Home/ Questions/Q 8362315
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T11:54:42+00:00

Migration class CreateUsers < ActiveRecord::Migration def change create_table :users do |t| t.string :name t.string

  • 0

Migration 

class CreateUsers < ActiveRecord::Migration
  def change
    create_table :users do |t|
      t.string :name
      t.string :password_digest

      t.timestamps
    end
  end
end

Model

class User < ActiveRecord::Base
  attr_accessible :name, :password_digest
  validates :name, :presence => true, :uniqueness => true
  has_secure_password
end

User’s registration _form

.main_form
  = form_for @user do |f|

    %div
      = f.label :name
      = f.text_field :name, :size=>40

    %div
      = f.label :password, "Password"
      = f.password_field :password

    %div
      = f.label :password_confirmation, "Confirmation"
      = f.password_field :password_field

    %div
      = f.submit 'Create user'

When I try to register a new user it throws an exception

ActiveModel::MassAssignmentSecurity::Error in UsersController#create

Can't mass-assign protected attributes: password, password_field

What did I do wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should add these two fields to your has_accessible list. Rails does not only protect database fields from mass assignment but all fields like these ‘virtual’ fields too.

    In User model (instead of your attr_accesible line):

    attr_accessible :name, :password_field, :password

    Also, password_digest should not be available to modify in any case, that is a calculated field not user input.

    • 0