I'm having issues with adding usernames to the Devise controller.
The error message I get in the console when creating a new user is: "Unpermitted parameter: :username."
However I'm following the docs on github which says I should add parameters like this:
In registrations_controller.rb (this don't work)
class Users::RegistrationsController < Devise::RegistrationsController
before_action :configure_sign_up_params, only: [:create]
before_action :configure_account_update_params, only: [:update]
protected
#If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
end
#If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:username])
end
end
However doing this instead in the application control works:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
added_attrs = [:username]
devise_parameter_sanitizer.permit :sign_up, keys: added_attrs
devise_parameter_sanitizer.permit :account_update, keys: added_attrs
end
end
I don't understand how one works and the other don't.
You need to configure the routes to use your custom controller
devise_for :users, controllers: {
# ...
registrations: "users/registrations"
}
You don't need to two seperate callbacks either since devise_parameter_sanitizer keeps different parameters lists for different actions anyways.
module Users
class RegistrationsController < Devise::RegistrationsController
before_action :configure_permitted_parameters
protected
def configure_permitted_parameters
added_attrs = [:username]
devise_parameter_sanitizer.permit :sign_up, keys: added_attrs
devise_parameter_sanitizer.permit :account_update, keys: added_attrs
end
end
end
Related
I'm using devise and activeadmin.
When I log in to my app as an Admin (http://localhost:3000/users/admin) the app redirects me to to the http://localhost:3000/users/sign_in page.
So basically I have to login at some user to be able to log in as Admin. Which is really inconvenient.
this is my application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true, with: :exception
before_action :authenticate_user!, except: [:index]
def after_sign_in_path_for(resource)
user_path(resource)
end
def after_sign_up_path_for(resource)
user_path(resource)
end
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username, :email, :password, :password_confirmation])
devise_parameter_sanitizer.permit(:sign_in, keys: [:login, :password, :password_confirmation])
devise_parameter_sanitizer.permit(:account_update, keys: [:username, :email, :password, :password_confirmation, :current_password])
end
end
I have added this chunk of code to the controller with out any luck.
before_action :whois, if: :devise_controller?
def whois
if user.admin?
def after_sign_in_path_for(resource)
admin_dashboard_path
end
else
def after_sign_in_path_for(resource)
user_path(resource)
end
def after_sign_up_path_for(resource)
user_path(resource)
end
end
end
Here my routes
devise_for :users
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
resources :overviews
resources :users
root 'overviews#index'
Can anyone help me with this, please?
In the initializer active_admin.rb - try this
config.authentication_method = false
I'm using devise_token_authentication gem to build token based authentication rails api, then after that I added some extra fields to Vendor model through different migration, and in order to permit them I wrote this:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :tax_number])
devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :tax_number])
end
end
Then after that I added another model Customer rails g devise_token_auth:install Customer auth
then in routes.rb
Rails.application.routes.draw do
mount_devise_token_auth_for 'Vendor', at: 'vendor/auth'
mount_devise_token_auth_for 'Customer', at: 'customer/auth'
end
each time I try to sign_up with customers through 'localhost:3000/customer/auth' I got error message: ActiveModel::UnknownAttributeError: unknown attribute 'tax_number' for Customer.
So is there any way to permit the extra fields only for Vendor model and skip 'Customer' ?
look on this setup for multiple devise user models.
or
If you override the RegistrationsController you need to permit extra params directly in registrationsController
class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController
def create
end
def account_update
end
private
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation, :first_name, :last_name, :tax_number)
end
end
I'm unable to permit additional parameters in invite#accept. I've setup everything and here's a controller.
