Develop Reference

Rails Devise - Update User with Associated Model

Good day,
I have a devise users model and in edit user page I want to add a custom field called "add verification documents" which takes in multiple documents(pdf's) that are uploaded in edit user page. A User can upload multiple documents.
# user.rb
class User < ActiveRecord::Base
has_many :verification_documents
end
# routes.rb
devise_for :users,
path: '',
path_names: {sign_in: 'login', sign_out: 'logout',sign_up: 'sign-up', edit: 'profile'},
controllers: {
omniauth_callbacks: 'omniauth_callbacks',
registrations: 'registrations'
}
My Requirement is similar to
Rails Devise - Register User with Associated Model ,
But Instead of address attributes, here I want to upload multiple verification verification documents to the verification_documents model during update action of the devise user model.
# views/devise/registrations/edit.html.erb
<div class="row">
<%= form_for(resource, as: resource_name,
url: registration_path(resource_name),
html: { method: :put },
multipart: true) do |f| %>
<div class="form-group">
<%= f.text_field :fullname, autofocus: true,
placeholder: "Full Name *", class: "form-control" %>
</div>
<div class="form-group">
<%= f.email_field :email, placeholder: "Email *",
class: "form-control" %>
</div>
<span class="btn btn-default btn-file btn-green pad_small">
Upload Verification Documents
<input type="file" accept="application/pdf" name="input-file-preview"/>
<%= file_field_tag "verification_documents[]", type: :file, multiple: true %>
</span>
<div class="actions">
<%= f.button "Save", class: "btn btn-green pad_small" %>
</div>
</div>
# verification_document.rb
class VerificationDocument < ActiveRecord::Base
belongs_to :user
has_attached_file :verification_documents
validates_attachment_content_type :verification_documents,
{ :content_type => %w( application/pdf ) }
end
Is it possible to update something like below in RegistrationsController as ?
# RegistrationsController < Devise::RegistrationsController
def update
if #user.update(user_params)
if params[:verification_documents]
params[:verification_documents].each do |doc|
#user.verification_documents.create(verification_documents: doc)
end
end
redirect_to root_path, notice: "Updated..."
else
render :edit
end
end
In application_controller.rb I have,
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up,
keys: [:fullname, :subscribe])
devise_parameter_sanitizer.permit(:account_update,
keys: [:fullname, :reset_password_token, :verification_documents])
end
Any Help is Highly Appreciated.Thanks in Advance!
UPDATE 1
I have added this to the Registrations Controller
def update
super
#user = User.find(current_user.id)
if params[:user][:verification_documents]
params[:user][:verification_documents].each do |doc|
#user.verification_documents.create(verification_documents: doc)
end
puts "document saved"
else
puts "not saved"
end
end
I tried to change the user phone number and upload the verification_documents (pdf's) in the users edit page.The values of devise user model Attribute's were successfully updated(The phone number is an attribute of user model).But the values for the verification_document model attributes are not saved.
phone number is updated but the verification_documents were still not saved
Log:
Processing by RegistrationsController#update as HTML
Parameters: {"utf8"=>"▒~\~S", "authenticity_token"=>"Xic+IFWWdzK4KaFzgnVzsOjMDPDaznJBjosj69khn3AfhrJr0mWsJrobK/mWHWiaANFqQAKj7wUPRYslfJZoPw==", "user"=>{"fullname"=>"Mohan Krishna Gangarapu", "email"=>"mohankrish93#gmail.com", "alternate_email"=>"", "business_name"=>"", "location"=>"", "phone_number"=>"9999999999", "alternate_phone_number"=>"", "dealer"=>"0", "fleet_manager"=>"0", "description"=>"", "url"=>"", "current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "deactivate"=>"false"}, "verification_documents"=>[#<ActionDispatch::Http::UploadedFile:0x007f1412365420 #tempfile=#<Tempfile:/tmp/RackMultipart20170411-23997-11lrzwz.pdf>, #original_filename="pdf-test.pdf", #content_type="application/pdf", #headers="Content-Disposition: form-data; name=\"verification_documents[]\"; filename=\"pdf-test.pdf\"\r\nContent-Type: application/pdf\r\n">, #<ActionDispatch::Http::UploadedFile:0x007f14123653f8 #tempfile=#<Tempfile:/tmp/RackMultipart20170411-23997-e1grsp.pdf>, #original_filename="pdfurl-guide.pdf.pdf", #content_type="application/pdf", #headers="Content-Disposition: form-data; name=\"verification_documents[]\"; filename=\"pdfurl-guide.pdf.pdf\"\r\nContent-Type: application/pdf\r\n">], "button"=>""}
^[[1m^[[36mUser Load (0.2ms)^[[0m ^[[1mSELECT `users`.* FROM `users` WHERE `users`.`id` = ? ORDER BY `users`.`id` ASC LIMIT 1^[[0m [["id", 686]]
^[[1m^[[35mUser Load (0.4ms)^[[0m SELECT `users`.* FROM `users` WHERE `users`.`id` = ? LIMIT 1 [["id", 686]]
Unpermitted parameters: business_name, location
^[[1m^[[36mSQL (0.1ms)^[[0m ^[[1mBEGIN^[[0m
^[[1m^[[35mSQL (0.3ms)^[[0m UPDATE `users` SET `phone_number` = ?, `deactivate` = ?, `updated_at` = ? WHERE `users`.`id` = ? [["phone_number", "9999999999"], ["deactivate", 0], ["updated_at", "2017-04-11 05:32:57"], ["id", 686]]
^[[1m^[[36m (1.8ms)^[[0m ^[[1mCOMMIT^[[0m
Redirected to http://104.251.212.100:3000/
Completed 302 Found in 17ms (ActiveRecord: 3.6ms)
Started GET "/" for 156.73.67.6 at 2017-04-11 05:32:57 -0500
Cannot render console from 156.73.67.6! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by PagesController#home as HTML

