Home/ Questions/Q 9097853
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T00:13:13+00:00

I’m following this video tutorial and learning how to create authentication from scratch: http://www.youtube.com/watch?v=O5RDisWr_7Q

  • 0

I’m following this video tutorial and learning how to create authentication from scratch:

http://www.youtube.com/watch?v=O5RDisWr_7Q

Here is my migration file for User:

class CreateUsers < ActiveRecord::Migration
  def change
    create_table :users do |t|
      t.string :email
      t.string :password_hash
      t.string :password_salt

      t.timestamps
    end
  end
end

And my controller:

class UsersController < ApplicationController
  def new
    @user = User.new
  end

  def create
    @user = User.new(params[:users])
    if @user.save
      redirect_to root_url, :notice => "Signed up!"
    else
      render "new"
    end
  end
end

And finally my Model:

class User < ActiveRecord::Base
  attr_accessible :email, :password_hash, :password_salt

  before_save :encrypt_password

  validates_confirmation_of :password
  validates :password, presence: true
  validates :email, presence: true

  def encrypt_password
    if password.present?
      self.password_salt = BCrypt::Engine.generate_salt
      self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
    end
  end
end

Now, I think I know why this error is firing; obviously the @user.save call is trying to save the value in password to the password field in the User table, but that field doesn’t exist in the database. In the video he mentions that to fix this bug I should just add: attr_accessible :password to my model and it should work, but I get the following error:

NoMethodError in UsersController#create

undefined method `password’ for #

app/controllers/users_controller.rb:8:in `create’

Any suggestions? I just would like to take advantage of the validations that come with using a strongly typed model instead of loose html fields.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have attr_accessible :password_hash, :password_salt, but I think it should be attr_accessible :password together with attr_accessor :password since you need a virtual attribute password on which you work in your encrypt_password method. So:

    class User < ActiveRecord::Base
  attr_accessible :email, :password
  attr_accessor :password
end

    attr_accessor creates the virtual attribute which is not available as a database field (therefore virtual).

    attr_accessible is a security mechanism to white-list attributes which are allowed to be set through mass-assignment like you do with User.new(params[:users])

    • 0