By Pass Devise Password requirement for single attribute update - ruby-on-rails-4

Currently my application is using devise and my users are required to enter a password when updating their profile.
I am working on implementing an additional field to my user's table which remembers their sidebar navigational preference (expanded or collapsed). For testing, I setup a boolean field called "menu_collapsed" which is set to "false" by default.
I am trying to have this value updated to "true" remotely when the user decides to condense the sidebar menu.
Index
<li><%= link_to('Toggle', toggle_menu_preference_user_path(#user), :method => :put) %></li>
Routes
resources :users do
member { put :toggle_menu_preference }
end
Users Controller
def toggle_menu_preference
#user = current_user
#user.menu_collapsed = !#user.menu_collapsed
#user.save
end
Application Controller
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :email, :account_id, :account_name, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update).concat([:name])
end
When I click on the link, it will process the request but I hit a wall with Devise wanting the user to include their password.
Is there a way to by pass the requirement for a password just for this user attribute?


This seems to work like a charm!
Tested on local host as well as Heroku
Application Controller (added :menu_collapsed) to sanitizer
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :email, :account_id, :account_name, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update).concat([:name, :menu_collapsed])
end
Routes
resources :users do
member { put :toggle_menu_preference }
end
User Controller
def menu_preference
#user = current_user
#user.menu_collapsed = !#user.menu_collapsed
#user.save
if #user.menu_collapsed
render :nothing => true
else
render :nothing => true
end
end
View
<%= link_to menu_preference_user_path(current_user), id: "layout-condensed-toggle", remote: true do %>
<div class="iconset top-menu-toggle-dark"></div>
<% end %>

Related

Rails 4 build_association

in my rails 4 app, i have a user model that has_one profile model which also belongs_to the user model
this is my first time using a nested resource so im kinda lost to it
here how it goes
, a user creates an account,after succesful email authentication , user proceed to create a profile. Problem is, im getting error on using the build_association. Im not sure whether the problem is actually that or im getting null values on the params(which i think not)
in my routes.rb
resources :users do
resources :profiles
end
profiles view, new.html.erb
<%= form_for(#profile,url:{ :controller => 'profiles', :action => 'create'},html: {class: "ui large segment form error"}) do |f| %>
<%= render 'shared/form_error_messages', object: f.object%>
<div class="ui horizontal divider">Create a Profile</div>
<%= f.text_field :first_name, :placeholder => "First Name" , :required => true%>
<%= f.submit "Submit Profile", class: "ui submit button"%>
<% end %>
profiles_controller.rb
def new
#user = User.find(params[:user_id])
#profile = #user.build_profile
end
def create
#profile = #user.build_profile(profile_params)
if #profile.save
flash[:success] = "Profile has been created"
redirect_to root_url
else
render 'new'
end
end
private
def profile_params
params.require(:profile).permit(:first_name)
end
when im submitting the form, im getting
NoMethodError in ProfilesController#create
undefined method `build_profile' for nil:NilClass
Application Trace | Framework Trace | Full Trace
app/controllers/profiles_controller.rb:9:in `create'
Request
Parameters:
{"utf8"=>"✓",
"authenticity_token"=>"MFCANYra..",
"profile"=>{"first_name"=>"sample",
"commit"=>"Submit Profile",
"user_id"=>"1"}

Try changing the create action in profiles_controller.rb as below :-
def create
#user = User.find(params[:profile][:user_id])
#profile = #user.build_profile(profile_params)
if #profile.save
flash[:success] = "Profile has been created"
redirect_to root_url
else
render 'new'
end
end
let me know this worked or not, try to find if something else is causing the problem, thanks.

devise sign_in page is not rendering in a seperate layout in rails 4.2.1

i want sepearate layout for the devise sign in action.
i am using following code,in my application controller.
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
layout :layout_by_resource
def after_sign_in_path_for(resource)
stored_location_for(resource) ||
if resource.is_a?(User)
new_applicant_response_url
else
homepage_admin_page_path
end
end
protected
def layout_by_resource
if devise_controller?
"layout_name_for_devise"
else
"application"
end
end
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:assessment_id, :name, :email, :password, :password_confirmation, :remember_me) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :email, :password, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :email, :password, :password_confirmation, :current_password) }
end
end
and i generated the devise views and added some stylng to the devise sign in page.
when i click on devise/sign_in the following output i got in the terminal
Started GET "/admins/sign_in" for 127.0.0.1 at 2015-07-24 12:39:49 +0530
Processing by Devise::SessionsController#new as HTML
Rendered devise/shared/_links.html.erb (0.9ms)
Rendered devise/sessions/new.html.erb within layouts/layout_name_for_devise (6.9ms)
Completed 200 OK in 21ms (Views: 8.4ms | ActiveRecord: 1.0ms)
iam getting the layout properly for this devise sign in action. but in that layout devise sign_in form is not rendering,only layout is rendering.

Your layout probably does not call yield in it.

create in rails 4 active admin

I have a user model and inside active admin i have written like
ActiveAdmin.register User do
controller do
def permitted_params
params.require(:user).permit(:username,:email,:password,:password_confirmation,
:admin, :locked, :first_name, :last_name, :work_phone, :cell_phone,
:cell_carrier, :fax, :temp_password,
:active, :company_id, :group_id, role_ids:[])
end
def create
#user = User.new(params[:user])
if #user.save
redirect_to admin_users_path
else
render :new
end
end
end
end
But when ever i am trying to create the user its showing an error like. ActiveModel::ForbiddenAttributesError - ActiveModel::ForbiddenAttributesError:
What i am doing wrong ?

