Created
July 15, 2017 09:41
-
-
Save samgooi4189/daedb541c699eeb9b22be56e9b467545 to your computer and use it in GitHub Desktop.
Why devise_parameter_sanitizer.sanitize return empty params? [Solved]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Problem: | |
(byebug) devise_parameter_sanitizer.sanitize(:sign_up) | |
{} | |
Investigation: | |
1. We post the data to the backend in this format | |
``` | |
$ curl -X POST -H "Content-Type: application/json" --data "{\"user\": {\"email\":\"abc@abc.com\", \"password\": \"1234567890\", \"password_confirmation\": \"1234567890\"}}" localhost:3000/api/v1/users | |
``` | |
2. From the rails log, we can see that the parameters are going in as expected | |
``` | |
Processing by Api::V1::RegistrationsController#create as JSON | |
Parameters: {"user"=>{"email"=>"abc@abc.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}} | |
``` | |
3. Place byebug before the sanitizer starts | |
``` | |
def sign_up_params | |
byebug | |
params = devise_parameter_sanitizer.sanitize(:sign_up) | |
params | |
end | |
``` | |
4. Inspect the devise_parameter_sanitizer, by stepping in | |
``` | |
(byebug) step | |
[152, 161] in ...gems/devise-83213569dd77/lib/devise/controllers/helpers.rb | |
152: | |
153: # Set up a param sanitizer to filter parameters using strong_parameters. See | |
154: # lib/devise/parameter_sanitizer.rb for more info. Override this | |
155: # method in your application controller to use your own parameter sanitizer. | |
156: def devise_parameter_sanitizer | |
=> 157: @devise_parameter_sanitizer ||= Devise::ParameterSanitizer.new(resource_class, resource_name, params) | |
158: end | |
159: | |
160: # Tell warden that params authentication is allowed for that specific page. | |
161: def allow_params_authentication! | |
``` | |
5. Step though until you see: | |
``` | |
[69, 78] in ...gems/devise-83213569dd77/lib/devise/parameter_sanitizer.rb | |
69: permissions = @permitted[action] | |
70: | |
71: if permissions.respond_to?(:call) | |
72: cast_to_hash permissions.call(default_params) | |
73: elsif permissions.present? | |
=> 74: cast_to_hash permit_keys(default_params, permissions) | |
75: else | |
76: unknown_action!(action) | |
77: end | |
78: end | |
``` | |
6. Inspect | |
``` | |
(byebug) permit_keys(default_params, permissions) | |
<ActionController::Parameters {} permitted: true> | |
``` | |
7. Step in and see why it is returning { } | |
``` | |
[131, 140] in .../gems/devise-83213569dd77/lib/devise/parameter_sanitizer.rb | |
131: # TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+. | |
132: params && params.to_h.with_indifferent_access | |
133: end | |
134: | |
135: def default_params | |
=> 136: @params.fetch(@resource_name, {}) | |
137: end | |
138: | |
139: def permit_keys(parameters, keys) | |
140: parameters.permit(*keys) | |
(byebug) n | |
[135, 144] in ...gems/devise-83213569dd77/lib/devise/parameter_sanitizer.rb | |
135: def default_params | |
136: @params.fetch(@resource_name, {}) | |
137: end | |
138: | |
139: def permit_keys(parameters, keys) | |
=> 140: parameters.permit(*keys) | |
141: end | |
142: | |
143: def extract_auth_keys(klass) | |
144: auth_keys = klass.authentication_keys | |
(byebug) keys | |
[:email, :password, :password_confirmation] | |
(byebug) parameters | |
<ActionController::Parameters {} permitted: false> | |
(byebug) default_params | |
<ActionController::Parameters {} permitted: false> | |
(byebug) @resource_name | |
:api_v1_user | |
``` | |
8. So the conclusion is that the @resource_name of the input is based on your controller class namespace, not just your devise resource name. | |
Therefore, please make sure your resource name is correct when you pass parameters into Devise controller. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment