0

I'm trying to implement Wicked gem with Devise as I want users to go through different steps in order to complete their profiles. I'm a complete newbie so I would appreciate if you can give me a suggestion on what could be the problem.

The error I'm getting is this one and it shows when I try to continue from "Personal" to "Style" step. I guess it's a problem with saving the data:

NoMethodError in OnboardingController#update

undefined method `attributes' for nil:NilClass
 **@user.attributes(user_params)**

These are my registration and onboarding controllers:

class RegistrationsController < Devise::RegistrationsController


  protected 

  def after_sign_up_path_for(resource)
    '/onboarding/personal'
  end

  def after_update_path_for(resource)

    registration_steps_path

  end

  def new 

  super

  end



  def create

  super

  end



  def update 

  super

  end



  def update_resource(resource, params)
    if resource.encrypted_password.blank? # || params[:password].blank?
      resource.email = params[:email] if params[:email]
      if !params[:password].blank? && params[:password] == params[:password_confirmation]
        logger.info "Updating password"
        resource.password = params[:password]
        resource.save
      end
      if resource.valid?
        resource.update_without_password(params)
      end
    else
      resource.update_with_password(params)
    end
  end
end

and

class OnboardingController < ApplicationController
    include Wicked::Wizard
    steps :personal, :stylefirst


    def show
        @user = current_user
    render_wizard

    end

     def update

  @user = current_user

  @user.attributes(user_params)

  render_wizard @user

     end


end
Anthony E
  • 11,072
  • 2
  • 24
  • 44
Marko I.
  • 542
  • 10
  • 38

1 Answers1

1

With Devise, current_user is nil if no user is logged in. So your problem is that you're assigning @user = current_user on your update action without verifying a user is signed in.

If you want to ensure the update action is only available to signed in users then use the authenticate_user! helper action provided by Devise:

class OnboardingController < ApplicationController
   before_filter :authenticate_user!, only: [:edit, :update]

   # ...
end

The authenticate_user! helper method will redirect the user to the sign in page if they're not logged in. If the user successfully signs in, current_user will be set and they will be redirected back to the page the originally tried to access.

Anthony E
  • 11,072
  • 2
  • 24
  • 44
  • It was because of authentication thank you! But now I'm getting a new error on the same line: ActiveModel::ForbiddenAttributesError – Marko I. May 12 '16 at 15:56
  • You need to whitelist the params which you're passing from your form using strong params: http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters. – Anthony E May 12 '16 at 16:16