我正在尝试构建用于密码重置的 api url。devise_token_auth
宝石。根据这里提到的用法,POST 请求/api/v1/auth/password
需要参数email
和redirect_url
. 匹配电子邮件参数的用户将收到有关如何重置密码的说明。redirect_url 是用户在访问电子邮件中包含的链接后将被重定向到的 URL。但是,我在电子邮件中收到以下用于密码重置的 URL,其中redirect_url
缺少参数,仅存在令牌。
http://localhost/api/v1/auth/password/edit?reset_password_token=sQ1kMrdmXx47scosNhZ8
以下是 development.log 中的一条日志,表明该参数是不允许的。为发送电子邮件而创建的作业包含如下所示的重定向 redirect_url,但实际电子邮件中不存在
Started POST "/api/v1/auth/password" for 127.0.0.1 at 2016-03-28 20:19:26 +0530
Processing by Api::V1::Auth::PasswordsController#create as */*
Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"abcd", "config"=>"default"}
Can't verify CSRF token authenticity
Unpermitted parameters: redirect_url, config
Unpermitted parameters: redirect_url, config
User Load (0.7ms) SELECT "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email') ORDER BY "users"."id" ASC LIMIT 1
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."reset_password_token" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"]]
(0.1ms) BEGIN
SQL (0.3ms) UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4 [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"], ["reset_password_sent_at", "2016-03-28 14:49:26.255859"], ["updated_at", "2016-03-28 14:49:26.258075"], ["id", 189]]
(13.4ms) COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: fed742b9-b1aa-4a71-80bb-a95fd0626175) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "RCg24UxHcsr6QyPWV9cz", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"abcd", :client_config=>"default"}
[ActiveJob] (0.2ms) BEGIN
[ActiveJob] SQL (0.4ms) INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id" [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n job_class: ActionMailer::DeliveryJob\n job_id: fed742b9-b1aa-4a71-80bb-a95fd0626175\n queue_name: mailers\n arguments:\n - Devise::Mailer\n - reset_password_instructions\n - deliver_now\n - _aj_globalid: gid://fertility-app/User/189\n - RCg24UxHcsr6QyPWV9cz\n - email: vipin8169@gmail.com\n provider: email\n redirect_url: abcd\n client_config: default\n"], ["run_at", "2016-03-28 14:49:26.289191"], ["created_at", "2016-03-28 14:49:26.289653"], ["updated_at", "2016-03-28 14:49:26.289653"]]
[ActiveJob] (4.6ms) COMMIT
Completed 200 OK in 60ms (Views: 0.2ms | ActiveRecord: 21.2ms)
以下是我的控制器中的代码:
#app/controllers/api/v1/auth/passwords_controller.rb
class Api::V1::Auth::PasswordsController < DeviseTokenAuth::PasswordsController
protect_from_forgery with: :null_session
before_action :configure_permitted_parameters
after_filter :set_csrf_header, only: [:create]
skip_before_action :verify_authenticity_token, only: [:create]
protected
def set_csrf_header
response.headers['X-CSRF-Token'] = form_authenticity_token
end
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) << :redirect_url
# params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token, :redirect_url)
end
end
Delayed::Job.first.handler
包含以下条目:
Delayed::Backend::ActiveRecord::Job Load (0.7ms) SELECT "delayed_jobs".* FROM "delayed_jobs" ORDER BY "delayed_jobs"."id" ASC LIMIT 1
=> "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n job_class: ActionMailer::DeliveryJob\n job_id: 7d61feef-3cee-41bc-a298-8bea20cfbf56\n queue_name: mailers\n arguments:\n - Devise::Mailer\n - reset_password_instructions\n - deliver_now\n - _aj_globalid: gid://fertility-app/User/189\n - SG7LTRWK37FMRE8dC7X7\n - email: vipin8169@gmail.com\n provider: email\n redirect_url: http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fpassword%2Fedit\n client_config: default\n"
从下面粘贴的 development.log 更新日志:
Started POST "/api/v1/auth/password?redirect_url=foo&email=vipin8169@gmail.com" for 127.0.0.1 at 2016-03-29 12:19:21 +0530
ActiveRecord::SchemaMigration Load (0.3ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Api::V1::Auth::PasswordsController#create as */*
Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"foo"}
Unpermitted parameter: redirect_url
Unpermitted parameter: redirect_url
User Load (1.2ms) SELECT "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email') ORDER BY "users"."id" ASC LIMIT 1
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."reset_password_token" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"]]
(0.2ms) BEGIN
SQL (0.6ms) UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4 [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"], ["reset_password_sent_at", "2016-03-29 06:49:22.147552"], ["updated_at", "2016-03-29 06:49:22.150433"], ["id", 189]]
(14.6ms) COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: 9131c578-6ec6-4365-848d-2aea78cd2251) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "NZgnXtSgJLXFdx2MPoEn", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"foo", :client_config=>"default"}
[ActiveJob] (0.2ms) BEGIN
[ActiveJob] SQL (1.5ms) INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id" [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n job_class: ActionMailer::DeliveryJob\n job_id: 9131c578-6ec6-4365-848d-2aea78cd2251\n queue_name: mailers\n arguments:\n - Devise::Mailer\n - reset_password_instructions\n - deliver_now\n - _aj_globalid: gid://fertility-app/User/189\n - NZgnXtSgJLXFdx2MPoEn\n - email: vipin8169@gmail.com\n provider: email\n redirect_url: foo\n client_config: default\n"], ["run_at", "2016-03-29 06:49:22.209778"], ["created_at", "2016-03-29 06:49:22.210172"], ["updated_at", "2016-03-29 06:49:22.210172"]]
[ActiveJob] (10.7ms) COMMIT
Completed 200 OK in 348ms (Views: 0.3ms | ActiveRecord: 33.3ms)