I am using the blowfish gem to encrypt passwords for my users (user
model).
in the schema I don't have a password
field anymore but in the rails console I can (and have to) run user.password = "xxx"
and user.password_confirmation = "xxx"
in order to be able to call user.save
. This works in the rails console but I have a webform where a user is logically able to edit his/her password.
This is my edit.html.erb
<%= form_for(@user) do |f| %>
<%= render(:partial => "form", :locals => {:f => f}) %>
<%= submit_tag("Edit User") %>
<% end %>
the parital in _form.html.erb
that pertains to passwords is this
<table>
...
<tr>
<th>Password</th>
<td><%= f.text_field(:password) %></td>
</tr>
<tr>
<th>Confirm Password</th>
<td><%= f.text_field(:password_confirmation)%></td>
</tr>
In my users_controller.rb
I require login password password_confirmation
like this
def update
@user = User.find(params[:id])
@user.update_attributes(user_params)
if @user.save
flash[:notice] = "Update Successful"
redirect_to(:action => 'show', :id => @user.id)
else
flash[:notice] = "Error Updating"
render('edit')
end
end
and
private
def user_params
r = params.require(:user)
r.require(:login)
r.require(:password)
r.require(:password_confirmation)
r.permit(:first_name, :last_name, :login, :password, :password_confirmation)
end
The issue is not when I submit a complete form, that updates fine. The issue is that when I leave the password field empty, instead of rendering the edit form again it gives me a Action Controller: Exception
param not found: password
and points to the r.require(:password)
line of the user_params
function
EDIT
I commented the two require lines out and validate the presence of login,password,password_confirmation in the model. However now I get this error
undefined method
user' for #pointing to the
@user.upadte_attributes(user_params)` line.
I still need to require :user
and then .permit(.....)
for the strong parameters in Rails 4 right?
EDIT 2 -- Update Method in users_controller.rb
def update
@user = User.find(params[:id])
if @user.update_attributes(user_params)
flash[:notice] = "Update Successful"
redirect_to(user_path(@user.id))
else
flash[:notice] = "Error Updating"
render('edit')
end
end
and user params
private
def user_params
params.require(:user).permit(:first_name, :last_name, :login, :password, :password_confirmation, :position, :pictureString)
end
The Error Message:
undefined method `user' for #<User:0x007f4d482b1af0>
Extracted source (around line #36):
34 def update
35 @user = User.find(params[:id])
36 if @user.update_attributes(user_params)
37 flash[:notice] = "Update Successful"
38 redirect_to(user_path(@user.id))
39 else
app/controllers/users_controller.rb:36:in `update'
EDIT
Some further investigation revealed this:
If I leave the .permit(....)
out of the user_params
function (i.e. have it only read params[:user]
) then I don't get the undefined method error but the expected forbidden attributes
error. Maybe this helps you find what's wrong.