Rails 4 /在注册/编辑中设计3.00rc/pg"未允许的参数"

Question

我是Rails的新手 - 使用Rails 4 final和devise 3.0.0rc(rails 4兼容).我已正确配置并且注册工作正常,但是在某些时候我开始获取未经许可的参数:first_name,last_name在尝试创建新用户时出错(或编辑现有用户的配置文件).关于这个主题有一些类似的问题,但对于不支持的Devise版本 - 我的配置最初工作正常.

Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"?", "authenticity_token"=>"+DG4aeMPteQ4Mq9pPJ2JaitTVgp0NCW9nXi2qSv23zw=", "user"=>{"first_name"=>"John", "last_name"=>"Kenn", "email"=>"me1@email.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign Up"}
Unpermitted parameters: first_name, last_name
(0.2ms)  BEGIN
User Exists (0.4ms)  SELECT 1 AS one FROM "users" WHERE "users"."email" = 'me1@email.com' LIMIT 1
(0.2ms)  ROLLBACK

user.rb

class User < ActiveRecord::Base
  has_many :jobrecords, dependent: :destroy

  # after_create :send_welcome_email

  # Include default devise modules. Others available are:
  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable, :omniauthable,
         :recoverable, :rememberable, :trackable, :validatable

  # Setup accessible (or protected) attributes for your model
  validates :first_name,  presence: true
  validates :last_name,   presence: true
  validates :email,       presence: true
  attr_accessible :first_name, :last_name, :email, :password, :password_confirmation, :remember_me


  def self.from_omniauth(auth)
    where(auth.slice(:provider, :uid)).first_or_create do |user|
      user.provider = auth.provider
      user.uid = auth.uid
      user.first_name = auth.info.nickname
      user.last_name = auth.info.nickname
    end
  end

  def self.new_with_session(params, session)
    if session["devise.user_attributes"]
      new(session["devise.user_attributes"], without_protection: true) do |user|
        user.attributes = params
        user.valid?
      end
    else
      super
    end    
  end

  def password_required?
    super && provider.blank?
  end

  def update_with_password(params, *options)
    if encrypted_password.blank?
      update_attributes(params, *options)
    else
      super
    end
  end

  private

    def send_welcome_email
      UserMailer.signup_confirmation(self).deliver
    end

end

即使之前它正常工作,我尝试在registrations_controller.rb中覆盖sign_up_params,但这不起作用.我仍然可以使用openauth-twitter注册(因为应用程序在通过Twitter注册时不会要求姓或姓).任何帮助表示赞赏.

Answer 1

所以,我不知道你是否已经尝试过这个,但我遇到了类似的问题,最后我将'configure_permitted_pa​​rameters'方法添加到我的ApplicationController中,并为:sign_up和:account_update添加了一个devise_parameter_sanitizer,每个设计文档:https://github.com/plataformatec/devise#strong-parameters

希望如果这不是您所需要的,它将使您朝着正确的方向前进.