Develop Reference

Umpermitted parameter in rails devise, even though params .permit(ted)

I have rails (6.0.2.2) project with devise (4.7.1), with two types of accounts: the teachers and the students. The student can to sign up successfully, but there is problem with the teacher for some reason. When I try to make a test account, I get
Unpermitted parameter: :email
error message and my info is not saved in the database.
Migration:
class DeviseCreateTeachers < ActiveRecord::Migration[6.0]
def change
create_table :teachers do |t|
## Database authenticatable
t.string :email, null: false, default: ""
t.string :encrypted_password, null: false, default: ""
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
t.string :username
t.string :name
t.string :neighborhood
t.integer :pet_skin
t.integer :pet_eyes
t.integer :pet_face
t.integer :pet_accessories
## Trackable
# t.integer :sign_in_count, default: 0, null: false
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
## Confirmable
t.string :confirmation_token
t.datetime :confirmed_at
t.datetime :confirmation_sent_at
# t.string :unconfirmed_email # Only if using reconfirmable
## Lockable
t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
t.string :unlock_token # Only if unlock strategy is :email or :both
t.datetime :locked_at
t.timestamps null: false
end
add_index :teachers, :email, unique: true
add_index :teachers, :reset_password_token, unique: true
# add_index :teachers, :confirmation_token, unique: true
# add_index :teachers, :unlock_token, unique: true
end
end
my teacher_controller.rb:
class TeacherController < ApplicationController
private
def sign_up_params
params.require(:teacher).permit(:email, :username, :name, :password, :password_confirmation, :neighborhood, :pet_skin, :pet_eyes, :pet_face)
end
def account_update_params
params.require(:teacher).permit(:username, :password, :password_confirmation, :current_password)
end
end
I'm using the default generated teachers/registration/new.html.erb so I think its no problem here.
I DID add a line to config/initializers/devise.rb:
config.authentication_keys = [:username]
to change default log in from email to username, but I don't think this is issue because again students can create the account.
Thanks for your help!

#Tijana I don't know if you have already checked this.
link. If not, it might help
https://github.com/heartcombo/devise#strong-parameters

Rails & Devise: devise specific columns not showing up in rails console

I am trying to use Devise on my User model but when I go into rails console and try User.new I only get:
irb(main):002:0> User.new
=> #<User id: nil, first_name: nil, last_name: nil, email: nil, created_at: nil, updated_at: nil>
Why are the devise columns not showing up?
CreateUsers migration:
class CreateUsers < ActiveRecord::Migration
def change
create_table :users do |t|
t.string :first_name
t.string :last_name
t.string :email
t.timestamps null: false
end
end
end
AddDeviseToUsers migration:
class AddDeviseToUsers < ActiveRecord::Migration
def self.up
change_table :users do |t|
## Database authenticatable
t.string :email, null: false, default: ""
t.string :encrypted_password, null: false, default: ""
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
## Trackable
t.integer :sign_in_count, default: 0, null: false
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
## Confirmable
# t.string :confirmation_token
# t.datetime :confirmed_at
# t.datetime :confirmation_sent_at
# t.string :unconfirmed_email # Only if using reconfirmable
## Lockable
# t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
# t.string :unlock_token # Only if unlock strategy is :email or :both
# t.datetime :locked_at
# Uncomment below if timestamps were not included in your original model.
# t.timestamps null: false
end
add_index :users, :email, unique: true
add_index :users, :reset_password_token, unique: true
# add_index :users, :confirmation_token, unique: true
# add_index :users, :unlock_token, unique: true
end
def self.down
# By default, we don't want to make any assumption about how to roll back a migration when your
# model already existed. Please edit below which fields you would like to remove in this migration.
raise ActiveRecord::IrreversibleMigration
end
end
Schema shows the columns are there:
create_table "users", force: :cascade do |t|
t.string "first_name"
t.string "last_name"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0, null: false
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
end
add_index "users", ["email"], name: "index_users_on_email", unique: true
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
Any ideas?

It's a security feature that Devise has in order to restrict its attributes and the critical information it contains to be exposed to API calls.
You can however override this, you need to override serializable_hash method.
# app/models/user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :recoverable, :confirmable, :rememberable, :validatable
...
protected
def serializable_hash(options = nil)
super(options).merge(encrypted_password: encrypted_password, reset_password_token: reset_password_token) # you can keep adding attributes here that you wish to expose
end
end
You can check http://www.rubydoc.info/github/plataformatec/devise/Devise/Models/Authenticatable where a constant is declared to blacklist attributes
BLACKLIST_FOR_SERIALIZATION =[:encrypted_password, :reset_password_token, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
Hope this answers your question!

