Reputation: 10182
Authlogic ignoring password parameter
Authlogic seems to be ignoring the password parameter when creating a new user. Here's my users_controller class:
class Api::V1::UsersController < ApplicationController
def create
@user = User.new(user_params)
respond_to do |format|
if @user.save
format.json { render :json => @user, :status => :created}
else
format.json { render :json => @user.errors, :status => :unprocessable_entity }
end
end
end
private
def user_params
params.require(:user).permit(:username, :email, :password)
end
end
And my user model:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.require_password_confirmation = false
end
end
When I send a POST request to /api/v1/users/ with a username, email and password parameter, authlogic says that the password cannot be blank even though it isn't. Here's whats printed out by rails:
Started POST "/api/v1/users/" for 127.0.0.1 at 2013-06-22 00:03:30 -0400
Processing by Api::V1::UsersController#create as */*
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"[email protected]"}}
(0.2ms) BEGIN
User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER('[email protected]') LIMIT 1
User Exists (0.2ms) SELECT 1 AS one FROM "users" WHERE LOWER("users"."username") = LOWER('myUser') LIMIT 1
User Exists (0.3ms) SELECT 1 AS one FROM "users" WHERE "users"."persistence_token" = '7b72bab3627914d33e83e4efe1c5a9dab190750efb227698c8b5b6be7a7ccf118160d8e12623078543e0f4e5f31eb30828799cb0d97fb2af195daee894c79902' LIMIT 1
(0.2ms) ROLLBACK
Completed 422 Unprocessable Entity in 33ms (Views: 0.2ms | ActiveRecord: 3.2ms)
I'm using the latest authlogic and Ruby 2/Rails 4.
Upvotes: 1
Views: 366
Answers (2)
Reputation: 3687
Take a look at an excerpt from Rails log:
{"email"=>"[email protected]", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"[email protected]"}}
It looks like you send slightly wrong parameters. To be recognized by Authlogic, password parameter should go under user key in parameters hash. I.e. that line from Rails log should look like this (pay attention to the end of string):
{"email"=>"[email protected]", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"[email protected]", "password" => "[FILTERED]"}}
To fix it, you can do a hack like this:
private
def user_params
params.require(:user).permit(:username, :email).merge(:password => :password)
end
Alternatively, you can adjust the parameters sent from the client side (for example, using user[password] parameter's name instead of just password when sending HTTP POST request).
Upvotes: 3
Reputation: 7225
try this out:-
acts_as_authentic do |config|
config.check_passwords_against_database = false
config.validate_password_field = false
config.crypted_password_field = false
end
Upvotes: 0
Related Questions
- Can't log in with a valid password using Authlogic and Ruby on Rails?
- Ruby on Rails Authlogic password not valid
- Getting error of undefined method 'valid_password?' with Authlogic
- Authlogic Password is not valid error
- Authlogic: getting an undefined method `password' for #<User:
- Getting "undefined method `password' for #<User:0x2b95caea8590>" with Authlogic
- How do I get AuthLogic to skip Password validation?
- Rails: Authlogic: Cannot update user attributes -- "Password field cannot be blank"
- Authlogic: can't set password attribute from within class
- help with authlogic