Custom validation on new field in devise model and creating multiple users with same email address

Question

I am new to Rails and I've started building an authentication feature in a sample rails app using "Devise" gem.

I've added a migration to add a new column named username in my devise model named User.

I've also added some validations regarding the username column that I had created, so my user.rb looks like this:

class User < ApplicationRecord

devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable


validates_presence_of :username
validates_uniqueness_of :username  
validates_length_of :username, :minimum => 5, :maximum => 10 
end

Now every time during sign up of a new user, I get the validations for username even though it shouldn't.

For example, it tells me username shouldn't be blank even though username is filled.

Username should be minimum 5 characters, even though it is.

What am I doing wrong? In the console, I can see the username being passed in the params during form submit and also : Unpermitted parameter :username.

Secondly, I want to create multiple signups using same email address but different username.

How can I do that?

I'm using ruby 2.4.1 and rails 5.1.4. Thanks.

Answer 1

You have to do at least four things to get this to work:

1. Setup the proper validations

Since you are not using the authenticable module you should make sure you validate the user properly:

class User < ApplicationRecord

  devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable

  validates_presence_of     :email # optional
  validates_presence_of     :username # required
  validates_uniqueness_of   :username # required    
  validates_presence_of     :password, if: :password_required? # recommended
  validates_confirmation_of :password, if: :password_required? # recommended
  validates_length_of       :password, within: password_length, allow_blank: true # recommended
end

2. Configure devise to use :username instead of :email as the authentication column:

# config/initializers/devise.rb
# ...
config.authentication_keys = [ :username ]
config.reset_password_keys = [ :username  ]
config.confirmation_keys =   [ :username  ]

You might want to search config/initializers/devise.rb for :email to find additional options.

3. Remove the database uniqueness constraint for email:

Generate a new migration and place this in the change block:

remove_index "users", name: "index_users_on_email"
add_index "users", "email", unique: false 

If you have not already make sure you have a unique index on users.username.

4. Whitelist the params.

Params whitelisting in Devise is a bit more complicated than for your average rails resource due to the amount of configurability.

You need to whitelist the username param both for sign_up and sign_in:

class ApplicationController < ActionController::Base
  # ...
  before_action :configure_devise_parameters, if: :devise_controller?

  # ...

  private
  def configure_devise_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
    devise_parameter_sanitizer.permit(:sign_in, keys: [:username], except: [:email])
  end
end

The best refence is by reading the source which is very well commented.

Answer 2

You need to permit username in strong parameters.

class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
  end
end

Please follow https://github.com/plataformatec/devise#strong-parameters

• For youre second question :

you need to overwrite devise validation for Email https://github.com/plataformatec/devise/wiki/How-to:-Use-a-custom-email-validator-with-Devise Will help you,

Follow Skip email validation in Devise