Develop Reference

Ruby on Rails - pundit gem - undefined method

Don't know why this is happening here.
NoMethodError in PostsController#update
undefined method `user' for nil:NilClass
My user has admin : true and I can't update other users.posts.
I want to let all users see the content, but only registered users can create content. And if the user is admin or the creator of that content he can edit/update/destroy it as well.
post.rb
class Post < ApplicationRecord
belongs_to :user
has_many :comments, dependent: :destroy
validates :title, presence: true, length: { minimum: 5 }
validates :body, presence: true, length: { minimum: 240 }
end
user.rb
class User < ApplicationRecord
include Encryptable
has_many :posts, dependent: :destroy
has_many :comments, dependent: :destroy
has_attached_file :avatar
validates_attachment_content_type :avatar, content_type: /\Aimage\/.*\z/
validates :level, numericality: { less_than_or_equal_to: 100, only_integer: true }, allow_blank: true
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable
before_validation :downcase_email #, :populate_iv_fields #if you need/want iv to change more often
before_create :create_encryption_key
after_create :save_encryption_key
after_create :build_user_consents
attr_encrypted :email, key: :encryption_key
has_many :user_consents, dependent: :destroy
#entry point for exporting user's personal information
def self.export_personal_information(user_id)
return nil unless User.exists?(user_id)
descendants = ApplicationRecord.descendants.reject{|model| !model.has_personal_information?}
result = Hash.new
descendants.each do |descendant|
result[descendant.name] = descendant.export_personal_information_from_model(user_id)
end
return result
end
#simplest example, we just export to json
def self.export_personal_information_from_model(user_id)
return User.find(user_id).to_json
end
#overwrite this to true for methods that you will want to be included in export_personal_information
def self.has_personal_information?
true
end
#helper method if you are creating a user from console and want them to have all consents set
def fill_consents
hash = Hash.new
ConsentCategory.all.map(&:id).each do |id|
hash[id]='on'
end
self.registration_consents=hash
end
#unfortunately not having an email field that you can just "write to" breaks
#Devise. Below some necessary workarounds
def email_changed?
encrypted_email_changed?
end
def downcase_email
self.email = self.email.downcase
end
def registration_consents=(consents)
#consents = consents
end
def registration_consents
#consents
end
validate :validate_consents_completeness
validates_presence_of :email, if: :email_required?
validates_uniqueness_of :username, allow_blank: false, if: :username_changed?
validates_length_of :username, within: 6..20, allow_blank: true
validate :validate_email_uniqueness #validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
validates_format_of :email, with: Devise.email_regexp, allow_blank: true, if: :email_changed?
validates_presence_of :password, if: :password_required?
validates_confirmation_of :password, if: :password_required?
validates_length_of :password, within: Devise.password_length, allow_blank: true
def password_required?
!persisted? || !password.nil? || !password_confirmation.nil?
end
#end original devise
def email_changed?
self.encrypted_email_changed?
end
def email_required?
true
end
def email_unique?
records = Array(self.class.find_by_email(self.email))
records.reject{|u| self.persisted? && u.id == self.id}.empty?
end
#unfortunately, this is an O(n) operation now that has to go through ALL the users to see if an email is unique. Sorry!
#if you need it to ne O(1) then consider adding email_hash field instead
def self.find_by_email(email)
users = User.all
users.each do |user|
return user if user.email.downcase == email.downcase
end
return nil
end
protected
def validate_email_uniqueness
errors.add(:email, :taken) unless email_unique?
end
def validate_consents_completeness
return if self.id #we assume that already created user has all consents
errors.add(:registration_consents, 'Sie müssen allen erforderlichen Bedingungen zustimmen um fortzufahren.') and return unless self.registration_consents
