I'm new to Rails and the recent switch to the Rails 4 strong parameters has confused me even more.
I'm trying to set up an account confirmation link for people to click.
I have the following route set up:
rake routes
Prefix Verb URI Pattern Controller#Action
GET /users/:id/confirm/:confirmation_code(.:format) users#confirm
In my UserController, I have a confirm action, which is being called (I tested via a simple redirect in that action),
and here are the rails 4 strong parameters:
private
def user_params
params.require(:user).permit(:name, :email, :password,
:password_confirmation, :confirmation_code)
end
But I'm getting the following error when I try access /users/1/confirm/foobar
param not found: user
I can see why I'm getting the error, but I'm not sure how to fix it without undoing the security of the strong params by removing the require(:user). I'm not even 100% if my basic approach is right.
(I've just finished Michael Hartl's rails tutorial and the tutorial has the require(:user) in the User Controller and I'm not actually sure what the security implications are of removing it)
I think you don't need to call user_params because the request is just a GET request so it doesn't matter what params[:id] and params[:confirmation_code] are. you can simply use these parameters directly regardless if they are strong params or not.