Editing user details creates new user. Devise, Rails 4

I have weird problem, previous created form instead of updating user details such as e-mail or name creates new user with given details.
My form:
this code example I took from views/devise/registrations/edit
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { "data-parsley-validate" => true, :id=>"user-edit"},remote: true, format: :json) do |f| %>
<div class="form-group">
<%= f.text_field :name,:class=>"user-input form-control", :id=>"user-name" ,:placeholder=> "Lietotājvārds*",:"data-parsley-group"=>"f1" %>
</div>
<div class="form-group">
<%= f.email_field :email ,:class=>"user-input form-control", :id=>"password",:placeholder=> "E-pasts *",:"data-parsley-group"=>"f2" %>
</div>
<div class="form-group">
<%= f.password_field :current_password, :autocomplete => "off" ,:class=>"user-input form-control", :id=>"password",:placeholder=> "Vecā parole* ",:"data-parsley-group"=>"f3" %>
</div>
<div class="form-group">
<%= f.password_field :password , :class=>"user-input form-control", :id=>"password",:placeholder=> "Jaunā parole* vismaz 8 simboli ", :"data-parsley-group"=>"f3" %>
</div>
<div class="form-group">
<%= f.password_field :password_confirmation , :class=>"user-input form-control", :id=>"password",:placeholder=> "Atkārtot paroli * vismaz 8 simboli ", :"data-parsley-group"=>"f3" %>
</div>
<button type="submit" class="blue-button btn btn-default">Apstiprināt</button>
<%end%>
Routes file:
devise_for :users, :controllers => {:registrations=> "registrations"}
Registration controller:
class RegistrationsController < Devise::RegistrationsController
clear_respond_to
respond_to :json
def sign_up_params
params.require(:user).permit( :email, :password, :password_confirmation,:name, :not_a_robot,:current_password,:bypass_humanizer)
end
def account_update_params
params.require(:user).permit(:name, :email, :password, :password_confirmation, :current_password, :not_a_robot, :bypass_humanizer)
end
private :sign_up_params
private :account_update_params
protected
def update_resource(resource, params)
resource.update_without_password(params)
end
end
In applicaion helper:
module ApplicationHelper
def resource_name
:user
end
def resource
#resource ||= User.new
end
def devise_mapping
#devise_mapping ||= Devise.mappings[:user]
end
end
Log file:
Started POST "/ru/users" for 85.255.65.15 at 2015-09-28 19:32:25 +0300
Processing by RegistrationsController#create as JS
Parameters: {"utf8"=>"✓", "user"=>{"name"=>"ooppapa", "email"=>"test11#!!!", "current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "bypass_humanizer"=>"true", "not_a_robot"=>"1"}, "locale"=>"ru"}
[1m[36mBanlist Load (2.0ms)[0m [1mSELECT `banlists`.* FROM `banlists` WHERE (ip_adress = '85.255.65.15')[0m
[1m[35mCountry Load (1.5ms)[0m SELECT `countries`.* FROM `countries` WHERE `countries`.`id` = 1 LIMIT 1
[1m[36mRegion Load (1.3ms)[0m [1mSELECT `regions`.* FROM `regions` WHERE `regions`.`country_id` = 1[0m
[1m[35m (0.4ms)[0m BEGIN
[1m[36mUser Exists (44.1ms)[0m [1mSELECT 1 AS one FROM `users` WHERE `users`.`email` = BINARY 'test11#!!!' LIMIT 1[0m
[1m[35mUser Load (24.3ms)[0m SELECT `users`.* FROM `users` WHERE `users`.`confirmation_token` = '5c5e282bd4c139c7764506b785d54119ceee5499426b555c3650cfc7190ee947' ORDER BY `users`.`id` ASC LIMIT 1
