Does not pass authorization (devise auth token)

2
votes

I am using Devise auth token gem for authenticating some parts of my rails app. But when I try to log in, I get the following error:

POST http://localhost:3000/auth/sign_in 500 (Internal Server Error)

Here is the complete trace:

Started POST "/auth/sign_in" for 10.12.4.5 at 2018-05-30 09:29:36 +0500 Processing by DeviseTokenAuth::SessionsController#create as JSON Parameters: {"login"=>"admin", "password"=>"[FILTERED]", "session"=>{"login"=>"admin", "password"=>"[FILTERED]"}} Completed 500 Internal Server Error in 14ms (ActiveRecord: 0.0ms)

NoMethodError (undefined method `each' for

):

devise_token_auth (0.1.43) app/controllers/devise_token_auth/application_controller.rb:35:in params_for_resource' devise_token_auth (0.1.43) app/controllers/devise_token_auth/sessions_controller.rb:129:in resource_params' devise_token_auth (0.1.43) app/controllers/devise_token_auth/sessions_controller.rb:13:in create' actionpack (5.1.6) lib/action_controller/metal/basic_implicit_render.rb:4:in send_action' actionpack (5.1.6) lib/abstract_controller/base.rb:186:in process_action' actionpack (5.1.6) lib/action_controller/metal/rendering.rb:30:in process_action' actionpack (5.1.6) lib/abstract_controller/callbacks.rb:20:in block in process_action' activesupport (5.1.6) lib/active_support/callbacks.rb:131:in run_callbacks' actionpack (5.1.6) lib/abstract_controller/callbacks.rb:19:in process_action' actionpack (5.1.6) lib/action_controller/metal/rescue.rb:20:inprocess_action' actionpack (5.1.6) lib/action_controller/metal/instrumentation.rb:32:in block in process_action' activesupport (5.1.6) lib/active_support/notifications.rb:166:inblock in instrument' activesupport (5.1.6) lib/active_support/notifications/instrumenter.rb:21:in instrument' activesupport (5.1.6) lib/active_support/notifications.rb:166:in instrument' actionpack (5.1.6) lib/action_controller/metal/instrumentation.rb:30:in process_action' actionpack (5.1.6) lib/action_controller/metal/params_wrapper.rb:252:inprocess_action' activerecord (5.1.6) lib/active_record/railties/controller_runtime.rb:22:in process_action' actionpack (5.1.6) lib/abstract_controller/base.rb:124:inprocess' actionpack (5.1.6) lib/action_controller/metal.rb:189:in dispatch' actionpack (5.1.6) lib/action_controller/metal.rb:253:indispatch' actionpack (5.1.6) lib/action_dispatch/routing/route_set.rb:49:in dispatch' actionpack (5.1.6) lib/action_dispatch/routing/route_set.rb:31:inserve' actionpack (5.1.6) lib/action_dispatch/routing/mapper.rb:16:in block in <class:Constraints>' actionpack (5.1.6) lib/action_dispatch/routing/mapper.rb:46:inserve' actionpack (5.1.6) lib/action_dispatch/journey/router.rb:50:in block in serve' actionpack (5.1.6) lib/action_dispatch/journey/router.rb:33:ineach' actionpack (5.1.6) lib/action_dispatch/journey/router.rb:33:in serve' actionpack (5.1.6) lib/action_dispatch/routing/route_set.rb:844:in call' warden (1.2.7) lib/warden/manager.rb:36:in block in call' warden (1.2.7) lib/warden/manager.rb:35:incatch' warden (1.2.7) lib/warden/manager.rb:35:in call' rack (2.0.5) lib/rack/etag.rb:25:in call' rack (2.0.5) lib/rack/conditional_get.rb:38:in call' rack (2.0.5) lib/rack/head.rb:12:incall' activerecord (5.1.6) lib/active_record/migration.rb:556:in call' actionpack (5.1.6) lib/action_dispatch/middleware/callbacks.rb:26:inblock in call' activesupport (5.1.6) lib/active_support/callbacks.rb:97:in run_callbacks' actionpack (5.1.6) lib/action_dispatch/middleware/callbacks.rb:24:incall' actionpack (5.1.6) lib/action_dispatch/middleware/executor.rb:12:in call' actionpack (5.1.6) lib/action_dispatch/middleware/debug_exceptions.rb:59:incall' actionpack (5.1.6) lib/action_dispatch/middleware/show_exceptions.rb:31:in call' railties (5.1.6) lib/rails/rack/logger.rb:36:incall_app' railties (5.1.6) lib/rails/rack/logger.rb:24:in block in call' activesupport (5.1.6) lib/active_support/tagged_logging.rb:69:inblock in tagged' activesupport (5.1.6) lib/active_support/tagged_logging.rb:26:in tagged' activesupport (5.1.6) lib/active_support/tagged_logging.rb:69:intagged' railties (5.1.6) lib/rails/rack/logger.rb:24:in call' actionpack (5.1.6) lib/action_dispatch/middleware/remote_ip.rb:79:incall' actionpack (5.1.6) lib/action_dispatch/middleware/request_id.rb:25:in call' rack (2.0.5) lib/rack/runtime.rb:22:incall' activesupport (5.1.6) lib/active_support/cache/strategy/local_cache_middleware.rb:27:in call' actionpack (5.1.6) lib/action_dispatch/middleware/executor.rb:12:incall' actionpack (5.1.6) lib/action_dispatch/middleware/static.rb:125:in call' rack (2.0.5) lib/rack/sendfile.rb:111:incall' rack-cors (1.0.2) lib/rack/cors.rb:97:in call' railties (5.1.6) lib/rails/engine.rb:522:incall' puma (3.11.4) lib/puma/configuration.rb:225:in call' puma (3.11.4) lib/puma/server.rb:632:inhandle_request' puma (3.11.4) lib/puma/server.rb:446:in process_client' puma (3.11.4) lib/puma/server.rb:306:inblock in run' puma (3.11.4) lib/puma/thread_pool.rb:120:in `block in spawn_thread'

