We've moved discussions to Discord

This line? Devise Parameter Sanitizer

Lowell Kenyan
Hi, wondering if someone could help me understand this line from api/v1/users_controller.rb

    user = User.new(devise_parameter_sanitizer.sanitize(:sign_up))


I think I get the basic idea (we're "sanitizing" any params sent to Devise. But I'm not sure about the :sign_up bit. Unless we're assuming the client might include a "sign_up" key in its payload? Thanks!
Chris Oliver
Devise has several lists of allowed parameters for different actions. Each one may be slightly different, so they opted to give it a name to differentiate between them. That's what :sign_up stands for.
Lowell Kenyan
Thanks!
Lowell Kenyan
Follow-up: I'd like to also require a phone number at signup. Is there a config where I can add "phone" to the :signup list of allowed parameters?
Chris Oliver
Add it in ApplicationController. The Devise docs can walk you through it if you need more details. 👍
David Barta
I have a related problem: I used curl to test sign up from the api with the jumpstart pro template, but can't get it to work.

I'm getting back:
{"errors":{"email":["can't be blank"],"password":["can't be blank"],"terms_of_service":["can't be blank"],"name":["can't be blank"]}}

But from the rails log it seems these are passed in:
Started POST "/api/v1/users" for ::1 at 2020-08-04 14:23:27 +0300
14:23:27 web.1     | Processing by Api::V1::UsersController#create as JSON
14:23:27 web.1     |   Parameters: {"email"=>"[FILTERED]", "password"=>"[FILTERED]", "name"=>"[FILTERED]"}
14:23:27 web.1     | params:
14:23:27 web.1     | {"email"=>"xxxx", "password"=>"123456", "name"=>"xxxxx", "format"=>:json, "controller"=>"api/v1/users", "action"=>"create"}

I checked and the call to devise_parameter_sanitizer.sanitize(:sign_up) returns {}.

Any idea what I'm doing wrong?


David Barta
Never mind. I should have put user: in the params like so:
{"user": {"email"=>"xxxx", "password"=>"123456", "name"=>"xxxxx", "format"=>:json}}
Lowell Kenyan
Hi, wondering if someone could help me understand this line from api/v1/users_controller.rb

    user = User.new(devise_parameter_sanitizer.sanitize(:sign_up))


I think I get the basic idea (we're "sanitizing" any params sent to Devise. But I'm not sure about the :sign_up bit. Unless we're assuming the client might include a "sign_up" key in its payload? Thanks!
Chris Oliver
Devise has several lists of allowed parameters for different actions. Each one may be slightly different, so they opted to give it a name to differentiate between them. That's what :sign_up stands for.
Lowell Kenyan
Thanks!
Lowell Kenyan
Follow-up: I'd like to also require a phone number at signup. Is there a config where I can add "phone" to the :signup list of allowed parameters?
Chris Oliver
Add it in ApplicationController. The Devise docs can walk you through it if you need more details. 👍
David Barta
I have a related problem: I used curl to test sign up from the api with the jumpstart pro template, but can't get it to work.

I'm getting back:
{"errors":{"email":["can't be blank"],"password":["can't be blank"],"terms_of_service":["can't be blank"],"name":["can't be blank"]}}

But from the rails log it seems these are passed in:
Started POST "/api/v1/users" for ::1 at 2020-08-04 14:23:27 +0300
14:23:27 web.1     | Processing by Api::V1::UsersController#create as JSON
14:23:27 web.1     |   Parameters: {"email"=>"[FILTERED]", "password"=>"[FILTERED]", "name"=>"[FILTERED]"}
14:23:27 web.1     | params:
14:23:27 web.1     | {"email"=>"xxxx", "password"=>"123456", "name"=>"xxxxx", "format"=>:json, "controller"=>"api/v1/users", "action"=>"create"}

I checked and the call to devise_parameter_sanitizer.sanitize(:sign_up) returns {}.

Any idea what I'm doing wrong?


David Barta
Never mind. I should have put user: in the params like so:
{"user": {"email"=>"xxxx", "password"=>"123456", "name"=>"xxxxx", "format"=>:json}}
Notifications
You’re not receiving notifications from this thread.
© 2022 Jumpstart Pro by GoRails, LLC