关于 ruby?? on rails:Devise strong parameter sanitizer

Devise strong parameter sanitizer

我正在尝试在使用 devise 时自定义我的输入参数。尽我所能,我遵循了有关该主题的设计文档。我还广泛搜索了一些像这样的有用文章。最后,当我填写表单并点击提交时,会返回新用户页面上的"sign_up"表单。当我在控制台中检查数据库时,没有添加新用户,下面列出了服务器日志和相关代码。如果您想查看任何其他代码,请告诉我并更新问题。任何和所有的帮助都非常感谢。

服务器日志:

1
2
3
4
5
6
7
Started GET"/users/sign_up
utf8=%E2%9C%93&authenticity_token=lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8%3D&user%5Bemail%5D=kit%40kit.com&user%5Bhandle%5D=kit&user%5Bpassword%5D=[FILTERED]&user%5Bpassword_confirmation%5D=[FILTERED]&commit=Sign+Up" for 127.0.0.1 at 2013-11-17 21:01:31 -0800
Processing by Devise::RegistrationsController#new as HTML
Parameters: {"utf8"=>"a?"", "authenticity_token"=>"lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8=","user"=>{"email"=>"[email protected]","handle"=>"kit","password"=>"[FILTERED]","password_confirmation"=>"[FILTERED]"},"commit"=>"Sign Up"}
Rendered devise/shared/_links.erb (0.3ms)
Rendered devise/registrations/new.html.erb within layouts/application (3.7ms)
Completed 200 OK in 10ms (Views: 9.0ms | ActiveRecord: 0.0ms)

我的应用程序控制器:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
 protect_from_forgery with: :exception


 protected

 def devise_parameter_sanitizer
    if resource_class == User
      User::ParameterSanitizer.new(User, :user, params)
    else
      super # Use the default one
    end
 end
end

User_sanitizer:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
class User::ParameterSanitizer < Devise::ParameterSanitizer

private
def account_sign_in
    default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password)
end

def account_sign_up
    default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password)
end

def account_account_update
    default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password)
end
end

application.html.erb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<!DOCTYPE html>
<html>
<head>
  Meowit
  <%= stylesheet_link_tag   "application", media:"all","data-turbolinks-track" => true %>
  <%= javascript_include_tag"application","data-turbolinks-track" => true %>
  <%= csrf_meta_tags %>
</head>
<body>


<nav class="navbar navbar-default" role="navigation">
  <!-- Brand and toggle get grouped for better mobile display -->
 
    <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
      <span class="sr-only">Toggle navigation</span>
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
    </button>
   ">MeowIT
 

  <!-- Collect the nav links, forms, and other content for toggling -->
 
    <ul class="nav navbar-nav">
       
<li>
">Feed
</li>




   
</ul>

    <ul class="nav navbar-nav navbar-right">
       
<li>


        <% if user_signed_in? %>
            <li class="dropdown">
        Account<b class="caret">
        <ul class="dropdown-menu">
         
<li>
<%="#{current_user.email}" %>
</li>

         
<li>
<%= link_to"Edit", edit_user_registration_path %>
</li>

         
<li>
<%= link_to("Logout", destroy_user_session_path, :method => :delete) %>
</li>

       
</ul>

     
</li>

        <% else %>
           
<li>
<%= link_to("Login ", new_user_session_path) %>
</li>

        <% end %>

  <!-- /.navbar-collapse -->
</nav>

  <% if flash[:success] %>
   
      <%= flash[:success] %>
   
  <% end %>

  <% if flash[:info] %>
   
      <%= flash[:info] %>
   
  <% end %>

  <% if flash[:warning] %>
   
      <%= flash[:warning] %>
   
  <% end %>

  <% if flash[:danger] %>
   
      <%= flash[:danger] %>
   
  <% end %>


   

      <%= yield %>
   
  </body>
</html>

sanitizers.rb:

1
require"#{Rails.application.root}/lib/user_sanitizer.rb"

new.html.erb(内部视图/设计/注册):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
      <form class="bs-example form-horizontal">
        <fieldset>
        <legend>Sign Up</legend>
        <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
          <%= f.error_notification %>


              <%= f.label :Email, class:"col-lg-2 control-label" %>
             
                <%= f.text_field :email, :required => true, :autofocus => true, class:"form-control" %>
             

                 
                 
                 

              <%= f.label :"Name", class:"col-lg-2 control-label" %>
             
                <%= f.text_field :handle, :required => false, class:"form-control" %>
             


                 
                 
                 

              <%= f.label :Password, class:"col-lg-2 control-label" %>
             
                <%= f.password_field :password, :required => true, class:"form-control" %>
             


                 
                 
                 

              <%= f.label :"Password Confirmation", class:"col-lg-2 control-label" %>
             
                  <%= f.password_field :password_confirmation, :required => true, class:"form-control" %>
             

                 
                 

             
                <%= f.button :submit,"Sign Up", class:"btn btn-primary" %>
             

        <% end %>


        </fieldset>
      </form>
   
 


        <%= render"devise/shared/links" %>

编辑(1)

创建新文件
app/controllers 中的registrations_controller.rb
类 RegistrationsController <设计::RegistrationsController

1
2
3
4
5
6
7
8
      private

        def configure_devise_params
          devise_parameter_sanitizer.for(:sign_up) do |u|
            u.permit(:email, :password, :password_confirmation)
          end
        end
    end

修改了 routes.rb 中的 devies_for 路由以指向新的控制器。

1
  devise_for :users, :controllers => {:registrations =>"registrations"}

最后,我在应用程序控制器中注释掉了对 devise_parameter_sanitizer 的引用并删除了

1
    require"#{Rails.application.root}/lib/user_sanitizer.rb"

在消毒剂.rb


不确定您是否仍然需要帮助,但我可以通过删除前缀帐户来让我的消毒剂正常工作。

在你的 user_sanitizer.rb 中从你的方法中删除 "accounts"。

1
2
3
4
5
6
7
def sign_in
    ...
end  

def sign_up
    ...
end

这样做对我有用。


你可以添加这个来设计注册控制器

1
2
3
4
5
6
7
private

def configure_devise_params
  devise_parameter_sanitizer.for(:sign_up) do |u|
    u.permit(:email, :password, :password_confirmation)
  end
end