ruby-on-railsrubybcryptruby-on-rails-5bcrypt-ruby

Enabling Bcrypt on Rails 5

I'm starting a new app on Rails 5.0.0 and trying to use bcrypt. I've followed the directions on the bcrypt repo but something is missing as I'm getting ActiveModel::ForbiddenAttributesError

Here is the user.rb:

require 'bcrypt'

class User < ActiveRecord::Base
 include BCrypt

 def password
    @password ||= Password.new(password_hash)
 end

 def password=(new_password)
    @password = Password.create(new_password)
    self.password_hash = @password
 end

 has_many :trips
end

Migration details:

class CreateUsers < ActiveRecord::Migration[5.0]
  def change
    create_table :users do |t|
        t.string  :first_name,    null: false
        t.string  :last_name,     null: false
        t.string  :email,         null: false
        t.string  :password_hash, null: false

        t.timestamps
    end
  end
end

users_controller.rb:

class UsersController < ApplicationController

  def create
    user = User.new(params[:user])
    user.password = params[:password]
    user.save!
  end

  def new
   @user = User.new
  end

  private

  def user_params
   params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
  end
end

Here is the beginning of the stack trace:

Started POST "/users" for ::1 at 2016-09-19 16:44:20 -0700
Processing by UsersController#create as HTML
  Parameters: {"utf8"=>"✓",     "authenticity_token"=>"GWJXon2Y914Y7m2NGPAj8wz+9O6EBO1OnrIcBBRis/ATMkaGMCRh6uE4PAxJOIE7mVrornt5PqOvxBjoOBo9ag==", "user"=>{"first_name"=>"test", "last_name"=>"test2", "email"=>"123@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create User"}
Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)


ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):

app/controllers/users_controller.rb:4:in `create'
  Rendering /Users/.rvm/gems/ruby-2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout
Solution

  • Seems to me the reason you are getting the error is because of this line 

    user = User.new(params[:user])

    You are trying to pass the params :user. And in your user_params methods, 

    params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)

    :user isn't one of the permitted params.

    What you need to do is change 

    user = User.new(params[:user])

    to 

    user = User.new(user_params)

    You need to call the user_params function and pass that as the argument for User.new.