Adding extra registration fields with Devise

ruby-on-rails devise

I am trying to add some extra fields to registrations#new. Since I only want extra data and do not need different functionality, I don't see why I need to override controllers etc. So what I did was modify registrations#new as follows: 

%h2
  Sign up
= form_for(resource, as: resource_name, url: registration_path(resource_name)) do ||f
  = devise_error_messages!
  %div
    = f.label :email
    %br
    = f.email_field :email, autofocus: true
  %div
    = f.label :title_id
    %br
    = f.text_field :title_id
  %div
    = f.label :province_id
    %br
    = f.text_field :province_id
  %div
    = f.label :first_name
    %br
    = f.text_field :first_name
  %div
    = f.label :last_name
    %br
    = f.text_field :last_name
  %div
    = f.label :password
    %br
    = f.password_field :password
  %div
    = f.label :password_confirmation
    %br
    = f.password_field :password_confirmation
  %div= f.submit 'Sign up'
= render 'devise/shared/links'

To enable these extra fields through the sanitizer, I updated ApplicationController as follows:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_filter :store_requested_url!
  # before_filter :authenticate_user!

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :title_id, :province_id, :first_name, :last_name) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password) }
  end

  def after_sign_in_path_for(resource)
    session[:requested_url] || root_path
  end

  private

  def store_requested_url
    # store last url as long as it isn't a /users path
    session[:previous_url] = request.fullpath unless request.fullpath == /\/users/
  end
end

For some reason, it is not working and the extra fields go to the database as nulls.

I am using Ruby 2 and Rails 4 rc1, with Devise 3.0.0.rc.


It would appear that the code sample in your question is not working because you are not setting the before_filter to call the sanitizer.

before_filter :configure_permitted_parameters, if: :devise_controller?

With that said, it's probably better to override the controller, as shown in the accepted answer, so that the application controller isn't doing this check all of the time. The accepted answer can be shortened up with the code below. I've tested this code with my application and it works well. All of this is documented in the Strong Parameters section of the README in the 3.0.0.rc tag.

Override the controller:

class RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters, :only => [:create]

  protected

    def configure_permitted_parameters
      devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }
    end
end

Then update the routes to use it:

devise_for :members, :controllers => { :registrations => "registrations" }

As of Devise version 4.3.0, May 15th 2017, the solution is as follows from the documentation. In this case, the username field is being added.

In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your ApplicationController:

class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
  end
end

And of course, simply add the field to your database

> rails g migration AddUsernameToUsers

class AddUsernameToUsers < ActiveRecord::Migration[5.0]
  def change
    add_column :users, :username, :string, null: false, index: true, unique: true
  end
end

And then add the necessary fields into the view for registrations#new

<%= f.text_field :username, placeholder: "Username"  %>

After Devise 4.0 the older answers on this topic are not valid. instead of the for method you have to use:

devise_parameter_sanitizer.permit(:sign_up, keys: [:username])

So, for a complete solution in ApplicationController:

class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected
    def configure_permitted_parameters
       devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
    end
end

OK, so what I did was just override the Devise registration controller, update routes.rb as per the devise docs to reflect this, copied and pasted the Devise code for registrations#create as is, and change the getting params part to use my own strong parameters method, and that was that.

class RegistrationsController < Devise::RegistrationsController

  def create
    build_resource(registration_params)

    if resource.save
      if resource.active_for_authentication?
        set_flash_message :notice, :signed_up if is_navigational_format?
        sign_up(resource_name, resource)
        respond_with resource, :location => after_sign_up_path_for(resource)
      else
        set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
        respond_with resource, :location => after_sign_up_path_for(resource)
      end
    else
      clean_up_passwords
      respond_with resource
    end
  end  

  private

  def registration_params
    params.require(:user).permit(:email, :title_id, :first_name, :last_name, 
      :province_id, :password, :password_confirmation)
  end

end

First expose the views

rails generate devise:views users

then edit config/initializers/devise.rb and change 

# config.scoped_views = false

to

config.scoped_views = true

this will allow you to modify the views at app/views/users/registration.

you will add the fields needed here, in both

app/views/users/registration/edit.html.erb

app/views/users/registration/new.html.erb

Now we have to deal with rails mass assignment issue, go to application_controller.rb and add a before_filter

before_filter :configure_permitted_parameters, if: :devise_controller?

then add your fields + original fields to devise sanitization

protected

    def configure_permitted_parameters
        # Fields for sign up
        devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) }
        # Fields for editing an existing account
        devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :current_password, :gender) }
    end

restart your web server and cross your fingers.

Related

Manually set unobtrusive validation error on a textbox
How do I parallelize a for loop through a C++ std::list using OpenMP?
Java/JAXB: Unmarshall XML attributes to specific Java object attributes
How to read a resource file within a Portable Class Library?
Whether to use invokeAll or submit - java Executor service
Delete all data rows from an Excel table (apart from the first)
Can someone provide an up-to-date Android guide for Google Drive REST API v3?
How to create multiple indexes in logstash.conf file?
Subversion Obliterate feature
Group DateTime into 5,15,30 and 60 minute intervals
scope of variables in JavaScript callback functions
font awesome icon is not appearing in IE 11, but showing in other browsers