[1m[36mSQL (2.1ms)[0m [1mINSERT INTO `users` (`confirmation_sent_at`, `confirmation_token`, `created_at`, `email`, `encrypted_password`, `name`, `updated_at`) VALUES ('2015-09-28 19:32:29', '5c5e282bd4c139c7764506b785d54119ceee5499426b555c3650cfc7190ee947', '2015-09-28 19:32:28', 'test11#individualki.eu', '$2a$10$mEHajmY0H1NueGrrap7NNu0LuViDEJ.imAS4jhdj1KIyPRIyej/NC', 'ooppapa', '2015-09-28 19:32:28')[0m
Rendered devise/mailer/confirmation_instructions.html.erb (29.2ms)
Devise::Mailer#confirmation_instructions: processed outbound mail in 1726.8ms
Sent mail to test11#!!!.eu (776.1ms)
Date: Mon, 28 Sep 2015 19:32:31 +0300
From: support#!!!!.eu
Reply-To: support#!!!!.eu
To: test11#!!!!.eu
Message-ID: <56096b9f98eb5_25e4640a718550c6#!!!!!>
Subject: Confirmation instructions
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
<p>Welcome !!!</p>
<p>You can confirm your account email through the link below:</p>
My routes:
rake routes
new_user_session GET (/:locale)/users/sign_in(.:format) devise/sessions#new {:locale=>/lv|ee|ru/}
user_session POST (/:locale)/users/sign_in(.:format) devise/sessions#create {:locale=>/lv|ee|ru/}
destroy_user_session DELETE (/:locale)/users/sign_out(.:format) devise/sessions#destroy {:locale=>/lv|ee|ru/}
user_password POST (/:locale)/users/password(.:format) devise/passwords#create {:locale=>/lv|ee|ru/}
new_user_password GET (/:locale)/users/password/new(.:format) devise/passwords#new {:locale=>/lv|ee|ru/}
edit_user_password GET (/:locale)/users/password/edit(.:format) devise/passwords#edit {:locale=>/lv|ee|ru/}
PATCH (/:locale)/users/password(.:format) devise/passwords#update {:locale=>/lv|ee|ru/}
PUT (/:locale)/users/password(.:format) devise/passwords#update {:locale=>/lv|ee|ru/}
cancel_user_registration GET (/:locale)/users/cancel(.:format) registrations#cancel {:locale=>/lv|ee|ru/}
user_registration POST (/:locale)/users(.:format) registrations#create {:locale=>/lv|ee|ru/}
new_user_registration GET (/:locale)/users/sign_up(.:format) registrations#new {:locale=>/lv|ee|ru/}
edit_user_registration GET (/:locale)/users/edit(.:format) registrations#edit {:locale=>/lv|ee|ru/}
PATCH (/:locale)/users(.:format) registrations#update {:locale=>/lv|ee|ru/}
PUT (/:locale)/users(.:format) registrations#update {:locale=>/lv|ee|ru/}
DELETE (/:locale)/users(.:format) registrations#destroy {:locale=>/lv|ee|ru/}
user_confirmation POST (/:locale)/users/confirmation(.:format) devise/confirmations#create {:locale=>/lv|ee|ru/}
new_user_confirmation GET (/:locale)/users/confirmation/new(.:format) devise/confirmations#new {:locale=>/lv|ee|ru/}
GET (/:locale)/users/confirmation(.:format) devise/confirmations#show {:locale=>/lv|ee|ru/}
update_password_user PATCH (/:locale)/user/update_password(.:format) users#update_password {:locale=>/lv|ee|ru/}
edit_user GET (/:locale)/user/edit(.:format) users#edit {:locale=>/lv|ee|ru/}
sms_receive GET (/:locale)/sms/receive(.:format) sms#receive {:locale=>/lv|ee|ru/}
root GET /(:locale)(.:format) girls#index {:locale=>/lv|ee|ru/}
I am confused. Is it registration_path(resource_name) that creates this error?
Any advise could be helpful.!
thanks in advance.

