Devise and Strong Parameters
Update for devise 4.x
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
devise_parameter_sanitizer.permit(:sign_in, keys: [:username])
devise_parameter_sanitizer.permit(:account_update, keys: [:username])
end
end
After adding both gems, devise will work as normal.
Update: With the latest version of Devise 3.x, as described at devise#strong-parameters, the authentication key (normally the email field), and the password fields are already permitted. However, if there are any additional fields on the signup form, you will need to let Devise know the extra fields to permit. The easiest way to do this is with a filter:
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username
end
end
For Devise 2.x, if you use the safety feature requiring explicitly whitelisting tainted parameters in the user model:
include ActiveModel::ForbiddenAttributesProtection
the changes needed are found at https://gist.github.com/3350730 which overrides some of the controllers.
Strong parameters with Rails and Devise
Thanks for the latest updates on Rails4 branch of Devise, it doesn't really need to insert 'resource_params'.
I've created a brand new Rails4 app and followed basic Devise installation steps and my app works properly, so I think, you've done well.
But there is a modified gist which gives you some extra details in terms of permitted parameters if you need:
Source: https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
# controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
protected
# my custom fields are :name, :heard_how
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :heard_how,
:email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name,
:email, :password, :password_confirmation, :current_password)
end
end
end
Using Strong Parameters With Devise
You should add a before_filter in your ApplicationController to do that. Devise docs contains a section explaining this. I took the code below from there:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username
end
end
In the example, the attribute :username is allowed to be parsed in the sign_up page.
Changing strong params for Devise
try this in your application_controller.rb
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password) }
end
documentation https://github.com/plataformatec/devise#strong-parameters
Strong parameters - Devise 3.0.0 and Rails 4. Unpermitted parameters: name
You have to add this in controller where you have written User.create(user_params). I am assuming that UsersController.
class UsersController < ApplicationController
def create
User.create(user_params)
end
private
def user_params
#assumption: user params are coming in params[:user]
params.require(:user).permit(:name, :age, :and_other_params_you_want_to_allow)
end
end
How to add strong parameters to multiple attributes of a Devise model?
If you scroll further down in your linked documentation on strong parameters, you should see how to permit multiple attributes:
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |su| su.permit(:attribute; :attribute2) }
end
Adding custom parameters to devise registration - unpermitted parameters
Looks like you just need to tell devise which parameters should be permitted. By default, devise permits the email (or username depending on configuration), password and password_confirmation params. You just need to add more.
The devise documentation suggests a "lazy way" of setting this up.
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:display_name])
end
end
The documentation then says that
If you have nested attributes (say you're using
accepts_nested_attributes_for
), then you will need to tell devise about those nestings and types.
Only if you need to override the registrations#create
action you should provide your custom route for devise. In that case, make sure you override the sign_up_params
method too.
class Users::RegistrationsController < Devise::RegistrationsController
def create
# Your custom code here. Make sure you copy devise's functionality
end
private
# Notice the name of the method
def sign_up_params
params.require(:user).permit(:display_name, :email, :password, :password_confirmation)
end
end
In essence, you'd have to look into how your sign up form is posting the parameters to figure out how to configure strong parameters in the controller. Make sure you read on strong parameters syntax as well.
Hope it helps!
Related Topics
How to Compare Strings Ignoring the Case
Ruby: Dynamically Generate Attribute_Accessor
(Ruby) Getting Net::Smtp Working with Gmail...
Why Does Code Need to Be Reloaded in Rails 3
How to Know What Is Not Thread-Safe in Ruby
Devise Logged in Root Route Rails 3
Error Installing Nokogiri: Failed to Build Gem Native Extension & Libiconv Is Missing (Osx)
How to Calculate the Distance Between Two Gps Coordinates Without Using Google Maps API
How to Print Out the Contents of an Object in Rails for Easy Debugging
In Ruby on Rails, After Send_File Method Delete the File from Server
Looping Through Bits in an Integer, Ruby
Change the Binding of a Proc in Ruby
How to Capture Values in Command Line and Add to Recipe
Run Rspec Tasks in a Specific Order
File.Expand_Path("../../Gemfile", _File_) How Does This Work? Where Is the File