If all you want to do it list all the attributes in the Rails console, it is easier to use User.first.serializable_hash(force_except: true)
See http://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FAuthenticatable:serializable_hash

Devise overrides the inspect method to not expose internal attibutes. You can try:
User.new.attributes
or
User.new.encrypted_password
(or whatever attribute you want)
You can check inspect method here

Unable to integrate lockable for number of failed attempts into Rails app

I am new to rails+angular. For my app, I want to lock out user after 5 failed password attempts. I decided to follow this:
How to make Devise lockable with number of failed attempts
But when I try logging in after 5 failed attempts, it lets me through
I added the :locked module to my user.rb (shown below) file so that the locked feature appears in devise.rb
User.rb
class User < ActiveRecord::Base
include TokenAuthenticatable
TYPE = {
:admin => 1,
:member => 2
}
devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable, :token_authenticatable,
:timeoutable, :lockable ##this was added
has_and_belongs_to_many :clients
end
In my migrations then, I un-commented out the lockable part of it :
class DeviseCreateUsers < ActiveRecord::Migration
def change
create_table(:users) do |t|
t.string :first_name
t.string :last_name
t.string :type
## Database authenticatable
t.string :email, :null => false, :default => ""
t.string :encrypted_password, :null => false, :default => ""
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
## Trackable
t.integer :sign_in_count, :default => 0
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
## Confirmable
# t.string :confirmation_token
# t.datetime :confirmed_at
# t.datetime :confirmation_sent_at
# t.string :unconfirmed_email # Only if using reconfirmable
## Lockable
t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
t.string :unlock_token # Only if unlock strategy is :email or :both
t.datetime :locked_at
## Token authenticatable
# t.string :authentication_token
t.timestamps
end
add_index :users, :email, :unique => true
add_index :users, :reset_password_token, :unique => true
# add_index :users, :confirmation_token, :unique => true
# add_index :users, :unlock_token, :unique => true
# add_index :users, :authentication_token, :unique => true
end
end
To troubleshoot this, I also tried adding :locked, :failed_attempts => 5and uncommented out all the lockable features in initializer/devise. I am unsure on how to proceed - help would be appreciated.

rails generate devise User error when migrating

I'm a bit new in Rails world and I try to add a new field in devise schema.
I found this :
rails generate model NAME [field[:type][:index] field[:type]
and tried to apply the command :
rails generate devise User linkedin:string
The process seemed correct :
invoke active_record
create db/migrate/20130902085306_add_devise_to_users.rb
insert app/models/user.rb
route devise_for :users
But when I launch a db:migrate it occures an error :
PG::Error: ERROR: column "email" of relation "users" already exists
What did I do wrong ? why does it say (and is it related) email is wrong while it was ok before ?
Thanks a lot !
Here is the migration file result :
class AddDeviseToUsers < ActiveRecord::Migration
def self.up
change_table(:users) do |t|
## Database authenticatable
t.string :email, :null => false, :default => ""
t.string :encrypted_password, :null => false, :default => ""
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
## Trackable
t.integer :sign_in_count, :default => 0
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
## Confirmable
# t.string :confirmation_token
# t.datetime :confirmed_at
# t.datetime :confirmation_sent_at
# t.string :unconfirmed_email # Only if using reconfirmable
## Lockable
# t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
# t.string :unlock_token # Only if unlock strategy is :email or :both
# t.datetime :locked_at
## Token authenticatable
# t.string :authentication_token
t.string :linkedin
# Uncomment below if timestamps were not included in your original model.
# t.timestamps
end
add_index :users, :email, :unique => true
add_index :users, :reset_password_token, :unique => true
# add_index :users, :confirmation_token, :unique => true
# add_index :users, :unlock_token, :unique => true
# add_index :users, :authentication_token, :unique => true
end
def self.down
# By default, we don't want to make any assumption about how to roll back a migration when your
# model already existed. Please edit below which fields you would like to remove in this migration.
raise ActiveRecord::IrreversibleMigration
end
end

Does your users table already have email field? It seems there is, you have to remove creating an email field again by removing it from migration and make sure it is not referenced twice in user.rb model
db/migrate/20130902085306_add_devise_to_users.rb

Ok!
I've found what was wrong : I created a new table instead of updating existing one.
So the good task was :
rails g migration add_columnLinkedin_to_users
Then adding in the new created migration file :
change_table :users do |t|
t.string :linkedin
end
And db:migrate was a success !
Thanks for your helps !

Gem devise set multiple user model system

In my app i need to do two way-login system:
1) User - only for user part of website, contain's information about user's, it's login data, etc...
2) Admin - another model for admin part of website.
But how to do this?
Now i have only first part, and my migration:
class DeviseCreateUsers < ActiveRecord::Migration
def self.up
create_table(:users) do |t|
## Database authenticatable
t.string :email, :null => false, :default => ""
t.string :encrypted_password, :null => false, :default => ""
## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at
## Rememberable
t.datetime :remember_created_at
## Trackable
t.integer :sign_in_count, :default => 0
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
## Encryptable
# t.string :password_salt
## Confirmable
#t.string :confirmation_token
#t.datetime :confirmed_at
#t.datetime :confirmation_sent_at
#t.string :unconfirmed_email # Only if using reconfirmable
## Lockable
#t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
#t.string :unlock_token # Only if unlock strategy is :email or :both
#t.datetime :locked_at
## Token authenticatable
t.string :authentication_token
t.timestamps
end
add_index :users, :email, :unique => true
add_index :users, :reset_password_token, :unique => true
#add_index :users, :confirmation_token, :unique => true
#add_index :users, :unlock_token, :unique => true
add_index :users, :authentication_token, :unique => true
end
def self.down
drop_table :users
end
end
And route:
devise_for :users
But how to add second admin-login part?

You have 3 options:
Add string field type to your table and derive from User model (the admin and user will have the same login route).
Add boolean field admin and use i.e. CanCan gem.
Run rails g devise admin and have separate admin model.
The way you choose depends on your app struct.