Devise and Strong Parameters

后端未结

关注

 4  524

既然无缘 2020-12-05 09:47

I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0

any help is we

4条回答

Happy的楠姐 (楼主)

2020-12-05 10:10
Update for devise 4.x
```
class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
    devise_parameter_sanitizer.permit(:sign_in, keys: [:username])
    devise_parameter_sanitizer.permit(:account_update, keys: [:username])
  end
end
```
After adding both gems, devise will work as normal.

Update: With the latest version of Devise 3.x, as described at devise#strong-parameters, the authentication key (normally the email field), and the password fields are already permitted. However, if there are any additional fields on the signup form, you will need to let Devise know the extra fields to permit. The easiest way to do this is with a filter:
```
class ApplicationController < ActionController::Base
  before_filter :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) << :username
  end
end
```
For Devise 2.x, if you use the safety feature requiring explicitly whitelisting tainted parameters in the user model:
```
include ActiveModel::ForbiddenAttributesProtection
```
the changes needed are found at https://gist.github.com/3350730 which overrides some of the controllers.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...