I'm building a registration flow that allows a user to FB Connect to pre-populate the registration form. I'm also then capturing fb_uuid and fb_access_token.
When the user submits the registration form that is submitted as follows:
Started POST "/users" for 127.0.0.1 at Mon Jul 11 17:44:40 -0700 2011
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"commit"=>"Create my account", "fb_access_token"=>"XXXXXXXXXXX", "authenticity_token"=>"XXXXXXXXXX", "utf8"=>"✓", "user"=>{"remember_me"=>"0", "lname"=>"NNNNNN", "fname"=>"BBBBBB", "password"=>"[FILTERED]", "email"=>"dadad#google.com"}, "fb_uuid"=>"50123190"}
notice the fb_access_token, fb_uuid
In the Registration#Create, how can I capture those values and populate the Authentications table? Do I have to override devise?
Thansk
Although you may not need this right now, here's a blog post that you can use to solver your problem:
Devise on rails: Prepopulating form data
You can use the method described there to capture and process the data you need.
Hope it helps.
You can use the koala gem to pull those fb parameters from the facebook cookie after the user does a FB_Connect. Take a look at this:
https://github.com/arsduo/koala/wiki/Koala-on-Rails
I'm curious on why you aren't creating the user right after the FB_Connect which is the more common and intuitive user experience, as opposed to just prepoulating the registration form.
Like this:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
Related
I'm quite new with Rails and I'm trying to implement a multistep form in my app for creating a new instance of my User model (devise gem).
I use wicked gem and I've chosen a cache persistence and an ID/Key-in-Session as strategies to handle it.
For now, everything works well until I come across the avatar step in my form which is my last one (a #user has_one_attached :avatar).
When I try to submit my form, I got the below issue raising from that line: Rails.cache.write(session.id, user_attrs)
TypeError in Users::UserStepsController#update
can't dump File
Here my user_attrs when I submit my picture:
{"messenger_id"=>"1234567890123456",
"form_step"=>:profile_picture_step,
"first_name"=>"John",
"last_name"=>"Doe",
"email"=>"john#gmail.com",
"password"=>"1234",
"password_confirmation"=>"1234",
"avatar"=>#<ActionDispatch::Http::UploadedFile:0x00007fbdc4cdf418
#tempfile=#<Tempfile:/var/folders/m_/8ln6gczs1ns1gnn53p6vskwr0000gn/T/RackMultipart20210527-5416-uy59kl.png>,
#original_filename="Screenshot 2021-05-26 at 20.34.43.png", #content_type="image/png",
#headers="Content-Disposition: form-data; name=\"user[avatar]\"; filename=\"Screenshot 2021-05-26 at 20.34.43.png\"\r\nContent-Type: image/png\r\n">}
It seems Rails.cache.write is not able to write this avatar object, am I right? If so, is there a way to fix it?
Thank you for your help!
I have a rails app with a POST url which creates some resources.I have a page with a form which takes in all the information and does an AJAX call to the POST url without authenticity token.
Am doing data["authenticity_token"] = "";, before doing the AJAX call.
Parameters logged on serverside are like below
{"utf8"=>"✓", "authenticity_token"=>"", "company_customer"=>{"name"=>"Anand"}}
The resources are created without any error(I have protect_from_forgery with: :exception in my ApplicationController).
But when I tried to call the same POST url from Postman, I get InvalidAuthenticityToken error.
Why am I getting the error?
How does the rails app verify the authenticity of the POST request in first case?
In the first step i.e. from browser , you might be having some session id in the cookies but here not.
Also, if you were hitting by remote:true option, it will take the authenticity token from the page in the hidden field.
For more details , check your logs in both cases.
This token is automatically added in as hidden field when you are using form_for helper method to generate forms, so Rails makes sure the request comes from one of your forms.
You should unprotect your controller action when requested from postman or any other app, see how to here : https://stackoverflow.com/a/22715175/8352929
You can find how CSRF works from here. I recommend you go through it.
