Search code examples
ruby-on-railsruby-on-rails-4deviseruby-on-rails-5devise-recoverable

Devise Recoverable says Email can't be blank on Rails 4/5


Given I am a registered user
And I am not logged in
When I visit "http://localhost:3000/member/password/edit?reset_password_token=BVE492WU1YqMp6nmxCX4"
And I fill in "asdfasdf" in "user[:password]
And I fill in "asdfasdf" in "user[:password_confirmation]
And I submit form
Then I see "Email can't be blank" -> which should be skipped

routes.rb

  devise_for :users,
             path: 'member',
             controllers: {registrations: 'member/registrations',
                           sessions: 'member/sessions',
                           passwords: 'member/passwords',
                           confirmations: 'member/confirmations',
                           unlocks: 'member/unlocks',
                           omniauth_callbacks: 'member/omniauth_callbacks'}

  devise_scope :user do
    match 'member/finish_signup/:id', to: 'member/registrations#finish_signup', via: [:get, :post], :as => :finish_signup
    match 'member/show_token', to: 'member/registrations#show_token', via: [:get, :post]
    # also tried without the following lines
    patch 'member/password' => 'member/passwords#update'
    put 'member/password' => 'member/passwords#update'
  end

application_controller.rb

    before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_in, keys: [:email, :password])
    devise_parameter_sanitizer.permit(:account_update, keys: [:email, :password, :password_confirmation])
    # NONE of the both below change anything
    devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :password_confirmation])
    # this one does not work anymore
    # devise_parameter_sanitizer.for(:sign_up) do |u|
    #   u.permit(:email,:password,:password_confirmation)
    # end
  end

passwords/edit.html.erb

<%= form_for(resource, as: resource_name, url: password_path(resource_name), method: :put) do |f| %>
    <%= devise_error_messages! %>
    <%= f.hidden_field :reset_password_token %>
      <% if @minimum_password_length %>
          <em>(<%= @minimum_password_length %> characters minimum)</em><br/>
      <% end %>
      <%= f.password_field :password, autofocus: true, autocomplete: "off" %>

      <%= f.password_field :password_confirmation, autocomplete: "off" %>

      <%= f.submit "Change my password" %>
<% end %>

 also tried this:

 <%= form_for(resource, as: resource_name, url: member_password_path(resource_name), html: {method: :put}) do |f| %>

The rendered HTML is which looks good (post method):

<form class="new_user" id="new_user" action="/member/password.user" accept-charset="UTF-8" method="post">

    <input name="utf8" type="hidden" value="✓"><input type="hidden" name="_method" value="patch">

    <input type="hidden" name="authenticity_token" value="Egh7QFhtHwcBVCuUgTDFnOF2C/g2Ql/sKeiuwjchjmpDh4JqyBPuLTaN9VT9iFFiP7JDxbp0+BeeA2QUSJWN3g==">

    <input type="hidden" value="BVE492WU1YqMp6nmxCX4" name="user[reset_password_token]" id="user_reset_password_token">

          <em>(8 characters minimum)</em><br>
      <input autofocus="autofocus" autocomplete="off" type="password" name="user[password]" id="user_password">

      <input autocomplete="off" type="password" name="user[password_confirmation]" id="user_password_confirmation">

      <input type="submit" name="commit" value="Change my password" data-disable-with="Change my password">
</form>

member/passwords_controller.rb

class Member::PasswordsController < Devise::PasswordsController

end

rake routes:

