ActiveModel::MassAssignmentSecurity::Error in Devise::DisplayqrController#update

webhat commented 10 years ago

I got the error below, I'm using the current gem from rubygems.org, which is 0.3.8

I'm guessing that the following in displayqr_controller.rb:

  def resource_params
    return params.require(resource_name.to_sym).permit(:gauth_enabled) if strong_parameters_enabled?
    params
  end

Should actually be:

  def resource_params
    return params.require(resource_name.to_sym).permit(:gauth_enabled) if strong_parameters_enabled?
    params[:user]
  end

Can't mass-assign protected attributes: utf8, _method, authenticity_token, user, commit, action, controller

activemodel (3.2.14) lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
activemodel (3.2.14) lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
activemodel (3.2.14) lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
activemodel (3.2.14) lib/active_model/mass_assignment_security.rb:230:in `sanitize_for_mass_assignment'
activerecord (3.2.14) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
activerecord (3.2.14) lib/active_record/persistence.rb:216:in `block in update_attributes'
activerecord (3.2.14) lib/active_record/transactions.rb:313:in `block in with_transaction_returning_status'
activerecord (3.2.14) lib/active_record/connection_adapters/abstract/database_statements.rb:192:in `transaction'
activerecord (3.2.14) lib/active_record/transactions.rb:208:in `transaction'
newrelic_rpm (3.7.1.182) lib/new_relic/agent/method_tracer.rb:524:in `block in transaction_with_trace_ActiveRecord_self_name_transaction'
newrelic_rpm (3.7.1.182) lib/new_relic/agent/method_tracer.rb:276:in `trace_execution_scoped'
newrelic_rpm (3.7.1.182) lib/new_relic/agent/method_tracer.rb:519:in `transaction_with_trace_ActiveRecord_self_name_transaction'
activerecord (3.2.14) lib/active_record/transactions.rb:311:in `with_transaction_returning_status'
activerecord (3.2.14) lib/active_record/persistence.rb:215:in `update_attributes'
devise (3.2.2) lib/devise/models/database_authenticatable.rb:98:in `update_without_password'
devise_google_authenticator (0.3.9) lib/devise_google_authenticatable/models/google_authenticatable.rb:23:in `set_gauth_enabled'
devise_google_authenticator (0.3.9) app/controllers/devise/displayqr_controller.rb:16:in `update'
actionpack (3.2.14) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (3.2.14) lib/abstract_controller/base.rb:167:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (3.2.14) lib/abstract_controller/callbacks.rb:18:in `block in process_action'
activesupport (3.2.14) lib/active_support/callbacks.rb:469:in `_run__1275140421611138688__process_action__2861611677323709685__callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.14) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.14) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.2.14) lib/active_support/notifications.rb:123:in `block in instrument'
activesupport (3.2.14) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (3.2.14) lib/active_support/notifications.rb:123:in `instrument'
actionpack (3.2.14) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/params_wrapper.rb:207:in `process_action'
activerecord (3.2.14) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
newrelic_rpm (3.7.1.182) lib/new_relic/agent/instrumentation/rails3/action_controller.rb:38:in `block in process_action'
newrelic_rpm (3.7.1.182) lib/new_relic/agent/instrumentation/controller_instrumentation.rb:339:in `perform_action_with_newrelic_trace'
newrelic_rpm (3.7.1.182) lib/new_relic/agent/instrumentation/rails3/action_controller.rb:37:in `process_action'
actionpack (3.2.14) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.2.14) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.2.14) lib/action_controller/metal.rb:203:in `dispatch'
actionpack (3.2.14) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.2.14) lib/action_controller/metal.rb:246:in `block in action'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:73:in `call'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:36:in `call'
