Ruby on rails 4 发送给用户进行密码重置的电子邮件说明中缺少重定向url_Ruby On Rails 4_Devise_Delayed Job_Rails Activejob_Devise Recoverable

Ruby on rails 4 发送给用户进行密码重置的电子邮件说明中缺少重定向url

ruby-on-rails-4

Ruby on rails 4 发送给用户进行密码重置的电子邮件说明中缺少重定向url,ruby-on-rails-4,devise,delayed-job,rails-activejob,devise-recoverable,Ruby On Rails 4,Devise,Delayed Job,Rails Activejob,Devise Recoverable,我正试图通过为密码重置构建api URL设计令牌\u验证gem。根据上述用法，/api/v1/auth/password的POST请求需要参数email和redirect\u url。将向匹配电子邮件参数的用户发送有关如何重置密码的说明。redirect_url是用户访问电子邮件中包含的链接后将被重定向到的url。但是，我在密码重置电子邮件中收到以下URL，其中缺少paramredirect\u URL，只有令牌存在 http://localhost/api/v1/auth/password/

我正试图通过为密码重置构建api URL<代码>设计令牌\u验证gem。根据上述用法，

/api/v1/auth/password

的POST请求需要参数

email

和

redirect\u url

。将向匹配电子邮件参数的用户发送有关如何重置密码的说明。redirect_url是用户访问电子邮件中包含的链接后将被重定向到的url。但是，我在密码重置电子邮件中收到以下URL，其中缺少param

redirect\u URL

，只有令牌存在

http://localhost/api/v1/auth/password/edit?reset_password_token=sQ1kMrdmXx47scosNhZ8

下面是postman的api截图。

下面是development.log中的一段日志，表示不允许使用该参数。由此创建的用于发送电子邮件的作业包含重定向url，如下所示，但它不存在于实际电子邮件中

Started POST "/api/v1/auth/password" for 127.0.0.1 at 2016-03-28 20:19:26 +0530
Processing by Api::V1::Auth::PasswordsController#create as */*
  Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"abcd", "config"=>"default"}
Can't verify CSRF token authenticity
Unpermitted parameters: redirect_url, config
Unpermitted parameters: redirect_url, config
  User Load (0.7ms)  SELECT  "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email')  ORDER BY "users"."id" ASC LIMIT 1
  User Load (0.3ms)  SELECT  "users".* FROM "users" WHERE "users"."reset_password_token" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"]]
   (0.1ms)  BEGIN
  SQL (0.3ms)  UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4  [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"], ["reset_password_sent_at", "2016-03-28 14:49:26.255859"], ["updated_at", "2016-03-28 14:49:26.258075"], ["id", 189]]
   (13.4ms)  COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: fed742b9-b1aa-4a71-80bb-a95fd0626175) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "RCg24UxHcsr6QyPWV9cz", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"abcd", :client_config=>"default"}
[ActiveJob]    (0.2ms)  BEGIN
[ActiveJob]   SQL (0.4ms)  INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id"  [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n  job_class: ActionMailer::DeliveryJob\n  job_id: fed742b9-b1aa-4a71-80bb-a95fd0626175\n  queue_name: mailers\n  arguments:\n  - Devise::Mailer\n  - reset_password_instructions\n  - deliver_now\n  - _aj_globalid: gid://fertility-app/User/189\n  - RCg24UxHcsr6QyPWV9cz\n  - email: vipin8169@gmail.com\n    provider: email\n    redirect_url: abcd\n    client_config: default\n"], ["run_at", "2016-03-28 14:49:26.289191"], ["created_at", "2016-03-28 14:49:26.289653"], ["updated_at", "2016-03-28 14:49:26.289653"]]
[ActiveJob]    (4.6ms)  COMMIT
Completed 200 OK in 60ms (Views: 0.2ms | ActiveRecord: 21.2ms)

以下是我的控制器中的代码：

#app/controllers/api/v1/auth/passwords_controller.rb
class Api::V1::Auth::PasswordsController < DeviseTokenAuth::PasswordsController
  protect_from_forgery with: :null_session
  before_action :configure_permitted_parameters

  after_filter :set_csrf_header, only: [:create]

  skip_before_action :verify_authenticity_token, only: [:create]

  protected

  def set_csrf_header
    response.headers['X-CSRF-Token'] = form_authenticity_token
  end

  private

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) << :redirect_url
    # params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token, :redirect_url)
  end
end

