I have a rails 4 app that uses devise for user authentication. Everything was working beautifully until I decided to add an "admin" parameter to the "Devise::User" model. I added it and created a custom User Controller to alloy my forms to update the fields. After I did this, I added more attributes. This is where my app started misbehaving. When I try to access an area with before_action :authenticate_user!, I get sent to the sign in page, implying that I'm not signed in. When I put in a users credentials and hit submit, I get sent to the root_path of the app with no notification of a successful (or failed) login instead of where I was going. When I try to go back to the restricted area (now that I'm "signed in") I get redirected to the sign in page again.
After reviewing all this, it seemed to me that devise is not actually logging in, so I added a log_out button to my home page to see if I could log out. When I click it, my logs say Filter chain halted as :verify_signed_out_user rendered or redirected. I'm not sure if that's normal or not (since I can't check now).
I'm at a complete loss as to where to go from here. I'm still a bit of a rails noob so it's possible the solution is staring me in the face.
Here's my routes.rb
Rails.application.routes.draw do
devise_for :users, :controllers => { registrations: 'registrations' }
resources :musics, :composers, :music, :welcome, :charges, :tracks, :books
root 'welcome#index'
get 'admin' => 'welcome#admin'
get 'admin/music/:id/tracks' => 'welcome#tracks', as: :admintracks
end
And RegistrationsController.rb
class RegistrationsController < Devise::RegistrationsController
private
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation, :admin, :fname, :lname, :company, :address1, :address2, :city, :state, :zip, :phone)
end
def account_update_params
params.require(:user).permit(:email, :password, :password_confirmation, :current_password, :admin, :fname, :lname, :company, :address1, :address2, :city, :state, :zip, :phone)
end
end
I appreciate all the help.
EDIT 1:
I confirmed that it is not logging in by placing a <% if current_user %>Logged In<% end %> line on my root_page. After logging in through the form, it still doesn't display. I then checked my logs to see what it gave for that log in and I don't spot anything fishy.
Started POST "/users/sign_in" for ::1 at 2015-12-13 21:16:47 -0500
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"HgStdwJajEbJMKyBgSGTD7Omqvdw9g6gmZwbXEmGd4VRFJqcLlrzjDYAdAWo7VdhpXm7sbNbuFTcR6neJTVr/g==", "user"=>{"email"=>"[*MyEmail*]#gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["email", "[*MyEmail*]#gmail.com"]]
(0.1ms) BEGIN
SQL (0.3ms) UPDATE "users" SET "last_sign_in_at" = $1, "current_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5 [["last_sign_in_at", "2015-12-14 02:13:31.458050"], ["current_sign_in_at", "2015-12-14 02:16:47.893957"], ["sign_in_count", 27], ["updated_at", "2015-12-14 02:16:47.896163"], ["id", 1]]
(1.1ms) COMMIT
Redirected to http://localhost:3000/
After related question jumping on here, I discovered an (unaccepted) answer to a related issue that solved my problem! In a previous attempt at something last night, I had messed with the session store domain and apparently just hadn't used anything relating to Devise since. Maybe this will help someone else!
Thanks, #amit_saxena
Related
Struggling with strong parameters when using simple-form to upload multiple images from paperclip in my form. I'm constantly getting an error popping up on the server
"Unpermitted parameters: images"
When the form tries to upload into the Database. Ok so here's what I've got so far.
Form code:
<%= f.input :images, as: :file, input_html: { multiple: true } %>
Desks Controller:
def new
#desk = current_user.desks.build
#desk.office_type_id = params[:office_type_id]
#desk.desk_type_id = params[:desk_type_id]
#amenities = Amenity.all
#desk.amenity_ids = params[:amenities]
end
def create
#desk = current_user.desks.build(desk_params)
if #desk.save
if params[:images]
params[:images].each do |image|
#desk.photos.create(image: image)
end
end
#photos = #desk.photos
redirect_to edit_desk_path(#desk), notice: "Saved..."
