I am using Devise for my users in my rails app. When people sign up its only their email and password. How do I have access to the controller to permit more param such as first name and last name?
Thank you
You should add the parameters to the devise_parameter_sanitizer for sign_up
This can be done in your application_controller.rb
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :first_name
end
end
or configure the whole set of parameters using
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:password, :password_confirmation, :email, :first_name, :last_name) }
end
Another way is to create a class that inherits from Devise::ParameterSanitizer
class User::ParameterSanitizer < Devise::ParameterSanitizer
def sign_up
default_params.permit(:password, :password_confirmation, :email, :first_name, :last_name)
end
end
Then in your application_controller.rb
class ApplicationController < ActionController::Base
protected
def devise_parameter_sanitizer
User::ParameterSanitizer.new(User, :user, params)
end
end
Related
I'm using devise_token_authentication gem to build token based authentication rails api, then after that I added some extra fields to Vendor model through different migration, and in order to permit them I wrote this:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :tax_number])
devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :tax_number])
end
end
Then after that I added another model Customer rails g devise_token_auth:install Customer auth
then in routes.rb
Rails.application.routes.draw do
mount_devise_token_auth_for 'Vendor', at: 'vendor/auth'
mount_devise_token_auth_for 'Customer', at: 'customer/auth'
end
each time I try to sign_up with customers through 'localhost:3000/customer/auth' I got error message: ActiveModel::UnknownAttributeError: unknown attribute 'tax_number' for Customer.
So is there any way to permit the extra fields only for Vendor model and skip 'Customer' ?
look on this setup for multiple devise user models.
or
If you override the RegistrationsController you need to permit extra params directly in registrationsController
class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController
def create
end
def account_update
end
private
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation, :first_name, :last_name, :tax_number)
end
end
I'm unable to permit additional parameters in invite#accept. I've setup everything and here's a controller.
But in the method accept_resource there're still only 3 old parameters accepted, other didn't come through, although they present on a form.
class MyInvitationsController < Devise::InvitationsController
before_filter :configure_permitted_parameters, if: :devise_controller?
before_filter :update_sanitized_params, only: [:edit, :update]
def edit
puts "edit...."
super
end
private
def accept_resource
puts "accept_resource..."
resource = resource_class.accept_invitation!(update_resource_params)
# but it still permits only :password, :password_confirmation and :invitation_token
resource
end
protected
def configure_permitted_parameters
puts "configure_permitted_parameters..."
devise_parameter_sanitizer.permit(:sign_up, keys: [:aaa, :bbb, :ccc, :password, :password_confirmation,
:invitation_token])
end
def update_sanitized_params
puts "update_sanitized_params..."
devise_parameter_sanitizer.permit(:sign_up, keys: [:aaa, :bbb, :ccc, :password, :password_confirmation,
:invitation_token])
How to fix that?
I use devise 4.2 and devise_invitable 1.6
Try remove
if: :devise_controller?
in your before_filter, because your are not in devise controller.
I have created a User model through the Devise gem that allows email, first_name, and password upon registration.
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :first_name
end
I would like to save other attributes such as last_name, city, etc to the User model. I have ran the migrations and see these attributes in my schema.
However when I am on the user/edit page and try to save, the new attributes are not saving.
I have run the command to edit the devise controllers, but confused.
rails generate devise:controllers users
Do I still need to create a UsersController < ApplicationController in order to accept other attributes into the User model during an edit/update?
Then I could just permit all when trying to update
def user_params
params.require(:user).permit!
end
Thanks
Try this:
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:user) << :first_name
end
end
Add the following filter to the application controller:
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( :first_name, :email, :password, :password_confirmation) }
end
This is for sign up. To update the user informaiton add following line of code within the configure_permitted_parameters filter.
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:first_name, :email, :password, :password_confirmation, :current_password) }
I have a devise user model and devise admin model, each one has nested attributes and therefore I need to overwrite each separate model to amend the strong parameters so that my nested attributes will pass through.
How do I go about doing this? I already have overwritten Registrations controller for one of them and its working perfectly, however, If I replicate it and have the controller name as AdminregistrationsController < Devise::RegistrationsController (because of course I can't have two called RegistrationsController) then it doesn't work.
Any advice would be great.
If you have, lets say user and admin models, you do the following:
controllers/users/registration_controllers.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
def new
build_resource({})
#self.resource.regions.build
#respond_with self.resource
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username << :gender << :email << :password_confirmation << :password << :roles_mask << :phone << :first_name << :last_name << :googleplus
end
end
controllers/admins/registration_controllers.rb
class Admins::RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
def new
build_resource({})
#self.resource.regions.build
#respond_with self.resource
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username << :email << :password_confirmation << :password << :roles_mask << :phone << :first_name
end
end
Obviously you need to change the parameter list, the above are just random examples. Hope this helps.
Considering #Georg Keferböck's answer and also improving it for devise 4
I would place the configured_permitted_parameters method in the applications controller because the parameters might definitely be required for more than one devise controller
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
if current_user
update_attrs = [:password, :password_confirmation,:current_password]
devise_parameter_sanitizer.permit :account_update, keys: update_attrs
else
update_attrs = [:password, :password_confirmation, current_password,
:phone]
devise_parameter_sanitizer.permit :account_update, keys: update_attrs
end
end
end
Users registration controller
class Users::RegistrationsController < Devise::RegistrationsController
...
...
end
Admins registration controller
class Admins::RegistrationsController < Devise::RegistrationsController
...
...
end
Ofcourse you would have to use the parameters configured for you own models
I'm using the release candidate of Devise 3 so that I can use it with Rails 4. In Rails 3.2 I used to be able to add a custom field to my User model by simply adding that field to the registration/edit.html.erb and registration/new.html.erb files (after running the proper migration). Then I'd just add that field to the attr_accessible list of fields in the model.
However, in Rails 4, there is no attr_accessible list and I can't simply add fields in the views. How do I add custom User fields?
Adding
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
end
To applicationcontroller worked for me.
I was told to look in the main README on the github page and there it was. Easy.
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username
end
end
In case you want to permit additional parameters you can do with a simple before filter in your
ApplicationController:
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username
end
end
You need to enable Strong Parameters for devise instead of attr_accessible for doing that you need to create new initializer like:
DeviseController.class_eval do
def resource_params
unless params[resource_name].blank?
params.require(resource_name).permit(:email, :password, :password_confirmation, :remember_me)
end
end
end
Make sure that you cloned gem from rails4 branch(plataformatec/devise).
Remove attr_accesible from model