I have two devise models- Worker and User. The worker signup requires additional attributes not specific to user.
I was running my user signup through the application controller
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :password, :email, :firstName, :lastName, :dateofBirth, :address1, :address2, :city, :state, :zip)}
end
However, when I added my worker sign up, I decided to go the nonlazy way, created my Worker controller via
rails generate devise:controllers Worker
And proceeded to the registration controller in worker. There I un-hashed the before-filter and added a params filter after searching Google and StackOflow to figure out how to do this. Also went into the Github devise source code and copied and pasted their create code in their registration controller. My controller looks like this:
class Workers::RegistrationsController < Devise::RegistrationsController
before_filter :configure_sign_up_params, only: [:create]
def create
build_resource(registration_params)
resource.save
yield resource if block_given?
if resource.persisted?
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_flashing_format?
sign_up(resource_name, resource)
respond_with resource, location: after_sign_up_path_for(resource)
else
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
expire_data_after_sign_in!
respond_with resource, location: after_inactive_sign_up_path_for(resource)
end
else
clean_up_passwords resource
set_minimum_password_length
respond_with resource
end
#super
end
protected
def registration_params
params.require(:worker).permit(:username, :password, :email, :firstname, :lastname, :address1, :address2, :city, :state, :zip)
end
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:username, :password, :email, :firstname, :lastname, :address1, :address2, :city, :state, :zip)}
end
end
end
The data still shows up as nil on my console. Why is the data not saving and how do I get the data to save?
OK for anyone who finds and can understand this- the answer is STI.
http://adamrobbie.me/blog/2013-3-29-sti-with-rails-40-beta-and-devise
Related
i am currently trying to sign up/create an account for application using devise on ruby on rails(5.2.2) and ruby version 2.3.7 but i am getting the unpermitted parameter message and tried with Strong parms but it didn't work.
tried this two posts below but didn't work
Rails 4 and Devise: Devise not saving new information (First Name, Last Name, Profile Name)
Rails 4 and Devise: Devise not saving new information (First Name, Last Name, Profile Name)
class Api::V3::ApplicationController < ActionController::Base
protect_from_forgery with: :null_session
before_action :configure_permitted_parameters, if: :devise_controller?
# before_filter :authenticate_user!
private
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:firstname,:lastname,:username,:password])
# devise_parameter_sanitizer.for(:sign_up) << :provider
# devise_parameter_sanitizer.for(:sign_up) << :uid
end
end
Processing by Devise::RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"testuser#gmail.com",
"password"=>"[FILTERED]", "firstname"=>devise", "lastname"=>"test"}}
Unpermitted parameters: :firstname, :lastname
it looks like devise is not accepting parameters and which is resulting in first and last name not stored in local database.
You can override the registration controller and add fields you want.
class RegistrationsController < Devise::RegistrationsController
def create
build_resource(sign_up_params)
if resource.save
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_navigational_format?
sign_up(resource_name, resource)
respond_with resource, :location => after_sign_up_path_for(resource)
else
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
respond_with resource, :location => after_sign_up_path_for(resource)
end
else
clean_up_passwords
respond_with resource
end
end
# you will get the full registration controller in devise github repo
private
def sign_up_params
params.require(:user).permit(:email, :first_name, :last_name, :password, :password_confirmation)
end
end
and add the new routes too
devise_for :users, :controllers => { :registrations => 'registrations' }
devise github repo here
Before writing this I have checked out the official guides and similar questions but somehow I keep getting problems and they don't help.
The thing is that I need the users to have the ability to change their passwords. To do that, I use Devise, and its views. I can use Devise perfectly in all other areas, but when I try this, even with account just created for that, It gives 2 errores: current password is not valid, and password confirmation is not valid.
I have tried sanitizers in two ways:
users/registration_controller.rb
# frozen_string_literal: true
class Users::RegistrationsController < Devise::RegistrationsController
# before_action :configure_sign_up_params, only: [:create]
skip_before_action :require_no_authentication
before_action :authenticate_user!
before_action :authorize_admin!, only: :create
# before_action :configure_account_update_params, only: [:update]
# GET /resource/sign_up
# def new
# super
# end
# POST /resource
def create
build_resource(sign_up_params)
resource.save
yield resource if block_given?
if resource.persisted?
if resource.active_for_authentication?
set_flash_message! :notice, :signed_up
respond_with resource, location: after_sign_up_path_for(resource)
else
set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
expire_data_after_sign_in!
respond_with resource, location: after_inactive_sign_up_path_for(resource)
end
else
clean_up_passwords resource
set_minimum_password_length
respond_with resource
end
end
# GET /resource/edit
# def edit
# super
# end
# PUT /resource
# def update
# super
# end
# DELETE /resource
# def destroy
# super
# end
# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.