else
render "new"
end
end
private
def set_desk
#desk = Desk.find(params[:id])
end
def desk_params
params.require(:desk).permit(:office_type_id, :desk_type_id,
:office_type, :desk_type, :listing_name, :min_days, :max_days,
:accommodate, :daily_rate, :location, :description, :amenities,
amenity_ids: [],
:photos_attributes => [ :images ])
end
I have a photos model:
class Photo < ActiveRecord::Base
belongs_to :desk
has_attached_file :image, styles: { medium: "300x300>", thumb: "100x100>" }
validates_attachment_content_type :image, content_type: /\Aimage\/.*\Z/
end
Desk Model:
has_many :photos
I have tried whitelisting just .., :images , and .., :images => [] ,
Neither successful. I'm sure I've tried other combinations that will allow an array into the mix.
One point worth noting is the server code example of multiple images upload is showing an array being pulled into the parameters. Example:
Processing by DesksController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"hgEIE6yirx7ixY8Xs0mUxA+6G3wmy/D4wKSLKrF+clTfzvpunFG11PmEfI2l3bPV0IlCywdmvajshMph7c5V+A==", "desk"=>{"office_type_id"=>"1", "desk_type_id"=>"1", "accommodate"=>"1", "min_days"=>"1", "max_days"=>"2", "listing_name"=>"1111", "description"=>"111", "location"=>"111", "daily_rate"=>"100", "amenity_ids"=>["2", "3", ""], "images"=>[#<ActionDispatch::Http::UploadedFile:0x007fba71ce2880 #tempfile=#<Tempfile:/var/folders/gx/86yj74bx3md88cfn2fwc975h0000gn/T/RackMultipart20170713-20588-1bin85a.JPG>, #original_filename="IMG_1420.JPG", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"desk[images][]\"; filename=\"IMG_1420.JPG\"\r\nContent-Type: image/jpeg\r\n">, #<ActionDispatch::Http::UploadedFile:0x007fba71ce2268 #tempfile=#<Tempfile:/var/folders/gx/86yj74bx3md88cfn2fwc975h0000gn/T/RackMultipart20170713-20588-1ac6bwu.JPG>, #original_filename="IMG_1421.JPG", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"desk[images][]\"; filename=\"IMG_1421.JPG\"\r\nContent-Type: image/jpeg\r\n">]}, "commit"=>"Update Desk", "id"=>"37"}
This has been very frustrating. Would appreciate any help or guidance to what is going on here. I was sure it may be a nesting issue but still cant get it to work with the current code. Thanks a mil.
Ok so I eventually figured out what the issue was here from the help of #irldexter and #pavan. They made suggestions that were not quite right but definitely helped me to figure out the issue in the end. I've added it an an answer to keep it all together.
So the issue I noticed when I looked into both how rails_form and simple_form where sending the parameters across was that the html name in the header was different on each. I also noticed that because of this simple_form was including the images in my desk=>{} and not separating it out into its own array.
Simple-form (Not working)
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"1c3dbJYJWuPs3L95F2eqkxm8Fuwr5J3D5LdEyRLeS7sAYgnbhEBIcfsE1A4Hw2rQy8zbZEdr6mMcZTjUGH3Cpg==",
"desk"=>{"listing_name"=>"Dublin Desk Image",
"description"=>"Desk in Dublin",
"accommodate"=>"1",
"price"=>"100",
"images"=>#<ActionDispatch::Http::UploadedFile:0x007fce7cf618d0 #tempfile=#<Tempfile:/var/folders/gx/86yj74bx3md88cfn2fwc975h0000gn/T/RackMultipart20170718-1255-luxbhv.JPG>,
#original_filename="IMG_1421.JPG",
#content_type="image/jpeg",
#headers="Content-Disposition: form-data; name=\"desk[images]\";
filename=\"IMG_1421.JPG\"\r\nContent-Type: image/jpeg\r\n">},
"commit"=>"Create Desk"
Rails form (Working)
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"8YqUPPx9qumESGiSjkZCtxunFPsdeFed+pXmamWKwmY8jfwRXXCNDTUSJOdfT9R2b13NLOOGyqo3gOiP8FE08Q==",
"office"=>{
"office_type"=>"Private", "desk_type"=>"Corporate", "accommodates"=>"2", "min_hours"=>"3", "max_hours"=>"2", "listing_name"=>"image test", "summary"=>"rgerg", "address"=>"grafton street, dublin 1", "is_aircon"=>"1", "is_elevator"=>"0", "is_showers"=>"0", "is_changing_room"=>"0", "is_printer"=>"1", "is_kitchen"=>"0", "is_telephone"=>"0", "is_desktop_computer"=>"0", "is_coffee_machine"=>"0", "is_meeting_room"=>"0", "is_wifi"=>"0", "price"=>"123", "active"=>"1"},
"images"=>[#<ActionDispatch::Http::UploadedFile:0x007fbeef60fa08 #tempfile=#<Tempfile:/var/folders/wj/p88yb82j39x40kgcm1qg24g00000gn/T/RackMultipart20170718-96629-11meflg.jpg>, #original_filename="benjamin-child-17946.jpg",
#content_type="image/jpeg",
#headers="Content-Disposition: form-data; name=\"images[]\";
filename=\"benjamin-child-17946.jpg\"\r\nContent-Type: image/jpeg\r\n">],
"commit"=>"Save"}
simple form stuff was simplified when i recreated the problem. I needed to change the name= somehow in the simpleform code. It was as easy as this when I realised the problem.
