Closed jpmcgrath closed 12 years ago
edgar
commented
12 years ago Hey,
I have the same issue:
ActiveModel::MassAssignmentSecurity::Error (Can't mass-assign protected attributes: owner, client):
config/initializers/oauth2_provider.rb:8:in block in <top (required)>' app/controllers/oauth_controller.rb:6:innew'
app/controllers/oauth_controller.rb:6:in `access_token'
edgar
commented
12 years ago @jpmcgrath I fixed just adding attr_accessible in the model
https://github.com/edgar/oauth2-provider/commit/c68ba4f17f93646394cdd379f60da277ddf8cb5a
Now is working in rails 3.2.6, with default settings
edgar
commented
12 years ago Here the pull request for this little fix: https://github.com/songkick/oauth2-provider/pull/29
jpmcgrath
commented
12 years ago @edgar Thanks for that. I ended up coming up with the same solution but then ran into other issues. In the end I switched over to another oauth2 library as I suspected (maybe wrongly) that the projects maintainer isn't very active here.
Anyway, thanks again. Good luck with it!
Cheers.
edgar
commented
12 years ago @jpmcgrath just curious, what is the another lib? this one: https://github.com/assaf/rack-oauth2-server ?
Thanks
jpmcgrath
commented
12 years ago @edgar Didn't see that one in my search, but it looks nice. I tried Doorkeeper and a few others but ended up settling on https://github.com/pelle/oauth-plugin/
A difficult choice to be sure.
jcoglan
commented
12 years ago We've just done a bunch of work on this code -- we have Authorization.attr_accessible nil and have adjusted internal calls appropriately. The pull request #29 referenced above has been closed.
Hi there,
In my Rails 3.2 controller action when I use the following code:
@auth = OAuth2::Provider::Authorization.new(resource, params) @auth.grant_access!
I am getting the following exception:
ActiveModel::MassAssignmentSecurity::Error (Can't mass-assign protected attributes: owner, client): app/controllers/users/registrations_controller.rb:14:in `create'
I believe this is because in Rails 3.2.3 there was a security change that sees attribute mass assignment change from defaulting to off if no attr_accessible is declared.
Has anyone else encountered this?