mercredi 21 octobre 2015

Unpermitted paramter using Devise Token Auth gem in Rails API

I am using Rails-api to make a test authentication app which uses Devise_token_auth gem. The User.rb model looks like

class User < ActiveRecord::Base
    before_save :set_auth_token

  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :confirmable, :omniauthable
  include DeviseTokenAuth::Concerns::User

  private
  def set_auth_token
    if self.authentication_token.blank?
      self.authentication_token = generate_authentication_token
    end
  end

  def generate_authentication_token
    loop do
      token = Devise.friendly_token
      break token unless User.where(authentication_token: token).first
    end
  end

end

routes.rb contains

mount_devise_token_auth_for 'User', at: 'auth'

Also I am using the default SessionsController and RegistrationsController defined by DeviseTokenAuth gem

My frontend is made in Ember-cli where I have made a login form which uses Ember-simple-auth-devise, Devise authorizer to call the /sign_in url of rails api. The Ember simple auth wraps the parameters like

{"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}}

while the rails DeviseTokenAuth expects the request parameters like

{"password"=>"[FILTERED]", "email"=>"test@mail.com"}

The error produced is

Processing by DeviseTokenAuth::RegistrationsController#create as JSON
   Parameters: {"user"=>{"password"=>"[FILTERED]", "email"=>"test@mail.com"}} 
 Unpermitted parameter: user

The problem can be solved if either Rails DeviseTokenAuth gem accepts parameters wrapped in "user" OR Ember-simple-auth sends the parameters unwrapped, but unfortunately documentation for both of them doesn't clearly mention the way to implement the same. I tried changing the resourceName for Ember-simple-auth to null but it didn't work

    ENV['simple-auth-devise'] = {
     resourceName: null,
    serverTokenEndpoint: 'http://localhost:3000/auth/sign_in'
  };

Is there a way to send unwrapped paramters in Ember-simple-auth-devise? Or is it possible to permit the parameters contained in "user" for all the controllers generated using DeviseTokenAuth gem?

Versions used are:

devise_token_auth (0.1.36)
  devise (~> 3.5.2)
  rails (~> 4.2)
"ember-simple-auth": "0.8.0"



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)