I've followed the directions in devise's wiki regarding overriding update method to update user information without adding password, but I'm still getting notice saying that I can't leave password blank. I'm stuck and I need some assistance on tracking the problem down.
<%= form_for(resource, :as => resource_name, :url => custom_update_user_registration_path, :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<%= f.text_field :first_name %>
<%= f.text_field :last_name %>
<%= f.email_field :email, :autofocus => true %>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
<% end %>
<%= f.submit "Update" %>
in my routes :
devise_for :user, :controllers => { :registrations => "registrations" }, :skip => [:registrations, :sessions] do
get 'signup' => 'devise/registrations#new', :as => :new_user_registration
post 'signup' => 'devise/registrations#create', :as => :custom_user_registration
get 'users/cancel' => 'devise/registrations#cancel', :as => :cancel_user_registration
get 'account/edit' => 'devise/registrations#edit', :as => :custom_edit_user_registration
put 'account' => 'devise/registrations#update', :as => :custom_update_user_registration
delete 'users/cancel' => 'devise/registrations#destroy'
# devise/sessions
get 'signin' => 'devise/sessions#new', :as => :new_user_session
post 'signin' => 'devise/sessions#create', :as => :user_session
delete 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session
end
Here's my controller:
class RegistrationsController < Devise::RegistrationsController
before_filter :check_permissions, :only => [:new, :create, :cancel]
skip_before_filter :require_no_authentication
def check_permissions
authorize! :create, resource
end
def update
#user.attributes = params[:user]
# required for settings form to submit when password is left blank
if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
end
#user = User.find(current_user.id)
if #user.update_attributes(params[:user])
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in #user, :bypass => true
redirect_to after_update_path_for(#user)
else
render "edit"
end
end
end
I'm not sure why I'm getting the error that I need to submit password still? Can someone see something that I'm overlooking?
Thanks
You could handle that in your model normally.
Just edit your valdiations. This way you normally do not need to override the whole controller..just edit the model:
validates :password, :presence => true, :on => :create
I just found out that I've been overriding my devise registration incorrectly.
This was the correct way of having registration controller
Rails 3 /devise seems to ignore custom controller
Try to change
if #user.update_attributes(params[:user])
to device method
if #user.update_without_password(params[:user])
In class RegistrationsController < Devise::RegistrationsController you are missing update parameters for devise.
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, ...) }
end
def update
# Get all params for :account_update
account_update_params = devise_parameter_sanitizer.sanitize(:account_update)
# Allow user to update without using password.
if account_update_params[:password].blank?
account_update_params.delete("password")
account_update_params.delete("password_confirmation")
end
# Set current_user
#user = User.find(current_user.id)
if #user.update_attributes(account_update_params)
set_flash_message :notice, :updated
sign_in #user, :bypass => true
redirect_to after_update_path_for(#user)
else
render "edit"
end
end
Related
I've got a link in my Rails app that is supposed to add a user to a trip. The link itself is this:
<%= link_to "Add to trip", {:url => trip_users_url(#trip.id, {:user_id => user.id}), :remote => true, :method => :post}, :class => 'button absolute' %>
And the new and create method in the trip_users_controller is as follows:
def new
body_attributes 'add-crew', 'main-feed'
if params[:trips_user] && !params[:trips_user][:email].blank?
authorize! :create, #trip.trips_users.new
#trips_users = #trip.trips_users.find(:first, :include => :user, :conditions => {"users.email" => params[:trips_user][:email]})
if #trips_users.blank?
name = params[:trips_user][:email]
if !User.name_like(name).blank?
#users = User.name_like(name)
else
#users = User.email_like(name)
end
#trips_users = []
#users.each do |user|
#trips_users << #trip.trips_users.new(:user => user)
end
#invitation = #trip.invitations.find_by_email(params[:trips_user][:email])
#invitation ||= #trip.invitations.new(:email => params[:trips_user][:email]) if params[:trips_user][:email].match(/\A([^#\s]+)#((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i)
end
end
end
def create
#trip = Trip.find(params[:trip_id])
#user = User.find(params[:user_id])
authorize! :create, TripsUser.new(:user => #user, :trip => #trip)
unless #trip.users.include? #user
#trip.users << #user
add_news(:added_user, #trip, {:user_id => #user.id})
flash[:notice] = "#{#user.name} was added to the trip."
end
end
However when I click on the link, it seems to be trying to call the search action for some reason and gives me this error:
NoMethodError in TripsUsersController#search
You have a nil object when you didn't expect it!
You might have expected an instance of Array.
The error occurred while evaluating nil.[]
The parameters it passes are:
{"method"=>"post",
"remote"=>"true",
"url"=>"http://localhost:3000/trips/18/users?user_id=11",
"trip_id"=>"18-Testing"}
So it clearly knows the trip, and the user_id required...
Any ideas?
