Search code examples
ruby-on-railsrubydevise

Rails is adding API fields from nowhere

I'm creating a RESTful API using the Rails API Mode. I'm using devise to handle the user creation and simple_token_authentication to handle the token generation and authorization.

Here is how I'm making the fetch request : 

  async requestAccountCreation(data) {
    await fetch('http://localhost:3000/users', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: data
    })
      .then(response => response.json())
      .then(data => {
        console.log(data)
      })
      .catch(e => {
        console.log(e)
      })
  }

When I console.log() the data from requestAccountCreation(data) this gives me a valid JSON string, so no problem with that. Here is what is sent to the Rails server : 

{"firstname":"Tristan","lastname":"Vermeesch","username":"PlayBossWar","email":"titivermeesch2@gmail.com","address":"Rue Haute, 37 5550 Chairière","password":"jsoaod"}

Now here is the Rails part, first my user.rb : 

class User < ApplicationRecord
  acts_as_token_authenticatable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable

  validates :firstname, presence: true
  validates :lastname, presence: true
  validates :username, presence: true
  validates :address, presence: true
  validates :idcard, presence: true
end

The extra fields are fields that I added to the already existing ones that devise generated for me, I migrated all the files.

This is the route I used : 

devise_for :users, :controllers => { registrations: 'registrations' }

As you can see I added a custom controller to handle the extra fields, here it is :

class RegistrationsController < Devise::RegistrationsController
  private

  def sign_up_params
    params.permit(:firstname, :lastname, :email, :password, :username, :idcard, :address)
  end

  def account_update_params
    params.permit(:firstname, :lastname, :email, :password, :current_password, :username, :idcard, :address)
  end
end

I got this from a StackOverflow post.

Now I have an error in the console, here it is : 

Started POST "/users" for 127.0.0.1 at 2019-07-11 12:24:42 +0200
Processing by RegistrationsController#create as */*
  Parameters: {"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch2@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]", "registration"=>{"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch2@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]"}}
Unpermitted parameter: :registration
   (0.1ms)  begin transaction
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
  User Exists (0.3ms)  SELECT  1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "titivermeesch2@gmail.com"], ["LIMIT", 1]]
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
   (0.1ms)  rollback transaction
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 200 OK in 452ms (Views: 0.2ms | ActiveRecord: 5.2ms)

So it says that there is an unpermitted parameter :registration. The thing is, I don't know where this comes from, I don't pass it in in my front-end so it has to be devise, but I don't know why it's doing this.

After disabled the wrapper as suggested, here is my error now : 

Started POST "/users" for 127.0.0.1 at 2019-07-11 13:46:28 +0200
Processing by RegistrationsController#create as */*
  Parameters: {"firstname"=>"Tristan", "lastname"=>"Vermeesch", "username"=>"PlayBossWar", "email"=>"titivermeesch25@gmail.com", "address"=>"Rue Haute, 37 5550 Chairière", "password"=>"[FILTERED]"}
   (0.2ms)  begin transaction
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
  User Exists (0.5ms)  SELECT  1 AS one FROM "users" WHERE "users"."email" = ? LIMIT ?  [["email", "titivermeesch25@gmail.com"], ["LIMIT", 1]]
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
   (0.2ms)  rollback transaction
  ↳ /home/tristan/.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Completed 200 OK in 430ms (Views: 0.3ms | ActiveRecord: 10.9ms)
Solution

  • You've turned on config.wrap_parameters in your initializer [check the file config/initializers/wrap_parameters.rb] or [you] are calling wrap_parameters() in your controller...the parameters will be cloned and wrapped in the key according to your controller's name by default.

    Have a look here: http://guides.rubyonrails.org/action_controller_overview.html#parameters http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html

    calling wrap_parameters false in the specific controller or at application controller will also stop this behaviour on a controller specific level and throughout the application respectively.