<%= f.input :images, as: :file, input_html: { name: 'images[]' } %>
Strong parameters where ok with just calling
def desk_params
params.require(:desk).permit(:listing_name, :description, :accommodate, :price, :active, :images)
end
I also noticed there must have been some issue with the params not being found because the code was running the
if params[:images]
params[:images].each do |image|
#desk.photos.create(image: image)
end
end
code when I added in put messages to see if it was returning a true value. I've also added in the Desk model
accepts_nested_attributes_for :photos
As easy as the fix was in the end it was only because of the mentioning of network headers and possibly the use of f.input_field in simple form which removes any form wrappers and also the name: change method. Thanks #pavan #irldexter for the help and advice. It helped me learn more about the actual form data that is sent. Much respect.
Desk Model should include something that permits it to create photos objects like:
has_many :photos
accepts_nested_attributes_for :photos
and Desk Controller should include not just the potential for an array of photo ids but also the specific attributes required to create one, the default of which is an id and then an image which is the attachment:
def desk_params
params.require(:desk).permit(:office_type_id, :desk_type_id,
:office_type, :desk_type, :listing_name, :min_days, :max_days,
:accommodate, :daily_rate, :location, :description, :amenities,
amenity_ids: [], photo_ids: [], photo_attributes: [ :id, :image ])
end
I would use the param param[:photo_ids] in the view/controller logic rather than images on desk to avoid confusion and map the relationship.
Also, recommend you see what the development log spits out in terms of un-permitted parameters and also look at the params in your browser console to see exactly what is try to be posted.
In your rails console (as I can not see your schema, perhaps output):
Desk.column_names
and
Photo.column_names
to confirm your params and also check the model/schema for which are required and can not be null (and don't have defaults if null => false)
Unpermitted parameters: images
When you look at the params hash, you don't have photos_attributes key. The images: [] come directly inside the desk. So you need to modify the desk_params to below
def desk_params
params.require(:desk).permit(:office_type_id, :desk_type_id,
:office_type, :desk_type, :listing_name, :min_days, :max_days,
:accommodate, :daily_rate, :location, :description, :amenities,
amenity_ids: [], images: [])
end
I'm having a bizarre problem where I create an admin user for an Rspec/Capybara test and the user is mysteriously deleted after logging in. When I run my test, the user is created and successfully logged in. However when Capybara visits the admin_categories_path, the test fails. Rails raises an exception because current_user is not defined. When I insert a binding.pry, I can see that the user exists up until they are logged in, at which point the user disappears from the test database, causing current_user to be undefined, and thereby triggering an exception. I'm at a loss as to how/why this is happening.
UPDATE: I've gotten past the problem of the user being deleted. Now when Capybara sees the admin_categories_path page, category isn't displayed. Inserting a binding.pry reveals that category is present in the database.
When I launch the app and log in manually, I have no problems accessing admin_categories_path.
