Authlogic ignoring password parameter

https://stackoverflow.com/questions/17247244

01-06-2022
|

Question

Authlogic seems to be ignoring the password parameter when creating a new user. Here's my users_controller class:

class Api::V1::UsersController < ApplicationController

  def create
    @user = User.new(user_params)

    respond_to do |format|
      if @user.save
        format.json  { render :json => @user, :status => :created}
      else
        format.json  { render :json => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  private
  def user_params
    params.require(:user).permit(:username, :email, :password)
  end

end

And my user model:

class User < ActiveRecord::Base
    acts_as_authentic do |c|
      c.require_password_confirmation = false
    end
end

When I send a POST request to /api/v1/users/ with a username, email and password parameter, authlogic says that the password cannot be blank even though it isn't. Here's whats printed out by rails:

Started POST "/api/v1/users/" for 127.0.0.1 at 2013-06-22 00:03:30 -0400
Processing by Api::V1::UsersController#create as */*
  Parameters: {"email"=>"someemail@website.com", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"someemail@website.com"}}
   (0.2ms)  BEGIN
  User Exists (0.4ms)  SELECT 1 AS one FROM "users" WHERE LOWER("users"."email") = LOWER('someemail@website.com') LIMIT 1
  User Exists (0.2ms)  SELECT 1 AS one FROM "users" WHERE LOWER("users"."username") = LOWER('myUser') LIMIT 1
  User Exists (0.3ms)  SELECT 1 AS one FROM "users" WHERE "users"."persistence_token" = '7b72bab3627914d33e83e4efe1c5a9dab190750efb227698c8b5b6be7a7ccf118160d8e12623078543e0f4e5f31eb30828799cb0d97fb2af195daee894c79902' LIMIT 1
   (0.2ms)  ROLLBACK
Completed 422 Unprocessable Entity in 33ms (Views: 0.2ms | ActiveRecord: 3.2ms)

I'm using the latest authlogic and Ruby 2/Rails 4.

Solution

Take a look at an excerpt from Rails log:

{"email"=>"someemail@website.com", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"someemail@website.com"}}

It looks like you send slightly wrong parameters. To be recognized by Authlogic, password parameter should go under user key in parameters hash. I.e. that line from Rails log should look like this (pay attention to the end of string):

{"email"=>"someemail@website.com", "password"=>"[FILTERED]", "username"=>"myUser", "user"=>{"username"=>"myUser", "email"=>"someemail@website.com", "password" => "[FILTERED]"}}

To fix it, you can do a hack like this:

private
def user_params
  params.require(:user).permit(:username, :email).merge(:password => :password)
end

Alternatively, you can adjust the parameters sent from the client side (for example, using user[password] parameter's name instead of just password when sending HTTP POST request).

OTHER TIPS

try this out:-

acts_as_authentic do |config|
  config.check_passwords_against_database = false
  config.validate_password_field = false
  config.crypted_password_field = false
end

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow