "param8"={
* type="number",
* format="int64"
* },
* "param9"={
* type="string",
* format="date-time"
* },
* "param10"={
* type="string"
* },
* "p11"={
* type="string"
* },
* "p12"={
* type="number",
* format="int64"
* },
* "p13"={
* type="number",
* format="int64"
* },
* "p14"={
* type="string"
* },
* "p15"={
* type="string"
* },
* "p16"={
* type="string"
* },
* "p17"={
* type="string"
* }
* }
* )
* )
* )
*/
But I am getting this error:
[WARN] [Semantical Error] Couldn't find constant type, \Path->index_post() in /path/to/file.php on line 7.
Any help to resolve this issue would be great!

I am not sure, maybe problem in * after path="/path",
My swagger example
/**
* #SWG\Post(path="/v1/users",
* tags={"user"},
* summary="Create a user",
* description="This can only be done by the logged user.",
* operationId="createUser",
* produces={"application/xml", "application/json"},

There are two leftover * symbols in your definition.
You probably meant to add a newline before them?
path="/path", * <-- One line above #SWG\Response
description="Success" * ), <-- One line below #SWG\Response

Ruby on Rails "invalid byte sequence in UTF-8" due to bot

I have some errors triggered by a chinese bot: http://www.easou.com/search/spider.html when it scrolls my websites.
Versions of my applications are all with Ruby 1.9.3 and Rails 3.2.X
Here a stacktrace :
An ArgumentError occurred in listings#show:
invalid byte sequence in UTF-8
rack (1.4.5) lib/rack/utils.rb:104:in `normalize_params'
-------------------------------
Request:
-------------------------------
* URL : http://www.my-website.com
* IP address: X.X.X.X
* Parameters: {"action"=>"show", "controller"=>"listings", "id"=>"location-t7-villeurbanne--58"}
* Rails root: /.../releases/20140708150222
* Timestamp : 2014-07-09 02:57:43 +0200
-------------------------------
Backtrace:
-------------------------------
rack (1.4.5) lib/rack/utils.rb:104:in `normalize_params'
rack (1.4.5) lib/rack/utils.rb:96:in `block in parse_nested_query'
rack (1.4.5) lib/rack/utils.rb:93:in `each'
rack (1.4.5) lib/rack/utils.rb:93:in `parse_nested_query'
rack (1.4.5) lib/rack/request.rb:332:in `parse_query'
actionpack (3.2.18) lib/action_dispatch/http/request.rb:275:in `parse_query'
rack (1.4.5) lib/rack/request.rb:209:in `POST'
actionpack (3.2.18) lib/action_dispatch/http/request.rb:237:in `POST'
actionpack (3.2.18) lib/action_dispatch/http/parameters.rb:10:in `parameters'
-------------------------------
Session:
-------------------------------
* session id: nil
* data: {}
-------------------------------
Environment:
-------------------------------
* CONTENT_LENGTH : 514
* CONTENT_TYPE : application/x-www-form-urlencoded
* HTTP_ACCEPT : text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
* HTTP_ACCEPT_ENCODING : gzip, deflate
* HTTP_ACCEPT_LANGUAGE : zh;q=0.9,en;q=0.8
* HTTP_CONNECTION : close
* HTTP_HOST : www.my-website.com
* HTTP_REFER : http://www.my-website.com/
* HTTP_USER_AGENT : Mozilla/5.0 (compatible; EasouSpider; +http://www.easou.com/search/spider.html)
* ORIGINAL_FULLPATH : /
* PASSENGER_APP_SPAWNER_IDLE_TIME : -1
* PASSENGER_APP_TYPE : rack
* PASSENGER_CONNECT_PASSWORD : [FILTERED]
* PASSENGER_DEBUGGER : false
* PASSENGER_ENVIRONMENT : production
* PASSENGER_FRAMEWORK_SPAWNER_IDLE_TIME : -1
* PASSENGER_FRIENDLY_ERROR_PAGES : true
* PASSENGER_GROUP :
* PASSENGER_MAX_REQUESTS : 0
* PASSENGER_MIN_INSTANCES : 1
* PASSENGER_SHOW_VERSION_IN_HEADER : true
* PASSENGER_SPAWN_METHOD : smart-lv2
* PASSENGER_USER :
* PASSENGER_USE_GLOBAL_QUEUE : true
* PATH_INFO : /
* QUERY_STRING :
* REMOTE_ADDR : 183.60.212.153
* REMOTE_PORT : 52997
* REQUEST_METHOD : GET
* REQUEST_URI : /
* SCGI : 1
* SCRIPT_NAME :
* SERVER_PORT : 80
* SERVER_PROTOCOL : HTTP/1.1
* SERVER_SOFTWARE : nginx/1.2.6
* UNION_STATION_SUPPORT : false
* _ : _
* action_controller.instance : listings#show
* action_dispatch.backtrace_cleaner : #<Rails::BacktraceCleaner:0x000000056e8660>
* action_dispatch.cookies : #<ActionDispatch::Cookies::CookieJar:0x00000006564e28>
* action_dispatch.logger : #<ActiveSupport::TaggedLogging:0x0000000318aff8>
* action_dispatch.parameter_filter : [:password, /RAW_POST_DATA/, /RAW_POST_DATA/, /RAW_POST_DATA/]
* action_dispatch.remote_ip : 183.60.212.153
* action_dispatch.request.content_type : application/x-www-form-urlencoded
* action_dispatch.request.parameters : {"action"=>"show", "controller"=>"listings", "id"=>"location-t7-villeurbanne--58"}
* action_dispatch.request.path_parameters : {:action=>"show", :controller=>"listings", :id=>"location-t7-villeurbanne--58"}
* action_dispatch.request.query_parameters : {}
* action_dispatch.request.request_parameters : {}
* action_dispatch.request.unsigned_session_cookie: {}
* action_dispatch.request_id : 9f8afbc8ff142f91ddbd9cabee3629f3
* action_dispatch.routes : #<ActionDispatch::Routing::RouteSet:0x0000000339f370>
* action_dispatch.show_detailed_exceptions : false
* action_dispatch.show_exceptions : true
* rack-cache.allow_reload : false
* rack-cache.allow_revalidate : false
* rack-cache.cache_key : Rack::Cache::Key
* rack-cache.default_ttl : 0
* rack-cache.entitystore : rails:/
* rack-cache.ignore_headers : ["Set-Cookie"]
* rack-cache.metastore : rails:/
* rack-cache.private_headers : ["Authorization", "Cookie"]
* rack-cache.storage : #<Rack::Cache::Storage:0x000000039c5768>
* rack-cache.use_native_ttl : false
* rack-cache.verbose : false
* rack.errors : #<IO:0x000000006592a8>
* rack.input : #<PhusionPassenger::Utils::RewindableInput:0x0000000655b3a0>
* rack.multiprocess : true
* rack.multithread : false
* rack.request.cookie_hash : {}
* rack.request.form_hash :
* rack.request.form_input : #<PhusionPassenger::Utils::RewindableInput:0x0000000655b3a0>
* rack.request.form_vars : ���W�"��陷q�B��)���
�F��P Z� 8�� & G\y�P��u�T ed �.�%�mxEAẳ\�d*�Hg� �C賳�lj��� � U 1��]pgt�P�
Ɗ ��c"� ��LX��D���HR�y��p`6�l���lN�P �l�S����`V4y��c����X2� &JO!��*p �l��-�гU��w }g�ԍk�� (� F J�� q�:�5G�Jh�pί����ࡃ] �z�h���� d }�}
* rack.request.query_hash : {}
* rack.request.query_string :
* rack.run_once : false
* rack.session : {}
* rack.session.options : {:path=>"/", :domain=>nil, :expire_after=>nil, :secure=>false, :httponly=>true, :defer=>false, :renew=>false, :coder=>#<Rack::Session::Cookie::Base64::Marshal:0x000000034d4ad8>, :id=>nil}
* rack.url_scheme : http
* rack.version : [1, 0]
As you can see there is no invalid utf-8 in the url but only in the rack.request.form_vars . I have about hundred errors per days, and all similar as this one.
So, I tried to force utf-8 in rack.request.form_vars with something like this:
class RackFormVarsSanitizer
def initialize(app)
#app = app
end
def call(env)
if env["rack.request.form_vars"]
env["rack.request.form_vars"] = env["rack.request.form_vars"].force_encoding('UTF-8')
end
#app.call(env)
end
end
And I call it in my application.rb :
config.middleware.use "RackFormVarsSanitizer"
It doesn't seem to work because I already have errors. The problem is I can't test in development mode because I don't know how to set rack.request.form_vars.
I installed utf8-cleaner gem but it fixes nothing.
Somebody have an idea to fix this? or to trigger it in development?

