Unpermitted parameters: current_password, Rails 4 +Devise

Question

I have created modal where registered user can change his name, e-mail and password.

Problem: I can't update user data. I have tried to fill all fields - current password and new password. Also tried to submit empty form, but error is the same.

Form looks like this:

<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { "data-parsley-validate" => true, :id=>"user-edit"},remote: true, format: :json) do |f| %>   

    
        <%= f.text_field :name,:class=>"user-input form-control", :id=>"user-name" ,:placeholder=> "Lietotājvārds*",:"data-parsley-group"=>"f1" %>               
    

        
        <%= f.email_field :email ,:class=>"user-input form-control", :id=>"password",:placeholder=> "E-pasts *",:"data-parsley-group"=>"f2" %>                            
       

                      
        <%= f.password_field :current_password, :autocomplete => "off"  ,:class=>"user-input form-control", :id=>"password",:placeholder=> "Vecā parole*                       ",:"data-parsley-group"=>"f3" %>  
    

                          
        <%= f.password_field :password , :class=>"user-input form-control", :id=>"password",:placeholder=> "Jaunā parole*                       vismaz 8 simboli ",  :"data-parsley-group"=>"f3" %>  
    

                            
       <%= f.password_field :password_confirmation , :class=>"user-input form-control", :id=>"password",:placeholder=> "Atkārtot paroli *                     vismaz 8 simboli ",  :"data-parsley-group"=>"f3" %>      
    

    
<%end%>

In routes:

 devise_for :users,  :controllers => {:registrations=> "registrations"}

Registration controller:

class RegistrationsController < Devise::RegistrationsController 

    clear_respond_to   
    respond_to :json

   def sign_up_params
    params.require(:user).permit( :email, :password, :password_confirmation,:name, :not_a_robot)
  end
  def account_update_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation, :current_password, :not_a_robot)
  end
  private :sign_up_params
  private :account_update_params


end

Application controller:

 before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters

    devise_parameter_sanitizer.for(:update) { |u| u.permit(:name, :terms_of_service, :not_a_robot, :role,:im_old, :password, :current_password, :password_confirmation, :humanizer_question_id, :humanizer_answer,:email) }
      devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :terms_of_service, :not_a_robot, :role,:im_old, :password, :password_confirmation, :humanizer_question_id, :humanizer_answer,:email, :current_password) }
  end

My log file:

Started POST "/ru/users" for 212.93.105.32 at 2015-09-27 15:59:24 +0300
Processing by RegistrationsController#create as JS
  Parameters: {"utf8"=>"✓", "user"=>{"name"=>"OPARRKRR", "email"=>"", "current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "not_a_robot"=>"1"}, "locale"=>"ru"}
  [1m[36mBanlist Load (0.6ms)[0m  [1mSELECT `banlists`.* FROM `banlists`  WHERE (ip_adress = '212.93.105.32')[0m
  [1m[35mCountry Load (1.0ms)[0m  SELECT  `countries`.* FROM `countries`  WHERE `countries`.`id` = 1 LIMIT 1
  [1m[36mRegion Load (0.7ms)[0m  [1mSELECT `regions`.* FROM `regions`  WHERE `regions`.`country_id` = 1[0m
Unpermitted parameters: current_password
  [1m[35m (0.4ms)[0m  BEGIN
  [1m[36m (0.3ms)[0m  [1mROLLBACK[0m
Completed 422 Unprocessable Entity in 325ms (Views: 2.3ms | ActiveRecord: 20.9ms)

Pavan · Accepted Answer

Unpermitted parameters: current_password

You need to whitelist current_password in sign_up_params

def sign_up_params
  params.require(:user).permit( :email, :password, :password_confirmation, :current_password, :name, :not_a_robot)
end

Unpermitted parameters: current_password, Rails 4 +Devise

Answers (1)

Related Questions