consents = ConsentCategory.where(mandatory: true).map(&:id)
ids = self.registration_consents.keys.map(&:to_i) #we are relying on a fact that checkboxes that are not checked are not sent to Rails back-end at all
consents.each do |consent_type|
errors.add(:registration_consents, 'Sie müssen allen erforderlichen Bedingungen zustimmen um fortzufahren.') and return unless ids.include?(consent_type)
end
end
def build_user_consents
ids = registration_consents.keys
categories = ConsentCategory.where(id: ids)
raise 'Die vom Benutzer eingereichte Zustimmungsliste enthält Objekte, die nicht in der Datenbank vorhanden sind!' if categories.count != ids.count
categories.each do |category|
consent = UserConsent.new
consent.consent_category = category
consent.user = self
consent.requires_revalidation = false
consent.agreed_at = self.created_at
consent.save!
end
end
end
post_policy.rb
class PostPolicy < ApplicationPolicy
attr_reader :user, :post
def initialize(user, post)
#user = user
#post = post
end
def index?
true
end
def create?
user.present?
end
def new?
user.present?
end
def update?
return true if post.user_id == user.id || user == user.admin?
end
def destroy?
return true if post.user_id == user.id || user == user.admin?
end
private
def post
record
end
end
application_policy.rb
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
#user = user
#record = record
end
def index?
false
end
def show?
false
end
def create?
false
end
def new?
create?
end
def update?
user.admin?
end
def edit?
user.admin?
end
def destroy?
user.admin?
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
#user = user
#scope = scope
end
def resolve
scope.all
end
end
end
post_controller
class PostsController < ApplicationController
before_action :find_post, only: %i[destroy edit update comment_owner upvote downvote]
after_action :verify_authorized, except: [:index, :show]
layout '_app_nav'
def index
return redirect_to post_path(params[:post_id]) if params[:post_id]
return redirect_to user_path(params[:user_id]) if params[:user_id]
#post = Post.all.order('created_at DESC')
#posts = Post.all.order('created_at DESC')
#user = User.all
#posts = if params[:suche]
else
Post.all.order('created_at DESC')
end
#comments = Comment.all
end
def new
#post = Post.new
end
def create
#post = current_user.posts.build(post_params)
authorize #post
if #post.save!
redirect_to #post
else
render 'new'
end
end
def show
#post = Post.find(params[:id])
#user = #post.user
#comments = Comment.where(post_id: #post).order('created_at DESC').paginate(:page => params[:page], :per_page => 5)
end
def edit
authorize #post
#post = Post.find(params[:id])
end
def update
#user = User.find(params[:id])
#post = Post.find(params[:id])
authorize #post
#post.update(title: params[:title], body: params[:post_params])
redirect_to post_path(#post)
end
def destroy
#post = Post.find(params[:id])
#post.destroy
authorize #post
redirect_to posts_path
end
=begin
def upvote
#post.upvote_from current_user
redirect_to post_path(#post)
end
def downvote
#post.downvote_from current_user
redirect_to post_path(#post)
end
=end
private
def post_params
params.require(:post).permit(:title, :body, :user_id)
end
def find_post
#post = Post.find(params[:id])
end
end
application_controller
class ApplicationController < ActionController::Base
include Pundit
protect_from_forgery with: :exception
before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up) do |user_params|
user_params.permit(:username, :email, :password, :password_confirmation, registration_consents: {})
end
end
private
def user_not_authorized
flash[:alert] = 'test'
redirect_to(root_path)
end
end
registrations_controller:
class RegistrationsController < Devise::RegistrationsController
private
def account_update_params
params.require(:user).permit(:email, :username, :avatar, :current_password, :password, :password_confirmation)
end
end
edit:
updating my post_policy.rb with #post such as return true if user.present? && user == #post.user || user == user.admin? resolves in -> Pundit::NotAuthorizedError in PostsController#update
not allowed to update?

