Unpermitted Parameters adding new fields to Devise in rails 4.0

ruby ruby-on-rails

Solution 1:

The accepted solution is good enough, but I see two problems: 1) All the controllers will check if the current controller is the devise controller (if: :devise_controller?) and 2) We need to write all the acceptable parameters in the method (...for(:sign_up) {|u| u.permit(:bio, :name)}), even the :email, :password and so on.

I think that a more elegant solution could be:

# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_permitted_parameters

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up).push(:name, :phone, :organization)
  end
end

# config/routes.rb
devise_for :users, :controllers => { :registrations => "users/registrations" }

NOTE: Updates for Rails 4.2+

This answer is falling out of date:

  • Change "users" to "user" in the "users/registration" path for Rails 4.2.1 and Devise 3.4.1.
  • devise_parameter_sanitizer.permit() replaces devise_parameter_sanitizer.for() for Devise 4 (see Rails 5, Undefined method `for' for #<Devise on line devise_parameter_sanitizer.for)

Solution 2:

Make sure you are using Devise 3.0.0 at least. Add to your application controller:

before_filter :update_sanitized_params, if: :devise_controller?

def update_sanitized_params
  devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:bio, :name)}
end

Documentation: https://github.com/plataformatec/devise#strong-parameters

Solution 3:

I was having trouble with this too. The documentation on devise's site helped as well as some forums. Here's what I ended up doing:

In custom RegistrationsController (app/controllers/users/registrations_controller.rb)

# app/controllers/users/registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController
    before_filter :update_sanitized_params, if: :devise_controller?

    def update_sanitized_params
       devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:name, :email,   :password, :password_confirmation)}
    end
end

Then in your route file (config/routes.rb) us this for your devise_for statement:

devise_for :users, controllers: {registrations: "users/registrations"}

Related

What is the difference between cross-validation and grid search?
SublimeText3 Fold/Unfold all methods
What is @section scripts and what it is used for
seaborn color_palette as matplotlib colormap
Sort an array in Vue.js
Angular 6 router.events.filter 'filter' does not exist on type 'Observable<Event>'
aws ecr saying "Cannot perform an interactive login from a non TTY device" after copied cmd from "Amazon Container Services"
How to convert an Expression<Func<T, bool>> to a Predicate<T>
What's the C++ version of Guid.NewGuid()?
Piping output of subprocess.Popen to files
How to increase a counter in SQLAlchemy
Regex for 1 or 2 digits, optional non-alphanumeric, 2 known alphas