Issue looks simple, drives me up the walls and has cost me weeks of production time so far and i dont see this issue go away anytime soon since it pops up absolutely everywhere where nested attributes come in.
Started POST "/users" for 127.0.0.1 at 2013-11-12 04:56:03 +0100
Processing by Devise::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"afucNMlRRQkgBeKVVwOQxvjtMtvCDPiQLilr7TXXnUg=", "user"=>{"email"=>"test7#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "first_name"=>"test7", "last_name"=>"test7", "preferred_language"=>"en", **"master_data_contact_information"=>**{"contact_email"=>"test7#test.com", "primary_phone_number"=>"23452352345234", "secondary_phone_number"=>"324523453245", "fax_number"=>"23452345234"}, "group_token"=>""}, "commit"=>"Register"}
Completed 500 Internal Server Error in 96ms
ActiveRecord::UnknownAttributeError (unknown attribute: master_data_contact_information):
How can it be unknown? it is RIGHT THERE.
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password,
:password_confirmation, :first_name,
:last_name, :preferred_language,
:group_token,
:master_data_contact_information =>
[:contact_email, :primary_phone_number, :secondary_phone_number, :fax_number ]
) }
end
if i change it to this:
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password,
:password_confirmation, :first_name,
:last_name, :preferred_language,
:group_token
) }
end
I get
Unpermitted parameters: master_data_contact_information
so what is the deal with nested resources and strong parameters?
When run in the RubyMine console, it works fine.
params = ActionController::Parameters.new user: {"email"=>"test5#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]",
"first_name"=>"testqr", "last_name"=>"nsdfjkhasdfjk", "preferred_language"=>"en", "group_token"=>"",
"master_data_contact_information"=>
{"contact_email"=>"test10#test.com", "primary_phone_number"=>"786789678678",
"secondary_phone_number"=>"56675675876567", "fax_number"=>"2456246"}}
p = params.require(:user).permit(:email, :password, :password_confirmation, :first_name,
:last_name, :preferred_language, :group_token,
:master_data_contact_information => [:contact_email, :primary_phone_number, :secondary_phone_number, :fax_number ]
)
all is shiny.
I get that the Rails core people wanted to make rails more secure, but this has taken up a lot of my time.
It works really well on simple models, yes.
when things start to get a tiny bit complicated, all hell breaks lose.
Try changing :master_data_contact_information to :master_data_contact_information_attributes
So you have something like this:
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password,
:password_confirmation, :first_name,
:last_name, :preferred_language,
:group_token,
:master_data_contact_information_attributes =>
[:contact_email, :primary_phone_number, :secondary_phone_number, :fax_number ]
) }
end
Related
i'm trying to make a image gallery with sinatra but a thing that should be simple task is confusing and has a lack of doc and tutorial about it!
So please can someone give a light about this?
for upload i'm using shrine
my biggest doubt is related with name params, should use the galleries model or just images?
class Post < ActiveRecord::Base
validates :title, :content, presence: true, on: :create
has_many :galleries, dependent: :destroy
accepts_nested_attributes_for :galleries, allow_destroy: true
end
require_relative "../uploaders/image_uploader"
class Gallery < ActiveRecord::Base
belongs_to :post
validates :image, presence: true, on: :create
include ImageUploader::Attachment.new(:image)
scope :recent, -> { order('created_at desc') }
# validates_size_of :images, maximum: 2.megabyte, message: "Attachment size exceeds the allowable limit (2 MB)."
end
post controller
post "/posts" do
#post = Post.new(params[:post])
#post.user = current_user
#post.image_derivatives! if #post.image_changed? # creates derivatives
if #post.save
# unless params[:galleries].blank?
# params[:galleries]['image'].each do |a|
# #post.galleries.create!(:image => a)
#end
# end
if params[:post][:galleries][:image] && params[:post][:galleries][:image][:filename]
filename = params[:image][:filename]
file = params[:image][:tempfile]
path = "./public/uploads/#{filename}"
# Write file to disk
File.open(path, "wb") { |f| f.write(file.read) }
end
redirect "/posts/#{#post.slug}"
else
#errors = #post.errors
erb :"/posts/new"
end
end
I don't know what this warning is ? Please suggest something.
Given below is part of my application code.
It gives me error on statement with validates_date line.
Rails suggest me the do something like:
class MyValidator < ActiveModel::Validator
def initialize(options={})
super
options[:class].send :attr_accessor, :custom_attribute
end
end
This is the code of application below:
class Patient < ActiveRecord::Base
searchkick index_name: "patients",text_start: [:first_name,:last_name]
after_update :reindex
has_secure_password
has_many :addresses
has_many :vitals
has_attached_file :avatar, :styles => { :medium => "150x150>", :thumb => "50x50>" }, :default_url => "app/assets/images/missing.png"
validates_attachment_content_type :avatar, :content_type => /\Aimage\/.*\Z/
validates :email, email_format: {message: "Invalid email format" }
validates_uniqueness_of :email
validates :password_digest, presence: true, confirmation: true, length: {minimum: 8,message:"Must be of atleast 8 characters"}
validates :first_name, presence: true, format: { with: /\A[a-zA-Z]+\z/, message: "First Name should contain only alphabets"}
validates :last_name, presence: true, format: { with: /\A[a-zA-Z]+\z/, message: "Last Name should contain only alphabets" }
validates_date :dob,:before => lambda { Date.current }, presence: true
validates :password_digest, presence: true, confirmation: true, length: {minimum: 8,message:"Must be of atleast 8 characters"}
validates :primary_phone_no, presence: true,numericality: {only_integer: true}
end
You don't need to worry right now. I see from validates_date you are using the validates_timeliness gem - it's that gem that is currently throwing the deprecation warning.