So you don't have to piece together the comments in my other reply, this is what I'm doing now – I've seen no errors for 24 hours, so it looks very promising:
Add rack-utf8_sanitizer to your Gemfile:
gem 'rack-utf8_sanitizer'
and run
bundle
Put this middleware in app/middleware/handle_invalid_percent_encoding.rb and rename the class HandleInvalidPercentEncoding (because ExceptionApp is a bit too general).
In the config block of config/application.rb do:
require "#{Rails.root}/app/middleware/handle_invalid_percent_encoding.rb"
# NOTE: These must be in this order relative to each other.
# HandleInvalidPercentEncoding just raises for encoding errors it doesn't cover,
# so it must run after (= be inserted before) Rack::UTF8Sanitizer.
config.middleware.insert 0, HandleInvalidPercentEncoding
config.middleware.insert 0, Rack::UTF8Sanitizer # from a gem
Deploy. Done.
(app happens to be the location for middleware in the project I'm working on, but I'd probably prefer lib. Whatever. Either should work.)

Add this line to your Gemfile, then run bundle in your terminal:
gem "handle_invalid_percent_encoding_requests"
This solution is based on Henrik's answer, turned into a Rails Engine gem.

There is an issue in the gem repo with a link to someone's possible solution – they say it works for them but they're not sure if it's a good solution.
I've yet to try it, but I think I will.