我遇到了新用户注册的问题,上周我一直在寻找答案。当我尝试将Omniauth添加到我的Rails应用程序时,我注意到了这个问题,从Github开始。在用户使用Github登录后,他们会在登录前访问常规设计注册页面以回答更多问题。我能够成功创建新用户,但是当我查看数据库时,它会同时显示university_id和program_id为null。当我查看服务器日志时,发现Unpermitted parameters: code, university_id, program_id
错误。我不相信Omniauth本身与此错误有任何关系,因为无论他们是否选择先使用Github登录,都会发生这种情况。我怀疑它与强大的障碍有关。有什么建议吗?
注册控制器:
class Users::RegistrationsController < Devise::RegistrationsController
# GET /resource/sign_up
def new
@universities = University.all
@programs = Program.all
super
end
# POST /resource
def create
if params["user"]["code"] == ENV["CODE_TO_SIGN_UP"]
User.create(user_params)
else
respond_to do |format|
format.html { return redirect_to new_user_registration_path, notice: 'The code you entered was wrong. Please contact ' + ENV["ADMIN_EMAIL"] }
end
end
super
end
end
protected
def user_params
params.require(:user).permit(:name, :email, :github, :time_zone, :university, :program, :password)
end
end
用户模型:
class User < ActiveRecord::Base
belongs_to :university
belongs_to :program
end
大学模式:
class University < ActiveRecord::Base
has_many :programs
has_many :users, through: :programs
end
程序模型:
class Program < ActiveRecord::Base
belongs_to :university
has_many :users, through: :university
end
new.html.erb:
<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
(...other fields)
<div class="field">
<%= f.label :university_id, 'University' %><br />
<%= f.collection_select(:university_id, University.all, 'id', 'name') %>
</div>
<div class="field">
<%= f.label :program_id, 'Program' %><br>
<%= f.collection_select(:program_id, Program.all, 'id', 'name') %>
</div>
(...other fields)
<% end %>
Github登录 用户模型:
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:github]
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
user.email = auth.info.email
user.password = Devise.friendly_token[0,20]
user.full_name = auth.info.name # assuming the user model has a name
# If you are using confirmable and the provider(s) you use validate emails,
# uncomment the line below to skip the confirmation emails.
# user.skip_confirmation!
end
end
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.github_data"] && session["devise.github_data"]["extra"]["raw_info"]
user.email = data["email"] if user.email.blank?
end
end
end
应用程序控制器
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:github, :github_confirmation, :university_id, :program_id, :full_name, :time_zone])
end
设计初始化程序:
Devise.setup do |config|
config.omniauth :github, "xxx", "xxx",
callback_url: "localhost:3000/users/auth/github/callback"
end
的Gemfile:
gem 'devise', '~> 4.2'
gem 'omniauth'
gem 'omniauth-github'
如果有一些代码我忘记了,请告诉我!
答案 0 :(得分:1)
在university
方法中,您允许program
和university_id
,但是在您传递program_id
和code
的表单中。除了user_params
中的university_id
之外,还应该允许这些内容,它应该有效。
Rails只允许列入白名单的参数,而忽略任何其他参数以阻止质量分配。这就是为什么function clear1(){
document.getElementById("Enter_Price").value = "";
document.getElementById('Enter_Price').focus();
}
和其他未经许可的参数在数据库中为零的原因。