ForbiddenAttributesError,Devise

时间:2013-07-03 10:32:54

标签: devise ruby-on-rails-4

我允许用户使用OmniAuth使用Facebook和Google登录,我也允许他们使用他们的电子邮件创建帐户。除了用户能够更新其帐户信息的部分外,一切正常。

我添加了一个名为username的字段,其中sign_up和sign_in处理Ok,对于更新我不想要求用户输入密码如果他使用facebook登录但我一直收到ForbiddenAttributesError。

这是我写的代码。 

class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters, if: :devise_controller?    

  def update
    @provider = Provider.find_by_user_id(current_user.id)
    @user = User.find(current_user.id)
    email_changed = current_user.email != params[resource_name][:email]
    is_omniauth_account = @provider.blank?

    successfully_updated = if is_omniauth_account
      resource.update_with_password(params[resource_name])
    else
      resource.update_without_password(params[resource_name])
    end

    if successfully_updated
      # Sign in the user bypassing validation in case his password changed
      sign_in @user, :bypass => true
      redirect_to root_path
    else
      clean_up_passwords(resource)
      render_with_scope :edit
    end
  end

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password) }
  end

  def resource_params
    params.require(:user).permit(:username, :email, :password, :password_confirmation, :current_password)
  end
  private :resource_params
end

2 个答案:

答案 0 :(得分:1)

您似乎已定义了处理strong parameters的方法,但您未在update操作中使用该方法。

尝试一下:

successfully_updated = if is_omniauth_account
  resource.update_with_password(resource_params)
else
  resource.update_without_password(resource_params)
end

答案 1 :(得分:1)

此解决方案已解决,但我仍有问题我不确定在运行时删除参数是否是一个好习惯

class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters, if: :devise_controller?

  def update
    @provider = Provider.find_by_user_id(current_user.id)
    @user = User.find(current_user.id)
    email_changed = current_user.email != resource_params[:email]
    is_omniauth_account = !@provider.blank?
    successfully_updated = if is_omniauth_account
      devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation) }
      resource.update_without_password(devise_parameter_sanitizer.for(:account_update))      
    else
      resource.update_with_password(devise_parameter_sanitizer.for(:account_update))
    end

    if successfully_updated
      # Sign in the user bypassing validation in case his password changed
      sign_in @user, :bypass => true
      redirect_to root_path
    else
      clean_up_passwords(resource)
      render :edit
    end
  end

  def create
    super
    UserMailer.welcome(@user).deliver

  end

  protected
  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password) }
  end
end
相关问题
最新问题