Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Devise: Unpermitted parameters

I don't know why, but the following code just stopped working (I didn't even notice how it happened)

routes.rb

devise_for :users, components: {registrations: 'registrations', sessions: 'sessions'}

registations_controller.rb

class RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up).push(:name, :surname, :username, :email, :avatar)
    devise_parameter_sanitizer.for(:account_update).push(:name, :surname, :email, :avatar)
  end

end

As I said, everything worked fine before, but now I'm getting:

Processing by Devise::RegistrationsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"lvuPOmTRqv6XUQ/O1g4Q9VNvzD7DgGCHocY/OlAvKHEIvWAHvlS982hxSZZzzAESCpmL5QTUcTLw/c9ME/sUFQ==", "user"=>{"name"=>"John", "surname"=>"Doe", "username"=>"foobar", "email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Register"}
Unpermitted parameters: name, surname, email

Cofiguration:

  • Rails 4.2.5
  • Devise 3.5.6

P.S.: Now I finally understand why should I cover my code with unit-tests and use Travis CI

like image 772
Viktor Avatar asked Feb 27 '16 10:02

Viktor


2 Answers

I think you should try "configure_permitted_parameters" method in application controller instead of registration controller.

class ApplicationController < ActionController::Base

 before_action :configure_permitted_parameters, if: :devise_controller?

 protected

 def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up).push(:name, :surname,:username, :email, :avatar)
    devise_parameter_sanitizer.for(:account_update).push(:name, :surname, :email, :avatar)
 end
end
like image 86
Kinjal Shah Avatar answered Sep 23 '22 00:09

Kinjal Shah


The for method has been deprecated since 4.1. Use this instead:

class ApplicationController < ActionController::Base    
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    attributes = [:name, :surname,:username, :email, :avatar]
    devise_parameter_sanitizer.permit(:sign_up, keys: attributes)
    devise_parameter_sanitizer.permit(:account_update, keys: attributes)
  end
end
like image 37
dexter Avatar answered Sep 22 '22 00:09

dexter