        new_user_session GET      /member/sign_in(.:format)               member/sessions#new
            user_session POST     /member/sign_in(.:format)               member/sessions#create
    destroy_user_session GET      /member/sign_out(.:format)              member/sessions#destroy
 user_omniauth_authorize GET|POST /member/auth/:provider(.:format)        member/omniauth_callbacks#passthru {:provider=>/facebook/}
  user_omniauth_callback GET|POST /member/auth/:action/callback(.:format) member/omniauth_callbacks#(?-mix:facebook)
           user_password POST     /member/password(.:format)              member/passwords#create
       new_user_password GET      /member/password/new(.:format)          member/passwords#new
      edit_user_password GET      /member/password/edit(.:format)         member/passwords#edit
                         PATCH    /member/password(.:format)              member/passwords#update
                         PUT      /member/password(.:format)              member/passwords#update
cancel_user_registration GET      /member/cancel(.:format)                member/registrations#cancel
       user_registration POST     /member(.:format)                       member/registrations#create
   new_user_registration GET      /member/sign_up(.:format)               member/registrations#new
  edit_user_registration GET      /member/edit(.:format)                  member/registrations#edit
                         PATCH    /member(.:format)                       member/registrations#update
                         PUT      /member(.:format)                       member/registrations#update
                         DELETE   /member(.:format)                       member/registrations#destroy
       user_confirmation POST     /member/confirmation(.:format)          member/confirmations#create
   new_user_confirmation GET      /member/confirmation/new(.:format)      member/confirmations#new
                         GET      /member/confirmation(.:format)          member/confirmations#show
             user_unlock POST     /member/unlock(.:format)                member/unlocks#create
         new_user_unlock GET      /member/unlock/new(.:format)            member/unlocks#new
                         GET      /member/unlock(.:format)                member/unlocks#show
           finish_signup GET|POST /member/finish_signup/:id(.:format)     member/registrations#finish_signup
       member_show_token GET|POST /member/show_token(.:format)            member/registrations#show_token
         member_password PATCH    /member/password(.:format)              member/passwords#update
                         PUT      /member/password(.:format)              member/passwords#update

And this is the log when I submit the filled out "/passwords/edit.html.erb" (http://localhost:3000/member/password/edit?reset_password_token=BVE492WU1YqMp6nmxCX4)

Started GET "/member/password/edit?reset_password_token=[FILTERED]" for 127.0.0.1 at 2016-03-04 12:40:41 +0100
Processing by Member::PasswordsController#edit as HTML
  Parameters: {"reset_password_token"=>"[FILTERED]"}
DEPRECATION WARNING: [Devise] Changing the sanitized parameters through "Devise::ParameterSanitizer#for(sign_up) is deprecated and it will be removed from Devise 4.1.
Please use the `permit` method:

  devise_parameter_sanitizer.permit(:sign_up) do |user|
    # Your block here.
  end
 (called from deprecate_for_with_block at /Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/devise-4.0.0.rc1/lib/devise/parameter_sanitizer.rb:177)
  Rendered devise/shared/_links.html.erb (1.6ms)
  Rendered devise/passwords/edit.html.erb within layouts/application (3.5ms)
Completed 200 OK in 14ms (Views: 11.5ms)


Incoming Headers:
  Origin: http://localhost:3000
  Access-Control-Request-Method: 
  Access-Control-Request-Headers: 
Started POST "/member/password.user" for 127.0.0.1 at 2016-03-04 12:41:19 +0100
Processing by Member::PasswordsController#create as 
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"gmyAZDVZR4Z/OO3oa934MzNUwCFnzDSd7QLo6ZCoAnjT43lOpSe2rEjhMygXZWzN7ZCIHOv6k2Za6SI/7xwBzA==", "user"=>{"reset_password_token"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Change my password"}
Completed 406 Not Acceptable in 2ms



ActionController::UnknownFormat (ActionController::UnknownFormat):

responders (2.1.1) lib/action_controller/respond_with.rb:207:in `respond_with'
devise (4.0.0.rc1) app/controllers/devise/passwords_controller.rb:19:in `create'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/abstract_controller/base.rb:183:in `process_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/action_controller/metal/rendering.rb:30:in `process_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/activesupport/lib/active_support/callbacks.rb:126:in `call'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/activesupport/lib/active_support/callbacks.rb:126:in `call'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/activesupport/lib/active_support/callbacks.rb:506:in `blo

I think the routing from password_path(resource_name) is incorrect. It brings me to member/passwords#create instead of member/passwords#update which seems to be right.

Please, how can I fix this?

.gemfile

gem 'rails', github: "rails/rails"
gem 'active_model_serializers', github: "rails-api/active_model_serializers", branch: 'master'
gem 'mongoid', git: 'https://github.com/estolfo/mongoid.git', branch: 'MONGOID-4218-rails-5'
# api token authentication for devise
gem 'devise', "4.0.0.rc1"
# we can switch back when Rails 5, and Devise 4 is supported
gem 'simple_token_authentication', github: "consti/simple_token_authentication"

gem 'bootstrap_form'
gem 'omniauth'
gem 'omniauth-facebook'

Solution

  • Changing the as: name and the of the route and the method to post did the trick. It seems that they got not overridden in my devise_scope.

    'member/password/update' => 'member/passwords#update', as: :member_password_custom_update