Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login form - Unpermitted parameters: session #28

Closed
ACPK opened this issue Sep 4, 2014 · 5 comments
Closed

Login form - Unpermitted parameters: session #28

ACPK opened this issue Sep 4, 2014 · 5 comments

Comments

@ACPK
Copy link

ACPK commented Sep 4, 2014
edited

I was able to get the sign up page working but am getting an " Unpermitted parameters: session" error for the sign in page.
@lynndylanhurley
Copy link
Owner

Rails uses something called strong parameters. Devise whitelists certain params by default ("email", "password", "password_confirmation"), but you can modify these settings if you like.

What you're seeing isn't an error exactly, it's just that a field called session isn't getting thru to the sign_in controller.

What does the POST request payload look like? Your logs indicate that the payload looks like this:

{
  "email": "test@test.com",
  "password": "xxx",
  "session": {
    "email": "test@test.com",
    "password": "xxx"
  }
}

If this is the case, then it looks like a param called session is somehow being included in the request.

I suggest that you inspect the object that you're passing to $auth.submitLogin method to see if you're sending the correct data.

@ACPK
Copy link
Author

ACPK commented Sep 5, 2014

I'm using the example code:

controller/signinctrl.js

$scope.handleLoginBtnClick = function() {
  $auth.submitLogin($scope.loginForm)
    .then(function(resp) { 
      // handle success response
    })
    .catch(function(resp) { 
      // handle error response
    });
};

}]);

signin.html.haml

%form{"ng-init" => "loginForm = {}", "ng-submit" => "submitLogin(loginForm)", :role => "form"}
.form-group
.input-group.input-group-lg
%span.input-group-addon
%i.fa.fa-envelope
%input.form-control{:name => "email", "ng-model" => "loginForm.email", :required => "required", :type => "email"}/
.form-group
.input-group.input-group-lg
%span.input-group-addon
%i.fa.fa-lock
%input.form-control{:name => "password", "ng-model" => "loginForm.password", :required => "required", :type => "password"}/
.form-group
%button.btn.btn-danger.btn-lg.btn-block{:type => "submit"} Sign in

@lynndylanhurley
Copy link
Owner

  1. Those examples are for two different implementations. You don't need the controller example if you're calling submitLogin from the template.
  2. What does the POST request payload look like? If you're using Chrome, you can find this in the Network panel in the developer tools. Instructions here.

@lynndylanhurley
Copy link
Owner

@ACPK - it looks like this is happening in the example app as well.

I can't find the source of the session param. My guess is that it's set by one of the devise-token-auth dependencies (Devise, Warden, etc.). I did comb through the Devise source, but I couldn't find it anywhere.

While the warning is annoying, I don't think the session param is going to cause any problems.

I'm marking this issue closed, but feel free to re-open it (or send a PR) if you can solve the mystery.

@CJYate
Copy link

CJYate commented Jan 9, 2017

Update: there's a workaround here:
lynndylanhurley/devise_token_auth#676

The "session" parameter is actually created by Rails (wrap_parameters)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lynndylanhurley @CJYate @ACPK