I am trying to add some extra fields to registrations#new. Since I only want extra data and do not need different functionality, I don't see why I need to override controllers etc. So what I did was modify registrations#new as follows:
%h2 Sign up = form_for(resource, as: resource_name, url: registration_path(resource_name)) do ||f = devise_error_messages! %div = f.label :email %br = f.email_field :email, autofocus: true %div = f.label :title_id %br = f.text_field :title_id %div = f.label :province_id %br = f.text_field :province_id %div = f.label :first_name %br = f.text_field :first_name %div = f.label :last_name %br = f.text_field :last_name %div = f.label :password %br = f.password_field :password %div = f.label :password_confirmation %br = f.password_field :password_confirmation %div= f.submit 'Sign up' = render 'devise/shared/links'
To enable these extra fields through the sanitizer, I updated ApplicationController as follows:
class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception before_filter :store_requested_url! # before_filter :authenticate_user! def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) } devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :title_id, :province_id, :first_name, :last_name) } devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password) } end def after_sign_in_path_for(resource) session[:requested_url] || root_path end private def store_requested_url # store last url as long as it isn't a /users path session[:previous_url] = request.fullpath unless request.fullpath == /\/users/ end end
For some reason, it is not working and the extra fields go to the database as nulls.
I am using Ruby 2 and Rails 4 rc1, with Devise 3.0.0.rc.
The devise_parameter_sanitizer. sanitize() method, defined in the Devise::ParameterSanitizer class, is used by devise in order to filter the allowed parameters, from its controllers, for a given action. It is very similar to the Rails strong parameters feature.
It would appear that the code sample in your question is not working because you are not setting the before_filter to call the sanitizer.
before_filter :configure_permitted_parameters, if: :devise_controller?
With that said, it's probably better to override the controller, as shown in the accepted answer, so that the application controller isn't doing this check all of the time. The accepted answer can be shortened up with the code below. I've tested this code with my application and it works well. All of this is documented in the Strong Parameters section of the README in the 3.0.0.rc tag.
Override the controller:
class RegistrationsController < Devise::RegistrationsController before_filter :configure_permitted_parameters, :only => [:create] protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) } end end
Then update the routes to use it:
devise_for :members, :controllers => { :registrations => "registrations" }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With