Rails 4.0 with Devise. Nested attributes Unpermited parameters

Question

I am working on a web-app using Devise and Rails 4. I have a User model which I have extended with 2 extra form fields such that when a user signs up he can

Answer 1

You must create your own registration controller to do so, here is how:

routes.rb

devise_for :users, controllers: {registrations: 'registrations'}

Controller

You must replace :your_fields by the fields you want to allow (sorry if I leave that to you, but that makes my answer more general, therefore usable for anyone that would pass by)

class RegistrationsController < Devise::RegistrationsController

  private

    def sign_up_params
      allow = [:email, :your_fields, :password, :password_confirmation]
      params.require(resource_name).permit(allow)
    end

end

Additional info (nested attributes + some testing)

Also note that if you are using association and accepts_nested_attributes_for you will have params structured like this

model: {field, field, field, associated_model: {field, field}}

And off course you must use the same structure in your sign_up_params method. If you need to understand this, you can change the content of sign_up_params method like this:

    def sign_up_params
      params.require(resource_name).permit!
    end

That will allow any param, then post your form (it should pass this time) and look into your rails console to see the structure of params, finally you can set-up sign_up_params method correctly

Check this for more info http://www.railsexperiments.com/using-strong-parameters-with-nested-forms/

In your case you should use:

params.require(resource_name).permit( :email, :first_name, :last_name, institutions: [:name], :password, :password_confirmation )