actionpack (3.2.14) lib/action_dispatch/routing/mapper.rb:43:in `call'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:608:in `call'
newrelic_rpm (3.7.1.182) lib/new_relic/rack/error_collector.rb:50:in `call'
newrelic_rpm (3.7.1.182) lib/new_relic/rack/agent_hooks.rb:28:in `call'
newrelic_rpm (3.7.1.182) lib/new_relic/rack/browser_monitoring.rb:23:in `call'
newrelic_rpm (3.7.1.182) lib/new_relic/rack/developer_mode.rb:42:in `call'
rack (1.4.5) lib/rack/deflater.rb:13:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.4.5) lib/rack/etag.rb:23:in `call'
rack (1.4.5) lib/rack/conditionalget.rb:35:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/flash.rb:242:in `call'
rack (1.4.5) lib/rack/session/abstract/id.rb:210:in `context'
rack (1.4.5) lib/rack/session/abstract/id.rb:205:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/cookies.rb:341:in `call'
activerecord (3.2.14) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.2.14) lib/active_record/connection_adapters/abstract/connection_pool.rb:479:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (3.2.14) lib/active_support/callbacks.rb:405:in `_run__882152244716231407__call__2391952966024774611__callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.14) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.14) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/reloader.rb:65:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
railties (3.2.14) lib/rails/rack/logger.rb:32:in `call_app'
railties (3.2.14) lib/rails/rack/logger.rb:16:in `block in call'
activesupport (3.2.14) lib/active_support/tagged_logging.rb:22:in `tagged'
railties (3.2.14) lib/rails/rack/logger.rb:16:in `call'
quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets'
actionpack (3.2.14) lib/action_dispatch/middleware/request_id.rb:22:in `call'
rack (1.4.5) lib/rack/methodoverride.rb:21:in `call'
rack (1.4.5) lib/rack/runtime.rb:17:in `call'
activesupport (3.2.14) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.4.5) lib/rack/lock.rb:15:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/static.rb:63:in `call'
railties (3.2.14) lib/rails/engine.rb:484:in `call'
railties (3.2.14) lib/rails/application.rb:231:in `call'
rack (1.4.5) lib/rack/content_length.rb:14:in `call'
railties (3.2.14) lib/rails/rack/log_tailer.rb:17:in `call'
thin (1.6.1) lib/thin/connection.rb:82:in `block in pre_process'
thin (1.6.1) lib/thin/connection.rb:80:in `catch'
thin (1.6.1) lib/thin/connection.rb:80:in `pre_process'
thin (1.6.1) lib/thin/connection.rb:55:in `process'
thin (1.6.1) lib/thin/connection.rb:41:in `receive_data'
eventmachine (1.0.3) lib/eventmachine.rb:187:in `run_machine'
eventmachine (1.0.3) lib/eventmachine.rb:187:in `run'
thin (1.6.1) lib/thin/backends/base.rb:73:in `start'
thin (1.6.1) lib/thin/server.rb:162:in `start'
rack (1.4.5) lib/rack/handler/thin.rb:13:in `run'
rack (1.4.5) lib/rack/server.rb:268:in `start'
railties (3.2.14) lib/rails/commands/server.rb:70:in `start'
railties (3.2.14) lib/rails/commands.rb:55:in `block in <top (required)>'
railties (3.2.14) lib/rails/commands.rb:50:in `tap'
railties (3.2.14) lib/rails/commands.rb:50:in `<top (required)>'
script/rails:6:in `require'
script/rails:6:in `<main>'

Parameters:

{"utf8"=>"✓",
 "_method"=>"put",
 "authenticity_token"=>"ytxB3kvbwO3FvB7XMAbz1vFm4uSGtkf/ESkKHhTynH8=",
 "user"=>{"gauth_enabled"=>"1"},
 "commit"=>"Continue..."}

xntrik commented 10 years ago

I have a feeling that these problems have been addressed since 0.3.8.

Let me know if the issues persist with 0.3.13

pabloalr commented 9 years ago

I got the same error with 0.3.15

xntrik commented 9 years ago

Thanks @pabloalr - I've made some minor changes, just testing on ruby 1.9.3 and 2.1.5 - and on rails 3.2 and 4.2

xntrik commented 9 years ago

Will leave this open for a while, see if anyone gets any issues. Keen to see if 0.3.16 fixes this for you @pabloalr

pabloalr commented 9 years ago

Thanks @xntrik ! Problem solved! Sorry for the delay.

AsteriskLabs / devise_google_authenticator

ActiveModel::MassAssignmentSecurity::Error in Devise::DisplayqrController#update #20