Devise with Rails 4 and strong parameters

Continuing the Rails 4 test app. As I said on last post about Inherited Resources, I started an app on Rails 4 to test some new features and to see if my favorites gems works fine with the new Rails and the strong parameters.

Devise is a great gem and high useful for Rails apps, no doubt about it! So, let's make it works with strong parameters.

To do that, we need extend the devise controllers to filter the params that Devise will use.

Recoverable

# app/controllers/users/passwords_controller.rb

class Users::PasswordsController < Devise::PasswordsController  
  def resource_params
    params.require(:user).permit(:email, :password, :password_confirmation, :reset_password_token)
  end
  private :resource_params
end

Registerable

# app/controllers/users/registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController  
  def resource_params
    params.require(:user).permit(:email, :password, :password_confirmation, :current_password)
  end
  private :resource_params
end  

Routes

# config/routes.rb

devise_for :users, :controllers => {:registrations => "users/registrations", :passwords => "users/passwords"}  

For the others Devise modules like confirmable and lockable should be the same thing to do.

This code was tested on Rails 4.0.0.beta1 and it works!

Source.