search

nejdetkadir / devise-api

The devise-api gem is a convenient way to add authentication to your Ruby on Rails application using the devise gem. It provides support for access tokens and refresh tokens, which allow you to authenticate API requests and keep the user's session active for a longer period of time on the client side
MIT License
152 stars 22 forks source link

Unable to set extra parameters during sign_in #32

Closed jdblack closed 9 months ago

jdblack commented 10 months ago

My apologies if I've missed something obvious here, as I'm new to devise-api.

I'm attempting to use a User model that has extra required fields. I updated my application_controller to permit name, but it seems to not be passing through.

Any advice on what I can do to debug and resolve this? Should I keep all non-user related stuff out of the user table instead?

Thanks much!

Versions Ruby: 3.2.2 Rails: 7.0.8 Devise: 4.9 Devise-api: 0.1.3

app/controllers/application_controller: 

class ApplicationController < ActionController::API
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    puts "Made it into configure_permitted_parameters"
    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
    puts "Leaving configure_permitted_parameters"

  end
end

My user schema 

...
  create_table "users", force: :cascade do |t|
    t.string "email", default: "", null: false
    t.string "encrypted_password", default: "", null: false
    t.string "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.string "username"
    t.string "name", null: false
    t.string "image"
    t.date "birthday"
    t.string "uuid"
    t.integer "family_id"
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["family_id"], name: "index_users_on_family_id"
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
    t.index ["username"], name: "index_users_on_username", unique: true
  end
...
    add_foreign_key "users", "families"
...
add_foreign_key "users", "families"
...

Rails during run 

~/code/billmebabe-api$ rails s
=> Booting Puma
=> Rails 7.0.8 application starting in development
=> Run `bin/rails server --help` for more startup options
Puma starting in single mode...
* Puma version: 5.6.7 (ruby 3.2.2-p53) ("Birdie's Version")
*  Min threads: 5
*  Max threads: 5
*  Environment: development
*          PID: 57192
* Listening on http://127.0.0.1:3000
* Listening on http://[::1]:3000
Use Ctrl-C to stop
Started POST "/users/tokens/sign_up?email=me@here.com&password=[FILTERED]&name=John%20Doe" for 127.0.0.1 at 2023-10-06 06:38:55 +0700
  ActiveRecord::SchemaMigration Pluck (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
Processing by Devise::Api::TokensController#sign_up as */*
  Parameters: {"email"=>"me@here.com", "password"=>"[FILTERED]", "name"=>"John Doe"}
Made it into configure_permitted_parameters
Leaving configure_permitted_parameters
Unpermitted parameter: :name. Context: { controller: Devise::Api::TokensController, action: sign_up, request: #<ActionDispatch::Request:0x0000000114910c98>, params: {"email"=>"me@here.com", "password"=>"[FILTERED]", "name"=>"John Doe", "controller"=>"devise/api/tokens", "action"=>"sign_up"} }
Unpermitted parameter: :name. Context: { controller: Devise::Api::TokensController, action: sign_up, request: #<ActionDispatch::Request:0x0000000114910c98>, params: {"email"=>"me@here.com", "password"=>"[FILTERED]", "name"=>"John Doe", "controller"=>"devise/api/tokens", "action"=>"sign_up"} }
  TRANSACTION (0.0ms)  begin transaction
  User Exists? (0.2ms)  SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "me@here.com"], ["LIMIT", 1]]
  User Create (0.3ms)  INSERT INTO "users" ("email", "encrypted_password", "reset_password_token", "reset_password_sent_at", "remember_created_at", "created_at", "updated_at", "username", "name", "image", "birthday", "uuid", "family_id") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)  [["email", "me@here.com"], ["encrypted_password", "$2a$12$ocbHzTLGJiibSsYAFX43cuS1cJy7eQXouEJkZ/MqFdBY1xa8hms8u"], ["reset_password_token", nil], ["reset_password_sent_at", nil], ["remember_created_at", nil], ["created_at", "2023-10-05 23:38:55.655499"], ["updated_at", "2023-10-05 23:38:55.655499"], ["username", nil], ["name", nil], ["image", nil], ["birthday", nil], ["uuid", nil], ["family_id", nil]]
  TRANSACTION (0.0ms)  rollback transaction
Completed 500 Internal Server Error in 272ms (ActiveRecord: 1.0ms | Allocations: 47337)
borisMD24 commented 9 months ago

I've done this : i created a "token controller" in which i wrote : ` class TokensController < Devise::Api::TokensController

def sign_in
    super()
end

private
def sign_up_params
    params.permit(:first_name, :last_name, *resource_class.authentication_keys,
                  *::Devise::ParameterSanitizer::DEFAULT_PERMITTED_ATTRIBUTES[:sign_up]).to_h
end

end `

and don't forget to update your routes : devise_for :users, controllers: { tokens:"tokens" }