ruby-on-rails-4 – DeviseTokenAuth控制器的强参数覆盖

class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController

  before_filter :configure_permitted_parameters

  def update
    #this line never shows in the logs
    Rails.logger.info "I never get to run!!"
    super
  end

  protected

  # my new custom field is :nickname
  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) do |u|
      u.permit(:name,:nickname,:email,:password,:password_confirmation)
    end
    devise_parameter_sanitizer.for(:account_update) do |u|
      u.permit(:name,:password_confirmation,:nickname)
    end
  end
end

路由配置如下：

Rails.application.routes.draw do
    namespace :api,constraints: { format: 'json' } do
        mount_devise_token_auth_for 'User',at: 'auth',controllers: {
          registrations:  'users/registrations'
        }
    end
  end

他们似乎是对的：

PATCH  /api/auth(.:format)                    users/registrations#update {:format=>"json"}
PUT    /api/auth(.:format)                    users/registrations#update {:format=>"json"}

然后我尝试从curl调用更新

curl -X PUT --dump-header headers_update -H "Access-Token: 2FHhLQFtIgDfSqsTaaCH_g" -H "Uid: sample5@example.com" -H "Client: -RUtwnCfgqvqwDjYPtajQA" -H "Token-Type: Bearer" -H "Expiry: 1447713314" http://api.local.dev:3000/api/auth -d "{ "nickname":"somestuff"}"

但更新调用永远不会运行.这是在请求后显示服务器的内容：

I,[2015-11-02T18:05:38.131091 #7940]  INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500
I,[2015-11-02T18:05:38.131222 #7940]  INFO -- : Started PUT "/api/auth" for 127.0.0.1 at 2015-11-02 18:05:38 -0500
I,[2015-11-02T18:05:38.147209 #7940]  INFO -- : Processing by Users::RegistrationsController#update as */*
I,[2015-11-02T18:05:38.147383 #7940]  INFO -- : Processing by Users::RegistrationsController#update as */*
I,[2015-11-02T18:05:38.147490 #7940]  INFO -- :   Parameters: {"{ "nickname":"somestuff"}"=>nil}
I,[2015-11-02T18:05:38.147571 #7940]  INFO -- :   Parameters: {"{ "nickname":"somestuff"}"=>nil}
D,[2015-11-02T18:05:38.152778 #7940] DEBUG -- :   User Load (0.7ms)  SELECT  "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1  [["uid","sample5@example.com"]]
D,[2015-11-02T18:05:38.152934 #7940] DEBUG -- :   User Load (0.7ms)  SELECT  "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT 1  [["uid",[2015-11-02T18:05:38.224790 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"}
D,[2015-11-02T18:05:38.225023 #7940] DEBUG -- : Unpermitted parameter: { "nickname":"somestuff"}
I,[2015-11-02T18:05:38.237415 #7940]  INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected
I,[2015-11-02T18:05:38.237565 #7940]  INFO -- : Filter chain halted as :validate_account_update_params rendered or redirected
I,[2015-11-02T18:05:38.237741 #7940]  INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms)
I,[2015-11-02T18:05:38.237860 #7940]  INFO -- : Completed 422 Unprocessable Entity in 90ms (Views: 0.3ms | ActiveRecord: 0.7ms)

而json对curl的回复是：

{"status":"error","errors":["Please submit proper account update data in request"]}

作为参考,这是我的Gemfile

source 'https://rubygems.org'


gem 'rails','4.2.1'

gem 'rails-api'

gem 'pg'
gem 'activerecord-postgis-adapter'
gem 'rgeo'
gem 'devise'
gem 'devise_token_auth',">= 0.1.32.beta9" # Token based authentication for Rails JSON APIs
gem 'omniauth' # required for devise_token_auth

group :development,:test do
    gem 'pry-byebug','=1.3.3'
    gem 'pry-stack_explorer'
    gem 'pry-rails'
    gem 'pry-remote'

  # Access an IRB console on exception pages or by using <%= console %> in views
  gem 'web-console','~> 2.0'

  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
  gem 'spring'

  gem "rspec-rails","~> 3.3"
end

group :test do

  #gem "shoulda-matchers"
  gem "factory_girl_rails"
  gem 'ffaker'
end