0

I need to convert this code in my ConfirmationsController to work in Rails 4. I'm having difficulty with the requirements for Strong Parameters. The code I'm using is directly from the Devise page

I'm pretty sure that anything I am calling with params needs to be whitelisted but I can't quite figure out how to do that in this case. What is the best way to accomplish this.

class ConfirmationsController < Devise::ConfirmationsController

def show
  self.resource = resource_class.find_by_confirmation_token(params[:confirmation_token]) if params[:confirmation_token].present?
  super if resource.nil? or resource.confirmed?
end

def confirm
  self.resource = resource_class.find_by_confirmation_token(params[resource_name][:confirmation_token]) if params[resource_name][:confirmation_token].present?
  if resource.update_attributes(params[resource_name].except(:confirmation_token).permit(:password, :password_confirmation)) && resource.password_match?
    self.resource = resource_class.confirm_by_token(params[resource_name][:confirmation_token])
    set_flash_message :notice, :confirmed
    sign_in_and_redirect(resource_name, resource)
  else
    render action: "show"
  end
end
  end
Dave Olson
  • 252
  • 3
  • 13

1 Answers1

1

Try this:

class ConfirmationsController < Devise::ConfirmationsController
  def show
    self.resource = resource_class.find_by_confirmation_token(confirmation_token) if confirmation_token.present?
    super if resource.nil? or resource.confirmed?
  end

  def confirm
    self.resource = resource_class.find_by_confirmation_token(confirmation_token) if confirmation_token.present?
    if resource.update_attributes(resource_params) && resource.password_match?
      self.resource = resource_class.confirm_by_token(confirmation_token)
      set_flash_message :notice, :confirmed
      sign_in_and_redirect(resource_name, resource)
    else
      render action: "show"
    end
  end

  private

  def resource_params
    # pry
    # debugger 
    params.require(resource_name).permit :password, :password_confirmation
  end

  def confirmation_token
    params.require(resource_name).permit :confirmation_token
  end
end

More info: https://github.com/rails/strong_parameters If you continue having trouble I'd recommend stuffing a debugger or pry in the middle and manipulating the params with permit | require until you have what you'd expect.

ichigolas
  • 7,595
  • 27
  • 50
  • Thanks, however when I change my code to the above, I end up with an error: param not found: user better errors highlights this line: params.require(resource_name).permit :confirmation_token – Dave Olson Nov 19 '13 at 19:01
  • Devise stuff goes beyond my comprehension and -possibly- the scope of this question; on the other hand, if the params you are looking for are optional, then use `permit` instead of `require`. – ichigolas Nov 19 '13 at 19:05
  • You are right the devise stuff is beyond the scope of the question. I'll submit a new question. Thanks for the help – Dave Olson Nov 19 '13 at 19:22