Whenever you use form_for Rails adds one hidden input field to your form which looks like the following:
<input type="hidden" name="authenticity_token" value="doLYVxrkhdrzn7zzriHXjFE6ZhNCuXVxLrau4ouENmuKKC/SWp2NMM/MeL/Ji2tDvzNcJHVN/Hc0LIluL3o5QQ==" />
Also, Rails include CSRF token in the meta tags of the website which looks like the following:
<meta name="csrf-token" content="zxnmBxg81JUQPG/C/wb3HRCah0m9Xe2A+gZ5N0Oy7cfwC+dF4hC325WxdVDLfkIxcw/CR/xyaC1phpvZ4EcgQw==" />
So, when you use Rails form_for or something similar to make AJAX call(may be with remote: true) the authenticity token is sent to the server. Which was not present when you tried to send the same request with Postman.
If you copy the CSRF token and add it to Postman params, the request will be completed successfully.
Devise version 4.3.0
Rails 4.2.8
I am having trouble letting a user update their password after they are sent a password reset email.
Steps to reproduce
When a user clicks Forgot Your Password from the sign in page.
They enter in their email on the forgot password page
They are then sent a password reset email
In the email they click the link
They are taken to the Change your password page
They enter in an updated password and password confirmation
An error is shown that the email is already taken
The email is already taken because they have an account already, I would like to update their password not create a new account.
I do not have any devise controllers that I have overridden.
After checking the user logs when I make the request it is a post request not a put. Even though the form says method: put
This is how you are trying making your form send PUT request: html: {method: :put}.
html option adds optional HTML attributes for the form tag, so what is happening here is that you are simply adding method='PUT' attribute to the form.
However, most browsers don't support methods other than "GET" and "POST" when it comes to submitting forms.
To make this work you need some Rails magic. Rails magic will work if you pass method option another way, not inside html option:
form_for(resource, as: ..., url: ..., method: :put )
http://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-patch-put-or-delete-methods-work-questionmark
I have a rails application which uses Device and Cancan for authentication. When I tried to sign in through my Rails Web view it works fine, but when I tried in Rest client I am getting an error. Is there any token I need to pass while signing in?
Sign in details..
http://localhost:3001/users/sign_in
{
"username" : "abcd",
"password" : "abcd"
}
In Rails Web View
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"V", "authenticity_token"=>"A6GbMQxnQO6ELz/QM3yRIDYM5xfFi
Whn6nTLodfghYtU=", "user"=>{"username"=>"admin", "password"=>"[FILTERED]"}, "comm
it"=>"Sign in"}
There is no other parameters other than user credentials are posted through Web view.
How to solve this through REST CLIENT?
Thanks in advance..
Please follow the link https://github.com/applicake/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow
Before that you need to register your application to get the Client_id and secret_id
in Device Registration path is : http://localhost:3000/oauth/applications/new
Once You get the access tocken you can access the resources by passing the access tocken as query string along with resource URL
Eg : http://localhost:3000/users?access_token=<!----access_token----!>
My app pipes incoming emails to the \incoming_emails route via a POST request from Sendgrid. From what I can gather, the POST request includes a params hash including including these fields:
params["to"]
params["from"]
params["subject"]
For testing, what's the best way to peruse the params hash? I could easily just use the logger to post the content of params, but how do I do that locally (I can easily send an email to myself on production, but not sure how to do that locally)? Is there a list of params for a regular email somewhere?
Create an email somewhere on the system (Desktop, easiest). Email format taken from Railscasts.
~/Desktop/email.eml
Date: Fri, 30 Dec 2011 14:00:00 -0800
From: foo#example.com
Subject: Mailman Test
To: support#example.com
This is a test email for use with Mailman.
Does this work?
Then use curl to send the email locally. Taken from this Stackoverflow question.
curl -X POST -d ~/Desktop/email.eml http://localhost:3000/incoming_emails