rails 4 Devise 4 Invitable - Params Sanitizer 不工作
rails 4 Devise 4 Invitable - Params Sanitizer not working
我在我的 rails 4 应用程序中使用 Devise Invitable,我有一些额外的字段需要用户在设置密码时填写。
我已经创建了邀请控制器并将额外的字段添加到控制器中的 update_sanitized_params 方法。当我填写表格时,服务器输出给我:
Started PUT "/users/invitation" for 127.0.0.1 at 2016-10-11 12:57:34 -0600
Processing by InvitationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"c0c75noldd9hB6pHjLh1A74KWsWGrIc/K4s7PUJkmtnCG9Uz3YMEJMiBKSpC8Fk+ObC67oBx6E5AxS0R/xZlUA==", "user"=>{"f_name"=>"Steve", "l_name"=>"Jenkinson", "date_of_birth"=>"1975-01-01", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Accept Invitation"}
Account Load (1.0ms) SELECT "public"."accounts".* FROM "public"."accounts" WHERE "public"."accounts"."subdomain" = LIMIT [["subdomain", "10-106security"], ["LIMIT", 1]]
Rendering devise/invitations/edit.html.erb within layouts/application
Rendered devise/invitations/edit.html.erb within layouts/application (2.9ms)
Rendered shared/_signed_out_nav.html.erb (1.4ms)
Completed 200 OK in 60ms (Views: 53.1ms | ActiveRecord: 2.0ms)
但是没有保存用户属性。这已在 rails 控制台中得到验证。
提交邀请编辑表单后的控制台输出:
User Load (0.4ms) SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT [["LIMIT", 1]]
=> #<User id: 3, email: "test1@test.com", f_name: nil, l_name: nil, date_of_birth: nil, employee_number: nil, system_id: nil, created_at: "2016-10-11 19:33:33", updated_at: "2016-10-11 19:33:33", invitation_token: "d7024926f142aeeec1d23781f1832f74317b592f5bcdd5e6a3...", invitation_created_at: "2016-10-11 19:33:33", invitation_sent_at: "2016-10-11 19:33:33", invitation_accepted_at: nil, invitation_limit: nil, invited_by_type: "User", invited_by_id: 1, invitations_count: 0>
我的应用控制器:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
# Before Actions
before_filter :configure_permitted_parameters, if: :devise_controller?
before_action :load_schema, :authenticate_user!, :set_mailer_host
# Custom Methods
private
def load_schema
Apartment::Tenant.switch!('public')
return unless request.subdomain.present?
if current_account
Apartment::Tenant.switch!(current_account.subdomain)
else
redirect_to root_url(subdomain: false)
end
end
def current_account
@current_account ||= Account.find_by(subdomain: request.subdomain)
end
helper_method :current_account
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def set_mailer_host
subdomain = current_account ? "#{current_account.subdomain}." : ""
ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
end
def after_invite_path_for(resource)
users_path
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:accept_invitation, keys: [:f_name, :l_name, :date_of_birth, :password, :password_confirmation, :invitation_token])
end
end
这是表格:
<%= bootstrap_form_for resource, :as => resource_name, :url => invitation_path(resource_name), method: :put do |f| %>
<%= f.text_field :f_name, label: 'First Name' %>
<%= f.text_field :l_name, label: 'Last Name' %>
<%= f.date_field :date_of_birth, label: 'Date Of Birth' %>
<%= f.password_field :password, label: 'Password' %>
<%= f.password_field :password_confirmation, label: 'Confirm Password' %>
<%= f.submit "Accept Invitation", :class => 'btn btn-primary' %>
<% end %>
这是用户模型:
class User < ApplicationRecord
# Before Actions
# Devise Modules
devise :invitable, :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable, :lockable, :timeoutable
# Relationships
# Validations
validates :f_name, presence: true
validates :l_name, presence: true
validates :date_of_birth, presence: true
# Custom Methods
def full_name
l_name.upcase + ", " + f_name
end
end
如有任何帮助,我们将不胜感激!
