Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Devise Strong Parameters by Block #464

Closed
dmtroyer opened this issue Dec 11, 2015 · 4 comments
Closed

Support Devise Strong Parameters by Block #464

dmtroyer opened this issue Dec 11, 2015 · 4 comments
Labels
close-in-7-days

Comments

@dmtroyer
Copy link

Currently, the only way to customize accepted parameters using the devise_parameter_sanitizer is with simple scalar types, ala:

class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :username
  end
end

Trying to do anything more complex by block as supported by Devise, won't work.

def configure_permitted_parameters
  devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
end

The reason is how devise_token_auth permits parameters by default at DeviseTokenAuth:: RegistrationsController.sign_up_params:

def sign_up_params
  params.permit(devise_parameter_sanitizer.for(:sign_up))
end

From my understanding, we should probably be using the devise_parameter_sanitizer.sanitize() method like in the original Devise::RegistrationsController:

def sign_up_params
  devise_parameter_sanitizer.sanitize(:sign_up)
end

BUT, this doesn't work because the Devise::ParameterSanitizer.resource_name is not matching the request when it is referenced eventually at Devise::ParameterSanitizer.default_params. It is looking for :api_user but that is never in the params (from what I can tell, at least for registration) so calling the sanitize method will always return an empty hash, hence the aforementioned sign_up_params hack.

Anyhow. I mostly wanted to document this so that when I dig deeper into it tomorrow I will remember what I spent all day on.
@dmtroyer dmtroyer mentioned this issue Dec 11, 2015
Merged
@dmtroyer
Copy link
Author

This is going much deeper than I thought. 👀

@jamesdabbs
Copy link

See also 5243f1a#diff-a2a19f583a3222656a65580ef78bde65R20

If we can't fix this in the short term, it'd be worth adding a note to the README about setting up the sanitizer correctly.

@zachfeldman
Copy link
Contributor

Hi there @dmtroyer and @jamesdabbs ,

In an effort to cleanup this project and prioritize a bit, we're marking issues that haven't had any activity in a while with a "close-in-7-days" label. If we don't hear from you in about a week, we'll be closing this issue. Obviously feel free to re-open it at any time if it's the right time or this was done in error!

If you are still having the issue (especially if it's a bug report) please refer to our new Issue Template to provide some more details to help us solve it.

Hope all is well.

@exocode
Copy link
Contributor

exocode commented Oct 23, 2019

ehm... I stumbled over this :api_user issue as resource_name...
How did you guys handle this?

I only get the registration done when I change :user to :api_user :

{"api_user": {"email": "mail@email.com", "password":"12345678", "password_confirmation":"12345678"}}
Everything else (sign_up_params,..) are devise defaults

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
close-in-7-days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jamesdabbs @zachfeldman @exocode @dmtroyer