从下面粘贴的development.log更新日志：

Started POST "/api/v1/auth/password?redirect_url=foo&email=vipin8169@gmail.com" for 127.0.0.1 at 2016-03-29 12:19:21 +0530
  ActiveRecord::SchemaMigration Load (0.3ms)  SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Api::V1::Auth::PasswordsController#create as */*
  Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"foo"}
Unpermitted parameter: redirect_url
Unpermitted parameter: redirect_url
  User Load (1.2ms)  SELECT  "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email')  ORDER BY "users"."id" ASC LIMIT 1
  User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."reset_password_token" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"]]
   (0.2ms)  BEGIN
  SQL (0.6ms)  UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4  [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"], ["reset_password_sent_at", "2016-03-29 06:49:22.147552"], ["updated_at", "2016-03-29 06:49:22.150433"], ["id", 189]]
   (14.6ms)  COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: 9131c578-6ec6-4365-848d-2aea78cd2251) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "NZgnXtSgJLXFdx2MPoEn", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"foo", :client_config=>"default"}
[ActiveJob]    (0.2ms)  BEGIN
[ActiveJob]   SQL (1.5ms)  INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id"  [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n  job_class: ActionMailer::DeliveryJob\n  job_id: 9131c578-6ec6-4365-848d-2aea78cd2251\n  queue_name: mailers\n  arguments:\n  - Devise::Mailer\n  - reset_password_instructions\n  - deliver_now\n  - _aj_globalid: gid://fertility-app/User/189\n  - NZgnXtSgJLXFdx2MPoEn\n  - email: vipin8169@gmail.com\n    provider: email\n    redirect_url: foo\n    client_config: default\n"], ["run_at", "2016-03-29 06:49:22.209778"], ["created_at", "2016-03-29 06:49:22.210172"], ["updated_at", "2016-03-29 06:49:22.210172"]]
[ActiveJob]    (10.7ms)  COMMIT
Completed 200 OK in 348ms (Views: 0.3ms | ActiveRecord: 33.3ms)

我相信您的问题在于：

无法验证CSRF令牌的真实性

。Rails表单出于安全目的生成CSRF令牌。如果没有发生这种情况（例如，您没有使用表单创建POST请求），您需要找到一种解决方法。一个选项是使用

protect\u from\u fackery:except=>：reset\u route

禁用路由上的CSRF保护，但请确保您了解这样做的安全含义，并且它适合您的用例。发布控制器可能会帮助您获得答案。我在操作之前跳过了操作：验证真实性令牌，仅在控制器中：[：创建]，不再获得CSRF警告。但问题依然存在。用代码更新了问题更新的错误消息是什么？错误消息是相同的，只是

无法验证CSRF令牌的真实性

不再存在，因此您需要在#创建路由的designe/strong参数中允许

重定向_url

（我相信designe调用

sign\u

。可能类似于

designe\u parameter\u消毒剂。对于（：sign\u）我相信您的问题是：无法验证CSRF令牌的真实性
。Rails表单出于安全目的生成CSRF令牌。如果没有发生这种情况（例如，您没有使用表单创建POST请求），您需要找到一种方法来解决这个问题。一种方法是使用protect\u from\u fackery:except=>：reset\u route
，禁用路由上的CSRF保护，但请确保您了解这样做的安全含义，并且它适合您的用例。可能发布您的控制器会帮助您获得答案。我做到了e> 在\u操作之前跳过\u：验证\u真实性\u令牌，仅：[：创建]

在控制器中，不再收到CSRF警告。但问题仍然存在。用代码更新了问题。更新的错误消息是什么？错误消息是相同的，只是

无法验证CSRF令牌的真实性

不再存在。看起来您需要在#create r#的designe/strong参数中允许

重定向url

oute（我相信designe调用

sign\u

。可能类似于

designe\u参数\u消毒剂。for（：sign\u up）
Started POST "/api/v1/auth/password?redirect_url=foo&email=vipin8169@gmail.com" for 127.0.0.1 at 2016-03-29 12:19:21 +0530
  ActiveRecord::SchemaMigration Load (0.3ms)  SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Api::V1::Auth::PasswordsController#create as */*
  Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"foo"}
Unpermitted parameter: redirect_url
Unpermitted parameter: redirect_url
  User Load (1.2ms)  SELECT  "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email')  ORDER BY "users"."id" ASC LIMIT 1
  User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."reset_password_token" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"]]
   (0.2ms)  BEGIN
  SQL (0.6ms)  UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4  [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"], ["reset_password_sent_at", "2016-03-29 06:49:22.147552"], ["updated_at", "2016-03-29 06:49:22.150433"], ["id", 189]]
   (14.6ms)  COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: 9131c578-6ec6-4365-848d-2aea78cd2251) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "NZgnXtSgJLXFdx2MPoEn", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"foo", :client_config=>"default"}
[ActiveJob]    (0.2ms)  BEGIN
[ActiveJob]   SQL (1.5ms)  INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id"  [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n  job_class: ActionMailer::DeliveryJob\n  job_id: 9131c578-6ec6-4365-848d-2aea78cd2251\n  queue_name: mailers\n  arguments:\n  - Devise::Mailer\n  - reset_password_instructions\n  - deliver_now\n  - _aj_globalid: gid://fertility-app/User/189\n  - NZgnXtSgJLXFdx2MPoEn\n  - email: vipin8169@gmail.com\n    provider: email\n    redirect_url: foo\n    client_config: default\n"], ["run_at", "2016-03-29 06:49:22.209778"], ["created_at", "2016-03-29 06:49:22.210172"], ["updated_at", "2016-03-29 06:49:22.210172"]]
[ActiveJob]    (10.7ms)  COMMIT
Completed 200 OK in 348ms (Views: 0.3ms | ActiveRecord: 33.3ms)