Add Custom Field/Column to Devise with Rails 4

Question

I'm attempting to add a full_name field/column to my User model (using the devise gem) and Rails 4.

Most of the examples online recommend using attr_accessible, but it sounds like this should be approached differently in Rails 4.

How would I add full_name to my User model? I've been able to successfully run the migration.

File: Migration > add_full_name_to_users

class AddFullNameToUsers < ActiveRecord::Migration
  def change
    add_column :users, :full_name, :string
  end
end

File: Registration > app/views/devise/registration/new.html

.
.
.
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
  <%= devise_error_messages! %>

  <%= f.label :full_name %>
  <%= f.text_field :full_name, :autofocus => true %>

  <%= f.label :email %>
  <%= f.email_field :email %>
.
.
.

Answer 1

Once your model has its full_name attribute, you will have to configure permitted parameters for the #sign_up and #account_update Devise actions.

class ApplicationController < ActionController::Base
  before_action :configure_devise_permitted_parameters, if: :devise_controller?

  protected

  def configure_devise_permitted_parameters
    registration_params = [:full_name, :email, :password, :password_confirmation]

    if params[:action] == 'update'
      devise_parameter_sanitizer.for(:account_update) do 
        |u| u.permit(registration_params << :current_password)
      end
    elsif params[:action] == 'create'
      devise_parameter_sanitizer.for(:sign_up) do 
        |u| u.permit(registration_params) 
      end
    end
  end

end

Answer 2

This solution should work, working with sign_up and update:

  class ApplicationController < ActionController::Base
    before_filter :configure_permitted_parameters, if: :devise_controller?

    protected

    def configure_permitted_parameters
      devise_parameter_sanitizer.permit(:sign_up,        keys: [:full_name])
      devise_parameter_sanitizer.permit(:account_update, keys: [:full_name])
    end
  end

Answer 3

From devise documentation:

When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.

You should check the url below to find the approach that will best fit your needs: https://github.com/plataformatec/devise#strong-parameters

Answer 4

Enable Strong Parameters for Devise instead of attr_accessible. To do so, create a new initiliazer with that content:

DeviseController.class_eval do
  def resource_params
    unless params[resource_name].blank?
      params.require(resource_name).permit(:email, :password, :password_confirmation, :remember_me)
    end
  end
end