发表新帖
发表新帖

Devise and Strong Parameters

后端 未结
关注
4 509
既然无缘
既然无缘 2020-12-05 09:47

I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0

any help is we

相关标签:
4条回答
  • Happy的楠姐
    2020-12-05 10:10

    Update for devise 4.x

    class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
    devise_parameter_sanitizer.permit(:sign_in, keys: [:username])
    devise_parameter_sanitizer.permit(:account_update, keys: [:username])
  end
end

    After adding both gems, devise will work as normal.

    Update: With the latest version of Devise 3.x, as described at devise#strong-parameters, the authentication key (normally the email field), and the password fields are already permitted. However, if there are any additional fields on the signup form, you will need to let Devise know the extra fields to permit. The easiest way to do this is with a filter:

    class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :username
  end
end

    For Devise 2.x, if you use the safety feature requiring explicitly whitelisting tainted parameters in the user model:

    include ActiveModel::ForbiddenAttributesProtection

    the changes needed are found at https://gist.github.com/3350730 which overrides some of the controllers.

    0 讨论(0)
  • 情话喂你
    2020-12-05 10:11

    The easy way is to add a simple before filter in your ApplicationController. If you have different roles and/or other more complex scenario there are other options on the link below:

    https://github.com/plataformatec/devise#strong-parameters

    0 讨论(0)
  • 太阳男子
    2020-12-05 10:19 
    before_filter :configure_sanitized_params, if: :devise_controller?

def configure_sanitized_params
  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:firstname, :designation_id, :middlename, :previous_experiance_year, :previous_experiance_month, :lastname, :email, :username, :password, :password_confirmation, :previous_experiance, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) }
  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:remove_image, :firstname, :designation_id, :middlename, :lastname, :email, :username, :empid, :dob, :timezone, :doj, :gender, :education, :comments, :locked, :deactivated, :reason, :phone, :deactivated_date, :image) }
end
    0 讨论(0)
  • 清歌不尽
    2020-12-05 10:23

    You can also try this one its include nested params permit 

    class ApplicationController < ActionController::Base
 before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
   devise_parameter_sanitizer.permit(:sign_up, keys: [:username,:phone])
  # permit nested attributes
  # devise_parameter_sanitizer.permit(:sign_up, keys: 
  # [:username,:phone,profile_attributes:[:firstname, :lastname]])
  end
end

    This will work with rails 4 and 5 devise and rails

    0 讨论(0)
 看不清?
提交回复
热议问题