Creation working on console but not on website - ruby on rails

Question

I have a form to register customers in my app that was working fine before adding password stuff(bcrypt-ruby). Now customers don't get created when the form is submitted, but if i create via console using the exact same values it works just fine. I don't get any error message, just a transaction rollback (well the only weird thing is a Unpermitted parameters: password, password_confirmation but idk if it matters). I'm using protected_attributes gem instead of the now standard strong_params. Why work on console but not via POST? Must be something with bcrypt or i'm missing something really silly, but i couldn't find any answers on my research. Please help :s

Model:

attr_accessible :name, :surname, :email, :phone, :address, :password, password_confirmation

has_secure_password

Controller create action:

def create
  @customer = Customer.new(customer_params)

  respond_to do |format|
  if @customer.save
    format.html { redirect_to @customer, notice: 'Customer was successfully created.' }
    format.json { render action: 'show', status: :created, location: @customer }
  else
    format.html { render action: 'new' }
    format.json { render json: @customer.errors, status: :unprocessable_entity }
  end
end

end

Form:

<%= form_for :customer, :url => '/customers#new', remote: true do |f| %>
  <%= render '/shared/error_messages', object: f.object %>
  <p>
    <%= f.label(:name, "Nome") %>
    <%= f.text_field :name %>
  </p>
  <p>
    <%= f.label(:surname, "Sobrenome") %>
    <%= f.text_field :surname %>
  </p>
  <p>
    <%= f.label(:email, "Email") %>
    <%= f.text_field :email %>
  </p> 
  <p>
    <%= f.label(:phone, "Telefone") %>
    <%= f.text_field :phone %>
  </p>
  <p>
    <%= f.label(:address, "Endereço") %>
    <%= f.text_field :address %>
  </p>
  <p>
    <%= f.label(:password, "Senha") %>
    <%= f.password_field :password %>
  </p>
  <p>
    <%= f.label(:password_confirmation, "Confirme sua senha") %>
    <%= f.password_field :password_confirmation %>
  </p>
  <%= f.submit "Enviar", class: "btn btn-large btn-primary" %>
<% end %>

Server output:

Started POST "/customers" for 127.0.0.1 at 2013-10-17 19:53:15 -0300
Processing by CustomersController#create as JS
  Parameters: {"utf8"=>"√", "customer"=>{"name"=>"Derpina", "surname"=>"Derpson", "email"=>"derpina@email.com", "phone"=>"2314534", "address"=>"Derpstreet, 123", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Enviar"}
Unpermitted parameters: password, password_confirmation
  ←[1m←[35m (0.0ms)←[0m  begin transaction
  ←[1m←[36mCustomer Exists (0.0ms)←[0m  ←[1mSELECT 1 AS one FROM "customers" WHERE LOWER("customers"."email") = LOWER('derpina@email.com') LIMIT 1←[0m
  ←[1m←[35m (0.0ms)←[0m  rollback transaction
  Rendered customers/_form.html.erb (6.0ms)
  Rendered customers/new.html.erb within layouts/application (9.0ms)
  Rendered shared/_error_messages.html.erb (0.0ms)
  Rendered layouts/_newCustomer.html.erb (3.0ms)
  Rendered layouts/_newRestaurant.html.erb (1.0ms)
  Rendered layouts/_header.html.erb (6.0ms)
  Rendered layouts/_footer.html.erb (0.0ms)
Completed 200 OK in 314ms (Views: 65.0ms | ActiveRecord: 1.0ms)

Answer 1

You need to add the required and permitted parameters in a private method to your controller.

For example, at the bottom of your customers_controller.rb:

private
    def customer_params
        params.require(:customer).permit(:name, :surname, :email, :phone, :address, :password, password_confirmation)
    end

If you don't want to type that long thing in the future, you can also use the "bang" version to permit all attributes on the model.

private
    def customer_params
        params.require(:customer).permit!
    end