Menu
Very new to working with rails. I have implemented a basic login system using Devise. I am trying to add a couple of new fields (bio:string, name:string) into the sign_up page. I have everything displaying correctly and the new fields are added to the database (when I view it in SQLbrowser) however, they are not populating and after the user submits the sign_up form there is a message which part of it says:
Unpermitted parameters: bio, name
I have added the 2 strings to the _devise_create_users.rb
# added
t.string :bio
t.string :name
And I have them showing up in the schema.rb
ActiveRecord::Schema.define(version: 20130629002343) do
create_table "users", force: true do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.datetime "created_at"
t.datetime "updated_at"
t.string "shortbio"
t.boolean "admin", default: false
t.string "realname"
t.string "name"
t.string "bio"
end
add_index "users", ["email"], name: "index_users_on_email", unique: true
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
end
My user.rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
#:token_authenticatable, :confirmable,
#:lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
Is this problem something to do with Strong Parameters? I am having a hard time wrapping my head around them and where/how to implement.
963
The accepted solution is good enough, but I see two problems: 1) All the controllers will check if the current controller is the devise controller (if: :devise_controller?) and 2) We need to write all the acceptable parameters in the method (...for(:sign_up) {|u| u.permit(:bio, :name)}), even the :email, :password and so on.
I think that a more elegant solution could be:
# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up).push(:name, :phone, :organization)
end
end
# config/routes.rb
devise_for :users, :controllers => { :registrations => "users/registrations" }
NOTE: Updates for Rails 4.2+
This answer is falling out of date:
devise_parameter_sanitizer.permit() replaces devise_parameter_sanitizer.for() for Devise 4 (see Rails 5, Undefined method `for' for #<Devise on line devise_parameter_sanitizer.for)
73
Make sure you are using Devise 3.0.0 at least. Add to your application controller:
before_filter :update_sanitized_params, if: :devise_controller?
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:bio, :name)}
end
Documentation: https://github.com/plataformatec/devise#strong-parameters
23
I was having trouble with this too. The documentation on devise's site helped as well as some forums. Here's what I ended up doing:
In custom RegistrationsController (app/controllers/users/registrations_controller.rb)
# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :update_sanitized_params, if: :devise_controller?
def update_sanitized_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email, :password, :password_confirmation)}
end
end
Then in your route file (config/routes.rb) us this for your devise_for statement:
devise_for :users, controllers: {registrations: "users/registrations"}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
