Unpermitted parameter:: session in Rails and Cypress in Next.js with devise_token_auth


I can sign in with the browser, but in Cypress’s E2E test, a session is entered and it stops at the strong parameter.

The account is signed up in advance

signin.spec.ts

const signInTest = describe('SignIn feature', () => {
  beforeEach(() => {
    cy.clearCookies();
  });

  it('ID and PASS Signin', () => {
    cy.visit('/signin');
    cy.intercept('http://localhost:8000/auth/sign_in').as('signin');
    cy.getCookie('access-token').should('be.null');
    cy.getCookie('client').should('be.null');
    cy.getCookie('uid').should('be.null');
    cy.get('input[type = email]').type(ADMIN_USER.email);
    cy.get('input[type = password]').type(ADMIN_USER.password);
    cy.get('button[type=submit]').click();
    cy.wait('@signin').its('response.statusCode').should('eq', 200);
    cy.url().should('equal', 'http://localhost:3000/');
  });
}

fixture/user.ts

export const ADMIN_USER = {
  email: '[email protected]',
  password: 'password',
};

/src/lib/rest/client.ts

import axios from 'axios';
import applyCaseMiddleware from 'axios-case-converter';

const options = {
  ignoreHeaders: true,
};

const client = applyCaseMiddleware(
  axios.create({
    baseURL: 'http://localhost:8000/auth',
  }),
  options
);

export default client;

/src/lib/rest

import Cookies from 'js-cookie';
import client from '@/lib/rest/client';

// signin

    export interface SignInParamsType {
      email: string;
      password: string;
    }
    
    export const signIn = (params: SignInParamsType) => {
      return client.post('http://localhost:8000/api/auth/sign_in', params);
    };

src/pages/signin.tsx

import Cookies from 'js-cookie';

const SignIn: VFC = () => {
  const router = useRouter();

  const { setIsSignIn, setCurrentUser } = useContext(AuthContext);

  const [email, setEmail] = useState<string>('');
  const [password, setPassword] = useState<string>('');


  const handleSubmit = async (e: MouseEvent<HTMLButtonElement>) => {
    e.preventDefault();

    const params: SignInParamsType = {
      email,
      password,
    };

    try {
      const res = await signIn(params);
      console.log(res);

      if (res.status === 200) {
        Cookies.set('_access_token', res.headers['access-token']);
        Cookies.set('_client', res.headers.client);
        Cookies.set('_uid', res.headers.uid);

        setIsSignIn(true);
        setCurrentUser(res.data.data);

        router.push('/');
      } else {
      }
    } catch (error) {
      console.log(error);
    }
  };
  return (
    <>
      <form noValidate autoComplete='off'>
        <Card>
          <CardHeader title='SignIn' />
          <CardContent>
            <TextField
              variant='outlined'
              required
              fullWidth
              type='email'
              label='Email'
              value={email}
              margin='dense'
              onChange={(e) => setEmail(e.target.value)}
            />
            <TextField
              variant='outlined'
              required
              fullWidth
              name='password'
              type='password'
              label='Password'
              value={password}
              margin='dense'
              autoComplete='current-password'
              onChange={(e) => setPassword(e.target.value)}
            />
            <Button
              type='submit'
              variant='contained'
              fullWidth
              size='large'
              color='primary'
              disabled={!!(!email || !password)}
              onClick={handleSubmit}
            >
              SignIn
            </Button>
            <Box textAlign='center'>
            </Box>
          </CardContent>
        </Card>
      </form>
    </>
  );
};

export default SignIn;

Setting devise_token_auth

app/controllers/api/auth/application_controller.rb

config.change_headers_on_each_request didn’t work even if false

DeviseTokenAuth.setup do |config|
  config.change_headers_on_each_request = true 
  config.token_cost = Rails.env.test? ? 4 : 10

  config.headers_names = {:'access-token' => 'access-token',
                         :'client' => 'client',
                         :'expiry' => 'expiry',
                         :'uid' => 'uid',
                         :'token-type' => 'token-type' }

  end

This result is in Cypress

Timed out retrying after 5000ms: cy.wait() timed out waiting 5000ms for the 1st request to the route: signin. No request ever occurred.

on Rails

Processing by DeviseTokenAuth::SessionsController#create as HTML
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "session"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}

Unpermitted parameter: :session

"session" => {"email" => "[email protected]", "password" => "[FILTERED]"}} Why is it included? I know this stops at the Strong Prarameter, but how can I prevent the session from entering?

Source: React – Stack Overflow

November 25, 2021
Category : News
Tags: devise | devise-token-auth | next.js | reactjs | ruby-on-rails

Leave a Reply

Your email address will not be published. Required fields are marked *

Sitemap | Terms | Privacy | Cookies | Advertising

Senior Software Developer

Creator of @LzoMedia I am a backend software developer based in London who likes beautiful code and has an adherence to standards & love's open-source.