我在我的rails应用程序中设置了Devise。我还在我的应用程序控制器中设置了一个设计参数清理器。但是当我使用自定义参数注册时,我的rails本地服务器日志中出现了“未经许可的参数错误”。奇怪的问题是,这一次是在工作......现在它似乎被打破了。我查看了我的Devise配置和文档,并正确设置了Sanitizer。
Application_Controller:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
include Pundit
include Redcarpet
protect_from_forgery with: :exception
before_action :authenticate_user!
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :lastname, :username) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :lastname, :username) }
end
end
Rails服务器日志:
Started POST "/users" for ::1 at 2016-06-05 16:02:57 -0700
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"PhMqJOEO7fLyUJiWjHcnu+wyB0EQwDeCV9m6XsT5kZ/IyVZ9ZUpwLc26sNbRZleh6xz7V90bvA+yqUBkDkhMmA==", "user"=>{"firstname"=>"Austin", "lastname"=>"Thesing", "username"=>"austinthesing", "email"=>"me@me.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
Unpermitted parameters: firstname, lastname, username
(0.1ms) begin transaction
User Exists (0.2ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = 'austin@designxdevelop.com' LIMIT 1
SQL (0.4ms) INSERT INTO "users" ("email", "encrypted_password", "role", "created_at", "updated_at", "confirmation_token", "confirmation_sent_at") VALUES (?, ?, ?, ?, ?, ?, ?) [["email", "me@me.com"], ["encrypted_password", "$2a$11$KQLR6rLh0qrMfzX90FToP.Yo.i0wmfPkvvw7JOKQIn4smtzk9HJkm"], ["role", 0], ["created_at", "2016-06-05 23:02:57.825074"], ["updated_at", "2016-06-05 23:02:57.825074"], ["confirmation_token", "HMkLUzBwoXB7NZxvYJCA"], ["confirmation_sent_at", "2016-06-05 23:02:57.825333"]]
(0.6ms) commit transaction
Rendered devise/mailer/confirmation_instructions.html.erb (4.9ms)
答案 0 :(得分:1)
如果控制器是设备控制器,则需要指定before_action回调来调用应用程序控制器中的configure_permitted_parameters方法
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :lastname, :username) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :lastname, :username) } end
end
另外,请注意该方法是受保护的
详细了解Devise强参数here