Here is my spec file:
require 'rails_helper'
feature 'admin edits category', %Q{
As an admin, I want to edit a category or subcategory, so that it better
represents the content under it.
Acceptance Criteria:
* [X] - I can edit the name of a category inline.
* [X] - I can edit the name of a subcategory inline.
} do
let(:admin) do
FactoryGirl.create(:user, admin: true)
end
let(:category) do
FactoryGirl.create(:category)
end
scenario 'admin edits category title', js: true, focus: true do
login_as(admin)
visit admin_categories_path
bip_area category, :name, 'Test Category'
expect(page).to have_content 'Test Category'
end
end
Here is my helper file authentication.rd:
module Helpers
module Authentication
def log_in_as(user)
visit new_user_session_path
within "#new_user" do
fill_in 'user[email]', with: user.email
fill_in 'user[password]', with: user.password
click_on "Log in"
end
end
end
RSpec.configure do |config|
config.include Authentication, :type => :feature
end
end
Here is my user factory:
require 'factory_girl'
FactoryGirl.define do
factory :user do
sequence(:email) {|n| "lafiel.abriel#{n}#abhnation.com" }
username
password 'password'
password_confirmation 'password'
end
factory :category do
sequence(:name) { |n| "Category ##{n}" }
parent_id nil
display_index 1
user
end
sequence :username do |n|
"Lafiel_Abriel_#{n}"
end
end
And here is my application_controller.rd where the exception is triggered:
module Admin
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :reject_unless_admin
layout 'admin/layouts/application'
protect_from_forgery with: :exception
helper :avatar, :devise, :admin
protected
def reject_unless_admin
unless current_user && current_user.admin?
raise ActionController::RoutingError.new('404: Not Found')
end
end
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << [
:avatar,
:remote_avatar_url,
:email,
:username,
:first_name,
:last_name,
:age,
:website,
:password,
:password_confirmation,
:current_password
]
end
end
end
Any help/insight is greatly appreciated. Thanks.
If I recall correctly, this problem had something to do with the test database schema being out of sync with the development database. Try running rake db:test:prepare to ensure your test schema matches your development schema.
In my specific case, I had a two problems to overcome.
The first problem occurred when I created a category and an admin in a let block. Those needed to be placed in a before block so that they were created before the test executed. When I placed those variables in let blocks, they were not being created until the first time they were called in the test. So when I logged in as an admin, the admin variable was being passed to my login_as helper method before it was saved to the database. The same is true for the category variable.
This code doesn't work for me:
let(:admin) do
FactoryGirl.create(:user, admin: true)
end
let(:category) do
FactoryGirl.create(:category)
end
scenario 'admin edits category title', js: true, focus: true do
login_as(admin)
visit admin_categories_path
bip_area category, :name, 'Test Category'
expect(page).to have_content 'Test Category'
end
This is solution I used to overcome the first problem:
before(:each) do
#admin = FactoryGirl.create(:user, admin: true)
#category = FactoryGirl.create(:category, user: #admin)
end
scenario 'admin edits category title', js: true do
skip "Doesn't work yet."
login_as(#admin)
visit admin_categories_path
wait_for_ajax
bip_text #category, :name, 'Test Category'
expect(page).to have_content 'Test Category'
end
The second problem is that when my test hits the admin/categories_controller.rb, Category.all returns an empty array, even though #category.save! and #category.valid? return true when I test my before block. I was never able to find a solution to the problem and ended up putting the test on ice.
I think part of the problem is that the documentation for the Best-in-Place gem is not very good. I used it at the time because it was an easy solution to my problem. Going forward though, I would use something like angular for this use-case. The documentation is much better and it's not a black box like a lot of gems are.
I'm not sure what bip_area does, but since your test says that it's editing a category I assume you are expecting the category to be present on the page when you visit admin_categories_path. When you visit that path however category has not yet been created since you are using 'let' which is lazily evaluated (created at time of first use of the variable), so it would not be shown on the screen for you to edit. Using binding.pry and then looking at that variable would actually create it, so it might be confusing you into thinking it was there. You can use 'let!' instead which will force the variable to be created before each test instead of lazily evaluating it.
