我开始使用React在Rails中设置用户身份验证系统,并且发生了两件奇怪的事情:
1)我的POST请求包含一个user参数,我非常确定我没有自我配置(我正在跟随Rails指南书)。这个user参数复制了我所有其他参数,如图所示:
Started POST "/api/user" for 127.0.0.1 at 2018-01-29 21:54:42 -0800
Processing by Api::UserController#create as JSON
Parameters: {"email"=>"test@test.com", "password"=>"[FILTERED]",
"first_name"=>"test", "last_name"=>"test", "groupname"=>"test",
"admin"=>"true", "user"=>{"email"=>"test@test.com",
"first_name"=>"test", "last_name"=>"test", "groupname"=>"test", "admin"=>"true"}}
Can't verify CSRF token authenticity.
No template found for Api::UserController#create, rendering head :no_content
Completed 204 No Content in 39ms (ActiveRecord: 0.0ms)
2)如果您还没有注意到,我的password参数是唯一没有包含在user参数中的参数(可能是因为我打电话给{{1}在我的has_secure_password模型中?),我无法弄清楚如何将其添加到我的users变量中。
我只是尝试使用private将我的新用户信息写入我的Postgres数据库。以下是我与之合作的内容:
index.js
Users.new()index.html.erb
class Signup extends React.Component {
constructor(props) {
super(props)
this. state = {
email: '',
password: '',
first_name: '',
last_name: '',
groupname: '',
admin: false
}
this.handleChange = this.handleChange.bind(this)
this.handleSubmit = this.handleSubmit.bind(this)
}
handleChange(e) {
const { name, value } = e.target
this.setState({
[name]: value
})
}
handleSubmit(e) {
e.preventDefault()
axios.post('/api/user', {
email: this.state.email,
password: this.state.password,
first_name: this.state.first_name,
last_name: this.state.last_name,
groupname: this.state.groupname,
admin: this.state.admin
})
.then(res => {
console.log(res.data)
})
}
render() {
return (
<div>
<h3>Sign Up!</h3>
<section>
<div>
<div className='box'>
<p className="subtitle has-text-grey">Create Account</p>
<hr />
<form onSubmit={this.handleSubmit}>
<div className="field">
<div className="control">
<label>E-mail
<input name="email" type="text" className="form-control" onChange={this.handleChange} defaultValue={this.state.email}></input>
</label>
</div>
</div>
<div className="field">
<div className="control">
<label>Password
<input name="password" type="password" className="form-control" onChange={this.handleChange} defaultValue={this.state.password}></input>
</label>
</div>
</div>
<div className="field">
<div className="control">
<label >First Name
<input type="text" className="form-control" name="first_name" onChange={this.handleChange} defaultValue={this.state.first_name}></input>
</label>
</div>
</div>
<div className="field">
<div className="control">
<label>Last Name
<input type="text" className="form-control" name="last_name" onChange={this.handleChange} defaultValue={this.state.last_name}></input>
</label>
</div>
</div>
<div className="field">
<div className="control">
<label>Group
<input name="groupname" type="text" className="form-control" onChange={this.handleChange} defaultValue={this.state.groupname}></input>
<hr />
<span className='adminLabel' style={styles.adminLabelStyle}>Are you registerting as an admin?</span> <span> </span>
<input type="checkbox" id="groupadmin" name="admin" onChange={this.handleChange} value='true'></input>
</label>
</div>
</div>
<div className="field is-grouped">
<div className="control">
<input type="submit" value='Submit' className="button is-normal is-info"></input>
</div>
</div>
</form>
<hr />
<form >
<div className="feild">
<div className="control">
<div>Already a Member?
<input type="submit" value='Login' className="" onClick={ this.props.action }></input>
</div>
</div>
</div>
</form>
</div>
</div>
</section>
</div>
)
}
应用/控制器/ API / user_controller.rb
<%= react_component('Index') %>
应用/模型/ user.rb
class Api::UserController < ApplicationController
respond_to :json
protect_from_forgery with: :null_session
def create
user_params[:password] = params[:password]
puts user_params
@user = Users.new(user_params)
end
private
def user_params
params.require(:user).permit(:email, :password, :first_name, :last_name, :groupname, :admin)
end
end
数据库架构
class User < ApplicationRecord
before_save { self.email = email.downcase }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
validates :first_name, presence: true, length: { maximum: 51 }
validates :groupname, presence: true, length: { maximum: 51 }
validates :password, presence: true, length: { minimum: 6 }
has_secure_password
end
总而言之,我的实际问题是:
我为什么要单独 create_table "users", force: :cascade do |t|
t.string "email"
t.string "password_digest"
t.string "first_name"
t.string "last_name"
t.integer "groupid"
t.string "groupname"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.boolean "admin"
t.index ["email"], name: "index_users_on_email", unique: true
end
个参数,为什么它不包含我的密码?为什么我不能将密码添加到我的users ??
答案 0 :(得分:1)
Rails有一个配置选项wrap_parameters,默认情况下已启用。这将检测您是否未提供根元素(在此实例中为:user),并将密钥复制到根元素中。这就是造成你第一个问题的原因。
密码不包含在包装参数中,因为它不是您模型上的已定义属性。只包含类方法attribute_names中返回的键。您可以在控制器中使用以下方法明确包含其他键:
class UsersController < ApplicationController
wrap_parameters :user, include: [:password]
end
或者,您可以在user键下嵌套发送到rails控制器的参数,并完全忽略wrap_parameters。
axios.post('/api/user', {
user: {
email: this.state.email,
password: this.state.password,
first_name: this.state.first_name,
last_name: this.state.last_name,
groupname: this.state.groupname,
admin: this.state.admin
}
})