带有simple_token_authentication的不允许的参数

时间:2019-07-11 17:15:53

标签: ruby-on-rails ruby rubygems

因此,我在model中创建了一个参与者Rails API Mode

这就是它的控制器:

class ParticipantsController < ApplicationController
    acts_as_token_authentication_handler_for User

    def create
        binding.pry
        participant = Participant.new(participant_params)
        puts "INFO: ----------------------------"
        puts participant.inspect
        puts params
        if(participant.save)
            render json: {
                status: 'SUCCESS',
                message: 'Participant link created',
                data: participant
            }, status: :created
        else 
            render json: {
                status: 'ERROR',
                message: 'Participant link not created',
                data: participant.errors
            }, status: :unprocessable_entity
        end
    end

    private def participant_params
        params.permit(:id_request, :user_id)
    end
end

这是User模型:

class User < ApplicationRecord
  acts_as_token_authenticatable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable

  validates :firstname, presence: true
  validates :lastname, presence: true
  validates :username, presence: true
  validates :address, presence: true
  validates :idcard, presence: true
end

第二行,您将看到:acts_as_token_authentication_handler_for User

这使我可以在React的提取请求中添加身份验证标头。

这就是我的获取方式:

participateToContribution = id_request => {
    const data = {
      id_request: id_request,
      user_id: localStorage.getItem('email')
    }
    console.log(data)

    fetch('http://localhost:3000/participants', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'X-User-Email': localStorage.getItem('email'),
        'X-User-Token': localStorage.getItem('token')
      },
      data: data
    })
  }

我已经在其他控制器上做到了这一点,并且运行良好,但是由于某些原因,当我获取此滑轨时,会返回此错误:

Started POST "/participants" for 127.0.0.1 at 2019-07-11 19:08:36 +0200
Processing by ParticipantsController#create as */*
  User Load (0.3ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? ORDER BY "users"."id" ASC LIMIT ?  [["email", "titivermeesch@gmail.com"], ["LIMIT", 1]]
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Unpermitted parameters: :user_email, :user_token
   (0.2ms)  begin transaction
  ↳ app/controllers/participants_controller.rb:7
   (0.2ms)  rollback transaction
  ↳ app/controllers/participants_controller.rb:7
Completed 422 Unprocessable Entity in 11ms (Views: 0.4ms | ActiveRecord: 0.7ms)

我试图在.permit()中添加这2个字段,但这给了我另一个错误(我的其他控制器中没有这些,只是复制粘贴了)。

Started POST "/participants" for 127.0.0.1 at 2019-07-11 19:13:15 +0200
   (0.5ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Processing by ParticipantsController#create as */*
  User Load (0.6ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ? ORDER BY "users"."id" ASC LIMIT ?  [["email", "titivermeesch@gmail.com"], ["LIMIT", 1]]
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 500 Internal Server Error in 56ms (ActiveRecord: 3.3ms)



ActiveModel::UnknownAttributeError (unknown attribute 'user_email' for Participant.):

app/controllers/participants_controller.rb:5:in `create'

这是从前端部分发送到此控制器的内容:

{id_request: 1, user_id: "titivermeesch@gmail.com"}

GitHub代码:https://github.com/titivermeesch/neighbourhood-app

pry输出:

     4: def create
 =>  5:     binding.pry
     6:     participant = Participant.new(participant_params)
     7:     puts "INFO: ----------------------------"
     8:     puts participant.inspect
     9:     puts params
    10:     if(participant.save)
    11:         render json: {
    12:             status: 'SUCCESS',
    13:             message: 'Participant link created',
    14:             data: participant
    15:         }, status: :created
    16:     else
    17:         render json: {
    18:             status: 'ERROR',
    19:             message: 'Participant link not created',
    20:             data: participant.errors
    21:         }, status: :unprocessable_entity
    22:     end
    23: end

3 个答案:

答案 0 :(得分:1)

使用

更新fetch 
fetch('http://localhost:3000/participants', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-User-Email': localStorage.getItem('email'),
    'X-User-Token': localStorage.getItem('token')
  },
  body: JSON.stringify({data)
})

}

和数据

const data = {
     participant: {

      id_request: id_request,
      user_id: localStorage.getItem('email')
    }
}

participant_params

def participants_params
  params.require(:participant).permit(:id_request, :user_id)
end

答案 1 :(得分:0)

在这种情况下,应将这些字段(电子邮件和令牌)添加到User类。这里我们有一个https://gist.github.com/bosskovic/816623404b60b30726a8

的完整示例

如果您已经具有这些字段,则只需将user_email参数正确映射到email列即可。

答案 2 :(得分:0)

您在这里不允许他们

private

def participants_params
    params.permit(:id_request, :user_id)
end

您必须像这样将它们添加到该数组中

private

def participants_params
    params.permit(:id_request, :user_id, :user_email, :user_token)
end

现在您说的是,这引发了错误,因为user_email不是参与者的字段。您将需要添加它以保存一个值,否则需要将其从要发送的参数数组中取出,然后该对象将被保存。您无法发送未经许可的参数并尝试保存它,它将无法正常工作。

唯一的其他解决方案是重写您的create方法,但这并不是真正的解决方案。

def create
  participant = Participant.new
  participant.request_id = params[:participant][:id_request]
  participant.user_id = params[:participant][:user_id]
  if(participant.save)

  ...
相关问题
最新问题