when whitelist attributes is turned on we need to explicitly assign t…

…he params

app/controllers/clearance/users_controller.rb

@@ -5,12 +5,12 @@ class Clearance::UsersController < ApplicationController
   before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
 
   def new
-    @user = Clearance.configuration.user_model.new(params[:user])
+    @user = user_from_params
     render :template => 'users/new'
   end
 
   def create
-    @user = Clearance.configuration.user_model.new(params[:user])
+    @user = user_from_params
     if @user.save
       sign_in(@user)
       redirect_back_or(url_after_create)
@@ -31,4 +31,13 @@ def flash_failure_after_create
   def url_after_create
     '/'
   end
+
+  def user_from_params
+    user_params = params[:user] || Hash.new
+    email, password = user_params.delete(:email), user_params.delete(:password)
+    Clearance.configuration.user_model.new(user_params).tap do |user|
+      user.email = email
+      user.password = password
+    end
+  end
 end