Inherited Resources is a little weird with permitted params. You don't actually get to require key. You have to pass a hash to the permit method.
If you're using the latest version of ActiveAdmin, you should also be able to use the permit_params method.
ActiveAdmin.register User do
permit_params :username, :email, :password, :password_confirmation,
:admin, :locked, :first_name, :last_name, :work_phone, :cell_phone,
:cell_carrier, :fax, :temp_password,
:active, :company_id, :group_id, role_ids:[]
end
end
Also, if you are going to override the create method, you must use permitted_params in place of params[:user], which is most likely the cause of the current error you're getting. It doesn't look like you're actually doing anything special in your custom create action, though, so unless you plan to do something more, you should probably just let ActiveAdmin handle the controller actions.

permit_params not working for custom create action

I can't understand why permit_params wont work with custom create action.
For example lets take basic AdminUser resource.
By default all is working fine. We have:
ActiveAdmin.register AdminUser do
permit_params :email, :password, :password_confirmation
form do |f|
f.inputs "Admin Details" do
f.input :email
f.input :password
f.input :password_confirmation
end
f.actions
end
end
But as soon we add custom create for some reasons permit_params wont work anymore.
ActiveAdmin.register AdminUser do
permit_params :email, :password, :password_confirmation
form do |f|
f.inputs "Admin Details" do
f.input :email
f.input :password
f.input :password_confirmation
end
f.actions
end
controller do
def create
AdminUser.create(params[:admin_user])
do_some_magic_stuff_here
redirect_to backend_admin_users_path, notice: 'Custom create'
end
end
end
I got error "ActiveModel::ForbiddenAttributesError" in line "AdminUser.create(params[:admin_user])"
Tried many possible solutions and only one worked for me, but i really don't like this:
def create
AdminUser.create(params[:admin_user].permit(:email, :password, :password_confirmation))
do_some_magic_stuff_here
redirect_to admin_admin_users_path, notice: 'Custom create'
end
I can't understand why i can't get to work default way as it should work:
def admin_user_params
params.require(:admin_user).permit(:email, :password, :password_confirmation)
end
Can someone explain me please what is happening here? Any nice way to have custom actions work with permit_params?

permit_params is just part of the AA DSL that defines a method called permitted_params, which in turn is called from the create and update actions. Try this:
permit_params :email, :password, :password_confirmation
controller do
def create
#admin_user = AdminUser.create(permitted_params)
do_some_magic_stuff_here
redirect_to backend_admin_users_path, notice: "Custom create"
end
end
permit_params is really just a simpler form of the old, but still valid way of enabling strong parameters:
controller do
def permitted_params
params.permit admin_user: [:email, :password, :password_confirmation]
end
end

Been struggling with the same problem here. The most strange thing is that it works on nitrous.io box but on my production server it doesn't. I've checked and I'm using the same rails 4.2.0 version.
Regards
Fak

undefined method `[]' for nil:NilClass railstutorial.org 8.20 >

I'm following the rails-tutorials from Michael Hartl, it's really fun !
but i'm having troubles from upon listing 8.20 and so on.
Cause i guessed i had made a type-o i erased the app and started from scratch again..
The best way to learn is repeat right ?
Well.. also on the second build i got the same error.
> NoMethodError in SessionsController#create
undefined method `[]' for nil:NilClass
Extracted source (around line #7):
6 def create
7 user = User.find_by(email: params[:session][:email].downcase)
8 if user && user.authenticate(params[:session][:password])
9 sign_in user
10 else
after googling for a few hours i tried resetting the db ( drop / create / migrate test:prepare)
i have tried copying pieces of code out of the example (e.g. controllers/helpers/views)
but I cant seem to find the solution.
Here is the code for
session_controller:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
end
end
session helper:
module SessionsHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.encrypt(remember_token))
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
#current_user = user
end
def current_user
remember_token = User.encrypt(cookies[:remember_token])
#current_user ||= User.find_by(remember_token: remember_token)
end
def current_user?(user)
user == current_user
end
def sign_out
current_user.update_attribute(:remember_token,
User.encrypt(User.new_remember_token))
cookies.delete(:remember_token)
self.current_user = nil
end
end
User model
class User < ActiveRecord::Base
before_save {self.email = email.downcase }
before_create :create_remember_token
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX},
uniqueness: {case_sensetive: false}
has_secure_password
validates :password, length: { minimum: 3 }
def User.new_remember_token
SecureRandom.urlsafe_base64
# SecureRandom.urlsafe_base64
end
def User.encrypt(token)
Digest::SHA1.hexdigest(token.to_s)
end
private
def create_remember_token
self.remember_token = User.encrypt(User.new_remember_token)
end
end
user controller
class UsersController < ApplicationController
def new
#user = User.new
end
def show
#user = User.find(params[:id])
end
def create
#user = User.new(user_params)
if #user.save
flash.now[:succes] = "Welcome to the sample app"
redirect_to #user
else
render 'new'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation)
end
end
and the user helper
module UsersHelper
# Returns the Gravatar (http://gravatar.com/) for the given user.
def gravatar_for(user, options = { size: 50 })
gravatar_id = Digest::MD5::hexdigest(user.email.downcase)
size = options[:size]
gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}?s=#{size}"
image_tag(gravatar_url, alt: user.name, class: "gravatar")
end
end
how can i properly copy-paste the error log ?

Based on the error you're getting, the problem is clearly somewhere in your Users controller:
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
The error is being generated because params[:session] is, in fact, nil. Now the question is, why?
My guess is that you have a typo in your sign_in form, it should be:
<%= form_for(:session, url: sessions_path) do |f| %>
<%= f.label :email %>
<%= f.text_field :email %>
<%= f.label :password %>
<%= f.password_field :password %>
<%= f.submit "Sign in", class: "btn btn-large btn-primary" %>
<% end %>
Please make sure :session is typed correctly.