Adding extra registration fields with Devise

Question

I am trying to add some extra fields to registrations#new. Since I only want extra data and do not need different functionality, I don't see why I need to override controllers etc. So what I did was modify registrations#new as follows:

%h2   Sign up = form_for(resource, as: resource_name, url: registration_path(resource_name)) do ||f   = devise_error_messages!   %div     = f.label :email     %br     = f.email_field :email, autofocus: true   %div     = f.label :title_id     %br     = f.text_field :title_id   %div     = f.label :province_id     %br     = f.text_field :province_id   %div     = f.label :first_name     %br     = f.text_field :first_name   %div     = f.label :last_name     %br     = f.text_field :last_name   %div     = f.label :password     %br     = f.password_field :password   %div     = f.label :password_confirmation     %br     = f.password_field :password_confirmation   %div= f.submit 'Sign up' = render 'devise/shared/links' 

To enable these extra fields through the sanitizer, I updated ApplicationController as follows:

class ApplicationController < ActionController::Base   # Prevent CSRF attacks by raising an exception.   # For APIs, you may want to use :null_session instead.   protect_from_forgery with: :exception   before_filter :store_requested_url!   # before_filter :authenticate_user!    def configure_permitted_parameters     devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }     devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :title_id, :province_id, :first_name, :last_name) }     devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password) }   end    def after_sign_in_path_for(resource)     session[:requested_url] || root_path   end    private    def store_requested_url     # store last url as long as it isn't a /users path     session[:previous_url] = request.fullpath unless request.fullpath == /\/users/   end end 

For some reason, it is not working and the extra fields go to the database as nulls.

I am using Ruby 2 and Rails 4 rc1, with Devise 3.0.0.rc.

Answer 1

It would appear that the code sample in your question is not working because you are not setting the before_filter to call the sanitizer.

before_filter :configure_permitted_parameters, if: :devise_controller? 

With that said, it's probably better to override the controller, as shown in the accepted answer, so that the application controller isn't doing this check all of the time. The accepted answer can be shortened up with the code below. I've tested this code with my application and it works well. All of this is documented in the Strong Parameters section of the README in the 3.0.0.rc tag.

Override the controller:

class RegistrationsController < Devise::RegistrationsController   before_filter :configure_permitted_parameters, :only => [:create]    protected      def configure_permitted_parameters       devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }     end end 

Then update the routes to use it:

devise_for :members, :controllers => { :registrations => "registrations" }