无法批量分配受保护的属性:令牌

时间:2013-04-11 08:35:39

标签: ruby-on-rails ruby

我们收到此错误

ActiveModel::MassAssignmentSecurity::Error in AuthenticationsController#create
Can't mass-assign protected attributes: token

在此之前,我们的令牌已到期,无法在我们的网络应用上发布,因此为了解决此问题,我们每次使用提供商进行身份验证时都会尝试更新令牌和机密属性。

以下是代码:

class AuthenticationsController < InheritedResources::Base
def create
  omniauth = request.env['omniauth.auth']
  authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])
  if authentication
     user = User.find(authentication.user_id)
     user.update_attributes(:token => omniauth["credentials"]["token"])
     user.update_attributes(:secret => omniauth["credentials"]["secret"])
     flash[:success] = "Signed in successfully"
     sign_in_and_redirect user
  elsif current_user
      #rest of the code here#

这是架构

 create_table "authentications", :force => true do |t|
    t.integer  "user_id"
    t.string   "provider"
    t.string   "uid"
    t.datetime "created_at", :null => false
    t.datetime "updated_at", :null => false
    t.string   "secret"
    t.string   "token"
  end

     create_table "users", :force => true do |t|
    t.string    "name"
    t.string    "email"
    t.timestamp "created_at",                         :null => false
    t.timestamp "updated_at",                         :null => false
    t.string    "password_digest"
    t.string    "remember_token"
  end

这是身份验证模型

class Authentication < ActiveRecord::Base
  belongs_to :user
  attr_accessible :provider, :uid, :token, :secret
end

1 个答案:

答案 0 :(得分:2)

您正在尝试将令牌和密码分配给用户模型,而不是为身份验证模型执行此操作。

 authentication.update_attributes(:token => omniauth["credentials"]["token"], :secret => omniauth["credentials"]["secret"] )

应该有用。