I'm following along with this tutorial and at one point, it tells me to
... add password and password_confirmation attributes to the User model [...] Unlike the other attributes we’ve seen so far, the password attributes will be virtual—they will only exist temporarily in memory, and will not be persisted to the database.
And
As we’ll see in Section 6.3.4, these virtual attributes are implemented automatically by has_secure_password.
My model looks like this:
class User < ActiveRecord::Base
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
has_secure_password
attr_accessible :email, :is_admin, :name, :password, :password_confirmation
validates :name, presence: true, uniqueness: true
validates :password_digest, presence: true
validates :password, presence: true, length: { minimum: 6 }
validates :password_confirmation, presence: true
validates :email, presence: true, format: {with: VALID_EMAIL_REGEX}, uniqueness: true
end
So now when I try to create a new user;
User.create(name: "Foo Bar", email: "foo@bar.net", password: "foobar", password_confirmation: "foobar")
I get the following error:
ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: password, password_confirmation
Why?!