ruby-on-rails – 取消密码更新设备上的错误授权

2019年7月20日 164次阅读

我正在使用rails api并使用
devise_token_auth进行身份验证,当我尝试通过使用put请求命中/ auth /密码来更新密码时,它会响应错误401,即未经授权.我的服务器日志告诉我这个

Started PUT “/auth/password” Processing by
DeviseTokenAuth::PasswordsController#update as HTML Parameters:
{“password”=>”[FILTERED]”, “password_confirmation”=>”[FILTERED]”}
Can’t verify CSRF token authenticity Completed 401 Unauthorized in

的routes.rb

mount_devise_token_auth_for 'User', at: 'auth' ,:controllers => { :omniauth_callbacks => 'omniauth'  }

view.html(angularjs)

<div class="container">
    <div class="row">

    <div class="row">
       <div class="col-xs-6 col-xs-offset-3 que">
           <img src="./uploads/img/web-logo.png" class="img-responsive" alt="Logo">
       </div>
    </div>
        <div class="col-xs-12 reset-pas">
            <form  name="update_pass" ng-submit="updatePassword_controller()" role="form" class="lost_reset_password">
                <p class="error_msg" ng-show="update_pass.password_confirmation.$error.passwordVerify"> 
                    Passwords are not equal!
                </p>
            <label>New password</label>
            <input type="password" name="password"  ng-minlength="8"  ng-model="updatePasswordForm.password" required="required" class="form-control">
            <span>Minimum 8 Charachters</span>
    <br>
            <label>Re-enter new password</label>

            <input type="password" name="password_confirmation"  ng-minlength="8"  ng-model="updatePasswordForm.password_confirmation" required="required" class="form-control"  password-verify="updatePasswordForm.password" >
                <button type="submit" class="btn btn-default" id="reset-submit">Save</button>
            </form>
        </div>
    </div>
</div>

controller.js

$scope.updatePassword_controller = function() {

  $auth.updatePassword($scope.updatePasswordForm)
    .then(function(resp) {
      console.log(resp)
      $location.path('/')
    })
    .catch(function(resp) {
      console.log(resp)
    });
};

更新
注意
我只是为了密码更新而面临这个问题

更新

我安装了gem’angular_rails_csrf’现在它只给出授权错误而不是csrf攻击错误

最佳答案 使用Rails form_tag或form_for帮助程序.他们添加将为XCSRF标记添加一个隐藏字段:

<div class="container">
    <div class="row">

    <div class="row">
       <div class="col-xs-6 col-xs-offset-3 que">
           <img src="./uploads/img/web-logo.png" class="img-responsive" alt="Logo">
       </div>
    </div>
        <div class="col-xs-12 reset-pas">
            <%= form_tag "#", { "ng-submit" => "updatePassword_controller()", "role" => "form", "class" => "lost_reset_password"} do %>
                <p class="error_msg" ng-show="update_pass.password_confirmation.$error.passwordVerify"> 
                    Passwords are not equal!
                </p>
            <label>New password</label>
            <input type="password" name="password"  ng-minlength="8"  ng-model="updatePasswordForm.password" required="required" class="form-control">
            <span>Minimum 8 Charachters</span>
    <br>
            <label>Re-enter new password</label>

            <input type="password" name="password_confirmation"  ng-minlength="8"  ng-model="updatePasswordForm.password_confirmation" required="required" class="form-control"  password-verify="updatePasswordForm.password" >
                <button type="submit" class="btn btn-default" id="reset-submit">Save</button>
            </form>
        </div>
    </div>
</div>
点赞