0

I'm new to Rails and the recent switch to the Rails 4 strong parameters has confused me even more.

I'm trying to set up an account confirmation link for people to click.

I have the following route set up:

rake routes
Prefix Verb   URI Pattern                                     Controller#Action
       GET    /users/:id/confirm/:confirmation_code(.:format) users#confirm

In my UserController, I have a confirm action, which is being called (I tested via a simple redirect in that action),

and here are the rails 4 strong parameters:

private

def user_params
  params.require(:user).permit(:name, :email, :password,
                               :password_confirmation, :confirmation_code)
end

But I'm getting the following error when I try access /users/1/confirm/foobar

param not found: user

I can see why I'm getting the error, but I'm not sure how to fix it without undoing the security of the strong params by removing the require(:user). I'm not even 100% if my basic approach is right.

(I've just finished Michael Hartl's rails tutorial and the tutorial has the require(:user) in the User Controller and I'm not actually sure what the security implications are of removing it)

Mike T
  • 4,747
  • 4
  • 32
  • 52
  • have u setup routes correctly? – Raj Feb 21 '14 at 14:20
  • If I got it, yuo have a user controller and a confirm controller, right? On user you should keep strong parameters required for user controller and strong paramter required for confirm on the confirm controller, and on the confirm controller you have access to the user as user_id. Please check your routes with doing 'rake routes' on your shell. – hmartinezd Feb 21 '14 at 14:21
  • Sorry, no I have a User Controller with a `confirm` action. I've updated the question with more info – Mike T Feb 21 '14 at 14:21

2 Answers2

2

I think you don't need to call user_params because the request is just a GET request so it doesn't matter what params[:id] and params[:confirmation_code] are. you can simply use these parameters directly regardless if they are strong params or not.

Zakwan
  • 1,072
  • 2
  • 11
  • 22
0

The route you've shown makes a GET request, there will be no params[:user], only a params[:id] and params[:confirmation_code], as the defined by the route.

params[:user] would be set if you posted a form built with form_for(@user) back to a created/update action.

The problem is that you're somehow invoking the method user_params in an action that doesn't have any. The method itself is doing its job exactly as intended.

user229044
  • 232,980
  • 40
  • 330
  • 338