The issue is in the form as it is pointing to the registration_path(resource_name) path.
The example you are using is taken from How To: Allow users to edit their account without providing a password and it says:
and provide an edit and update actions, as you would do for any other
resource in your application.
Which means you need to create a route to the edit method and use it as you wish.
The example above is for updating the user without the password, but what you are doing is updating the password.
For the solutions, read How To: Allow users to edit their password
An example solution - #3:
UsersController
class UsersController < ApplicationController
before_filter :authenticate_user!
def edit
#user = current_user
end
def update_password
#user = User.find(current_user.id)
if #user.update(user_params)
# Sign in the user by passing validation in case their password changed
sign_in #user, :bypass => true
redirect_to root_path
else
render "edit"
end
end
private
def user_params
# NOTE: Using `strong_parameters` gem
params.require(:user).permit(:password, :password_confirmation)
end
end
If you are using several scopes, specify the one you are signing in:
sign_in :user, #user, bypass: true
The route should be the following:
resource :user, only: [:edit] do
collection do
patch 'update_password'
end
end
View
<%= form_for(#user, :url => { :action => "update_password" } ) do |f| %>
<div class="field">
<%= f.label :password, "Password" %><br />
<%= f.password_field :password, :autocomplete => "off" %>
</div>
<div class="field">
<%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %>
</div>
<div class="action_container">
<%= f.submit %>
</div>
<% end %>
To use "confirm_password" field to force user to enter old password
before updating with the new one: Change #user.update(user_params) to
#user.update_with_password(user_params) in the controller along with
adding :current_password to the permitted parameters, then and add the
following to the view code:
<div class="field">
<%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
<%= f.password_field :current_password %>
</div>
Remember, Devise models are like any model in your application. If you
want to provide custom behavior, just implement new actions and new
controllers. Don't try to bend Devise.

I saw your question and maybe the problem is on form call.
Try insert html: { method: :put }. With simple_form I use this way:
= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f|
How you omitted the method of send the form, it's sending as post and creating a new record, I presume.

Can't update user in Ruby on Rails

I am using ruby on rails try to update user information, but when I submit, the console will show an error saying the user exists and redirect to the correct page. What's wrong with my code?
The error message:
Started PATCH "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"sJm38g36DAYDo4eXdpcIPRX0e40Jp6cECmMwEvhCAEhTlDwwmmgOfXZqeczglNmJ4K9pQXiyXAsRsgP/C8lScg==", "name"=>"test123", "department"=>"123", "commit"=>"Update User", "id"=>"6"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", "6"]] (0.1ms)
begin transaction
User Exists (0.2ms)
SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'test#test.com' AND "users"."id" != 6) LIMIT 1 (0.1ms)
rollback transaction
Redirected to http://localhost:3000/users/6
Completed 302 Found in 9ms (ActiveRecord: 0.5ms)
Started GET "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#show as HTML
Parameters: {"id"=>"6"} User Load (0.1ms)
SELECT "users".* FROM "users" WHERE "users"."id"
= ? LIMIT 1 [["id", 6]]
Rendered users/show.html.erb within layouts/application (0.1ms)
User Load (0.2ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]]
Completed 200 OK in 66ms (Views: 64.3ms | ActiveRecord: 0.3ms)
The edit page
<h1 class="center">Edit name</h1>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<%= form_tag "/users/#{#user.id}", :method => 'patch' do %>
<p>
<%= label_tag :name %>
<%= text_field_tag :name, #user.name %>
</p>
<p>
<%= label_tag :department %>
<%= text_field_tag :department, #user.dept %>
</p>
<input type="submit" name="commit" value="Update User">
<% end %>
</div>
</div>
The controller is like this
class UsersController < ApplicationController
before_action :authorize, only: [:show, :edit, :update]
def authorize
#user = User.find_by(id: params[:id])
if #user.blank? || session[:user_id] != #user.id
redirect_to root_url, notice: "Nice try!"
end
end
def new
#user = User.new
end
def show
end
def edit
end
def update
#user = User.find_by(id: params[:id])
#user.name = params[:name]
#user.dept = params[:department]
#user.save
redirect_to user_path(#user.id)
end
def create
#user = User.new(email: params[:email],
name: params[:name],
password: params[:password],
role: params[:role],
dept: params[:dept])
if #user.save
redirect_to root_url, notice: "Thanks for signing up."
else
render "new"
end
end
end
The router concerning this part is like:
# sign up
get '/signup' => 'users#new'
post '/users' => 'users#create'
get '/users/:id' => 'users#show', as: :user
get '/users/:id/edit' => 'users#edit', as: 'edit_user'
patch '/users/:id' => 'users#update'