But in the method accept_resource there're still only 3 old parameters accepted, other didn't come through, although they present on a form.
class MyInvitationsController < Devise::InvitationsController
before_filter :configure_permitted_parameters, if: :devise_controller?
before_filter :update_sanitized_params, only: [:edit, :update]
def edit
puts "edit...."
super
end
private
def accept_resource
puts "accept_resource..."
resource = resource_class.accept_invitation!(update_resource_params)
# but it still permits only :password, :password_confirmation and :invitation_token
resource
end
protected
def configure_permitted_parameters
puts "configure_permitted_parameters..."
devise_parameter_sanitizer.permit(:sign_up, keys: [:aaa, :bbb, :ccc, :password, :password_confirmation,
:invitation_token])
end
def update_sanitized_params
puts "update_sanitized_params..."
devise_parameter_sanitizer.permit(:sign_up, keys: [:aaa, :bbb, :ccc, :password, :password_confirmation,
:invitation_token])
How to fix that?
I use devise 4.2 and devise_invitable 1.6
Try remove
if: :devise_controller?
in your before_filter, because your are not in devise controller.
I added additional fields to my user model, then updated the configure_account_update_params method accordingly. Everything was working until I wanted users to be able to update their information without having to input their current password.
So I removed the field for the view and changed the update method in the RegistrationsController
This is my controller, I'm not sure if I'm missing something
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_account_update_params, only: [:update]
def update
resource.update_without_password(resource_params)
end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.for(:account_update) << [:first_name, :last_name, :country, :phone_number, :gender, :birthdate]
end
end
According to devise documentation, you should replace this in your controller.
class Users::RegistrationsController < Devise::RegistrationsController
protected
def update_resource(resource, params)
resource.update_without_password(params)
end
end
The fields were added via migration and the view's forms are created, but the controller filters the parameter on their path from the view to the model. No matter what I seem to do, my parameters are always unpermitted. My controller code
#app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_sign_up_params, only: [:create]
before_filter :configure_account_update_params, only: [:update]
protected
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.for(:sign_up)<<[:first_name,:last_name,:profile_image,:graduation_year]
end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.for(:account_update)<<[:first_name,:last_name,:profile_image,:graduation_year]
end
end
end
#config/routes.rb
Rails.application.routes.draw do
#...
devise_for :users, controllers: { account_update: "users/registrations", sign_up:"users/registrations" }
end
#Error
Parameters: {"utf8"=>"✓", "authenticity_token"=>"Qts15L3n6Xvsn0hwNvIUI6UrWUQyV/qEyoQAZ8M+udMK1RBTQS1XoNWgpg1JrXqWpb9NbrsaHtQVVU8XMwoSIQ==",
"user"=>{"first_name"=>"a", "last_name"=>"a",
"profile_image"=>#<ActionDispatch::Http::UploadedFile:0x00000004fe0bb0 #tempfile=#<Tempfile:/tmp/RackMultipart20150709-4420-12guerh.jpeg>, #original_filename="test1.jpeg", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"user[profile_image]\"; filename=\"test1.jpeg\"\r\nContent-Type: image/jpeg\r\n">,
"graduation_year"=>"1", "email"=>"aaaaaa#a.a",
"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"},
"commit"=>"Submit"}
Unpermitted parameters: first_name, last_name, profile_image, graduation_year
Thanks for the help everyone. Really appreciate it!
My config/routes.rb was messed up. It needed to be
devise_for :users, controllers: { registrations: 'users/registrations' }
Then I needed to add :email, :password, :password_confirmation back to app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_sign_up_params, only: [:create]
before_filter :configure_account_update_params, only: [:update]
def configure_sign_up_params
devise_parameter_sanitizer.for(:sign_up)<<[:first_name,:last_name,:profile_image,:graduation_year,
:email,:password,:password_confirmation]
end
def configure_account_update_params
devise_parameter_sanitizer.for(:account_update)<<[:first_name,:last_name,:profile_image,:graduation_year,
:email,:password,:password_confirmation]
end
end
Also there was an extra 'end' at the bottom of the file.
Update
In the current version of devise (4.3)/rails (5.1.3) it is similar, but the configure functions should be updated to something like this:
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :age, :height, :weight, :gender])
end
I had the same problem and changing like the below worked for me.
def configure_sign_up_params
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( :first_name, :last_name, :profile_image, :graduation_year) }
end
def configure_account_update_params
devise_parameter_sanitizer.for(:account_update) { |u| u.permit( :first_name, :last_name, :profile_image, :graduation_year) }
end