Menu
I am using the rails 4.0 branch of devise along with ruby 2.0.0p0 and Rails 4.0.0.beta1.
This is the kind of question where I am checking if I'm doing it the right way, or if there are other things I should be doing. I'm sure a lot of people moving to Rails 4.0 are facing the same problems (after googling for similar things).
I have read the following links:
Now using devise I created a User model, I created the following controller using the above gists (and made sure to include it in my routes file). My extra parameters are first_name and last_name.
class Users::RegistrationsController < Devise::RegistrationsController def sign_up_params params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation) end def account_update_params params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :current_password) end private :sign_up_params private :account_update_params end Is there anything else I should be doing? Is this the best way of doing things from now on (since dropping attr_accessor). My forms seem to be working fine (both the new and update). The gists said to use "resource_params" but that always gave the "Unpermitted parameters" error in my server log.
318
Strong Parameters, aka Strong Params, are used in many Rails applications to increase the security of data sent through forms. Strong Params allow developers to specify in the controller which parameters are accepted and used.
Permitting new parameters You can add new parameters to the permitted list using the permit method in a before_action method, for instance. Using a block yields an ActionController::Parameters object so you can permit nested parameters and have more control over how the parameters are permitted in your controller.
The devise_parameter_sanitizer. sanitize() method, defined in the Devise::ParameterSanitizer class, is used by devise in order to filter the allowed parameters, from its controllers, for a given action. It is very similar to the Rails strong parameters feature.
Thanks for the latest updates on Rails4 branch of Devise, it doesn't really need to insert 'resource_params'.
I've created a brand new Rails4 app and followed basic Devise installation steps and my app works properly, so I think, you've done well.
But there is a modified gist which gives you some extra details in terms of permitted parameters if you need:
Source: https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
# controllers/users/registrations_controller.rb class Users::RegistrationsController < Devise::RegistrationsController before_filter :configure_permitted_parameters protected # my custom fields are :name, :heard_how def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) do |u| u.permit(:name, :heard_how, :email, :password, :password_confirmation) end devise_parameter_sanitizer.for(:account_update) do |u| u.permit(:name, :email, :password, :password_confirmation, :current_password) end end end If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