It is an open issue on that gem and it's being worked on - this is the current open issue: https://github.com/adzap/validates_timeliness/pull/114
I suggest you just wait until they fix it and then update the gem. It's just a warning and won't stop anything working right now.
if I click on the logout button i get this error: inspected result must be ASCII only or use the same encoding with default external
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
before_action :authenticate_user!
before_action :configure_permitted_parameters, if: :devise_controller?
protect_from_forgery with: :exception
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
end
end
Link:
<%= link_to "Logout", logout_path, title: "Logout", method: :delete %>
Routes:
devise_scope :user do
get 'register', to: 'devise/registrations#new', as: 'register'
get 'login', to: 'devise/sessions#new', as: 'login'
delete 'logout', to: 'devise/sessions#destroy', as: 'logout'
end
I have no idea where the problem is.
If I remove this 3 lines then it works but i can't register a new user:
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
Thank you!
Try using the following
devise_parameter_sanitizer.for(:sign_up) << :username
And if you need yet another field, add a line like the one above
Im not sure if this is the cause but I noticed that you don't allow a password to be whitelisted upon sign in. I assume that you would want that because you a password in the sign up and account update. It should look like this
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password) }
I'm working on a web app that has users model. You either sign up or try the app and be a 'guest'. I had the sign up functionality working well until I added the guest option. I based on Railscast to do this (http://railscasts.com/episodes/393-guest-user-record) and that's when I ran into troubles
Here is my user model code
class User < ActiveRecord::Base
attr_accessible :name, :email, :password, :password_confirmation
has_many :bookings
has_one :account, dependent: :destroy
# before_save :downcase_email, allow_nil: true
before_save :create_remember_token
validates_presence_of :name, :email, :password, :password_confirmation, unless: :guest?
validates_uniqueness_of :email, case_sensitive: false , allow_blank: true
validates :name, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :email, format: { with: VALID_EMAIL_REGEX }, unless: :guest?
validates :password, length: { minimum: 6 }, unless: :guest?
def downcase_email
{ |user| user.email = email.downcase }
end
# has_secure_password
# override has_secure_password to customize validation until Rails 4.
require 'bcrypt'
attr_reader :password, :password_confirmation
include ActiveModel::SecurePassword::InstanceMethodsOnActivation
##def to_param
## "#{id}.#{name.parameterize}"
##end
def self.new_guest
new { |u| u.guest = true }
end
def name
guest ? "Guest" : name
end
private
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
end
and here is my User Controller code:
class UsersController < ApplicationController
before_filter :signed_in_user, only: [:edit, :update]
before_filter :correct_user, only: [:edit, :update]
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = params[:user] ? User.new(params[:user]) : User.new_guest
if #user.save
sign_in #user
#user.create_account.accountPlan = "Free"
##flash[:success] = "Welcome to the HighTide!"
redirect_to #user
else
render 'new'
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(params[:user])
#flash[:success] = "Profile updated"
sign_in #user
redirect_to #user
else
render 'edit'
end
end
private
def correct_user
#user = User.find(params[:id])
redirect_to(root_path) unless current_user?(#user)
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
end
you may notice some code is commented out. I wasn't able to store in the database a user without an email (and for have a quick and dirty thing working now I comment the callback before_save, I also might add that I use the guidelines of Michael Hartl tut)
What happens is, when I run this code I get a unknown attribute: password_confirmation error, but when I comment out
require 'bcrypt'
attr_reader :password, :password_confirmation
include ActiveModel::SecurePassword::InstanceMethodsOnActivation
and use has_secure_password instead
I get a stack level too deep
I haven't figured out what to do
I'm attempting to create a rails app where a user will sign up, then immediately be directed to fill out a profile with more detailed information.
I'm currently attempting this by having both a users and a profile model, with a has_one/belongs_to relationship between the two models.
I'm having trouble with createing the profile for the user. Tests fail with undefined methodprofiles' for #when testing the creation, and using an automated profile builder calledsample_data.rake`:
namespace :db do
desc "Fill database with sample data"
task :populate => :environment do
Rake::Task['db:reset'].invoke
admin = User.create!(:name => "name name",
:email => "fakename#fake.com",
:password => "password",
:password_confirmation => "password")
admin.toggle!(:admin)
99.times do |n|
name = Faker::Name.name
email = Faker::Internet.email
password = "password"
User.create!(:name => name,
:email => email,
:password => password,
:password_confirmation => password)
end
User.all.each do |user|
User.profiles.create(:city => Faker::Address.city,
:state => Faker::Address.us_state_abbr,
...
)
end
end
end
Also fails on
I'm having trouble with createing the profile for the user. Tests fail with undefined method 'profiles'
profiles_controller.rb is:
class ProfilesController < ApplicationController
before_filter :authenticate, :only => [:create, :edit]
def create
#profile = current_user.profiles.build(params[:profile])
if #profile.save
flash[:success] = "Profile Created!"
redirect_to root_path
else
render 'pages/home'
end
end
def edit
end
end
profile.rb is
class Profile < ActiveRecord::Base
attr_accessible :city, :state, ...
belongs_to :user
validates :city, :presence => true
validates :state, :presence => true
...
end
Can anyone see what I'm doing wrong? Is there a way to merge all the items I need under "users", validate the presence of all the required information, and have the signup process be two pages?
Other suggestions for this?
Why do you do this?
1.times do...end
You dont need that.
The failure comes up because you need to create ONE profile, not profiles, for one certain user.
So try this:
User.all.each do |user|
user.create_profile(:city => "bla", ...)
end
In you controller the same. You have just one profile, using singular will help out.