Customizing Devise with Strong Parameters

Q: Why do we have to use strong parameters in Rails?

Strong Parameters, aka Strong Params, are used in many Rails applications to increase the security of data sent through forms. Strong Params allow developers to specify in the controller which parameters are accepted and used.

Q: What is Devise_parameter_sanitizer?

The devise_parameter_sanitizer. sanitize() method, defined in the Devise::ParameterSanitizer class, is used by devise in order to filter the allowed parameters, from its controllers, for a given action. It is very similar to the Rails strong parameters feature.

Q: How does devise Current_user work?

current_user works by storing id of current user in the application session. Most commonly session is stored in cookies. Whether or not the cookies survive browser restart depends on client's browser settings.

Q: What is devise gem in Ruby on Rails?

Devise is the cornerstone gem for Ruby on Rails authentication. With Devise, creating a User that can log in and out of your application is so simple because Devise takes care of all the controllers necessary for user creation ( users_controller ) and for user sessions ( users_sessions_controller ).

Tags:

ruby-on-rails

ruby-on-rails-4

devise

strong-parameters

I'm using Rails 4.0.0 and Devise 3.0.2 and trying to configure Devise with Strong Parameters following this instruction within the Devise README.

I wrote code like this in the application_controller.rb

class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :nick
  end
end

Then I visited http://localhost:3000/users/sign_up. I got a NoMethodError in Devise::RegistrationsController#new, which says:

undefined method <<' for {}:ActionController::Parameters

and points to the exact line where I wrote devise_parameter_sanitizer.for(:sign_up) << :nick

Is there anything I did wrong? Thanks for your help.

692

asked Aug 17 '13 09:08

Jun Zhou

2 Answers

Try:

    class ApplicationController < ActionController::Base
      ...
      before_filter :configure_permitted_parameters, if: :devise_controller?   
      ...
      def configure_permitted_parameters
         devise_parameter_sanitizer.for(:sign_up) { |u| 
            u.permit(:email, :password, :password_confirmation, :nick) 
         }
      end

It works for me! :D

177

answered Nov 07 '22 05:11

Carlos André Oliveira

As Jose Valim said, it's Devise 3.1.0.rc feature, that's why it doesn't work. You have to use other syntaxes that are in README.

answered Nov 07 '22 03:11

Rafał Cieślak

Related questions
                            
                                Rails: Is devise vulnerable to session hijacking?
                            
                                Uninitialized constant AssetSync
                            
                                Rails 3 respond_with custom template
                            
                                Rails No route matches {:controller=>"devise/products"}
                            
                                Self referential "twin" has_one association
                            
                                Rails format validation -- alphanumeric, but not purely numeric
                            
                                How do I use a rails link_to helper within a .map block such that the output is an actual link, and not the text representation of the HTML
                            
                                How can I display 'Delete Confirm Dialog' with bootstrap's modal? not like browser's default
                            
                                How change jquery version with rails asset pipeline
                            
                                How do I configure Rails to send emails on 500 error?
                            
                                Is there a way to run a command on all Heroku dynos?
                            
                                Rails has_many :through sum attribute on "child objects" --> SQL Toughy
                            
                                Rails: Show 5 most recent posts excluding the most recent post
                            
                                Combining assets into a single file in Rails 4 development environment
                            
                                Rails + Rake: How to simulate running of rake task to see if it works?
                            
                                You cannot specify the same gem twice with different version requirements
                            
                                Disabled HTTP methods on Heroku
                            
                                How to Track Devise User Registration as Conversion in Google Analytics
                            
                                Stubbing ActiveRecord associations
                            
                                Could not load 'active_record/connection_adapters/sqlite3_adapter'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With