I upgraded an app to rails 4 and everything is working fine. I can sign in and goto my edit page. Also updated the views. When using the standard view, the user is updated. But when I add for example the field :name, this is not updated in the form.
Using devise 3.1.1 and also the gem 'protected_attributes'
Do I need to run some kind of update command on devise or db?
I have also searched this place, finding many different solution, but none will update my user field. I have not added any custom fields.
If you want to permit additional parameters you can use a before filter in your ApplicationController because Rails 4 moved the parameter sanitization from the model to the controller.
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :name << :surname << :username
devise_parameter_sanitizer.for(:account_update) << :name << :surname << :username
end
end
You can also find more here.
Related
I have installed devise gem and added custom fields to database for fullname and location as strings.
I updated edit and new form pages as:
<%= f.input :fullname, required: true %>
<%= f.input :location %>
But it doesn't save or update this fields.
I can't see any controller for that
What am I missing? I went through tens of tutorials, but can't figure it out.
I'm using Rails 5.1.3 and Ruby 2.4.0p0.
You can do it in the "lazy way" by using the configure_permitted_parameters before filter.
In your ApplicationController add the protected method specifying the keys to permit in the devise_parameter_sanitizer. Then add a before_action callback pointing to this method if the controller being used is a devise registered controller.
In your case maybe something like:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
permit_attrs(%i[fullname location])
end
def permit_attrs(attrs)
%i[sign_up account_update].each do |action|
devise_parameter_sanitizer.permit(action, keys: attrs)
end
end
end
I am using ng-token-auth and devise_token_auth for authentication. When I am trying to update user using
$auth.updateAccount
it's showing me
Unpermitted parameters: credentials, registration
Filter chain halted as :validate_account_update_params rendered or redirected
I have included the following in application_controller.rb
before_action :configure_permitted_parameters, if: :devise_controller?
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :name
devise_parameter_sanitizer.for(:account_update) << :name << :credentials
end
Also, credentials field is serialized as an Array in the User model
class User < ActiveRecord::Base
serialize :credentials, Array
end
I ran into the same issue and finally found a solution. For me, the problem was that the parent filter :validate_account_update_params was being called before the child :configure_permitted_parameters. This is apparently new behavior as of at least Rails 4.2 (and possibly before). Adding this in the child fixed it:
prepend_before_action :configure_permitted_params
I have used Devise for authentication.
Went ahead and updated my Users database to include a bio column. Added this and ran the migration so I can see it is there.
Now I want Users to be able to add a bio once they are logged in. Did some research and I see attr_accessible is no more in rails 4 and I should use strong parameters. Also checked out the Devise documentation but couldn't quite find what I am after.
I see they are added to the controller but as I have used Devise I don't have access to the UsersController
How can I add the ability for Users to update the bio field so it saves in the database?
You should add a before_filter in your ApplicationController to do that. Devise docs contains a section explaining this. I took the code below from there:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :username
end
end
In the example, the attribute :username is allowed to be parsed in the sign_up page.
I have a common problem: I am using devise and I want to add a checkbox for "terms and conditions".
It's well covered everywhere, except for one moment. If I do
<%= f.check_box(:terms_and_conditions )%>
Then I get an error that :terms_and_conditions is not defined. Where should I define it? The model? The controller?
Try using the acceptance validation method:
class User < ActiveRecord::Base
validates :terms_and_conditions, acceptance: true
end
As stated in the Rails Guide
This validation is very specific to web applications and this 'acceptance' does not need to be recorded anywhere in your database (if you don't have a field for it, the helper will just create a virtual attribute).
In addition, you'll need to add the :terms_and_conditions parameter to the permitted parameters for sign up:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :terms_and_conditions
end
end
Greeting,
I've been working on getting my devise sign up form customized for my application, and it's been a bit of a pain trying to sort out how Devise is handling things. My form is customized, but my the attributes in my new fields are not being saved to the database. I looked at something like this solution:http://blog.12spokes.com/web-design-development/adding-custom-fields-to-your-devise-user-model-in-rails-4/ (yeah it's for rails 4) but.... it doesn't feel like the cleanest way to do this. I'd like to know if there is a more efficient way of doing this now. Would you recommend moving additional user information that is unrelated to Devise authentication into a new table? If so, can I put fields for some nested elements in the Devise sign-up form without having to go through all of business in the solution above. Thanks in advance!
What about trying to use the devise_parameter_sanitizer :
application_controller.rb
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:additional_field1, :additional_field2, :email, :password, :password_confirmation) }
end
end
and then on your User model, you could simply add validation :
user.rb
class User < ActiveRecord::Base
validates :additional_field1, presence: true
validates :additional_field2, uniqueness: true
end