Menu
I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0
any help is welcome thanks
719
Strong Parameters, aka Strong Params, are used in many Rails applications to increase the security of data sent through forms. Strong Params allow developers to specify in the controller which parameters are accepted and used.
Permitting new parameters You can add new parameters to the permitted list using the permit method in a before_action method, for instance. Using a block yields an ActionController::Parameters object so you can permit nested parameters and have more control over how the parameters are permitted in your controller.
Update for devise 4.x
class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:username]) devise_parameter_sanitizer.permit(:sign_in, keys: [:username]) devise_parameter_sanitizer.permit(:account_update, keys: [:username]) end end After adding both gems, devise will work as normal.
Update: With the latest version of Devise 3.x, as described at devise#strong-parameters, the authentication key (normally the email field), and the password fields are already permitted. However, if there are any additional fields on the signup form, you will need to let Devise know the extra fields to permit. The easiest way to do this is with a filter:
class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) << :username end end For Devise 2.x, if you use the safety feature requiring explicitly whitelisting tainted parameters in the user model:
include ActiveModel::ForbiddenAttributesProtection the changes needed are found at https://gist.github.com/3350730 which overrides some of the controllers.
134
The easy way is to add a simple before filter in your ApplicationController. If you have different roles and/or other more complex scenario there are other options on the link below:
https://github.com/plataformatec/devise#strong-parameters
28
before_filter :configure_sanitized_params, if: :devise_controller?
def configure_sanitized_params
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:firstname, :designation_id, :middlename, :previous_experiance_year, :previous_experiance_month, :lastname, :email, :username, :password, :password_confirmation, :previous_experiance, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:remove_image, :firstname, :designation_id, :middlename, :lastname, :email, :username, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) }
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
