2

I am using Devise for user authentication in my Rails 4 app. Recently I added two new columns to the User model. They are first_name and last_name. I then updated the signin form with fields for both of these attributes. However, neither are being saved to the database when I test creating a new user. I thought it might be a mass assignment problem but I'm not getting any kind of database error. The user is successfully created but only the original attributes (email, password, and password_confirmation) are being stored. Can anyone help?

Here is the code for my form: 

<div class="row">
  <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
  <%= devise_error_messages! %>
  <div class="small-10 small-offset-0 columns">

    <div class="row">
      <div class="small-2 columns">
        <%= f.label :first_name, class: 'right inline' %>
      </div>
      <div class="small-4 columns">
        <%= f.text_field :first_name, id: 'right-label' %>
      </div>
      <div class="small-6 columns">
        <!-- empty space -->
      </div>
    </div>

    <div class="row">
      <div class="small-2 columns">
        <%= f.label :last_name, class: 'right inline' %>
      </div>
      <div class="small-4 columns">
        <%= f.text_field :last_name, id: 'right-label' %>
      </div>
      <div class="small-6 columns">
        <!-- empty space -->
      </div>
    </div>

    <div class="row">
      <div class="small-2 columns">
        <%= f.label :email, class: 'right inline' %>
      </div>
      <div class="small-4 columns">
        <%= f.email_field :email, id: 'right-label' %>
      </div>
      <div class="small-6 columns">
        <!-- empty space -->
      </div>
    </div>

    <div class="row">
      <div class="small-2 columns">
        <%= f.label :password, class: 'right inline' %>
      </div>
      <div class="small-4 columns">
        <%= f.password_field :password, id: 'right-label' %>
      </div>
      <div class="small-6 columns">
        <!-- empty space -->
      </div>
    </div>

    <div class="row">
      <div class="small-2 columns">
        <%= f.label :password_confirmation, class: 'right inline' %>
      </div>
      <div class="small-4 columns">
        <%= f.password_field :password_confirmation, id: 'right-label' %>
      </div>
      <div class="small-6 columns">
        <!-- empty space -->
      </div>
    </div>

    <div class="row">
      <div class="small-2 columns">
        <!--placeholder -->
      </div>
      <div class="small-10 columns">
        <%= f.submit "Create account", class: 'button small' %>
      </div>
    </div>

    <div class="row">
      <div class="small-2 columns">
        <!--placeholder -->
      </div>
      <div class="small-10 columns">
        <%= render "devise/shared/links" %>
      </div>
    </div>
  </div>

  <div class="small-3 columns">
    <!-- nothing here -->
  </div>
  <% end %>

</div>

And the info on my model from the console showing that the attributes have been added:

User(id: integer, email: string, encrypted_password: string, reset_password_token: string, reset_password_sent_at: datetime, remember_created_at: datetime, sign_in_count: integer, current_sign_in_at: datetime, last_sign_in_at: datetime, current_sign_in_ip: string, last_sign_in_ip: string, created_at: datetime, updated_at: datetime, first_name: string, last_name: string)
Joe Kennedy
  • 9,365
  • 7
  • 41
  • 55
sixty4bit
  • 7,422
  • 7
  • 33
  • 57
  • Post your `controller` code. – Pavan May 04 '14 at 18:04
  • Since I'm using Devise I don't actually see the RegistrationsController that it uses in my app. But here it is at GitHub: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb – sixty4bit May 04 '14 at 18:08
  • Why you don't create profile to your user? This way (create profile to every user) is very optimized than you add column to database. Anyway if you want to add column, you have to override the devise controller.I hope [this link](http://stackoverflow.com/questions/21976002/ruby-on-rails-4-devise-and-profile-pages) is useful. – mgh May 04 '14 at 18:15

1 Answers1

5

You need to let devise know that these new parameters are now permitted, in accordance with Rails 4's strong parameters. You can add the following to your application controller:

class ApplicationController < ActionController::Base  
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
     devise_parameter_sanitizer.for(:sign_up) << :first_name << :last_name
  end
end

For more information on using Rail 4's strong parameters with devise, see the Strong Parameters section of the Devise README.

Joe Kennedy
  • 9,365
  • 7
  • 41
  • 55
  • Thanks! Looks like my original suspicion was correct. I also checked just now in my console and can see that it did say 'Unpermitted parameters: first_name, last_name' before the DB insertion. Shouldn't I get an error on the site itself when trying to assign protected attributes? – sixty4bit May 04 '14 at 18:21
  • No, I don't think you should get an error on the site when it says that, because it exposes what's in your database to the end user. But no problem, I'm glad I could help! – Joe Kennedy May 04 '14 at 20:50
  • I had a similar problem and this answer led me to check the param.require statement in my model controller. Turns out I needed to add the new model column name to the params.require statement. All works now :) – Alex Simmons Mar 19 '15 at 08:10