In your PostsController, you need to include update method inside array where you specify before which methods should authenticate_user before action run:
before_action :authenticate_user!, only: [:create, :destroy, :new, :edit, :update]

If you're using devise you can use this callback, in your application_controller.rb to validate you have a user logged in.
before_action :authenticate_user!
With that you avoid doing
user.present?
Your post_policy.rb should look like this
class PostPolicy < ApplicationPolicy
attr_reader :user, :post
def initialize(user, post)
#user = user
#post = post
end
def index?
true
end
def create?
user.present?
end
def new?
user.present?
end
def update?
return true if record.user_id == user.id || user == user.admin?
end
def destroy?
return true if record.user_id == user.id || user == user.admin?
end
private
def post
record
end
end
Also, to avoid that users can enter the links in the browser, you can do an extra step on you controller, which is adding the following callback and method
class PostsController < ApplicationControl
before_action :authorization
private
def authorization
authorize(Post)
end
end
EDIT:
Make sure your ApplicationController looks like this one to prevent the error Pundit::NotAuthorizedError.
class ApplicationController < ActionController::Base
include Pundit
before_action :authenticate_user!
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
private
def user_not_authorized
flash[:alert] = 'You are not authorized to perform this action.'
redirect_to(root_path)
end
end

ROR 5 API - Internal Server Error when doing a POST action

Im trying to resolve this many days ago. I really don't know how to fix this issue. Im just a beginner with rails and im creating an api for personal use. here's my code:
users_controller.rb:
class UsersController < ApplicationController
def index
users = orchestrate_query(User.all)
render serialize(users)
end
def show
render serialize(user)
end
def create
user = User.new(user_params)
if user.save
UserMailer.confirmation_email(user).deliver_now
render serialize(user).merge(status: :created, location: user)
else
unprocessable_entity!(user)
end
end
def update
user = User.find(params[:id])
if user.update(user_params)
render serialize(user).merge(status: :ok)
else
unprocessable_entity!(user)
end
end
def destroy
user.destroy
render status: :no_content
end
private
def user
#user ||= params[:id] ? User.find_by!(id: params[:id]) : User.new(user_params)
end
alias_method :resource, :user
def user_params
params.require(:data).permit(:email, :password, :given_name, :family_name, :role, :confirmation_redirect_url)
end
end
users_confirmation_controller.rb:
class UserConfirmationsController < ActionController::API
before_action :confirmation_token_not_found
def show
user.confirm
if user.confirmation_redirect_url
redirect_to(user.confirmation_redirect_url)
else
render plain: 'You are now confirmed!'
end
end
private
def confirmation_token_not_found
render(status: 404, plain: 'Token not found') unless user
end
def confirmation_token
#confirmation_token ||= params[:confirmation_token]
end
def user
#user ||= User.where(confirmation_token: confirmation_token).first
end
end
user.rb -> model
class User < ApplicationRecord
has_secure_password
before_validation :generate_confirmation_token, on: :create
before_validation :downcase_email
enum role: [:user, :admin]
validates :email, presence: true,
uniqueness: true,
length: { maximum: 255 },
format: { with: /\A[\w+\-.]+#[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i }
validates :password, presence: true, length: { minimum: 8 }, if: :new_record?
validates :given_name, length: { maximum: 100 }
validates :family_name, length: { maximum: 100 }
validates :confirmation_token, presence: true, uniqueness: { case_sensitive: true }
def confirm
update_columns({
confirmation_token: nil,
confirmed_at: Time.now
})
end
private
def generate_confirmation_token
self.confirmation_token = SecureRandom.hex
end
def downcase_email
email.downcase! if email
end
end
user_presenter.rb
class UserPresenter < BasePresenter
FIELDS = [:id, :email, :given_name, :family_name, :role, :last_logged_in_at,
:confirmed_at, :confirmation_sent_at, :reset_password_sent_at,
:created_at, :updated_at]
sort_by *FIELDS
filter_by *FIELDS
build_with *[FIELDS.push([:confirmation_token, :reset_password_token,
:confirmation_redirect_url,
:reset_password_redirect_url])].flatten
end
routes.rb
Rails.application.routes.draw do
scope :api do
resources :resorts, except: :put
resources :contact_info, except: :put
resources :users, except: :put
resources :user_confirmations, only: :show, param: :confirmation_token
get '/search/:text', to: 'search#index'
end
root to: 'resorts#index'
end
this is my request to my REST Client;
Method: POST, URL: http://localhost:3000/api/users;
Headers: application/json; and body is:
{"data":{"email":"john#gmail.com",
"password": "password",
"confirmation_redirect_url":"http://google.com"}}
Here is the error:
"error": "Internal Server Error",
app/controllers/users_controller.rb:12:in `create'
please help me. im stuck with it for the past 3 days now.
app/controllers/users_controller.rb:12:in `create'

You need to add an attribute to your users table password_digest:string when using has_secure_password. I am not positive on why your errors aren't showing correctly but this should fix the problem.
http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html
has_secure_password
short definition
Adds methods to set and authenticate against a BCrypt password. This mechanism requires you to have a password_digest attribute.