The problem is in the form_tag,it should be like this
<%= form_tag({:action => :update}, {:method => :patch}) do %>
Also your code for form_tag looks vulnerable. Changing it to like this will be better.
<%= form_tag update_user_path(#user) do %>
or
<%= form_tag user_path(#user), :method => :patch do %>

Are you using rails 4?
You should update your controller to conform to strong_parameters if you are.
def update
#user = User.find(params[:id)
if #user.update_attributes(user_params)
redirect_to user_path(#user.id)
else
render :edit
end
end
private
def user_params
params.require(:user).permit(:name, :dept)
end
Doing this will mean that you have to wrap your name and dept params inside a user scope, eg.
user: { name: "Howard Moon", dept: "Zookeeper" }
But is the standard way to handle params in the controller.
Hope this helps!
EDIT: Link to Strong Parameters which does a better job at explaining this than I can. Haha

Rails 4 Devise: SessionsController: UnknownFormat: 406 error

I'm trying to login with Devise, but the login fails with a 406 Not Acceptable message from Rails 4. Specifically:
Started POST "/login.user" for 127.0.0.1 at 2015-04-03 14:37:21 -0600
Processing by Devise::SessionsController#create as
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"RLOQtv2L80h1VnMKynBuGsqsTEoggZzk3dWk6h8WdfQLOaOcoznTsPDortDQD5ql8qHm52l3+qnAxTf6U+dLxQ==",
"user"=>{"email"=>"jack#example.com",
"password"=>"[FILTERED]",
"remember_me"=>"0"},
"commit"=>"Log in"}
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["email", "jack#example.com"]]
(0.2ms) BEGIN
Role Load (0.4ms) SELECT "roles".* FROM "roles" INNER JOIN "unities" ON "roles"."id" = "unities"."role_id" WHERE "unities"."user_id" = $1 AND (((roles.name = 'nil') AND (roles.resource_type IS NULL) AND (roles.resource_id IS NULL))) [["user_id", 4]]
SQL (0.5ms) UPDATE "users" SET "last_sign_in_at" = $1, "current_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5 [["last_sign_in_at", "2015-04-03 20:27:03.080761"], ["current_sign_in_at", "2015-04-03 20:37:21.763619"], ["sign_in_count", 7], ["updated_at", "2015-04-03 20:37:21.797872"], ["id", 4]]
(1.7ms) COMMIT
Completed 406 Not Acceptable in 160ms (ActiveRecord: 6.0ms)
I am trying to adapt the Sessions Controller I found here; these are the relevant parts:
class Users::SessionsController < DeviseController
prepend_before_filter :require_no_authentication, only: [:new, :create]
prepend_before_filter :allow_params_authentication!, only: :create
prepend_before_filter :verify_signed_out_user, only: :destroy
prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
# GET /resource/sign_in
def new
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
yield resource if block_given?
respond_with(resource, serialize_options(resource))
end
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_flashing_format?
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
end
Here are the relevant routes:
Prefix Verb URI Pattern Controller#Action
new_user_session GET /login(.:format) devise/sessions#new
user_session POST /login(.:format) devise/sessions#create
destroy_user_session GET /sign_out(.:format) users/sessions#destroy
My sessions/new.html.erb view uses this form:
<%= form_for(resource, as: resource_name, url: user_session_path(resource_name)) do |f| %>
<input name="authenticity_token"
type="hidden"
value="<%= form_authenticity_token %>"/>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
</div>
<div class="field">
<%= f.label :password %><br />
<%= f.password_field :password, autocomplete: "off" %>
</div>
<% if devise_mapping.rememberable? -%>
<div class="field">
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
</div>
<% end -%>
<div class="actions">
<%= f.submit "Log in" %>
</div>
<% end %>
Notice I added the hidden authenticity_token in an attempt to address the 406 Not Acceptable message (I also have <%= csrf_meta_tags %> in my application.html.erb view), and from the POST I can see it's being sent.
My user model has devise: :database_authenticatable and validates_presence_of :email, :password.
I appreciate any tips or suggestions! I've tried many suggestions and there is a similar question here. I can provide any other info that might help.

