Given I am a registered user
And I am not logged in
When I visit "http://localhost:3000/member/password/edit?reset_password_token=BVE492WU1YqMp6nmxCX4"
And I fill in "asdfasdf" in "user[:password]
And I fill in "asdfasdf" in "user[:password_confirmation]
And I submit form
Then I see "Email can't be blank" -> which should be skipped
routes.rb
devise_for :users,
path: 'member',
controllers: {registrations: 'member/registrations',
sessions: 'member/sessions',
passwords: 'member/passwords',
confirmations: 'member/confirmations',
unlocks: 'member/unlocks',
omniauth_callbacks: 'member/omniauth_callbacks'}
devise_scope :user do
match 'member/finish_signup/:id', to: 'member/registrations#finish_signup', via: [:get, :post], :as => :finish_signup
match 'member/show_token', to: 'member/registrations#show_token', via: [:get, :post]
# also tried without the following lines
patch 'member/password' => 'member/passwords#update'
put 'member/password' => 'member/passwords#update'
end
application_controller.rb
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_in, keys: [:email, :password])
devise_parameter_sanitizer.permit(:account_update, keys: [:email, :password, :password_confirmation])
# NONE of the both below change anything
devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :password_confirmation])
# this one does not work anymore
# devise_parameter_sanitizer.for(:sign_up) do |u|
# u.permit(:email,:password,:password_confirmation)
# end
end
passwords/edit.html.erb
<%= form_for(resource, as: resource_name, url: password_path(resource_name), method: :put) do |f| %>
<%= devise_error_messages! %>
<%= f.hidden_field :reset_password_token %>
<% if @minimum_password_length %>
<em>(<%= @minimum_password_length %> characters minimum)</em><br/>
<% end %>
<%= f.password_field :password, autofocus: true, autocomplete: "off" %>
<%= f.password_field :password_confirmation, autocomplete: "off" %>
<%= f.submit "Change my password" %>
<% end %>
also tried this:
<%= form_for(resource, as: resource_name, url: member_password_path(resource_name), html: {method: :put}) do |f| %>
The rendered HTML is which looks good (post method):
<form class="new_user" id="new_user" action="/member/password.user" accept-charset="UTF-8" method="post">
<input name="utf8" type="hidden" value="✓"><input type="hidden" name="_method" value="patch">
<input type="hidden" name="authenticity_token" value="Egh7QFhtHwcBVCuUgTDFnOF2C/g2Ql/sKeiuwjchjmpDh4JqyBPuLTaN9VT9iFFiP7JDxbp0+BeeA2QUSJWN3g==">
<input type="hidden" value="BVE492WU1YqMp6nmxCX4" name="user[reset_password_token]" id="user_reset_password_token">
<em>(8 characters minimum)</em><br>
<input autofocus="autofocus" autocomplete="off" type="password" name="user[password]" id="user_password">
<input autocomplete="off" type="password" name="user[password_confirmation]" id="user_password_confirmation">
<input type="submit" name="commit" value="Change my password" data-disable-with="Change my password">
</form>
member/passwords_controller.rb
class Member::PasswordsController < Devise::PasswordsController
end
rake routes:
new_user_session GET /member/sign_in(.:format) member/sessions#new
user_session POST /member/sign_in(.:format) member/sessions#create
destroy_user_session GET /member/sign_out(.:format) member/sessions#destroy
user_omniauth_authorize GET|POST /member/auth/:provider(.:format) member/omniauth_callbacks#passthru {:provider=>/facebook/}
user_omniauth_callback GET|POST /member/auth/:action/callback(.:format) member/omniauth_callbacks#(?-mix:facebook)
user_password POST /member/password(.:format) member/passwords#create
new_user_password GET /member/password/new(.:format) member/passwords#new
edit_user_password GET /member/password/edit(.:format) member/passwords#edit
PATCH /member/password(.:format) member/passwords#update
PUT /member/password(.:format) member/passwords#update
cancel_user_registration GET /member/cancel(.:format) member/registrations#cancel
user_registration POST /member(.:format) member/registrations#create
new_user_registration GET /member/sign_up(.:format) member/registrations#new
edit_user_registration GET /member/edit(.:format) member/registrations#edit