I have a dashboard containing 2 partials. One partial works fine and does what its suppose to (bill). The other partial is setup similar to bill but wont work(request). When I look at my log it shows that the tenant(user) is being queried, also, the 1st partial is queried but the 2nd partial doesn't query. when I went to my dashboard controller and changed the instance of the partial to (Request.new) it works but I can't seem to get it to work right thru the controller. I don't want to have the method in the model. I am using mongoid.
SO here is my render in the dashboard...
<%= render partial: "request", locals: {request: #request} %>
In the partial I have...
<%= form_for [:tenants, request] do |f| %>
And on the dashboard controller I have...
def show
#dashboard = current_tenant
#bill = current_tenant.bill || current_tenant.build_bill
#request = current_tenant.request || current_tenant.build_request
end
(if I change #request = Request.new it works fine but I know that's not right)
The bill partial works and the dashboard finds the tenant but I keep getting
"undefined method `request' for #
Any idea of what I am missing? I compared the bill controller to the request controller and I cant find any differences. When I put the Model.new into the dashboard controller it works but I know this isn't right, its as if the app wont recognize the Request controller...
The error is saying it doesn't recognize "request" method.
Also here is my controller for request...
class Tenants::RequestsController < ApplicationController
before_filter :authenticate_tenant!
def index
#requests = Request.all
end
def show
#request = Request.find(params[:id])
end
def create
if #request = current_tenant.create_request(authorization_params)
redirect_to tenants_dashboard_path, :notice => "#{request.manager_name} has been Authorized!"
else
redirect_to tenants_dashboard_path, :error => "#{request.manager_name} has NOT been Authorized, please try again."
end
end
def edit
end
def update
if current_tenant.request.update_attributes(authorization_params)
redirect_to tenants_dashboard_path, :notice => "You have approved #{request.manager_name} to review your report"
else
redirect_to tenants_dashboard_path, :notice => "#{request.manager_name} is NOT allowed to review your report"
end
end
def destroy
#request = Request.find(params[:request_id])
name = #request.name
if #request.destroy
flash[:notice] = "\"#{name}\" was successfully removed from your profile."
redirect_to #dashboard
else
flash[:error] = "There was an error deleting this managers access."
render :show
end
end
Well it looks like
current_tenant.request has an issue. That means that the method is not available. Assuming you're not trying to access the http request , then you have an issue with the request method.
So your issue is with how you defined the request method (maybe in your model). e.g. is it a class method or a instance method etc.
Without knowing your goal, that's the general answer I can give you. Creating a Request.new could be right depending on your goal, but if your goal is to call the request method, you must make it available to current_tenant
One controller shouldn't be calling your other controller as you have suggested...
So After submitting a form for my Testimony model I get the following activity in my rails console:
Processing by TestimoniesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"Y7n/+rlDoH3ys68HMOh6T6WFpAelRT18WUPstCz41vE=", "testimony"=>{"first_name"=>"bob ", "last_name"=>"balaban", "email"=>"", "contact_number"=>"", "country"=>"", "question1"=>"", "question2"=>"", "question3"=>"", "question4"=>"", "question5"=>"", "signature"=>"", "waiver"=>"0"}, "commit"=>"Save Testimony"}
(0.1ms) begin transaction
Testimony Exists (0.2ms) SELECT 1 AS one FROM "testimonies" WHERE ("testimonies"."last_name" = 'balaban' AND "testimonies"."first_name" = 'bob ' AND "testimonies"."email" = '') LIMIT 1
(0.1ms) rollback
Here is TestimoniesController
class TestimoniesController < ApplicationController
def new
end
def index
end
def show
#testimony = Testimony.find(params[:id])
end
def create
#testimony = Testimony.new(post_params)
#testimony.save
redirect_to #testimony
end
private
def post_params
params.require(:testimony).permit(:first_name, :email, :last_name, :contact_number, :country, :question1, :question2, :question3, :question4, :question5, :signature, :waiver)
end
end
Here is my Model file for Testimony.rb
class Testimony < ActiveRecord::Base
validates_presence_of :first_name, :last_name,:email, :contact_number, :country, :question1, :question2, :question3, :question4, :question5, :signature, :waiver
validates_uniqueness_of :last_name, :scope => [:first_name, :email]
end
I would like to display a message such as:
Record already exists
Or
All the fields need to be filled out
I realize this is pretty pathetic but I thought it was part of Rails magic to assert the uniqueness and presence of all of the fields of a Model at the form level, before you perform a #modelname.save. I clearly don't really understand. Thanks for your help.
