Rails 4,Devise 3.0.3,Oauth-facebook
我在我的用户模型中添加了两个额外的参数 - :name,:uid并尝试将其保存在我的用户表格中(route / users / sign_up)。但结果我收到表中的记录,其中只包含字段的默认值:name和:uid而不是值,我将其放在text_fields中。
在控制台中,我收到以下消息:
Unpermitted parameters: name, uid
WARNING: Can't mass-assign protected attributes for User: password_confirmation
app/models/user.rb:31:in `new_with_session'
这是我的user.rb模型。我试图从attr_accessible中删除这些fiels,但它没有结果。
class User < ActiveRecord::Base
attr_accessible :oauth_expires_at, :oauth_token, :oauth_secret, :email, :password, :uid, :provider, :name
default_scope -> {order('created_at ASC')}
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:omniauthable, :omniauth_providers => [:facebook]
has_many :microposts, :primary_key => "uid", dependent: :destroy
# validates :uid, presence: true
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["user_hash"]
user.email = data["email"]
end
end
end
end
这是我的用户/ omniauth_callbacks_controller.rb(没有facebook方法)。我试图应用与before_filter相关的不同建议,但它仍然不起作用
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
before_filter :configure_permitted_parameters
def create
super
end
private
def configure_permitted_parameters
params.require(:user).permit(:name, :uid, :provider)
end
end
这是我的view-form()
<%= link_to "Sign in with Facebook", user_omniauth_authorize_path(:facebook) %>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :name %> <br />
<%= f.text_field :name, :autofocus => true %></div>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.label :uid %><br />
<%= f.text_field :uid %></div>
<div><%= f.submit "Sign up" %></div>
<% end %>
<%= render "devise/shared/links" %>
你能帮帮我吗,我不明白我做错了什么。如何为我的强参数配置白名单以获得正确的值(用户放入视图形式)?
我的所有源代码均可在此处找到:https://github.com/DavydenkovM/d23m
提前致谢!
更新
我删除了attr_accessible字段并更新了我的控制器。但是不允许的params名称和uid在同一点上的问题。现在我的控制器看起来像:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
before_filter :configure_permitted_parameters, if: :devise_controller?
def facebook
@user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
if @user.persisted?
sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
set_flash_message(:notice, :success, :kind => "Facebook") # if is_navigational_format?
else
redirect_to root_url if user_signed_in?
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
def create
super
end
#def update
# person = current_account.user.find(params[:id])
# person.update_attributes!(person_params)s
# redirect_to person
#end
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:users) do |u|
u.permit(:name, :email, :password, :password_confirmation, :uid, :provider)
end
end
end
更新2。 我不清楚devise_parameter_sanitizer.for(?)中的资源是什么,我需要在哪里分配它?
答案 0 :(得分:1)
请尝试以下操作。
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
).permit!(:name, :uid, :provider)
end
user
end
或
def facebook
@user = User.find_for_facebook_oauth(request.env["omniauth.auth"].permit!(:name, :uid, :provider), current_user)
if @user.persisted?
sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
set_flash_message(:notice, :success, :kind => "Facebook") # if is_navigational_format?
else
redirect_to root_url if user_signed_in?
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
然后试试这个
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :email, :password, :password_confirmation, :uid, :provider) }
end
答案 1 :(得分:0)
attr_accessible,因为默认情况下现在使用Strong Parameters。您似乎已经在使用强参数,因此您只需从用户模型中删除包含attr_accessible的行。