app/controllers/cadenero/v1/account/users_controller.rb in cadenero-0.0.2.b8 vs app/controllers/cadenero/v1/account/users_controller.rb in cadenero-0.0.2.b10

@@ -18,13 +18,13 @@
       #
       # @return render JSON of [Cadenero::User] created and the status 201 Created: The request has been
       #   fulfilled and resulted in a new resource being created.
       def create
         account = Cadenero::V1::Account.where(subdomain: request.subdomain).first
-        @user = account.users.create(params[:user])
+        @user = account.users.create(user_params)
         force_authentication!(@user)
-        render json: @user, status: :created
+        render json: @user, serializer: UserSerializer, status: :created
       end
 
       # Send as JSON the user that match the params[:user]
       def show
         @user = current_account.users.where(id: params[:id]).first
@@ -33,9 +33,16 @@
 
       # Send as JSON the users for the current_account
       def index
         @users = current_account.users
         render json: @users, status: :ok
+      end
+
+      private
+      
+      # Permited parameters using strong parameters format
+      def user_params
+        params.require(:user).permit(:email, :password, :password_confirmation)
       end
     end
   end
 end