[Rails] Strong parameter sanitizer method required when customizing devise's "new registration", "login", and "information update" functions

Introduction

Strong parameter sanitizer method required to customize devise's "new registration", "login", and "update information" functions

It has become a long title, but the point is about "devise user management function". You can easily create user management functions using devise, but various settings are required to change the default functions. This time, we will introduce the processing required when customizing "new registration", "login", and "update information".

table of contents

  1. Conclusion
  2. About the devise_parameter_sanitizer method
  3. Sanitizer method syntax
  4. Description for each process
  5. File to describe
  6. Summary

Target person

I have used devise I want to implement something other than the default of devise Understand strong parameters

Development environment

ruby 2.6.5 rails 6.0.0 devise 4.7.3

1. Conclusion

First of all, the conclusion is as follows.

app/controllers/application_controller.rb


class ApplicationController < ActionController::Base
  #If it's a devise controller, load the method before every action
  before_action :configure_permitted_parameters, if: :devise_controller? #About login function
  before_action :configure_account_update_parameters, if: :devise_controller? #About editing function
  
  private
  #About login function
  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:nickname,  :family_name_kanji, :first_name_kanji, :birthday])
  end
  #About editing function
  def configure_account_update_parameters
    devise_parameter_sanitizer.permit(:account_update, keys: [:nickname,  :family_name_kanji, :first_name_kanji, :birthday])
  end

end

2. About the devise_parameter_sanitizer method

First, I will explain the method.

2.1 Timing of use

When you want to customize "new registration", "login", and "update information" other than the default.

2.2 sanitizer method

The sanitizer method is a method to get the parameters related to devise's User model. There is a description inside the device to get the parameters by default, but it is to apply a disinfectant = (sanitizer) to it so that it can be customized.

Then combine the sanitizer and permit methods. That way, you can include your own newly added columns for the strong parameters defined by default in devise.

2.2 Differences between the two types of permit methods

There are two types of permit methods, so I will derail it, but I will explain it a little. The "sanitizer" permit is a method for getting the parameters of devise. It is different from the permit method of params used when saving with the controller of "Rails".

Below are examples of each.

controller.rb 


#Example)permit method of params
params.require(:Model name).permit(:Keys you want to allow)

app/controllers/application_controller.rb


#Example) devise_parameter_sanitizer permit method
devise_parameter_sanitizer.permit(:devise process name, keys: [:Key (column name) you want to allow]

3. Sanitizer method syntax

The method name is customarily defined as configure_permitted_parameters, but you can name it freely.

app/controllers/application_controller.rb


private
def configure_permitted_parameters  #You can name the method freely.

  #Allow parameters for devise User model
  devise_parameter_sanitizer.permit(:devise process name, keys: [:Key (column name) you want to allow])
end

This is the explanation of the devise_parameter_sanitizer method.

4. Description for each process

As mentioned in "2.1 Timing of use", the description of ": devise process name" changes for the purpose of processing. The purpose of processing is "new registration", "login", and "update information".

Process name Purpose
:sign_in Login(Sign in)When processing
:sign_up sign up(Sign up)When processing
:account_update When processing account information update

5. File to describe

"Where to write" is "a file inherited by all controllers". That is, the application_controller.rb file. After this controller is loaded, all other controllers will be loaded. Also, since we want to process all actions before processing, we use before_action.

app/controllers/application_controller.rb



class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?
  #↑ This#
  private
  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:nickname])
                   #↑(:devise process name, keys: [:Key (column name) you want to allow])
  end
end

This completes most of the implementation. All you have to do is edit the permit according to what you want to do. The above is devise processing name =: sign_up keys = [:nickname] It is implemented in.

6. Summary

The point of the procedure is Described in application_controller.rb set before_action Use sanitizer.permit method

That's all about the strong parameter sanitizer method required to customize the "new registration", "login", and "update information" functions of devise.

Finally

I am a beginner in programming, but I am posting an article in the hope that it will help people who are similarly troubled. See you next time ~

Recommended Posts

[Rails] Strong parameter sanitizer method required when customizing devise's "new registration", "login", and "information update" functions
Spring-Security new registration and login (JPA)