Confusion regarding custom fields in devise user in ruby on rails?

0
votes

I was studying how to add custom fields in our devise user model in ruby on rails and I came across this link I just have one doubt regarding the following piece of code-

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email) }
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :title_id, :province_id, :first_name, :last_name) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password) }
  end

This was written in application controller, In case of :sign_in we only check for email and why not password and in :account_update why don't we check for first_name and last_name after all a user can update his first_name and last_name as well.

Can somebody please help me, How these 3 lines work?

1
ruby-on-railsrubydevise

1 Answers

1
votes

Sign-in: The sanitizer knows about Devise default parameters like password or password_confirmation. Therefore you don't need to add password in the list.

Sign-up/account-update: You can add first_name andlast_name or change the permitted parameters list on your controllers.

Please See this documentation

Note: Only given parameters will be allowed to process request further.