Your user params require you to call the User model to access and save the attributes YOU defined in the User table
def user_params
params.require(:user).permit(:email, :password, :given_name, :family_name, :role, :confirmation_redirect_url)
end

ActiveRecord::RecordNotFound in ConversationsController#index -- Couldn't find User with 'id'=

I'm receiving the following error when attempting to access the /conversations URL in my Ruby on Rails app:
ActiveRecord::RecordNotFound in ConversationsController#index
Couldn't find User with 'id'=
Extracted source (around line #154):
152 record = s.execute([id], self, connection).first
153 unless record
154 raise RecordNotFound, "Couldn't find #{name} with '#{primary_key}'=#{id}"
155 end
156 record
157 rescue RangeError
Rails.root: /home/ubuntu/workspace
app/controllers/conversations_controller.rb:25:in `correct_user'
What does this error indicate? I've already got the resource defined in my routes.rb file:
resources :conversations, only: [:index, :show, :destroy]
And the link in _header.html.erb used to access the /conversations URL is:
<li>
<%= link_to conversations_path do %>
<span class="glyphicon glyphicon-envelope"></span> Messages
<% end %>
</li>
Additional Information:
-Conversations Controller:
class ConversationsController < ApplicationController
before_action :logged_in_user, only: [:index, :show, :destroy]
before_action :correct_user, only: [:index, :show, :destroy]
before_action :get_mailbox
before_action :get_conversation, except: [:index]
def show
end
def index
#conversations = #mailbox.inbox.paginate(page: params[:page], per_page: 10)
end
private
def get_mailbox
#mailbox ||= current_user.mailbox
end
def get_conversation
#conversation ||= #mailbox.conversations.find(params[:id])
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
end
-User Model:
class User < ActiveRecord::Base
acts_as_messageable
has_many :listings, dependent: :destroy
attr_accessor :remember_token, :activation_token, :reset_token
before_save :downcase_email
before_create :create_activation_digest
validates :first_name, presence: true, length: { maximum: 25 }
validates :last_name, presence: true, length: { maximum: 50 }
validates :username, presence: true, uniqueness: true, length: {maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i
validates :email, presence: true, length: { maximum: 255 },
format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
has_secure_password
validates :password, length: { minimum: 6 }, allow_blank: true
class << self
# Returns the hash digest of the given string.
def digest(string)
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
BCrypt::Engine.cost
BCrypt::Password.create(string, cost: cost)
end
# Returns a random token.
def new_token
SecureRandom.urlsafe_base64
end
end
# Remembers a user in the database for use in persistent sessions.
def remember
self.remember_token = User.new_token
update_attribute(:remember_digest, User.digest(remember_token))
end
# Returns true if the given token matches the digest.
def authenticated?(attribute, token)
digest = send("#{attribute}_digest")
return false if digest.nil?
BCrypt::Password.new(digest).is_password?(token)
end
# Forgets a user.
def forget
update_attribute(:remember_digest, nil)
end
# Activates an account.
def activate
update_attribute(:activated, true)
update_attribute(:activated_at, Time.zone.now)
end
# Sends activation email.
def send_activation_email
UserMailer.account_activation(self).deliver_now
end
# Sets the password reset attributes.
def create_reset_digest
self.reset_token = User.new_token
update_attribute(:reset_digest, User.digest(reset_token))
update_attribute(:reset_sent_at, Time.zone.now)
end
# Sends password reset email.
def send_password_reset_email
UserMailer.password_reset(self).deliver_now
end
# Returns true if a password reset has expired.
def password_reset_expired?
reset_sent_at < 2.hours.ago
end
private
# Converts email to all lower-case.
def downcase_email
self.email = email.downcase
end
# Creates and assigns the activation token and digest.
def create_activation_digest
self.activation_token = User.new_token
self.activation_digest = User.digest(activation_token)
end
end

