Menu
I am trying to use devise and devise_token_auth for authentication in my app.
I am overriding the registration controller as follow:
module Overrides
class RegistrationsController < DeviseTokenAuth::RegistrationsController
## I am doing these to go around the `Can't verify CSRF token authenticity` Error.
# skip_before_action :valid_authenticity_token, only: :create
protect_from_forgery :except => :create
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation, :name, :nickname)
end
end
end
I am also sending in my parameters using swagger docs api as follow:
swagger_api :create do
summary "Sign up a new user"
param :form, "user[email]", :string, :required, "Email of the new user"
param :form, "user[password]", :string, :required, "Password of the new user"
param :form, "user[password_confirmation]", :string, :required, "Retype Password of the new user"
param :form, "user[name]", :string, :optional, "Name of the new user"
param :form, "user[nickname]", :string, :optional, "Nick-Name of the new user"
response :not_acceptable
response :success
end
This produces parameters on my terminal as follow:
Processing by Overrides::RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "name"=>"rgefsrfgrfdfsd", "nickname"=>"rgefsrfgrfdfsd"}}
However, this request never hits my model, ( talkless of creating the new user ). On the page, however, I am having the following error:
And a Completed 403 Forbidden in 93ms (Views: 0.3ms | ActiveRecord: 0.0ms) on the terminal.
How can I go about solving this? Thanks
Update:
#route.rb:
namespace :api do
namespace :v1 do
mount_devise_token_auth_for 'User', at: 'auth', controllers: {
confirmations: 'overrides/confirmations',
passwords: 'overrides/passwords',
registrations: 'overrides/registrations',
sessions: 'overrides/sessions',
}
...
end
end
#Countroller:
class ApiController < ApplicationController
include DeviseTokenAuth::Concerns::SetUserByToken
protect_from_forgery with: :null_session
end
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
end
#user.rb:
class User < ActiveRecord::Base
# Include default devise modules.
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:confirmable, :omniauthable
include DeviseTokenAuth::Concerns::User
814
The confirm_success_url param is used to support multiple client applications. If the param isn't required, then the API has no way of knowing where to redirect after email confirmation.
But for your devise_token_auth, your application_controller.rb should be:
protect_from_forgery with: :null_session
include DeviseTokenAuth::Concerns::SetUserByToken
In your routes.rb
mount_devise_token_auth_for 'User', at: 'auth'
Remove the confirmable tag In user.rb , so that it looks like below
devise :database_authenticatable, :recoverable,
:trackable, :validatable, :registerable,
:omniauthable
include DeviseTokenAuth::Concerns::User
The solution is just to set the default URL in config/initializer/devise_token_auth.rb:
DeviseTokenAuth.setup do |config|
config.default_confirm_success_url = "confirmed"
end
As a note to anyone who might find this, if you have
include DeviseTokenAuth::Concerns::User
before your devise section in user.rb, devise_token_auth will include a list of modules for you, which includes confirmable in the list (and may generate the above error). Just move the module include after the devise section and it'll work.
This is not the problem the OP had, but it's how I got here.
5
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
