redirect_url is missing in email instructions sent

2019-08-14 06:33发布

问题:

I am trying to build api urls for password reset via. devise_token_auth gem. As per the usage mentioned here, the POST request for /api/v1/auth/password needs params email and redirect_url. The user matching the email param will be sent instructions on how to reset their password. redirect_url is the url to which the user will be redirected after visiting the link contained in the email. However, I am getting the following URL in the email for password reset, in which the param redirect_url is missing, only token is present.

http://localhost/api/v1/auth/password/edit?reset_password_token=sQ1kMrdmXx47scosNhZ8

Here is a screenshot of the api from postman.

Following is the piece of log from development.log, indicating that the param is not permitted. The job thus created for sending the e-mail contained the redirect redirect_url as evident below, but it is not present in the actual e-mail

Started POST "/api/v1/auth/password" for 127.0.0.1 at 2016-03-28 20:19:26 +0530
Processing by Api::V1::Auth::PasswordsController#create as */*
  Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"abcd", "config"=>"default"}
Can't verify CSRF token authenticity
Unpermitted parameters: redirect_url, config
Unpermitted parameters: redirect_url, config
  User Load (0.7ms)  SELECT  "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email')  ORDER BY "users"."id" ASC LIMIT 1
  User Load (0.3ms)  SELECT  "users".* FROM "users" WHERE "users"."reset_password_token" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"]]
   (0.1ms)  BEGIN
  SQL (0.3ms)  UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4  [["reset_password_token", "163961c22b157e8942b8dd7a07e4d1fd57047e36095572fbd5d31e2c3952c353"], ["reset_password_sent_at", "2016-03-28 14:49:26.255859"], ["updated_at", "2016-03-28 14:49:26.258075"], ["id", 189]]
   (13.4ms)  COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: fed742b9-b1aa-4a71-80bb-a95fd0626175) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "RCg24UxHcsr6QyPWV9cz", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"abcd", :client_config=>"default"}
[ActiveJob]    (0.2ms)  BEGIN
[ActiveJob]   SQL (0.4ms)  INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id"  [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n  job_class: ActionMailer::DeliveryJob\n  job_id: fed742b9-b1aa-4a71-80bb-a95fd0626175\n  queue_name: mailers\n  arguments:\n  - Devise::Mailer\n  - reset_password_instructions\n  - deliver_now\n  - _aj_globalid: gid://fertility-app/User/189\n  - RCg24UxHcsr6QyPWV9cz\n  - email: vipin8169@gmail.com\n    provider: email\n    redirect_url: abcd\n    client_config: default\n"], ["run_at", "2016-03-28 14:49:26.289191"], ["created_at", "2016-03-28 14:49:26.289653"], ["updated_at", "2016-03-28 14:49:26.289653"]]
[ActiveJob]    (4.6ms)  COMMIT
Completed 200 OK in 60ms (Views: 0.2ms | ActiveRecord: 21.2ms)

Below is the code in my controller:

#app/controllers/api/v1/auth/passwords_controller.rb
class Api::V1::Auth::PasswordsController < DeviseTokenAuth::PasswordsController
  protect_from_forgery with: :null_session
  before_action :configure_permitted_parameters

  after_filter :set_csrf_header, only: [:create]

  skip_before_action :verify_authenticity_token, only: [:create]

  protected

  def set_csrf_header
    response.headers['X-CSRF-Token'] = form_authenticity_token
  end

  private

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) << :redirect_url
    # params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token, :redirect_url)
  end
end

Delayed::Job.first.handler contains the following entry:

  Delayed::Backend::ActiveRecord::Job Load (0.7ms)  SELECT  "delayed_jobs".* FROM "delayed_jobs"  ORDER BY "delayed_jobs"."id" ASC LIMIT 1
 => "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n  job_class: ActionMailer::DeliveryJob\n  job_id: 7d61feef-3cee-41bc-a298-8bea20cfbf56\n  queue_name: mailers\n  arguments:\n  - Devise::Mailer\n  - reset_password_instructions\n  - deliver_now\n  - _aj_globalid: gid://fertility-app/User/189\n  - SG7LTRWK37FMRE8dC7X7\n  - email: vipin8169@gmail.com\n    provider: email\n    redirect_url: http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fpassword%2Fedit\n    client_config: default\n" 

Updated log from the development.log pasted below:

Started POST "/api/v1/auth/password?redirect_url=foo&email=vipin8169@gmail.com" for 127.0.0.1 at 2016-03-29 12:19:21 +0530
  ActiveRecord::SchemaMigration Load (0.3ms)  SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Api::V1::Auth::PasswordsController#create as */*
  Parameters: {"email"=>"vipin8169@gmail.com", "redirect_url"=>"foo"}
Unpermitted parameter: redirect_url
Unpermitted parameter: redirect_url
  User Load (1.2ms)  SELECT  "users".* FROM "users" WHERE (uid = 'vipin8169@gmail.com' AND provider='email')  ORDER BY "users"."id" ASC LIMIT 1
  User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."reset_password_token" = $1  ORDER BY "users"."id" ASC LIMIT 1  [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"]]
   (0.2ms)  BEGIN
  SQL (0.6ms)  UPDATE "users" SET "reset_password_token" = $1, "reset_password_sent_at" = $2, "updated_at" = $3 WHERE "users"."id" = $4  [["reset_password_token", "a84234a42082eb864ac47bac6bff7a682ec6a1d687162fb3638af271b7cbef49"], ["reset_password_sent_at", "2016-03-29 06:49:22.147552"], ["updated_at", "2016-03-29 06:49:22.150433"], ["id", 189]]
   (14.6ms)  COMMIT
[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: 9131c578-6ec6-4365-848d-2aea78cd2251) to DelayedJob(mailers) with arguments: "Devise::Mailer", "reset_password_instructions", "deliver_now", gid://fertility-app/User/189, "NZgnXtSgJLXFdx2MPoEn", {:email=>"vipin8169@gmail.com", :provider=>"email", :redirect_url=>"foo", :client_config=>"default"}
[ActiveJob]    (0.2ms)  BEGIN
[ActiveJob]   SQL (1.5ms)  INSERT INTO "delayed_jobs" ("queue", "handler", "run_at", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id"  [["queue", "mailers"], ["handler", "--- !ruby/object:ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper\njob_data:\n  job_class: ActionMailer::DeliveryJob\n  job_id: 9131c578-6ec6-4365-848d-2aea78cd2251\n  queue_name: mailers\n  arguments:\n  - Devise::Mailer\n  - reset_password_instructions\n  - deliver_now\n  - _aj_globalid: gid://fertility-app/User/189\n  - NZgnXtSgJLXFdx2MPoEn\n  - email: vipin8169@gmail.com\n    provider: email\n    redirect_url: foo\n    client_config: default\n"], ["run_at", "2016-03-29 06:49:22.209778"], ["created_at", "2016-03-29 06:49:22.210172"], ["updated_at", "2016-03-29 06:49:22.210172"]]
[ActiveJob]    (10.7ms)  COMMIT
Completed 200 OK in 348ms (Views: 0.3ms | ActiveRecord: 33.3ms)