I have upgraded to Rails 4 and have gone the strong_parameters route. The problem is that it's throwing the following error pointing to the customer registrations controller I'm using for Devise:
ActiveModel::ForbiddenAttributesError (ActiveModel::ForbiddenAttributesError):
app/controllers/users/registrations_controller.rb:89:in `build_resource'
app/controllers/users/registrations_controller.rb:6:in `create'
Line 6 is build_resource being called from the create method and build_resource is stock standard:
def build_resource(hash=nil)
hash ||= resource_params || {}
self.resource = resource_class.new_with_session(hash, session)
end
The model it is dealing with is User. I have tried Ryan Bates' approach of creating a permitted params class:
class PermittedParams < Struct.new(:params, :current_user)
def user
params.require(:user).permit(*user_attributes)
end
def user_attributes
[:name, :username, :provider, :email, :remember_me,
:rememberable_token, :password, :password_confirmation]
end
I'm not sure how to handle this in the registrations controller.
Devise is just released a new rc gem which is compatible with Rails 4.
gem 'devise', '~> 3.0.0.rc'
Other option, you could use 'rails4' branch from devise master github repo.
gem 'devise', github: 'plataformatec/devise', branch: 'rails4'
And of course don't forget a 'bundle install' after Gemfile update.