# def cancel
# super
# end
protected
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :email, :password, :password_confirmation, :creditos, :role, :birthday, :dni, :address, :phone, :gender])
end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :email, :password, :password_confirmation, :current_password, :creditos, :role, :birthday, :dni, :address, :phone, :gender])
end
# The path used after sign up.
def after_sign_up_path_for(resource) #Resource is the user just created
empresa = Empresa.create(user_id: resource.id)
resource.empresa_id = empresa.id
if resource.save(validate: false)
edit_empresa_path(resource.empresa)
else
flash[:alert] = "Ha habido un problema"
redirect_to (root_path)
end
end
# The path used after sign up for inactive accounts.
# def after_inactive_sign_up_path_for(resource)
# super(resource)
# end
private
def authorize_admin!
unless user_signed_in? && current_user.admin?
redirect_to root_path, alert: "Tú no eres administrador."
end
end
end
application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
private
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up) do |user|
user.permit(:email, :password, :password_confirmation, :role, :creditos )
end
devise_parameter_sanitizer.permit(:account_update) do |user|
user.permit(:email, :password, :password_confirmation, :current_password, :role, :creditos )
end
end
end
Note: I have verified several times with different accounts that the current password is ok. The methods above were used one at a time. Not simultaneously.
I have been stuck up with this exception.I am using rails 4.2.5.1 and ruby 2.3.0. I am creating a model using devise in rails. I have override the devise create method. I am getting error in postgres as PG::NotNullViolation: ERROR: null value in column "id" violates not-null constraint.I want the ID to be created with the help of parameters i am passing. ID is not getting created. As am new to rails am getting stuck up for hours now.
Request
Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"SAiVJEULEa7RsieW+OTW1a/946f2xVbhA/sZWWn3KdX1Wt0Ozx+tq6eQfhTpaAJ+4Cxu2DMnPfqd0Vcle7ow0w==",
"employee"=>{"email"=>"safi123#gmail.com",
"first_name"=>"sss",
"last_name"=>"dddnjnfj",
"phone_number"=>"9944253677",
"alternative_phone_number"=>"9659392682",
"alternative_email_id"=>"dd#gmail.com",
"date_of_joining"=>"12-02-2015",
"date_of_birth"=>"03-02-1999",
"status"=>"Active",
"gender"=>"M",
"blood_group"=>"A +"},
"commit"=>"Sign up"}
Application Controller:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_employee!
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |employee_params|
employee_params.permit :first_name, :last_name, :blood_group, :phone_number, :gender, :date_of_birth, :email, :alternative_email_id, :status, :date_of_joining, :alternative_phone_number
end
devise_parameter_sanitizer.for(:account_update) do |employee_params|
employee_params.permit :first_name, :last_name, :blood_group, :phone_number, :gender, :date_of_birth, :email, :alternative_email_id, :status, :date_of_joining, :alternative_phone_number
end
end
end
Registrations Controller
class RegistrationsController < Devise::RegistrationsController
def new
super
end
def index
#employees = Employee.all
end
def create
#employee = Employee.new(employee_params)
if #employee.save
redirect_to :action => :new
else
render 'new'
end
#employee.save
end
# Never trust parameters from the scary internet, only allow the white list through.
def employee_params
params.require(:employee).permit(:first_name, :last_name, :blood_group, :phone_number, :gender, :date_of_birth, :email, :alternative_email_id, :status, :date_of_joining, :alternative_phone_number)
end
def update
super
end
end
Database schema :
I can understand the ID is not generated and it is not stored in the database. What is the problem here? Can anyone explain me what is the mistake am making?
You are saving the employee record twice. That may be the problem, please save only once.I have given the action please check.
def create
#employee = Employee.new(employee_params)
if #employee.save
redirect_to :action => :new
else
render 'new'
end
/* Here you had saved again. */
end
Your Employee params,
def employee_params
params.require(:employee).permit(:first_name, :last_name, :blood_group, :phone_number, :gender, :date_of_birth, :email, :alternative_email_id, :status, :date_of_joining, :alternative_phone_number)
end
Now you will get the id through params and it will be saved.
In Rails 3 it worked just fine, but with my new Rails4 Appp i don't know whats the problem.
