Devise and Strong Parameters Devise and Strong Parameters ruby ruby

Devise and Strong Parameters


ruby-on-rails ruby ruby-on-rails-3 devise strong-parameters

Update for devise 4.x

class ApplicationController < ActionController::Base  before_filter :configure_permitted_parameters, if: :devise_controller?  protected  def configure_permitted_parameters    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])    devise_parameter_sanitizer.permit(:sign_in, keys: [:username])    devise_parameter_sanitizer.permit(:account_update, keys: [:username])  endend

After adding both gems, devise will work as normal.

Update: With the latest version of Devise 3.x, as described at devise#strong-parameters, the authentication key (normally the email field), and the password fields are already permitted. However, if there are any additional fields on the signup form, you will need to let Devise know the extra fields to permit. The easiest way to do this is with a filter:

class ApplicationController < ActionController::Base  before_filter :configure_permitted_parameters, if: :devise_controller?  protected  def configure_permitted_parameters    devise_parameter_sanitizer.for(:sign_up) << :username  endend

For Devise 2.x, if you use the safety feature requiring explicitly whitelisting tainted parameters in the user model:

include ActiveModel::ForbiddenAttributesProtection

the changes needed are found at https://gist.github.com/3350730 which overrides some of the controllers.

ruby-on-rails ruby ruby-on-rails-3 devise strong-parameters

The easy way is to add a simple before filter in your ApplicationController. If you have different roles and/or other more complex scenario there are other options on the link below:

https://github.com/plataformatec/devise#strong-parameters

ruby-on-rails ruby ruby-on-rails-3 devise strong-parameters 

before_filter :configure_sanitized_params, if: :devise_controller?def configure_sanitized_params  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:firstname, :designation_id, :middlename, :previous_experiance_year, :previous_experiance_month, :lastname, :email, :username, :password, :password_confirmation, :previous_experiance, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) }  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:remove_image, :firstname, :designation_id, :middlename, :lastname, :email, :username, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) }end

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last