Devise strong parameter sanitizer
我正在尝试在使用 devise 时自定义我的输入参数。尽我所能,我遵循了有关该主题的设计文档。我还广泛搜索了一些像这样的有用文章。最后,当我填写表单并点击提交时,会返回新用户页面上的"sign_up"表单。当我在控制台中检查数据库时,没有添加新用户,下面列出了服务器日志和相关代码。如果您想查看任何其他代码,请告诉我并更新问题。任何和所有的帮助都非常感谢。
服务器日志:
1 2 3 4 5 6 7 | Started GET"/users/sign_up utf8=%E2%9C%93&authenticity_token=lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8%3D&user%5Bemail%5D=kit%40kit.com&user%5Bhandle%5D=kit&user%5Bpassword%5D=[FILTERED]&user%5Bpassword_confirmation%5D=[FILTERED]&commit=Sign+Up" for 127.0.0.1 at 2013-11-17 21:01:31 -0800 Processing by Devise::RegistrationsController#new as HTML Parameters: {"utf8"=>"a?"", "authenticity_token"=>"lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8=","user"=>{"email"=>"[email protected]","handle"=>"kit","password"=>"[FILTERED]","password_confirmation"=>"[FILTERED]"},"commit"=>"Sign Up"} Rendered devise/shared/_links.erb (0.3ms) Rendered devise/registrations/new.html.erb within layouts/application (3.7ms) Completed 200 OK in 10ms (Views: 9.0ms | ActiveRecord: 0.0ms) |
我的应用程序控制器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception protected def devise_parameter_sanitizer if resource_class == User User::ParameterSanitizer.new(User, :user, params) else super # Use the default one end end end |
User_sanitizer:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | class User::ParameterSanitizer < Devise::ParameterSanitizer private def account_sign_in default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password) end def account_sign_up default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password) end def account_account_update default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password) end end |
application.html.erb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | <!DOCTYPE html> <html> <head> Meowit <%= stylesheet_link_tag "application", media:"all","data-turbolinks-track" => true %> <%= javascript_include_tag"application","data-turbolinks-track" => true %> <%= csrf_meta_tags %> </head> <body> <nav class="navbar navbar-default" role="navigation"> <!-- Brand and toggle get grouped for better mobile display --> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> ">MeowIT <!-- Collect the nav links, forms, and other content for toggling --> <ul class="nav navbar-nav"> <li> ">Feed </li> </ul> <ul class="nav navbar-nav navbar-right"> <li> <% if user_signed_in? %> <li class="dropdown"> Account<b class="caret"> <ul class="dropdown-menu"> <li> <%="#{current_user.email}" %> </li> <li> <%= link_to"Edit", edit_user_registration_path %> </li> <li> <%= link_to("Logout", destroy_user_session_path, :method => :delete) %> </li> </ul> </li> <% else %> <li> <%= link_to("Login ", new_user_session_path) %> </li> <% end %> <!-- /.navbar-collapse --> </nav> <% if flash[:success] %> <%= flash[:success] %> <% end %> <% if flash[:info] %> <%= flash[:info] %> <% end %> <% if flash[:warning] %> <%= flash[:warning] %> <% end %> <% if flash[:danger] %> <%= flash[:danger] %> <% end %> <%= yield %> </body> </html> |
sanitizers.rb:
1 | require"#{Rails.application.root}/lib/user_sanitizer.rb" |
new.html.erb(内部视图/设计/注册):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | <form class="bs-example form-horizontal"> <fieldset> <legend>Sign Up</legend> <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %> <%= f.error_notification %> <%= f.label :Email, class:"col-lg-2 control-label" %> <%= f.text_field :email, :required => true, :autofocus => true, class:"form-control" %> <%= f.label :"Name", class:"col-lg-2 control-label" %> <%= f.text_field :handle, :required => false, class:"form-control" %> <%= f.label :Password, class:"col-lg-2 control-label" %> <%= f.password_field :password, :required => true, class:"form-control" %> <%= f.label :"Password Confirmation", class:"col-lg-2 control-label" %> <%= f.password_field :password_confirmation, :required => true, class:"form-control" %> <%= f.button :submit,"Sign Up", class:"btn btn-primary" %> <% end %> </fieldset> </form> <%= render"devise/shared/links" %> |
编辑(1)
创建新文件
app/controllers 中的registrations_controller.rb
类 RegistrationsController <设计::RegistrationsController
1 2 3 4 5 6 7 8 | private def configure_devise_params devise_parameter_sanitizer.for(:sign_up) do |u| u.permit(:email, :password, :password_confirmation) end end end |
修改了 routes.rb 中的 devies_for 路由以指向新的控制器。
1 | devise_for :users, :controllers => {:registrations =>"registrations"} |
最后,我在应用程序控制器中注释掉了对 devise_parameter_sanitizer 的引用并删除了
1 | require"#{Rails.application.root}/lib/user_sanitizer.rb" |
在消毒剂.rb
不确定您是否仍然需要帮助,但我可以通过删除前缀帐户来让我的消毒剂正常工作。
在你的 user_sanitizer.rb 中从你的方法中删除 "accounts"。
1 2 3 4 5 6 7 | def sign_in ... end def sign_up ... end |
这样做对我有用。
你可以添加这个来设计注册控制器
1 2 3 4 5 6 7 | private def configure_devise_params devise_parameter_sanitizer.for(:sign_up) do |u| u.permit(:email, :password, :password_confirmation) end end |