if #modelname.save! failed it'll raise an exception... the exception name varies depending on the orm you might be using. but most likely it'll be ActiveModel::Validations
you can use the following pattern i myself use
#testimony.save!
redirect_to #testimony
rescue_from ActiveModel::Validations do |ex|
# here you can flash the message do what ever you want when saving fails
render json: {message: 'Record already exists', status: :unprocessable_entity
end
other solution is to use the following
if #testimony.save
redirect_to #testimony
else
render json: {message: 'Record already exists', status: :unprocessable_entity
end
[EXTRA INFO YOU CAN IGNORE :D]
I use the first solution cause i can handle exceptions in the application_controller.
for example you can add those to the application_controller to handle those failing cases
rescue_from CanCan::AccessDenied, with: :render_access_denied
rescue_from Mongoid::Errors::DocumentNotFound, with: :render_not_found
rescue_from ActionController::RoutingError, with: :render_not_found
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {}
error[parameter_missing_exception.param] = ['parameter is required']
render_bad_request error
end
where render_XXX are methods defined in the application controller.
When I try to register an user, it does not give me any error but just cannot save the user.
I don't have attr_accessible. I'm not sure what I am missing. Please help me.
user.rb
class User < ActiveRecord::Base
has_secure_password
validates :email, presence: true,
uniqueness: true,
format: { with: /\A([^#\s]+)#((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i }
validates :password, presence: true, length: {minimum: 6}
validates :nickname, presence: true, uniqueness: true
end
users_controller.rb
class UsersController < ApplicationController
def new
#user = User.new
end
def create
#user = User.new(user_params) # Not saving #user ...
if #user.save
flash[:success] = "Successfully registered"
redirect_to videos_path
else
flash[:error] = "Cannot create an user, check the input and try again"
render :new
end
end
private
def user_params
params.require(:user).permit(:email, :password, :nickname)
end
end
Log:
Processing by UsersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"x5OqMgarqMFj17dVSuA8tVueg1dncS3YtkCfMzMpOUE=", "user"=>{"email"=>"example#example.com", "password"=>"[FILTERED]", "nickname"=>"example"}, "commit"=>"Register"}
(0.1ms) begin transaction
User Exists (0.2ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = 'example#example.com' LIMIT 1
User Exists (0.1ms) SELECT 1 AS one FROM "users" WHERE "users"."nickname" = 'example' LIMIT 1
(0.1ms) rollback transaction
Regarding our short discussion in the comments, it appears that one or two things are happening to cause #user.save to return false:
One of the validation rules are failing
A callback within your model is returning false, thus halting processing and rolling back the transaction
There are a few quick ways to debug the validations. I figured I could describe them so you could learn a few options.
A. Change the call within the if statement to instead use the bang method of save:
if #user.save!
This will cause the app to raise an exception if validation fails, displaying the validation errors within the browser on your screen. In this particular scenario, you'd want to remember to remove the ! after you're done debugging because you probably don't want the final version of your app doing that.
Or...
B. Within the else statement, add this line:
raise #user.errors.to_yaml
This will display the validation errors within the browser on the screen. Of course, remember to remove this line after you're done debugging.
Or...
C. Within the else statement, add this line and then run the form post:
puts #user.errors.to_yaml
This will display the validation errors within your console. You'll want to remember to remove this line after you're done debugging, but it's "less worse" if you happen to forget because at least the extra info is only output to STDOUT.
You may want to try each of these just to get a little practice and to see what your options are in simple debugging scenarios like this.
High chances that error is in password confirmation. You use has_secure_password from Rails, which automagically handles password confirmation for you. And here is the problem - you don't have it before user creation. Thus just add. For details check out similar question on has_secure_password
And check, that you have password_digest:string in users table :)