I made bundle update for my project and devise stop working on it. Right now it says that email cant be blank - but it isnt. Can somebody tell my what is wrong and what change in devise 3.0?
Output in console for devise is:
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"L5182qPo2YonLhXfMbCXxXtvEHfM8YZMYr74pnPN8K0=", "user"=>{"name"=>"user_10", "email"=>"user_10#email.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
Unpermitted parameters: name, email
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :email, :password, :password_confirmation) }
end
For application_controller and devise working
Related
This is a pattern often referred to
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
end
end
However, the practical application is missing context. The example of the reaction of a rails app with devise installed:
Unpermitted parameters: :municipal_id, :regionminor_id, :regionmajor_id, :login_name, :kee, :virtual_qr_code.
Context: { controller: Users::RegistrationsController, action: create, request: #<ActionDispatch::Request:0x0000000110c0ca40>,
params: {"authenticity_token"=>"[FILTERED]", "user"=>{
"email"=>"kk#nie.mi", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "name_first"=>"k",
"name_last"=>"k",
"public_persona"=>"",
"nation_id"=>"19",
"idiom_id"=>"14",
"municipal_other"=>"Comabbio",
"sex_id"=>"85",
"date_of_birth"=>"",
"conditions_accepted"=>"0"}, "commit"=>"Sign up", "controller"=>"users/registrations", "action"=>"create"} }
Note that NONE of the parameters that are deemed 'unpermitted' are being submitted by the form. And the role of strong parameters is to avoid injection by outside parties of unwanted parameters.
The above "unpermitted" parameters are object attirbutes, but processed by the application. Is there a way to specify this - in the pure sense of the strong parameter - other than resort to an after_commit action?
I am a beginner in Ruby on Rails and I have been trying to solve this issue for a long time but I have not seen any success so far.
In my project I am using devise for User authentication. In the user model generated by devise, I have added two custom attributes through migrations.
1st one is the username of type string and 2nd attribute will be the role of type integer which will be used as enum to store the role of current user.
I have updated the devise views as well for showing the role drop down menu to user during signing up and signing in but I am facing following issue.
Whenever I try to login, it just checks the db for whether the given email exists or not. If there is any record against the email, it logins the user otherwise not. What I want is that during login the field of user roles should also be verified whether its true or not.
Right now my application controller contains following code
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username, :email, :password, :role])
devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:username, :email, :password, :current_password, :role)}
devise_parameter_sanitizer.permit(:sign_in) { |u| u.permit(:username, :email, :password, :role)}
end
end
The output during this login process on the rails terminal is shown below
Started POST "/users/sign_in" for ::1 at 2022-05-17 12:32:26 +0500
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<token>", "user"=>{"email"=>"test#gmail.com", "password"=>"[FILTERED]", "role"=>"manager", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? ORDER BY "users"."id" ASC LIMIT ? [["email", "test#gmail.com"], ["LIMIT", 1]]
↳ /Users/dev/.rvm/rubies/ruby-2.7.2/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15
Redirected to http://localhost:3000/
Completed 302 Found in 269ms (ActiveRecord: 0.2ms)
Kindly help me out here
In the application controller you can add a method and check the roles in it.
def after_sign_in_path_for(resource)
if resource.manager? # or current_user.manager?
...
else
super
end
end
Link to the documentation of the method where exactly how it works is explained
And if you want to additionally verify the user by username, you need to uncommet config.authentication_keys in device config app/config/initializers/device.rb and add there username and email.
I am writing an API-only Rails 5 application and using the devise-jwt (and devise) gem for user authentication. I am trying to configure strong parameters in my custom registrations_controller. In application_controller.rb:
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :username, :email])
end
And in registrations_controller.rb:
def create
build_resource(sign_up_params)
resource.save
#json response defined in application_controller.rb
render_resource(resource)
end
This is the console's output when I make a POST request to the API via Postman:
Parameters: {"first_name"=>"john", "last_name"=>"stones", "username"=>"johnstones", "email"=>"john#stones.com"}
And this is the output from printing params to the console:
<ActionController::Parameters {"first_name"=>"john", "last_name"=>"stones", "username"=>"johnstones", "email"=>"john#stones.com", "controller"=>"registrations", "action"=>"create"} permitted: false>
Despite the above when I do devise_parameter_sanitizer.sanitize(:sign_up) I get an empty hash and my aforementioned POST throws the validation errors I set for having blank fields. Please help me figure out what I'm missing, thank you.
(Rails 5.2/Devise 4.2)
Param user is missing in your params hash:
{"user": {"first_name"=>"john", "last_name"=>"stones", "username"=>"johnstones", "email"=>"john#stones.com"} }
I am trying to move from the account update page and submit it. I think i am having problems with devise and this submitting. I have tried a few things in the application controller but have not had any joy. Also i have read through the devise docs but this hasnt worked for me either. The error i am getting is the following: 1 error prohibited this user from being saved: Current password can't be blank
This is the case when i have input the users current password? I have included the errors from my terminal and also the code from my application controller.
Processing by Devise::RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"DVVUgIGna8TZwJTBU/ghNT7PTcO/CERC0JXUUQWOW/o=", "user"=>{"name"=>"Emma", "email"=>"n#m.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]", "line1"=>"", "line2"=>"", "town"=>"", "county"=>"", "postcode"=>"", "organization"=>""}, "commit"=>"Update"}
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = 21 ORDER BY "users"."id" ASC LIMIT 1
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 21]]
Unpermitted parameters: email, password, password_confirmation, current_password, organization
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :email, :password) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :line1, :line2, :town, :county, :postcode)}
end
private
def after_sign_in_path_for(resource)
edit_user_registration_path(current_user) #basically whichever path you think meets your needs
end
end
updated with the following and solved this
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :line1, :line2, :town, :county, :postcode, :password, :password_confrimation, :current_password)}
I am trying to pass an additional parameter for my devise user model on Rails 4. Since it needs to be permitted I added a filter to my main application controller as below.
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
prepend_before_filter :add_allowed_devise_session_params, if: :devise_controller?
def add_allowed_devise_session_params
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit("avatar") }
end
end
But when submitting for :sign_up I am still getting the error:
Unpermitted parameters: avatar
The parameters look like this:
Processing by RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"vp1ir2TJwZXwYGFtDc97bSf/dnXQQl1pksHVxdVTaWc=", "user"=>{"name"=>"stan#merkwelt5.com", "email"=>"stan#merkwelt5.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "avatar"=>#<ActionDispatch::Http::UploadedFile:0x007fa05762a918 #tempfile=#<File:/var/folders/8y/g14_rdxx31gb35dyjhltk4xc0000gn/T/RackMultipart20131219-7366-vf7of8>, #original_filename="instagram_logo.jpg", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"user[avatar]\"; filename=\"instagram_logo.jpg\"\r\nContent-Type: image/jpeg\r\n">}, "commit"=>"Sign up"}
I validated that the filter is actually called on :sign_up and its per the devise documentation:
https://github.com/plataformatec/devise#strong-parameters
What am I missing?
It turns out I overlooked that the devise controllers had to be updated. Didn't look there since the devise documentation points to ApplicationController.
class RegistrationsController < Devise::RegistrationsController
before_filter :update_sanitized_params, if: :devise_controller?
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:avatar,:name, :email, :password, :password_confirmation)}
devise_parameter_sanitizer.for(:account_update) {|u| u.permit(:avatar,:name, :email, :password, :password_confirmation, :current_password)}
end
end