params.require is preventing account creation

Question

When I try to create an account, I get an error that the request failed with status code 422. This happens when I use params.require, but when I just use params.permit it works but still says

unpermitted parameter

I have checked and the params are going through. Another problem I have is that I get

password cannot be blank

when trying to create an account with params.require. I am using has_secure_password with bcrypt.

The only validations I have:

validates :username, presence: true, confirmation: {case_sensitive: false}, uniqueness: true, length: {in: 6..30}
validates :password, presence: true, confirmation: true

Here is my code:

class UsersController < ApplicationController
skip_before_action :authorize, only: [:create]

def create
    # byebug
    user = User.create!(user_params)
    session[:user_id] = user.id
    render json: user, status: :created
end

def show
    render json: @current_user, include: :animes
end

def update
    user = User.find_by(id: params[:id])
    if user.update(user_params)
        render json: user, status: :ok
    else
        render json: user.errors, status: :unprocessable_entity
    end
end

private

def user_params
    params.require(:user).permit(:username, :password, :password_confirmation, :bio, :avatar, :email)
end

end

Here is a pic of the error!!!!!

Here is all the code for my form on the front end:

 <Form.Group className="mb-2">
                    <Form.Label className="signup-form-headers">Username</Form.Label>
                    <Form.Control type="username" value={formData.username} name="username" onChange={handleInput} placeholder="Enter Username" />
                </Form.Group>
                <Form.Group className="mb-2" controlId="formBasicPassword">
                    <Form.Label className="signup-form-headers">Password</Form.Label>
                    <Form.Control type="password" value={formData.password} name="password" onChange={handleInput} placeholder="Password" autoComplete="on"/>
                </Form.Group>
                <Form.Group className="mb-3" controlId="formBasicPasswordConfirmation">
                    <Form.Label className="signup-form-headers">Confirm Password</Form.Label>
                    <Form.Control type="password" value={formData.password_confirmation} name="password_confirmation" onChange={handleInput} placeholder="Confirm your password" autoComplete="on"/>
                </Form.Group>

    const [formData, setFormData] = useState({
    username:"",
    password:"",
    password_confirmation:""
})
const [errors, setErrors] = useState([])
const history = useHistory()

function handleInput(e) {
    setFormData({...formData, [e.target.name]: e.target.value})
}

    async function handleSubmit(e) {
    e.preventDefault()
    try {
        if (formData.password != formData.password_confirmation) {
            setErrors(["Password and Password confirmation do not match"])
            return
        }
        await axios.post('/signup', formData)
        setUserIsLoggedIn(true)
        setFormData({
            username:"",
            password:"",
            password_confirmation:""
        })
        history.push("/")
    } catch (error) {
        console.log("error:", error)
        console.log("error data:", error.response.data.errors)
        setErrors(error.response.data.errors)
    }
}

What is preventing the account creation?

Answer 1

Your params are not nested correctly as @spickermann said. Check that your form fields are correctly nested.

Username is nested and on the root level, password and confirmation are only on the root level.

When you use require(:user).permit, then only the username is present inside "user" and you get a validation error from your password field being blank.

When you use just permit without require, then the root level attributes are taken and "user" will be unpermitted and give a warning.