Unpermitted Parameters in Rails

Question

I've created a sign up form for my site, and included the following parameters in my users_controller.rb file in order to save the data entered into the corresponding fields to my database. For some reason, when I attempt to submit my created Sign Up form, the console is telling me that firstname and lastname aren't permitted parameters. The error is:

Unpermitted parameters: firstname, lastname

The sign up is successful, and the other parameters are entered into the database just fine; however firstname and lastname columns remain empty.

users_controller.rb

   class UsersController < ApplicationController

def create
  @user = User.new(user_params)
  if @user.save
    flash[:success] = "You signed up successfully"
    flash[:color] = "valid"
    redirect_to @user
  else
    flash[:notice] = "Form is invalid"
    flash[:color] = "invalid"
    render "new"
  end
end

private
def user_params
  params.require(:user).permit(:firstname, :lastname, :email, :password, :password_confirmation)
end


def show
  @user = User.find(params[:id])
end

def new
end

end

new.html.erb

<%= form_for(:user, :url => {:controller => 'users', :action => 'create'}) do |f| %>

    </br> <%= f.text_field :firstname, placeholder: 'First Name' %> 
    </br> <%= f.text_field :lastname, placeholder: 'Last Name' %>
    </br> <%= f.text_field :email, placeholder: 'Email' %> 
    </br> <%= f.password_field :password, placeholder: 'Password' %>
    </br> <%= f.password_field :password_confirmation, placeholder: 'Confirm Password' %>


    <%= f.submit :Register %>
  <% end %>

schema.rb

create_table "users", force: :cascade do |t|
    t.string   "firstname"
    t.string   "lastname"
    t.string   "email"
    t.datetime "created_at",      null: false
    t.datetime "updated_at",      null: false
    t.string   "password_digest"
    t.string   "password"
  end

user.rb

class User < ActiveRecord::Base

    has_secure_password

  validates_length_of :password, :in => 6..20, :on => :create
  validates :password_confirmation, presence: true, if: -> { new_record? || changes["password"] }

end

Incoming Parameters (console)

Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"1hHzXu2RZR3G3Zx4PoOeDu3DlU31V5abDH/UmNx+w9hs/gacgRYhFgpe6cm0d7cLaTtZdfROi3oUrw/m5EcTAQ==", "user"=>{"firstname"=>"Milhouse", "lastname"=>"Vanhoutten", "email"=>"[email protected]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Register"}
Unpermitted parameters: firstname, lastname, 
   (0.4ms)  begin transaction
  SQL (0.6ms)  INSERT INTO "users" ("email", "password_digest", "created_at", "updated_at") VALUES (?, ?, ?, ?)  [["email", "[email protected]"], ["password_digest", "$2a$10$T.iv9b3BjG.t1FJvT7YsVOZf0wNOD2QSFA9lP8RGOiE1h5AaDdB2q"], ["created_at", "2016-01-18 22:12:32.764948"], ["updated_at", "2016-01-18 22:12:32.764948"]]
   (7.0ms)  commit transaction
Redirected to /users/6
Completed 302 Found in 122ms (ActiveRecord: 8.7ms)

Answer 1

It looks like the parameters may be coming in as

{:firstname => 'foo', :lastname => 'baz'}

instead of

{"user" => {"firstname" => "foo", "lastname" => "baz"}}

It can probably be traced back to the form.