Rails 无处添加 API 字段
Rails is adding API fields from nowhere
我正在使用 Rails API Mode 创建 RESTful API。
我正在使用 devise 来处理用户创建,并使用 simple_token_authentication 来处理令牌生成和授权。
以下是我发出提取请求的方式:
async requestAccountCreation(data) {
await fetch('http://localhost:3000/users', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: data
})
.then(response => response.json())
.then(data => {
console.log(data)
})
.catch(e => {
console.log(e)
})
}
当我 console.log() 来自 requestAccountCreation(data) 的数据时,这给了我一个有效的 JSON 字符串,所以没有问题。这是发送到 Rails 服务器的内容:
{"firstname":"Tristan","lastname":"Vermeesch","username":"PlayBossWar","email":"titivermeesch2@gmail.com","address":"Rue Haute, 37 5550 Chairière","password":"jsoaod"}
现在是 Rails 部分,首先是我的 user.rb :
class User < ApplicationRecord
acts_as_token_authenticatable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
validates :firstname, presence: true
validates :lastname, presence: true
validates :username, presence: true
validates :address, presence: true
validates :idcard, presence: true
end
额外字段是我添加到 devise 为我生成的现有字段中的字段,我迁移了所有文件。
这是我使用的 route :
devise_for :users, :controllers => { registrations: 'registrations' }
如您所见,我添加了一个自定义控制器来处理额外的字段,这里是:
class RegistrationsController < Devise::RegistrationsController
private
def sign_up_params
params.permit(:firstname, :lastname, :email, :password, :username, :idcard, :address)
end
def account_update_params
params.permit(:firstname, :lastname, :email, :password, :current_password, :username, :idcard, :address)
end
end
我从 Whosebug 得到这个 post。
现在我在控制台中出现错误,这里是:
Started POST "/users" for 127.0.0.1 at 2019-07-11 12:24:42 +0200
Processing by RegistrationsController#create as */*
Parameters: {"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch2@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]", "registration"=>{"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch2@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]"}}
Unpermitted parameter: :registration
(0.1ms) begin transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
User Exists (0.3ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "titivermeesch2@gmail.com"], ["LIMIT", 1]]
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
(0.1ms) rollback transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 200 OK in 452ms (Views: 0.2ms | ActiveRecord: 5.2ms)
所以它说有一个不允许的参数:registration。
问题是,我不知道这是从哪里来的,我没有在我的前端传递它,所以它必须被设计,但我不知道它为什么这样做。
按照建议禁用包装器后,现在是我的错误:
Started POST "/users" for 127.0.0.1 at 2019-07-11 13:46:28 +0200
Processing by RegistrationsController#create as */*
Parameters: {"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch25@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]"}
(0.2ms) begin transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "titivermeesch25@gmail.com"], ["LIMIT", 1]]
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
(0.2ms) rollback transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 200 OK in 430ms (Views: 0.3ms | ActiveRecord: 10.9ms)
阅读config/initializers/wrap_parameters.rb的内容。
然后,要么关闭环绕(如文件注释中所述),要么在关键级别允许参数,例如:
params
.require(:registration)
.permit(*%i[firstname lastname email password username idcard address])
您已经在初始化程序中打开 config.wrap_parameters [检查文件 config/initializers/wrap_parameters.rb] 或 [您] 正在调用 wrap_parameters() 在你的控制器中...默认情况下,参数将根据你的控制器名称被克隆并包装在密钥中。
看看这里:
http://guides.rubyonrails.org/action_controller_overview.html#parameters http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html
在特定控制器或应用程序控制器中调用 wrap_parameters false 也将分别在控制器特定级别和整个应用程序中停止此行为。
我正在使用 Rails API Mode 创建 RESTful API。
我正在使用 devise 来处理用户创建,并使用 simple_token_authentication 来处理令牌生成和授权。
以下是我发出提取请求的方式:
async requestAccountCreation(data) {
await fetch('http://localhost:3000/users', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: data
})
.then(response => response.json())
.then(data => {
console.log(data)
})
.catch(e => {
console.log(e)
})
}
当我 console.log() 来自 requestAccountCreation(data) 的数据时,这给了我一个有效的 JSON 字符串,所以没有问题。这是发送到 Rails 服务器的内容:
{"firstname":"Tristan","lastname":"Vermeesch","username":"PlayBossWar","email":"titivermeesch2@gmail.com","address":"Rue Haute, 37 5550 Chairière","password":"jsoaod"}
现在是 Rails 部分,首先是我的 user.rb :
class User < ApplicationRecord
acts_as_token_authenticatable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
validates :firstname, presence: true
validates :lastname, presence: true
validates :username, presence: true
validates :address, presence: true
validates :idcard, presence: true
end
额外字段是我添加到 devise 为我生成的现有字段中的字段,我迁移了所有文件。
这是我使用的 route :
devise_for :users, :controllers => { registrations: 'registrations' }
如您所见,我添加了一个自定义控制器来处理额外的字段,这里是:
class RegistrationsController < Devise::RegistrationsController
private
def sign_up_params
params.permit(:firstname, :lastname, :email, :password, :username, :idcard, :address)
end
def account_update_params
params.permit(:firstname, :lastname, :email, :password, :current_password, :username, :idcard, :address)
end
end
我从 Whosebug 得到这个 post。
现在我在控制台中出现错误,这里是:
Started POST "/users" for 127.0.0.1 at 2019-07-11 12:24:42 +0200
Processing by RegistrationsController#create as */*
Parameters: {"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch2@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]", "registration"=>{"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch2@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]"}}
Unpermitted parameter: :registration
(0.1ms) begin transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
User Exists (0.3ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "titivermeesch2@gmail.com"], ["LIMIT", 1]]
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
(0.1ms) rollback transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 200 OK in 452ms (Views: 0.2ms | ActiveRecord: 5.2ms)
所以它说有一个不允许的参数:registration。
问题是,我不知道这是从哪里来的,我没有在我的前端传递它,所以它必须被设计,但我不知道它为什么这样做。
按照建议禁用包装器后,现在是我的错误:
Started POST "/users" for 127.0.0.1 at 2019-07-11 13:46:28 +0200
Processing by RegistrationsController#create as */*
Parameters: {"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch25@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]"}
(0.2ms) begin transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
User Exists (0.5ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "titivermeesch25@gmail.com"], ["LIMIT", 1]]
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
(0.2ms) rollback transaction
↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 200 OK in 430ms (Views: 0.3ms | ActiveRecord: 10.9ms)
阅读config/initializers/wrap_parameters.rb的内容。
然后,要么关闭环绕(如文件注释中所述),要么在关键级别允许参数,例如:
params
.require(:registration)
.permit(*%i[firstname lastname email password username idcard address])
您已经在初始化程序中打开 config.wrap_parameters [检查文件 config/initializers/wrap_parameters.rb] 或 [您] 正在调用 wrap_parameters() 在你的控制器中...默认情况下,参数将根据你的控制器名称被克隆并包装在密钥中。
看看这里: http://guides.rubyonrails.org/action_controller_overview.html#parameters http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html
在特定控制器或应用程序控制器中调用 wrap_parameters false 也将分别在控制器特定级别和整个应用程序中停止此行为。