这里的问题是,在编辑用户填写的 devise_invitable 表单时,我没有添加身份验证令牌。
我在我的 rails 4 应用程序中使用 Devise Invitable,我有一些额外的字段需要用户在设置密码时填写。
我已经创建了邀请控制器并将额外的字段添加到控制器中的 update_sanitized_params 方法。当我填写表格时,服务器输出给我:
Started PUT "/users/invitation" for 127.0.0.1 at 2016-10-11 12:57:34 -0600
Processing by InvitationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"c0c75noldd9hB6pHjLh1A74KWsWGrIc/K4s7PUJkmtnCG9Uz3YMEJMiBKSpC8Fk+ObC67oBx6E5AxS0R/xZlUA==", "user"=>{"f_name"=>"Steve", "l_name"=>"Jenkinson", "date_of_birth"=>"1975-01-01", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Accept Invitation"}
Account Load (1.0ms) SELECT "public"."accounts".* FROM "public"."accounts" WHERE "public"."accounts"."subdomain" = LIMIT [["subdomain", "10-106security"], ["LIMIT", 1]]
Rendering devise/invitations/edit.html.erb within layouts/application
Rendered devise/invitations/edit.html.erb within layouts/application (2.9ms)
Rendered shared/_signed_out_nav.html.erb (1.4ms)
Completed 200 OK in 60ms (Views: 53.1ms | ActiveRecord: 2.0ms)
但是没有保存用户属性。这已在 rails 控制台中得到验证。
提交邀请编辑表单后的控制台输出:
User Load (0.4ms) SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT [["LIMIT", 1]]
=> #<User id: 3, email: "test1@test.com", f_name: nil, l_name: nil, date_of_birth: nil, employee_number: nil, system_id: nil, created_at: "2016-10-11 19:33:33", updated_at: "2016-10-11 19:33:33", invitation_token: "d7024926f142aeeec1d23781f1832f74317b592f5bcdd5e6a3...", invitation_created_at: "2016-10-11 19:33:33", invitation_sent_at: "2016-10-11 19:33:33", invitation_accepted_at: nil, invitation_limit: nil, invited_by_type: "User", invited_by_id: 1, invitations_count: 0>
我的应用控制器:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
# Before Actions
before_filter :configure_permitted_parameters, if: :devise_controller?
before_action :load_schema, :authenticate_user!, :set_mailer_host
# Custom Methods
private
def load_schema
Apartment::Tenant.switch!('public')
return unless request.subdomain.present?
if current_account
Apartment::Tenant.switch!(current_account.subdomain)
else
redirect_to root_url(subdomain: false)
end
end
def current_account
@current_account ||= Account.find_by(subdomain: request.subdomain)
end
helper_method :current_account
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def set_mailer_host
subdomain = current_account ? "#{current_account.subdomain}." : ""
ActionMailer::Base.default_url_options[:host] = "#{subdomain}lvh.me:3000"
end
def after_invite_path_for(resource)
users_path
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:accept_invitation, keys: [:f_name, :l_name, :date_of_birth, :password, :password_confirmation, :invitation_token])
end
end
这是表格:
<%= bootstrap_form_for resource, :as => resource_name, :url => invitation_path(resource_name), method: :put do |f| %>
<%= f.text_field :f_name, label: 'First Name' %>
<%= f.text_field :l_name, label: 'Last Name' %>
<%= f.date_field :date_of_birth, label: 'Date Of Birth' %>
<%= f.password_field :password, label: 'Password' %>
<%= f.password_field :password_confirmation, label: 'Confirm Password' %>
<%= f.submit "Accept Invitation", :class => 'btn btn-primary' %>
<% end %>
这是用户模型:
class User < ApplicationRecord
# Before Actions
# Devise Modules
devise :invitable, :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable, :lockable, :timeoutable
# Relationships
# Validations
validates :f_name, presence: true
validates :l_name, presence: true
validates :date_of_birth, presence: true
# Custom Methods
def full_name
l_name.upcase + ", " + f_name
end
end
如有任何帮助,我们将不胜感激!
这里的问题是,在编辑用户填写的 devise_invitable 表单时,我没有添加身份验证令牌。