Rails 4 and Devise - User registration via JSON API

Question

I'm attempting to register a devise user via JSON but keep getting an ActiveModel::ForbiddenAttributesError

class Api::V1::RegistrationsController  < ApplicationController

  skip_before_filter :verify_authenticity_token
  respond_to :json

  def create

    user = User.new(params[:user])

    if user.save
      render :json => user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201
      return
    else
      warden.custom_failure!
      render :json => user.errors, :status=>422
    end
  end

  def user_params
    params.require(:user).permit(:email, :password)
  end

end

Here's my JSON request:

 Processing by Api::V1::RegistrationsController#create as JSON
 Parameters: {"user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}, "registration"=>{"user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}}

I realize this has something to do with Strong Parameters but haven't been able to crack it yet.

Answer 1

I would change:

user = User.new(params[:user])

with:

user = User.new(user_params)

From docs:

# This will raise an ActiveModel::ForbiddenAttributes exception because it's using mass assignment
# without an explicit permit step.
def create
  Person.create(params[:person])
end