** EDIT **
Here is the relevant section of the routes:
map.resources :trips, :member => {:share => :get, :map => :get, :favourite => [:post, :get]}, :collection => {:find_boat => :get} do |trips|
trips.resources :photos
trips.resources :videos
trips.resources :users, :controller => "trips_users", :collection => {:search => [:get, :post]}
trips.resources :paths
trips.resources :posts
trips.resources :invitations
end
I have a custom registration controller, but I don't want to override a create action from devise. When I try to sign up a user, I get this error:
Unknown action
The action 'create' could not be found for Devise::RegistrationsController
Is it asking for it because I have a custom registration controller? If so, does that mean I need to copy all the actions that I'm not overriding from here: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb
Or its because there's something wrong with my application?
My routes:
devise_for :user, :controllers => { :registrations => "devise/registrations" }, :skip => [:sessions] do
get 'signup' => 'devise/registrations#new', :as => :new_user_registration
post 'signup' => 'devise/registrations#create', :as => :user_registration
end
This is my devise registration controller
class Devise::RegistrationsController < DeviseController
skip_before_filter :require_no_authentication
def edit
#user = User.find(current_user.id)
#profile = Profile.new
end
def update
# required for settings form to submit when password is left blank
if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
end
#user = User.find(current_user.id)
if #user.update_attributes(params[:user])
set_flash_message :notice, :updated
# Sign in the user bypassing validation in case his password changed
sign_in #user, :bypass => true
redirect_to after_update_path_for(#user)
else
render "edit"
end
end
protected
def after_update_path_for(resource)
user_path(resource)
end
def after_sign_up_path_for(resource)
user_path(resource)
end
end
This is the registration form:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
...
<div>
<%= button_tag :type => :submit, :class => "btn btn-large btn-inverse" do %>
Sign up
<% end %>
</div>
...
<% end %>
Your controller of registration inherits from the wrong class: DeviseController
It is a base class for a registration and has no "create" method, and so does your custom Devise::RegistrationsController class (it has only edit and update methods) - it incurs the error.
In order to create your own custom registration controller for users with fallback to the original devise methods, I suggest you do the following:
1. create "users" folder in controllers folder
2. create there registrations_controller.rb file, and define class there:
Users::RegistrationsController < Devise::RegistrationsController
and override any actions ("edit" and "update")
3. inform the "routes.rb" file about changes:
devise_for :users, :controllers => { registrations: 'users/registrations' }
I've got a pretty standard User model with Devise. Administrators are controlled with an :admin boolean on the model, and users who aren't administrators cannot manage themselves (i.e., only administrators can make changes to users).
What I'd like is to permit users to reset their password if they forget it. They would enter their email address then be emailed a token which would grant them access to change it. I've started a solution but I really don't know how to proceed.
user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
attr_accessor :current_password
attr_accessible :name, :password, :password_confirmation, :current_password, :email, :remember_me, :ftp, :colour1, :colour2, :logo, :logo2, :address, :url, :disclosure, :general_advice, :facebook, :twitter, :brand_id, :analytics
attr_protected :admin
validates_uniqueness_of :email, :ftp
belongs_to :brand
has_many :docs
has_many :orders, :through => :docs
has_attached_file :logo
has_attached_file :logo2
end
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new #guesting
if user.admin?
can :manage, :all
else
can :manage, :recoverable
end
end
end
And here's the method:
def reset
#idiot = User.where(:email => params[:email]).first
unless #idiot.nil?
Notifier.send_reset_notice(#idiot).deliver
#idiot.send_reset_password_instructions
redirect_to new_user_session_url
else
redirect_to new_user_session_url, :flash => { :error => "That email address matches no user." }
end
end
The user receives the Devise email but clicking on the link takes the user to the application root and not to a password reset form. I'm not sure how to proceed from here. Any thoughts? Cheers!
UPDATE
Relevant routes:
devise_for :users, :path => "d"
devise_scope :user do
get '/sign_in' => 'devise/sessions#new'
get '/sign_out' => 'devise/sessions#destroy'
end
First, create controller for handle Devise::PasswordsController
class PasswordusersController < Devise::PasswordsController
prepend_before_filter :require_no_authentication
append_before_filter :assert_reset_token_passed, :only => :edit
def new
super
end
def create
self.resource = resource_class.send_reset_password_instructions(resource_params)
if successfully_sent?(resource)
redirect_to root_path, :notice => "Instruction has been send to your email"
else
respond_with(resource)
end
end
def edit
super
end
def update
self.resource = resource_class.reset_password_by_token(resource_params)
if resource.errors.empty?
resource.unlock_access! if unlockable?(resource)
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
set_flash_message(:notice, flash_message) if is_navigational_format?
