I'm attempting to register a devise user via JSON but keep getting an ActiveModel::ForbiddenAttributesError
class Api::V1::RegistrationsController < ApplicationController
skip_before_filter :verify_authenticity_token
respond_to :json
def create
user = User.new(params[:user])
if user.save
render :json => user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201
return
else
warden.custom_failure!
render :json => user.errors, :status=>422
end
end
def user_params
params.require(:user).permit(:email, :password)
end
end
Here's my JSON request:
Processing by Api::V1::RegistrationsController#create as JSON
Parameters: {"user"=>{"email"=>"jayson@jayson.com", "password"=>"[FILTERED]"}, "registration"=>{"user"=>{"email"=>"jayson@jayson.com", "password"=>"[FILTERED]"}}}
I realize this has something to do with Strong Parameters but haven't been able to crack it yet.
I would change:
user = User.new(params[:user])
with:
user = User.new(user_params)
From docs:
# This will raise an ActiveModel::ForbiddenAttributes exception because it's using mass assignment
# without an explicit permit step.
def create
Person.create(params[:person])
end