Yaron Yaron - 2 months ago 15
Ruby Question

Enabling Bcrypt on Rails 5

I'm starting a new app on Rails 5.0.0 and trying to use bcrypt. I've followed the directions on the bcrypt repo but something is missing as I'm getting

ActiveModel::ForbiddenAttributesError


Here is the
user.rb
:

require 'bcrypt'

class User < ActiveRecord::Base
include BCrypt

def password
@password ||= Password.new(password_hash)
end

def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
end

has_many :trips
end


Migration details:

class CreateUsers < ActiveRecord::Migration[5.0]
def change
create_table :users do |t|
t.string :first_name, null: false
t.string :last_name, null: false
t.string :email, null: false
t.string :password_hash, null: false

t.timestamps
end
end
end


users_controller.rb:

class UsersController < ApplicationController

def create
user = User.new(params[:user])
user.password = params[:password]
user.save!
end

def new
@user = User.new
end

private

def user_params
params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
end
end


Here is the beginning of the stack trace:

Started POST "/users" for ::1 at 2016-09-19 16:44:20 -0700
Processing by UsersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"GWJXon2Y914Y7m2NGPAj8wz+9O6EBO1OnrIcBBRis/ATMkaGMCRh6uE4PAxJOIE7mVrornt5PqOvxBjoOBo9ag==", "user"=>{"first_name"=>"test", "last_name"=>"test2", "email"=>"123@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create User"}
Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)


ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):

app/controllers/users_controller.rb:4:in `create'
Rendering /Users/.rvm/gems/ruby-2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout

Answer

Seems to me the reason you are getting the error is because of this line

user = User.new(params[:user])

You are trying to pass the params :user. And in your user_params methods,

params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)

:user isn't one of the permitted params.

What you need to do is change

user = User.new(params[:user])

to

user = User.new(user_params)

You need to call the user_params function and pass that as the argument for User.new.

Comments