您好我正在使用devise和omniauth来验证facebook登录,但是我收到以下错误:
Can't mass-assign protected attributes: token
app/models/user.rb:20:in `apply_omniauth'
app/controllers/authentications_controller.rb:19:in `create'
这是用户模型:
class User < ActiveRecord::Base
# The relationship between the User and Authentication model
has_many :authentications, :dependent => :delete_all
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me,
# attr_accessible :title, :body
def apply_omniauth(auth)
# In previous omniauth, 'user_info' was used in place of 'raw_info'
self.email = auth['extra']['raw_info']['email']
authentications.build(:provider => auth['provider'], :uid => auth['uid'], :token => auth['credentials']['token'])
end
end
这是我的身份验证控制器:
class AuthenticationsController < ApplicationController
def index
@authentications = current_user.authentications if current_user
end
def create
auth = request.env["omniauth.auth"]
# Try to find authentication first
authentication = Authentication.find_by_provider_and_uid(auth['provider'], auth['uid'])
if authentication
# Authentication found, sign the user in.
flash[:notice] = "Signed in successfully."
sign_in_and_redirect(:user, authentication.user)
else
# Authentication not found, thus a new user.
user = User.new
user.apply_omniauth(auth)
if user.save(:validate => false)
flash[:notice] = "Account created and signed in successfully."
sign_in_and_redirect(:user, user)
else
flash[:error] = "Error while creating a user account. Please try again."
redirect_to root_url
end
end
end
def destroy
@authentication = Authentication.find(params[:id])
@authentication.destroy
redirect_to authentications_url, :notice => "Successfully destroyed authentication."
end
end
有人可以解释为什么我会收到此错误,以及我如何修复它?
答案 0 :(得分:1)
将:token
添加到身份验证模型中的attr_accessible
行应该可以解决问题。