Rails 4 + Devise - Unpermitted parameters when updating user's account

Question

I have the following setup:

routes.rb

devise_for :users, :path_names => { :controllers => {:omniauth_callbacks => "omniauth_callbacks", :registrations => "registrations"}

and RegistrationController:

class RegistrationsController < Devise::RegistrationsController

  def update
    ...
  end

  def user_params
    params.require(:user).permit(:tw_account, :fb_account, :current_password, :password, :password_confirmation)
  end
end

But every time when I try to update the users' data, I get this error message:

Unpermitted parameters: tw_account, fb_account

But when I create a new account with these two fields, they're saved. How to make them update-able?

Thank you

You must view this topic http://stackoverflow.com/questions/16379554/strong-parameters-with-rails-4-0-and-devise This topic must help you. — max-si-m, Sep 06 '14 at 23:18

score 8 · Answer 1 · answered Sep 14 '14 at 06:45

8

This works for me, inherit Devise::RegistrationsController

class RegistrationsController < Devise::RegistrationsController

  before_filter :configure_permitted_parameters

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update).push(:tw_account, :fb_account)
  end

end

You should also remove current_password, password_confirmation and password from parameters because devise already handled these.

answered Sep 14 '14 at 06:45

AllenC

2,754
1
41
74

Thank you. It works for me. But what is the difference from: `devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:tw_account, :fb_account) }` Why this doesn't work... – Hegwin Jan 14 '16 at 02:13
Anybody have a link to where this shows up in the docs? It seems poorly documented – k26dr Jul 28 '16 at 18:23

score 4 · Answer 2 · answered Sep 06 '14 at 21:00

You may probably want to go with

class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:tw_account, :fb_account, :current_password, :password, :password_confirmation) }
  end
end

score 0 · Answer 3 · answered May 13 '19 at 00:09

Problem is solved with changing ' devise_parameter_sanitizer.for' with ' devise_parameter_sanitizer.permit'

My line works perfectly:

class ApplicationController < ActionController::Base
    before_action :configure_permitted_parameters, if: :devise_controller?

    protected

    def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:account_update) { |u| u.permit(:name, :last_name, :image,:email, :password, :password_confirmation, :current_password) }
    end
end

Rails 4 + Devise - Unpermitted parameters when updating user's account

3 Answers3