PATCH /member(.:format) member/registrations#update
PUT /member(.:format) member/registrations#update
DELETE /member(.:format) member/registrations#destroy
user_confirmation POST /member/confirmation(.:format) member/confirmations#create
new_user_confirmation GET /member/confirmation/new(.:format) member/confirmations#new
GET /member/confirmation(.:format) member/confirmations#show
user_unlock POST /member/unlock(.:format) member/unlocks#create
new_user_unlock GET /member/unlock/new(.:format) member/unlocks#new
GET /member/unlock(.:format) member/unlocks#show
finish_signup GET|POST /member/finish_signup/:id(.:format) member/registrations#finish_signup
member_show_token GET|POST /member/show_token(.:format) member/registrations#show_token
member_password PATCH /member/password(.:format) member/passwords#update
PUT /member/password(.:format) member/passwords#update
And this is the log when I submit the filled out "/passwords/edit.html.erb" (http://localhost:3000/member/password/edit?reset_password_token=BVE492WU1YqMp6nmxCX4)
Started GET "/member/password/edit?reset_password_token=[FILTERED]" for 127.0.0.1 at 2016-03-04 12:40:41 +0100
Processing by Member::PasswordsController#edit as HTML
Parameters: {"reset_password_token"=>"[FILTERED]"}
DEPRECATION WARNING: [Devise] Changing the sanitized parameters through "Devise::ParameterSanitizer#for(sign_up) is deprecated and it will be removed from Devise 4.1.
Please use the `permit` method:
devise_parameter_sanitizer.permit(:sign_up) do |user|
# Your block here.
end
(called from deprecate_for_with_block at /Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/devise-4.0.0.rc1/lib/devise/parameter_sanitizer.rb:177)
Rendered devise/shared/_links.html.erb (1.6ms)
Rendered devise/passwords/edit.html.erb within layouts/application (3.5ms)
Completed 200 OK in 14ms (Views: 11.5ms)
Incoming Headers:
Origin: http://localhost:3000
Access-Control-Request-Method:
Access-Control-Request-Headers:
Started POST "/member/password.user" for 127.0.0.1 at 2016-03-04 12:41:19 +0100
Processing by Member::PasswordsController#create as
Parameters: {"utf8"=>"✓", "authenticity_token"=>"gmyAZDVZR4Z/OO3oa934MzNUwCFnzDSd7QLo6ZCoAnjT43lOpSe2rEjhMygXZWzN7ZCIHOv6k2Za6SI/7xwBzA==", "user"=>{"reset_password_token"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Change my password"}
Completed 406 Not Acceptable in 2ms
ActionController::UnknownFormat (ActionController::UnknownFormat):
responders (2.1.1) lib/action_controller/respond_with.rb:207:in `respond_with'
devise (4.0.0.rc1) app/controllers/devise/passwords_controller.rb:19:in `create'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/abstract_controller/base.rb:183:in `process_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/action_controller/metal/rendering.rb:30:in `process_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/actionpack/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/activesupport/lib/active_support/callbacks.rb:126:in `call'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/activesupport/lib/active_support/callbacks.rb:126:in `call'
/Users/jan/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/rails-c901fad42cb4/activesupport/lib/active_support/callbacks.rb:506:in `blo
I think the routing from password_path(resource_name)
is incorrect. It brings me to member/passwords#create
instead of member/passwords#update
which seems to be right.
Please, how can I fix this?
.gemfile
gem 'rails', github: "rails/rails"
gem 'active_model_serializers', github: "rails-api/active_model_serializers", branch: 'master'
gem 'mongoid', git: 'https://github.com/estolfo/mongoid.git', branch: 'MONGOID-4218-rails-5'
# api token authentication for devise
gem 'devise', "4.0.0.rc1"
# we can switch back when Rails 5, and Devise 4 is supported
gem 'simple_token_authentication', github: "consti/simple_token_authentication"
gem 'bootstrap_form'
gem 'omniauth'
gem 'omniauth-facebook'
Changing the as:
name and the of the route and the method to post
did the trick. It seems that they got not overridden in my devise_scope
.
'member/password/update' => 'member/passwords#update', as: :member_password_custom_update