I solved this problem by using the 'omniauth-google-oauth2'gem.

Rails form not using explicit action

I'm a noob that's been struggling with this problem for longer than I care to admit. I used to have a routing issue with my STI model, but now I think that's solved (thanks to SO).
My problem is once I update the form at : /kids/1/edit, instead of having the record saved, it seems to get the record again. I know I'm missing something basic, yet after working the issue a long time the answer eludes me. You can see I'm explicitly calling the kidupdate action with the form submission.
thanks in advance.
kidedit.html.erb
<% provide(:title, "Edit user") %>
<h1>Update your profile</h1>
<div class="row">
<div class="span5 offset3">
<%= form_for(#kid, url: kidedit_path) do |f| %>
<#%= render 'shared/error_messages', object: f.object %>
<%= f.label :fname, "First Name" %>
<%= f.text_field :fname %>
<%= f.label :lname, "Last Name" %>
<%= f.text_field :lname %>
<%= f.label :email %>
<%= f.text_field :email %>
<%= f.label :type, "Are you a Kid or Parent" %>
<%= f.select :type, [['Kid','Kid'],['Parent','Parent']] %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.label :password_confirmation, "Confirmation" %>
<%= f.password_field :password_confirmation %>
<%= f.submit "Save changes", class: "btn btn-large btn-primary", :controller => 'users', :action => 'kidupdate' %>
<% end %>
</div>
</div>
users_controller.rb
def kidupdate
#kid = Kid.find(params[:id])
if #kid.update_attributes(params[:kid])
flash[:success] = "Profile updated"
sign_in #kid
redirect_to kidshow_path
else
render kidedit_path(#kid)
end
end
routes.rb
Kidtunes::Application.routes.draw do
root to: 'static_pages#home'
match '/help', to: 'static_pages#help'
match '/contact', to: 'static_pages#contact'
match '/signup', to: 'users#new'
match '/signin', to: 'sessions#new'
match '/signout', to: 'sessions#destroy', via: :delete
match 'kids/:id' => 'users#kidupdate', via: :put, :as => :kidupdate
match 'kids/:id' => 'users#kidshow', via: :get, :as => :kidshow
match 'kids/:id/edit' => 'users#kidedit', :as => :kidedit
resources :users
resources :sessions, only: [:new, :create, :destroy]
Here's what's in the server log:
Started PUT "/kids/1/edit" for 127.0.0.1 at 2012-11-05 07:52:28 -0500
Processing by UsersController#kidedit as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"T8RqFt9lxdbZU+1cOh2E5yu2CFbVRDGmRcj2XdDN1ZU=", "user"=>{"fname"=>"Dante", "lname"=>"Refford", "email"=>"drefford#example.com", "type"=>"Kid", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Save changes", "id"=>"1"}
Kid Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."type" IN ('Kid') AND "users"."id" = ? LIMIT 1 [["id", "1"]]
Rendered users/kidedit.html.erb within layouts/application (4.1ms)
Rendered layouts/_shim.html.erb (0.0ms)
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."remember_token" = '1RZr3qfB6QSh42_jQ9qNWQ' LIMIT 1
Rendered layouts/_header.html.erb (2.5ms)
Rendered layouts/_footer.html.erb (0.3ms)
Completed 200 OK in 67ms (Views: 46.3ms | ActiveRecord: 1.0ms)
Routes
$rake routes
root / static_pages#home
help /help(.:format) static_pages#help
contact /contact(.:format) static_pages#contact
signup /signup(.:format) users#new
signin /signin(.:format) sessions#new
signout DELETE /signout(.:format) sessions#destroy
kidupdate PUT /kids/:id(.:format) users#kidupdate
kidshow GET /kids/:id(.:format) users#kidshow
kidedit /kids/:id/edit(.:format) users#kidedit
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
sessions POST /sessions(.:format) sessions#create
new_session GET /sessions/new(.:format) sessions#new
session DELETE /sessions/:id(.:format) sessions#destroy

As the first comment said, the form should be using the update_path method:
<%= form_for(#kid, url: kidupdate_path) do |f| %>