Adding custom parameters to devise registration - unpermitted parameters

Asked 3/3, 2017 at 6:30 Answered 22/11, 2019 at 5:37

Solved ruby-on-rails ruby-on-rails-3 devise ruby-on-rails-5

I've been trying to customize the devise register method to register with more parameters and also update more(no luck so far), but I always get Unpermitted parameters: error. I tried using this Adding extra registration fields with Devise and https://github.com/plataformatec/devise#strong-parameters, but I cant get over that.

I've also thought about creating a new table to hold a foreign key the user id and put in there stuff like user_id, display_name, profile_picture, but I would have the same problem when trying to submit everything from the same page(mess with the devise controller).

Do you have any suggestions on how I can solve this? What else do I have to post?

routes.rb

devise_for :users, controllers: { registrations: 'users/registrations' }

users/regC

def create
    build_resource(registration_params)

    if resource.save
      if resource.active_for_authentication?
        set_flash_message :notice, :signed_up if is_navigational_format?
        sign_up(resource_name, resource)
        respond_with resource, :location => after_sign_up_path_for(resource)
      else
        set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
        respond_with resource, :location => after_sign_up_path_for(resource)
      end
    else
      clean_up_passwords
      respond_with resource
    end
  end

private
  def registration_paramss
    params.require(:user).permit(:email, :display_name, :terms_of_services, :profile, :password, :password_confirmation)
  end

Paling answered 3/3, 2017 at 6:30 Comment(6)

Please post your devise configuration. – Uranometry 3/3, 2017 at 6:31

@Uranometry updated it – Paling 3/3, 2017 at 6:32

What version of devise are you using? Can you show us the overriden controller (users/registrations)? Just the create action and the part where you customize the sign up parameters. – Badlands 3/3, 2017 at 6:49

@Badlands edited. I have just 'devise' no version after it. For the create controller I tried something that I found in the link posted in the question. I have no idea how build_resource works within devise, but I didn t want to mess with the devise functionality. – Paling 3/3, 2017 at 6:52

Please look into your Gemfile.lock file and search for devise. You should be able to find the version. You can also run gem list devise from the root folder of your project ;). – Badlands 3/3, 2017 at 6:54

@Badlands devise (4.2.0) – Paling 3/3, 2017 at 6:55

Looks like you just need to tell devise which parameters should be permitted. By default, devise permits the email (or username depending on configuration), password and password_confirmation params. You just need to add more.

The devise documentation suggests a "lazy way" of setting this up.

class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:display_name])
  end
end

The documentation then says that

If you have nested attributes (say you're using accepts_nested_attributes_for), then you will need to tell devise about those nestings and types.

Only if you need to override the registrations#create action you should provide your custom route for devise. In that case, make sure you override the sign_up_params method too.

class Users::RegistrationsController < Devise::RegistrationsController
  def create
    # Your custom code here. Make sure you copy devise's functionality
  end

  private

  # Notice the name of the method
  def sign_up_params
    params.require(:user).permit(:display_name, :email, :password, :password_confirmation)
  end
end

In essence, you'd have to look into how your sign up form is posting the parameters to figure out how to configure strong parameters in the controller. Make sure you read on strong parameters syntax as well.

Hope it helps!

Badlands answered 3/3, 2017 at 7:10 Comment(9)

Actually the problem is within the SessionsController. After it tries to create the user it will attempt to log him in, and the session controller still sees the parameters as not permitted. Should I modify the sessions controller too? Both solutions end up with that problem. – Paling 3/3, 2017 at 7:33

You could try that, by specifying parameters for :sign_in. But it seems weird because as far as I know devise does not redirect, it just signs up the user. This error you're getting, is it an error or a warning? If the registration worked and your model was saved, you shouldn't care about the unpermitted parameters warning. – Badlands 3/3, 2017 at 7:36

The user was not saved unfortunately. I check every time and hope for it to be there, but I've got only the seeds users. – Paling 3/3, 2017 at 7:37

I removed all of the extra parameters and even the simple registration doesn t work. I found out that more people have this problem. I got in the console Unpermitted parameter: password_confirmation. – Paling 3/3, 2017 at 7:42

Is it possible to remove your answer so I can delete the question or should I just leave it here? I have an entirely different problem. I'm going to post a new one regarding my issue if I can t find a solution online. There are plenty of posts about session unpermitted params, but so far none has worked. – Paling 3/3, 2017 at 7:47

Found my problem. I had the form path wrong in the html. I've been at this for 8 hours and it was just a simple html wrong path. – Paling 3/3, 2017 at 8:3

Glad you solved it! I hope I helped even a little bit. – Badlands 3/3, 2017 at 8:27

Yes, thank you. You've made the customization of the devise parameters clear. – Paling 3/3, 2017 at 9:56

Is the lazy way safe security-wise? – Shakedown 18/9, 2020 at 8:23

For Devise 4.2.0 you can whitelist additional parameters for your users table by adding those values to keys. By default devise gives you the comment to go off of now. Below I added :avatar

  # If you have extra params to permit, append them to the sanitizer.
  def configure_sign_up_params
    devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute, :avatar])
  end

Birdt answered 4/7, 2017 at 1:53 Comment(0)

The accepted answer says the config should go in your applicationController but it can simply go in your user registration controller and you can specify that you only want to run it for create method and nothing else:


class Users::RegistrationsController < Devise::RegistrationsController
  before_action :configure_sign_up_params, only: [:create]

  protected

  def configure_sign_up_params
    devise_parameter_sanitizer.permit(:sign_up, keys: [:enter_param_name_here])
  end
end

Waterside answered 22/11, 2019 at 5:37 Comment(0)

In my case this worked:

class ApplicationController < ActionController::Base
    before_action :configure_permitted_parameters, if: :devise_controller?

    protected

    def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:name, :last_name, :image,:email, :password, :password_confirmation, :current_password) }
    end
end

Gwynethgwynne answered 13/5, 2019 at 0:11 Comment(1)

This is also the only thing that worked for us! Thank you! – Sheepshead 28/10, 2021 at 2:5

Recommended topics

Hot tags