How can I fix the error?

application_controller.rb:

class ApplicationController < ActionController::API

  include DeviseTokenAuth::Concerns::SetUserByToken
  before_action :configure_permitted_parameters, if: :devise_controller?


  protected

  def configure_permitted_parameters

    devise_parameter_sanitizer.permit(:sign_up) { |u| u.permit(:login, :first_name, :patronymic, :last_name, :email, :password, :password_confirmation) }    
    devise_parameter_sanitizer.permit(:sign_in) { |u| u.permit(:login, :password) }    
    devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:password, :password_confirmation, :current_password) }    

  end
end

user.rb:

class User < ActiveRecord::Base
  self.table_name = 'DASHBOARD.V_L_USERS'
  self.primary_key = 'user_id'
  devise :database_authenticatable, :validatable, :authentication_keys => [:login]
  include DeviseTokenAuth::Concerns::User

  has_many :permission_references, as: :source
  accepts_nested_attributes_for :permission_references, :allow_destroy => true
  has_many :user_roles
  has_many :spr_dashboards, foreign_key: 'l_users_id'
  accepts_nested_attributes_for :user_roles, :allow_destroy => true

  def email_required?
    false
  end

  def password_required?
    false
  end

  def is_participant
    (read_attribute(:is_participant) == "Y")
  end

  def is_participant=(value)
    write_attribute(:is_participant, (value == "1") ? "Y" : "N")
  end

  def children_users_ids
    ActiveRecord::Base.connection.select_values <<-SQL.strip_heredoc
      SELECT l_users_id_right
      FROM DASHBOARD.V_L_USERS_RIGHTS
      WHERE l_users_id = #{user_id}
    SQL
  end
end

routes.rb:

Rails.application.routes.draw do
  mount_devise_token_auth_for 'User', at: 'auth'
end
1
ruby-on-railsrubydevise

1 Answers

0
votes

It looks like blocks are not supported in devise_parameter_sanitizer. https://github.com/lynndylanhurley/devise_token_auth/issues/758#issuecomment-280797969