Devise strong parameter sanitizer
Question
I am trying to customize my input params when using devise. To the best of my ability I have followed the devise doc on the subject. I have also googled extensively finding some helpful articles like this one. In the end however what happens when I fill out the form and hit submit, is the "sign_up" form on the new user page is returned. When I check the db in the console no new user is added and the server logs is listed below with the relevant code. If you'd like to see any other code let me know and Ill up date the question. Any and all help is mush appreciated.
Server logs:
Started GET "/users/sign_up
utf8=%E2%9C%93&authenticity_token=lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8%3D&user%5Bemail%5D=kit%40kit.com&user%5Bhandle%5D=kit&user%5Bpassword%5D=[FILTERED]&user%5Bpassword_confirmation%5D=[FILTERED]&commit=Sign+Up" for 127.0.0.1 at 2013-11-17 21:01:31 -0800
Processing by Devise::RegistrationsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"lnKi02OIXc3sSkCpCzKmvQ6iaSZPI6s9aVxN9pCavH8=", "user"=>{"email"=>"kit@kit.com", "handle"=>"kit", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign Up"}
Rendered devise/shared/_links.erb (0.3ms)
Rendered devise/registrations/new.html.erb within layouts/application (3.7ms)
Completed 200 OK in 10ms (Views: 9.0ms | ActiveRecord: 0.0ms)
My application controller:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
protected
def devise_parameter_sanitizer
if resource_class == User
User::ParameterSanitizer.new(User, :user, params)
else
super # Use the default one
end
end
end
User_sanitizer:
class User::ParameterSanitizer < Devise::ParameterSanitizer
private
def account_sign_in
default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password)
end
def account_sign_up
default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password)
end
def account_account_update
default_paramiters.permit(:first_name, :last_name, :handle, :email, :password, :password_confirmation, :current_password)
end
end
application.html.erb
<!DOCTYPE html>
<html>
<head>
<title>Meowit</title>
<%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %>
<%= javascript_include_tag "application", "data-turbolinks-track" => true %>
<%= csrf_meta_tags %>
</head>
<body>
<nav class="navbar navbar-default" role="navigation">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="<%= root_path %>">MeowIT</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="<%= meows_path %>">Feed</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li>
<% if user_signed_in? %>
<li class="dropdown">
<a href="" class="dropdown-toggle" data-toggle="dropdown">Account<b class="caret"></b></a>
<ul class="dropdown-menu">
<li><%= "#{current_user.email}" %></li>
<li><%= link_to "Edit", edit_user_registration_path %></li>
<li><%= link_to("Logout", destroy_user_session_path, :method => :delete) %></li>
</ul>
</li>
<% else %>
<li><%= link_to("Login ", new_user_session_path) %></li>
<% end %>
</div><!-- /.navbar-collapse -->
</nav>
<% if flash[:success] %>
<div class='alert alert-success'>
<%= flash[:success] %>
</div>
<% end %>
<% if flash[:info] %>
<div class='alert alert-info'>
<%= flash[:info] %>
</div>
<% end %>
<% if flash[:warning] %>
<div class='alert alert-warning'>
<%= flash[:warning] %>
</div>
<% end %>
<% if flash[:danger] %>
<div class='alert alert-danger'>
<%= flash[:danger] %>
</div>
<% end %>
<div class="container">
<%= yield %>
</div>
</body>
</html>
sanitizers.rb:
require "#{Rails.application.root}/lib/user_sanitizer.rb"
new.html.erb (inside views/devise/registrations):
<div class="row">
<div class="col-lg-6">
<div class="well">
<form class="bs-example form-horizontal">
<fieldset>
<legend>Sign Up</legend>
<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= f.error_notification %>
<%= f.label :Email, class: "col-lg-2 control-label" %>
<div class="col-lg-10">
<%= f.text_field :email, :required => true, :autofocus => true, class: "form-control" %>
</div>
<br>
<br>
<br>
<%= f.label :"Name", class: "col-lg-2 control-label" %>
<div class="col-lg-10">
<%= f.text_field :handle, :required => false, class: "form-control" %>
</div>
<br>
<br>
<br>
<%= f.label :Password, class: "col-lg-2 control-label" %>
<div class="col-lg-10">
<%= f.password_field :password, :required => true, class: "form-control" %>
</div>
<br>
<br>
<br>
<%= f.label :"Password Confirmation", class: "col-lg-2 control-label" %>
<div class="col-lg-10">
<%= f.password_field :password_confirmation, :required => true, class: "form-control" %>
</div>
<br>
<br>
<div class="col-lg-10 col-lg-offset-2">
<%= f.button :submit, "Sign Up", class: "btn btn-primary" %>
</div>
<% end %>
</fieldset>
</form>
</div>
</div>
</div>
<%= render "devise/shared/links" %>
edit(1)
Created new file registrations_controller.rb in app/controllers class RegistrationsController < Devise::RegistrationsController
private
def configure_devise_params
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:email, :password, :password_confirmation)
end
end
end
Modified the devies_for route in routes.rb to point to the new controller.
devise_for :users, :controllers => {:registrations => "registrations"}
Last, I commented out the reference to the devise_parameter_sanitizer in the application controller and removed the
require "#{Rails.application.root}/lib/user_sanitizer.rb"
in sanitizers.rb
2 answers
solution1
1 2013-12-24 20:18:45
Not sure if you still need the help, but I was able to get my sanitizers working by dropping the prefixed accounts.
Inside you user_sanitizer.rb remove "accounts" from your methods.
def sign_in
...
end
def sign_up
...
end
Doing it this way has worked for me.
solution2
0 2013-11-18 05:50:53
you can add this to devise registrations controller
private
def configure_devise_params
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:email, :password, :password_confirmation)
end
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.