Rails 4 / Devise 3.00rc / pg "Unlisted parameters" in registration / editing

I'm new to Rails - using the Rails 4 final with development 3.0.0rc (compatible with rails 4). I configured both options, and registration was workable, but at some point I started to get Unpermitted parameters: first_name, last_name when trying to create a new user (or edit an existing user profile). There are several similar questions on this topic, but for unsupported versions of Devise - and my configuration worked properly from the beginning.

Processing by Devise::RegistrationsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"+DG4aeMPteQ4Mq9pPJ2JaitTVgp0NCW9nXi2qSv23zw=", "user"=>{"first_name"=>"John", "last_name"=>"Kenn", "email"=>" me1@email.com ", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign Up"} Unpermitted parameters: first_name, last_name (0.2ms) BEGIN User Exists (0.4ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = ' me1@email.com ' LIMIT 1 (0.2ms) ROLLBACK 

user.rb

 class User < ActiveRecord::Base has_many :jobrecords, dependent: :destroy # after_create :send_welcome_email # Include default devise modules. Others available are: # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :registerable, :omniauthable, :recoverable, :rememberable, :trackable, :validatable # Setup accessible (or protected) attributes for your model validates :first_name, presence: true validates :last_name, presence: true validates :email, presence: true attr_accessible :first_name, :last_name, :email, :password, :password_confirmation, :remember_me def self.from_omniauth(auth) where(auth.slice(:provider, :uid)).first_or_create do |user| user.provider = auth.provider user.uid = auth.uid user.first_name = auth.info.nickname user.last_name = auth.info.nickname end end def self.new_with_session(params, session) if session["devise.user_attributes"] new(session["devise.user_attributes"], without_protection: true) do |user| user.attributes = params user.valid? end else super end end def password_required? super && provider.blank? end def update_with_password(params, *options) if encrypted_password.blank? update_attributes(params, *options) else super end end private def send_welcome_email UserMailer.signup_confirmation(self).deliver end end 

Despite the fact that it worked correctly before, I tried to redefine sign_up_params in registrations_controller.rb, but this did not work. I can still register using openauth-twitter (since the application does not ask for a first or last name when registering via twitter). Any help is appreciated.