Rails duplicated the parameters inside the resource

..if you've turned on config.wrap_parameters in your initializer [check the file config/initializers/wrap_parameters.rb] or [you] are calling wrap_parameters() in your controller...the parameters will be cloned and wrapped in the key according to your controller's name by default.

http://guides.rubyonrails.org/action_controller_overview.html#parameters http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html

In other words, what you are seeing is the default way rails enters things in the params hash.


I had the same question but I hadn't understood the problem and needed a different solution.

In my passwords controller (for enabling password reset via email), my parameters looked like this:

{"email"=>"[email protected]", "code"=>"123", "password"=>"[FILTERED]", "password"=>{"email"=>"[email protected]", "code"=>"123", "password"=>"[FILTERED]"}}

I thought, "why are my params duplicated inside of password", not realizing that the outer password was coming from the resource name. (Thanks, 7stud!) But if I added wrap_parameters false at the top of my controller to flatten out the params, then I couldn't use the 'require/permit' pattern for strong params:

#passwords_controller.rb
...
private
def forgot_password_params
    params.require(:password).permit(:email, :password, :code)
end

To make this more legible, I used wrap_parameters to rename the outer password ref in the params. The code:

#passwords_controller.rb
wrap_parameters "reset" 
...
private
def forgot_password_params
    params.require(:reset).permit(:email, :password, :code)
end

and the resulting params: {"email"=>"[email protected]", "code"=>"123", "password"=>"[FILTERED]", "reset"=>{"email"=>"[email protected]", "code"=>"123", "password"=>"[FILTERED]"}}

I then immediately ran into a related issue where for an in-app password reset, I passed in newPassword from my form but it was not in my params. By default, params only include attributes from the model. wrap_parameters let me fix this as well:

#users_controller.rb
wrap_parameters :user, include: [:username, :email, :password, :newPassword]