The Guide on the Devise GitHub Page
My Registrations Controller
def update
# required for settings form to submit when password is left blank
if params[:user][:password].blank?
params[:user].delete("password")
params[:user].delete("password_confirmation")
end
#user = User.find(current_user.id)
if #user.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in #user, :bypass => true
redirect_to after_update_path_for(#user)
else
render "edit"
end
end
My Application Controller
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:name, :first_name, :user_name, :email, :password, :password_confirmation, :provider, :uid)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name, :email, :password, :password_confirmation, :first_name, :last_name,
:user_name, :avatar, :profile_cover, :facebook_link,
:twitter_link, :instagram_link, :status)
end
end
I added the controller to my Routes
:registrations => "registrations"
And i Changed the update calls using the appropriate method below:
#user.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
But i'm getting a NoMethodError in RegistrationsController#update Error.
I don't know yet if this is a good practice but i changed in my RegistrationsController the update action to
#user.update_attributes(account_update_params)
I made a devise User model and added additional fields to it. When I create and account everything works fine, only with email, pw and pw conf.
I then want to allow the user to go to edit page and fill in the optional additional fields.
But, when they submit, everything is saved as nil.
class RegistrationsController < Devise::RegistrationsController
before_action :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in){ |u| u.permit(:email, :password) }
devise_parameter_sanitizer.for(:sign_up){ |u| u.permit(:name, :username, :about, :email, :password, :password_confirmation)}
devise_parameter_sanitizer.for(:account_update){ |u| u.permit(:name, :username, :about, :email, :password, :password_confirmation) }
end
def update
self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
if resource.update_with_password(user_params)
if is_navigational_format?
flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated
set_flash_message :notice, flash_key
end
sign_in resource_name, resource, :bypass => true
respond_with resource, :location => after_update_path_for(resource)
else
clean_up_passwords resource
respond_with resource
end
end
def user_params
params.require(:user).permit(:email, :password, :current_password, :password_confirmation, :name, :username, :about)
end
end
I get this output in the console,
ActiveRecord::SchemaMigration Load (0.1ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Devise::RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"EG8FtCTBohuG2uwUvIqmY7KTsmYY1nMAXqTfc0Li+eQ=",
"user"=>{"email"=>"a#a.com", "name"=>"Aaron", "username"=>"", "about"=>"",
"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (2.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Unpermitted parameters: name, username, about
But nothing is saved in the database when I check in the console (with User.last). I am stuck, and have looked and have no idea what is wrong...
In Rails4 we have strong parameters so please
Add following line to your application_controller.rb
before_filter :configure_devise_params, if: :devise_controller?
def configure_devise_params
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:first_name, :last_name, :gender, :email, :password, :password_confirmation)
end
end
After working on something similar to this, I settled on using Application Controller, then afterward found that the Devise Documentation is fairly straightforward for this in their strong parameters section and gives an alternative to using Application Controller. https://github.com/plataformatec/devise#strong-parameters
Below is the approach with Application Controller which worked for me.
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up){ |u| u.permit(:name, :username, :about, :email, :password, :password_confirmation)}
devise_parameter_sanitizer.for(:account_update){ |u| u.permit(:name, :username, :about, :email, :password, :password_confirmation) }
end
end
This should work the same and it directly overwrites methods in Devise::RegistrationController.
class Users::RegistrationsController < Devise::RegistrationsController
private
def configure_sign_up_params
devise_parameter_sanitizer.for(:sign_up){ |u| u.permit(:name, :username, :about, :email, :password, :password_confirmation)}
end
def configure_account_update_params
devise_parameter_sanitizer.for(:account_update){ |u| u.permit(:name, :username, :about, :email, :password, :password_confirmation) }
end
end
First produce new field.
for reference
http://guides.rubyonrails.org/migrations.html
Do you have add your new fields in user controller parameter?
def user_params
params.require(:user).permit(:email, :password, :password_confirmation)
end
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation)
end
In the application controller
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation)}
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :password_confirmation)}
end
In your registration form that override devise add this
class Users::RegistrationsController < Devise::RegistrationsController
skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation)
end
After that add your new fields in all views _form,show,edit,index.
In Rails 4.2, this is how I did.
I have User Model on which devise is applied.
Use this command "rails generate devise:controllers users" to generate custom controllers.
I have added "username" name attribute to my User Model
In my controller
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :configure_sign_up_params, only: [:create]
before_filter :configure_account_update_params, only: [:update]
#rest of code as generated
protected
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.for(:sign_up) << :username
end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.for(:account_update) << :username
end
In Routes
devise_for :users, controllers: {registrations: "users/registrations"}