sign_in(resource_name, resource)
redirect_to login_path, :notice => "Password has been change"
else
respond_with resource
end
end
protected
def after_sending_reset_password_instructions_path_for(resource_name)
root_path
end
def assert_reset_token_passed
super
end
def unlockable?(resource)
super
end
end
Than, run generate view for devise
copy new.html.erb and edit.html.erb from views/devise/passwords to views/passwordusers
on routes.rb you can config such as :
devise_scope :user do
get '/reset_password' => "passowrdusers#new", :as => :reset_password
get '/new_password' => "passwordusers#edit", :as => :new_password
end
edit link on devise/mailer/reset_password_instructions.html.erb
<p><%= link_to 'Change My Password', new_password_path(#resource, :reset_password_token => #resource.reset_password_token) %></p>
finally, on view form login add this
<%= link_to "Forgot Password?", reset_password_url(resource_name) %>
UPDATE
on routes.rb you can config such as :
devise_scope :user do
get '/reset_password' => "passowrdusers#new", :as => :reset_password
get '/new_password' => "passwordusers#edit", :as => :new_password
post '/send_email' => 'passwordusers#create', :as => :create_password
put '/change' => 'passwordusers#update', :as => :update_password
end
on views/passwordusers/new.html.erb
<%= form_for("user", :url => create_password_path(resource_name), :html => { :method => :post }) do |f| %>
on views/passwordusers/edit.html.erb
<%= form_for("user", :url => update_password_path(resource_name), :html => { :method => :put }) do |f| %>
After Googling everywhere about how I can fix this I decided to post a question. I'm trying to add a custom action "create_pro" to the Devise Registrations controller so I can create a user with additional fields (A pro user). This form is on the same page as the devise create action for a user.
I keep getting the following error after submitting the form:
Unknown action
The action 'create_pro' could not be found for
Devise::RegistrationsController
How can I fix this?
Routes
devise_for :users,:controllers => { :registrations => "registrations" }
devise_scope :user do
post "gopro", :to => "devise/registrations#create_pro"
end
Registrations Controller
class RegistrationsController < Devise::RegistrationsController
before_filter :authenticate_user!, :only => :token
def new
super
end
def create
#user = User.new(params[:user])
if #user.save
sign_in #user
flash[:notice] = "Welcome to Banking Analytics."
redirect_to '/mybank'
else
render :action => :new
end
end
def create_pro
#user = User.new(params[:user])
if #user.save
sign_in #user
flash[:notice] = "Welcome to Banking Analytics."
redirect_to '/mybank'
else
render :action => :new
end
end
end
View
<div class="signup_form_basic">
<%= simple_form_for #user, :url => url_for(:controller => 'registrations', :action => 'create_pro') do |f| %>
<%= f.error_notification %>
<%= f.input :email, :required => true, :autofocus => true, :label => 'Username ( Your Email )', :placeholder => 'Email Address' %>
<%= f.input :password, :required => true, :autofocus => true, :label => 'Password', :placeholder => 'Password' %>
<%= f.input :password_confirmation, :required => true, :autofocus => true, :label => 'Confirm Password', :placeholder => 'Password Confirmation' %>
<%= f.button :submit, "Sign Up >>", class: 'btn btn-inverse' %>
<% end %>
</div>
I don't have an answer for the 'Unknown Action error' that you are facing, but I think the current solution is sub-optimal.
Since your goal is to have the following two classes of users
Pro-users, and
Regular (Non-pro) users,
it is probably best to follow the suggestion at How To: Customize routes to user registration pages and set up parallel structures for the two types of users.
That would be much more in line with the relationship between the two types of users.
I'm following this Ruby Railcasts episode to get some simple auth going, and I'm getting the error uninitialized constant Sessions when I navigate to the login page. I've checked my classes and the names are proper, which seems to be the problem most people report. Any idea what might be happening here?
The name of my controller file is sessions_controller.rb and the code is as follows:
class SessionsController < ApplicationController
def new
end
def create
user = User.authenticate(params[:email], params[:password])
if user
session[:user_id] = user.id
redirect_to root_url, :notice => 'Logged In!'
else
flash.now.alert = 'Invalid email or password'
render 'new'
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, :notice => 'Logged Out!'
end
end
routes.rb file:
Albumtracker::Application.routes.draw do
get "login" => "sessions/new", :as => "login"
get "logout" => "sessions/destroy", :as => "logout"
get "signup" => "users/new", :as => "sign_up"
root :to => 'users#new'
resources :users
resources :sessions
get "pages/index"
end
sessions/new view file:
<h1>Log in</h1>
<%= form_tag sessions_path do %>
<p>
<%= label_tag :email %><br />
<%= text_field_tag :email, params[:email] %>
</p>
<p>
<%= label_tag :password %><br />
<%= password_field_tag :password %>
</p>
<p class="button"><%= submit_tag "Log in" %></p>
<% end %>
You have typos in your routes. / should be # when specifying a controller and action. Your routes should look like this:
get "login" => "sessions#new", :as => "login"
get "logout" => "sessions#destroy", :as => "logout"
get "signup" => "users#new", :as => "sign_up"
When you use / in your route the preceding portion is matched to a namespace. So from "sessions/new" the router was trying to locate a controller named Sessions::NewController. Since the namespace Sessions doesn't exist in your app, you got the uninitialized constant error.