If your url is /conversations and you only show current_user.mailbox, then you don't need before_action :correct_user that is causing problems, so the fastest solution here is to remove it. It would only be useful (and working correctly) if it was possible to see other people conversations (#user.mailbox), with urls that include :user_id - so /users/1/conversations, /users/2/conversations . Without user id in url, #user = User.find(params[:user_id]) is searching for user without id :)

Failure to set up mailer in Rails

I'm trying to get a Rails mailer working but I get the following error message when I try to sign up a new user and send the activation email. I'm following chapter 10 of Hartl's latest (3rd ed.) railstutorial so in theory it should be working:
No route matches {:action=>"edit", :controller=>"account_activations", :email=>"joe#bloggmail.com", :format=>nil, :id=>nil} missing required keys: [:id]
app/views/user_mailer/account_activation.html.erb:9:in `_app_views_user_mailer_account_activation_html_erb__1296124105699284853_2236858900'
app/mailers/user_mailer.rb:6:in `account_activation'
app/models/user.rb:82:in `send_activation_email'
app/controllers/users_controller.rb:27:in `create'
The relevant bits of code are:
User model:
class User < ActiveRecord::Base
attr_accessor :remember_token, :activation_token
extend FriendlyId
friendly_id :callsign, :use => :slugged
has_secure_password
before_save do
self.email.downcase!
self.callsign.downcase!
end
before_create do
:create_activation_digest
end
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-]+(?:\.[a-z\d\-]+)*\.[a-z]+\z/i
validates :email, presence: true,
format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
VALID_CALLSIGN_REGEX = /\A[a-z\d\-.\_]+\z/i
validates :callsign, presence: true,
length: { maximum: 20 },
format: { with: VALID_CALLSIGN_REGEX },
uniqueness: { case_sensitive: false }
validates :password, length: { minimum: 6 }
validates :slug, presence: true
# Returns the hash digest of the given string.
def self.digest(string)
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
BCrypt::Engine.cost
BCrypt::Password.create(string, cost: cost)
end
# Returns a random token.
def self.new_token
SecureRandom.urlsafe_base64
end
# Remembers a user in the database for use in persistent sessions.
def remember
self.remember_token = User.new_token
update_attribute(:remember_digest, User.digest(remember_token))
end
# Forgets a user.
def forget
update_attribute(:remember_digest, nil)
end
# Returns true if the given token matches the digest.
def authenticated?(attribute, token)
digest = send("#{attribute}_digest")
return false if digest.nil?
BCrypt::Password.new(digest).is_password?(token)
end
# Activates an account.
def activate
update_attribute(:activated, true)
update_attribute(:activated_at, Time.zone.now)
end
# Sends activation email.
def send_activation_email
UserMailer.account_activation(self).deliver_now
end
private
# Creates and assigns the activation token and digest.
def create_activation_digest
self.activation_token = User.new_token
self.activation_digest = User.digest(activation_token)
end
end
Users controller:
class UsersController < ApplicationController
before_action :logged_in_user, only: [:index, :show, :edit, :update, :destroy]
before_action :non_logged_in_user, only: [:new, :create]
before_action :correct_user, only: [:edit, :update]
before_action :admin_user, only: :destroy
def index
#users = User.paginate(page: params[:page])
end
def show
#user = User.friendly.find(params[:id])
#page_name = "user_page"
end
def new
#user = User.new
end
def create
#user = User.new(user_params)
if #user.save
#user.send_activation_email
flash[:info] = "Please check your email to activate your account."
redirect_to root_url
else
render 'new'
end
end # create
def destroy
#user = User.find(params[:id])
if ( current_user != #user )
#user.destroy
flash[:success] = "User deleted."
redirect_to users_url
else
redirect_to #user, notice: "Suicide is not permitted, admin chappie. Hard cheese."
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
redirect_to #user
else
render 'edit'
end
end # update
private
def user_params
params.require(:user).permit(:name, :email, :callsign, :password, :password_confirmation)
end
# Before filters
def non_logged_in_user
if logged_in?
redirect_to root_url, notice: "Nice try pal. You can't create a new user
if you're already signed in."
end
end
def correct_user
#user = User.find(params[:id])
redirect_to(root_url) unless current_user?(#user)
end
def admin_user
redirect_to(root_url) unless current_user.admin?
end
end
account_activation.html.erb:
<h1>MySite</h1>
<p>Hi <%= #user.name %>,</p>
<p>
Welcome! Click on the link below to activate your account:
</p>
<%= link_to "Activate", edit_account_activation_url(#user.activation_token,
email: #user.email) %>
user_mailer.rb:
class UserMailer < ActionMailer::Base
default from: "noreply#mysite.com"
def account_activation(user)
#user = user
mail to: user.email, subject: "Account activation"
end
def password_reset
#greeting = "Hi"
mail to: "to#example.org"
end
end
routes.rb:
Mysite::Application.routes.draw do
resources :users
resources :account_activations, only: [:edit]
root 'static_pages#home'
get 'help' => 'static_pages#help'
get 'about' => 'static_pages#about'
get 'contact' => 'static_pages#contact'
get 'signup' => 'users#new'
get 'login' => 'sessions#new'
post 'login' => 'sessions#create'
delete 'logout' => 'sessions#destroy'
end
EDIT:
account_activations_controller.rb:
class AccountActivationsController < ApplicationController
def edit
user = User.find_by(email: params[:email])
if user && !user.activated? && user.authenticated?(:activation, params[:id])
user.activate
log_in user
flash[:success] = "Account activated!"
redirect_to user
else
flash[:danger] = "Invalid activation link"
redirect_to root_url
end
end
end

