3

I've come across a few SO questions on this topic, but all seem out of date or simply bad coding practice.

Problem: I am signing up a user as part of a checkout flow. I want to collect the user's address when they sign up. I have a user model and an address model. I can't seem to figure out how to properly override Devise's registration's controller to allow the additional params.

Here's what I've started with:

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  has_many :orders
  has_many :addresses, :dependent => :destroy

  accepts_nested_attributes_for :addresses

end

I've also got my address model:

class Address < ActiveRecord::Base
  belongs_to :state
  belongs_to :user
end

...in routes.rb:

   devise_for :users, controllers: {registrations: 'registrations'}

And finally, my attempt at overriding the devise registration's controller:

class RegistrationsController < Devise::RegistrationsController

  before_filter :configure_permitted_parameters

  # GET /users/sign_up
  def new

    # Override Devise default behaviour and create a profile as well
    build_resource({})
    resource.build_address
    respond_with self.resource
  end

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u|
      u.permit(:email, :password, :password_confirmation, :address_attributes => [:address, :address2, :city, :state_id, :zip_code])
    }
  end
end
Community
  • 1
  • 1
Andrew K
  • 1,571
  • 1
  • 17
  • 25

1 Answers1

3

In your application_controller.rb

class ApplicationController < ActionController::Base
  before_action :configure_strong_params, if: :devise_controller?

  def configure_strong_params
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :name, 
      addresses_attributes: [:address, :address2, :city, :state_id, :zip_code]) }
  end
end

Now in your registration form you can use address_attributes & devise signup params will accept this.

Now to rescue from the filter chain halted, please try this in your registrations_controller.rb file

class RegistrationsController < Devise::RegistrationsController
  skip_before_filter :require_no_authentication, only: :create
  # other codes 
end
BinaryButterfly
  • 18,137
  • 13
  • 50
  • 91
Ajay
  • 4,199
  • 4
  • 27
  • 47
  • Still getting the unpermitted parameters error: `Processing by Devise::RegistrationsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"dxxx", "user"=>{"email"=>"blah@blah.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"absci", "last_name"=>"aisbc", "addresses_attributes"=>{"0"=>{"address"=>"asii", "address2"=>"aijsd", "city"=>"sdf", "state"=>"1", "zip_code"=>"22020"}}}, "terms"=>"on", "commit"=>"Sign up"} Unpermitted parameters: addresses_attributes` – Andrew K Jan 29 '15 at 06:38
  • Actually, nevermind. I changed the symbol from `address_attributes` to `addresses_attributes`, but now I still have this error: `Filter chain halted as :require_no_authentication rendered or redirected` and no `User.last.addresses` – Andrew K Jan 29 '15 at 06:41
  • for that filter chain halted error. i have updated my answer. please add the before_filter no authentication for the create action. – Ajay Jan 29 '15 at 06:47
  • Thanks - that worked! But this solution still seems a little hacky. +1 for now, I'll mark correct if nobody else can answer better. – Andrew K Jan 29 '15 at 16:21
  • @AndrewK, I am not doing any hack, :D . You can the official doc here : https://github.com/plataformatec/devise#strong-parameters – Ajay Jan 30 '15 at 22:02