Closed NfoCipher closed 2 months ago
I think the rails log is from a different curl command. the rails log looks like a request with parameter --data-raw '{ "email": "test2@development.com", "password": "123456"m "token": "{}" }'. You don't need a token to sign up AFAIK, but if you wish to add it, perhaps add it in the function sign_up_params in the subclass of Devise::Api::TokensController
That's the correct curl command. And most likely part of the issue.
Hello @NfoCipher , I think @1gn0r4nd is right, could you check your request and logs?
Here's the test project: https://github.com/Deanout/devise_api You should get the same error from that.
I met the same problem. The request body doesn't have a token
field, but the log still showed Unpermitted parameter: :token.
Same here:
Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #<ActionDispatch::Request:0x0000ffff85276c28>, params: {"email"=>"user1@example.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_in", "token"=>{}} }
I too am experiencing something, similar.
Sending this logic directly from Postman for troubleshooting:
var axios = require('axios');
var data = JSON.stringify({
"email": "truman@example.com",
"password": "password"
});
var config = {
method: 'post',
url: 'http://127.0.0.1:3000/users/tokens/sign_in',
headers: {
'Content-Type': 'application/json'
},
data : data
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
Rails Log:
Processing by Devise::Api::TokensController#sign_in as HTML
Parameters: {"email"=>"truman@morphxr.io", "password"=>"[FILTERED]", "token"=>{}}
Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #<ActionDispatch::Request:0x0000000105d760f8>, params: {"email"=>"truman@morphxr.io", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_in", "token"=>{}} }
Login is successful, but Rails logs show the message above
I too am experiencing something, similar.
Started POST "/users/tokens/sign_in" for 127.0.0.1 at 2023-10-09 15:38:38 -0500
Processing by Devise::Api::TokensController#sign_in as /
Parameters: {"email"=>"admin@mail.com", "password"=>"[FILTERED]", "token"=>{}}
Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_in, request: #
I can get a successful start but i have this message in the rails log
I had the same problem.
Temporarily solved by running the below code on the app initialization.
Would be good to have the Devise::Api::TokensController calling the wrap_parameters false
on it to avoid this more drastic solution.
ActiveSupport.on_load(:action_controller) do
wrap_parameters false
end
Has anyone found a solution to this that is less application-wide than the one above. This is still a problem.
PR open with a fix for the above issue.
completed with #42 thank u @k-p-jones
When issuing the example curl call:
curl --location --request POST 'http://127.0.0.1:3000/users/tokens/sign_up' --header 'Content-Type: application/json' --data-raw '{ "email": "test2@development.com", "password": "123456" }' I do get a response of: {"token":"xmRbTRpBxbCkyN9Rgzs6_usJTb_wFnB7qL36fioh5bTLa8XAQTwca-12vz3P","refresh_token":"eigFtc3nPqTR41KJh7ktRiCtVqsM6n4izBx6yzNzqKjURyZ9vqz7McRbunSf","expires_in":3600,"token_type":"Bearer","resource_owner":{"id":2,"email":"test2@development.com","created_at":"2023-02-24T22:12:38.043Z","updated_at":"2023-02-24T22:12:38.043Z"}}
But, the rails logs contain:
Processing by Devise::Api::TokensController#sign_up as */* Parameters: {"email"=>"test2@development.com", "password"=>"[FILTERED]", "token"=>{}} Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_up, request: #<ActionDispatch::Request:0x000000010ed12950>, params: {"email"=>"test2@development.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_up", "token"=>{}} } Unpermitted parameter: :token. Context: { controller: Devise::Api::TokensController, action: sign_up, request: #<ActionDispatch::Request:0x000000010ed12950>, params: {"email"=>"test2@development.com", "password"=>"[FILTERED]", "controller"=>"devise/api/tokens", "action"=>"sign_up", "token"=>{}} }
Any ideas?