I'd suggest using this in your routes file instead of resources:
get 'account_activation', "account_activations#edit", :as => :edit_account_activation
...and deal with the secret token and email address params there.
Right now the problem is that you don't have a controller action to match the route you're using in the account_activation.html.erb

Found the error.
The problem was this bit of code in class User:
before_create do
:create_activation_digest
end
It should be:
before_create do
create_activation_digest
end
Or:
before_create :create_activation_digest
Schoolboy error. I apologise for wasting everyone's time.
(Therefore the code:
resources :account_activations, only: [:edit]
in routes.rb does indeed create the correct route)

Heroku NoMethod error, remember_token=

My App works without any problem locally, but as soon as I push it to Heroku the logs show a NoMethodError. Looking through my code, I do not really see what I am missing right away. Especially, why would it work locally but on Heroku it would throw a NoMethod?
Error
Started POST "/users" for <IP>
Processing by UsersController#create as HTML
Completed 500 Internal Server Error in 102ms
app/models/user.rb:38:in `create_remember_token'
app/controllers/users_controller.rb:28:in `create'
NoMethodError (undefined method `remember_token=' for #<User:0x000000052e8fb0>):
user.rb
class User < ActiveRecord::Base
attr_accessible :email, :name, :password, :password_confirmation, :image
has_secure_password
has_many :microposts, dependent: :destroy
mount_uploader :image, AvatarUploader
before_save { |user| user.email = email.downcase }
before_save :create_remember_token
validates :name, presence: true,
length: { maximum: 50}
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true,
format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
validates :password, length: {minimum: 6}
validates :password_confirmation, presence: true
private
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
user_controller.rb
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:index, :edit, :update, :destroy]
before_filter :correct_user, only: [:edit, :update]
before_filter :admin_user, only: :destroy
def index
#users = User.paginate(page: params[:page])
end
def show
#user = User.find(params[:id])
#microposts = #user.microposts.paginate(page: params[:page])
end
def new
#user = User.new
end
def destroy
User.find(params[:id]).destroy
flash[:success] = "User destroyed."
redirect_to users_path
end
def create
#user = User.new(params[:user])
if #user.save
sign_in #user
flash[:success] = "Welcome to El Beano"
redirect_to #user
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(params[:user])
flash[:success] = 'Profile updated'
sign_in #user
redirect_to #user
else
render 'edit'
end
end
private
def correct_user
#user = User.find(params[:id])
redirect_to(root_path) unless current_user?(#user)
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
end

It looks as it you've uploaded your code to Heroku but the database migration that created that column was not run or did not run correctly.
Can you verify that the column is there?
Also, have you tried logging to a console session on your heroku instance:
heroku run bash --app my_app
bundle exec rails c
Then testing that you can access that property in that environment?