Best IT Recipes

Development and strong parameters

I would like to know how to integrate both of these gems (devise + Strong Parameters), since strong parameters will most likely be added to the rails kernel in 4.0

any help is appreciated thanks

+39
ruby ruby-on-rails ruby-on-rails-3 devise strong-parameters
Aug 10 2018-12-12T00:
source share
4 answers

Development Update 4.x

class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:username]) devise_parameter_sanitizer.permit(:sign_in, keys: [:username]) devise_parameter_sanitizer.permit(:account_update, keys: [:username]) end end


After adding both gems, the development will work as usual.

Update: with the latest version of Devise 3.x, as described in devise # strong-parameters , an authentication key (usually this is an email field) and password fields are already allowed. However, if there are any additional fields in the registration form, you will need to inform Devise about additional fields that will allow. The easiest way to do this is with a filter:

 class ApplicationController < ActionController::Base before_filter :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) << :username end end

For Devise 2.x, if you use a security function that requires explicitly redirecting corrupted parameters in the user model:

 include ActiveModel::ForbiddenAttributesProtection

the necessary changes are at https://gist.github.com/3350730 , which overrides some of the controllers.

+52
Aug 17 2018-12-12T00:
source share

The easiest way is to add a simple filter in front of your ApplicationController filter. If you have different roles and / or another more complex scenario, there are other options at the link below:

https://github.com/plataformatec/devise#strong-parameters

+8
Jul 16 '13 at 13:08 on
source share
 before_filter :configure_sanitized_params, if: :devise_controller? def configure_sanitized_params devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:firstname, :designation_id, :middlename, :previous_experiance_year, :previous_experiance_month, :lastname, :email, :username, :password, :password_confirmation, :previous_experiance, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) } devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:remove_image, :firstname, :designation_id, :middlename, :lastname, :email, :username, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) } end
+1
Sep 15 '15 at 5:27
source share

You can also try this to enable resolution of nested parameters.

 class ApplicationController < ActionController::Base before_action :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:username,:phone]) # permit nested attributes # devise_parameter_sanitizer.permit(:sign_up, keys: # [:username,:phone,profile_attributes:[:firstname, :lastname]]) end end

This will work with rails 4 and 5 and rails

0
May 03 '19 at 10:57
source share


More articles:


All Articles