Active Model MassAssignmentSecurity Error

Question

I'm Getting an Error: I'm developing a web with Facebook Integration.. I'm new in ruby on rails. can you help with my problem.

ActiveModel::MassAssignmentSecurity::Error in SessionsController#create

Can't mass-assign protected attributes: name

This is my controller:

class SessionsController < ApplicationController
  def create
    #render :json => request.env['omniauth.auth'].to_yaml
   auth = request.env['omniauth.auth']
    unless @auth = Authorization.find_from_hash(auth)
      @auth = Authorization.create_from_hash(auth, current_user)
    end

    self.current_user = @auth.user  
    render :text => "Welcome, #{current_user.name}."
   end
end

This is my user model:

class User < ActiveRecord::Base
  has_many :authorizations
  attr_accessor :name, :uid, :provider

  def self.create_from_hash!(hash)
    #create(:name => hash['user_info']['name'])
   create(:name => hash.info.name)
  end
end

This is my authorization model:

class Authorization < ActiveRecord::Base
  belongs_to :user
  validates_presence_of :user_id, :uid, :provider
  validates_uniqueness_of :uid, :scope => :provider

  def self.find_from_hash(hash)
    find_by_provider_and_uid(hash['provider'], hash['uid'])
  end

  def self.create_from_hash(hash, user = nil)
    user ||= User.create_from_hash!(hash)
    Authorization.create(:user => user, :uid => hash['uid'], :provider => hash['provider'])
  end
end

how can I fix this .. Thanks in advance :)

Answer 1

You certainly have enabled mass assignment protection (with config.active_record.whitelist_attributes = true in your config file), so you need to explicitly indicate which attributes can be updated by methods like update_attributes. You do it with attr_accessible.

In the User model, replace the following line (that seems useless)

attr_accessor :name, :uid, :provider

by

attr_accessible :name, :uid, :provider

See questions related to attr_accessor and attr_accessible for further informations here, here or here