Cannot update params when use warden.authenticate in devise
syter opened this issue · 3 comments
Hi,
I have upgrade my rails from 3.2.8 to rails 4, also devise is upgrade from 2.1.2 to 3.5.6 and warden from 1.2.3 to 1.2.6.
I found an issue that I don't know what it should belongs to devise or warden.
Before I call
resource = warden.authenticate(:scope => resource_name, :recall => "#{controller_path}#new")
I update params value like below:
params[:admin] = Hash.new params[:admin][:email] = params[:email] params[:admin][:password] = params[:password]
But when I print params in proxy.rb, the function def authenticate(*args)
the params is still the original, there are no any admin in it.
The issue is not happened when I use the old system.
And because of this issue, I cannot authenticate admin successfully.
Is there any configuration or any other things I missed?
Hope ur answers,
Thank u.
Here is my part of code and logs:
controllers.rb
params[:admin] = Hash.new
params[:admin][:email] = params[:email]
params[:admin][:password] = params[:password]
params[:password] = '11111111111111'
# authenticate with warden
p '===================================='
p params
p warden
resource = warden.authenticate(:scope => resource_name, :recall => "#{controller_path}#new")
p params
p '===================================='
proxy.rb
def authenticate(*args)
p 'sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'
p params
params[:password] = '111111111'
p params
p 'sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'
user, _opts = _perform_authentication(*args)
user
end
logs:
"===================================="
{"email"=>"syter@xxxx.com", "password"=>"11111111111111", "controller"=>"admin_sessions", "action"=>"create", "version"=>"v1", "format"=>"json", "admin"=>{"email"=>"syter@xxxx.com", "password"=>"xxxxxxxx"}}
Warden::Proxy:70145506030260 @config={:default_scope=>:admin, :scope_defaults=>{}, :default_strategies=>{:admin=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#Devise::Delegator:0x007f980f873e18}
"sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss"
{"email"=>"syter@xxxx.com", "password"=>"xxxxxxxx", "controller"=>"admin_sessions", "action"=>"create", "version"=>"v1", "format"=>"json"}
{"email"=>"syter@xxxx.com", "password"=>"111111111", "controller"=>"admin_sessions", "action"=>"create", "version"=>"v1", "format"=>"json"}
"sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss"
"sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss"
{"email"=>"syter@xxxx.com", "password"=>"111111111", "controller"=>"admin_sessions", "action"=>"create", "version"=>"v1", "format"=>"json"}
"sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss"
{"email"=>"syter@xxxx.com", "password"=>"11111111111111", "controller"=>"admin_sessions", "action"=>"create", "version"=>"v1", "format"=>"json", "admin"=>{"email"=>"syter@xxxx.com", "password"=>"xxxxxxxx"}}
"===================================="
It seems there are two params, one is in controller, one is in warden.
Warden strategies under devise reference the cached instance of the action dispatch request. I'm not sure why params wouldn't be there. AFAIK they're the same instance however it has been a while since I've looked at the behaviour of ActionDispatch::Request
I had the same problem. In case anyone is looking here for the answer, the problem is that Warden fetches the user from request.params, which can differ from the params available in the controller.
Once you have updated params[:user], the simple solution is usually as follows:
# Here we change params - but this won't be seen by the warden strategy
params[:user][:processed_username] = do_something_to(params[:user][:username])
# Inject our changes into the copy in request - now our changes will be seen by warden
request.params[:user].merge!(params[:user])
Found in heartcombo/devise#4309