Rails ActiveModel::ForbiddenAttributesError Devise, Omniauth

Question

I am running into an issue with Omniauth authentication and Rails 4 whereby I am getting a Rails ActiveModel::ForbiddenAttributesError.

I am using gem 'protected_attributes' so strong parameters shouldn't be an issue.

My user model contains the following:

  def self.from_omniauth(auth)
    where(auth.slice(:provider, :uid)).first_or_create do |user|
      user.username = auth.info.email
      user.email = auth.info.email
      user.password = Devise.friendly_token[0,20]
      user.name = auth.info.name
    end
  end

user.password is in there just to maintain compatibility with the existing Devise auth system.

The AR error indicates that this line: where(auth.slice(:provider, :uid)).first_or_create do |user| is throwing the error.

The above method is being called from:

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def mavenlink
    @user = User.from_omniauth(request.env['omniauth.auth'])
    service = @user.services.initialize_or_update_via_omniauth(request.env['omniauth.auth'])
    if service && service.save
      sign_in_and_redirect @user #this will throw if @user is not activated
      set_flash_message(:notice, :success, :kind => "Mavenlink") if is_navigational_format?
    else
      redirect_to root_path, error: "Error signing in with Mavenlink credentials."
    end
  end
end

Whether this is related or not, I'm not sure, but I have also been running this error:

Could not find a valid mapping for path "/auth/mavenlink/callback"

Perhaps not related, but I thought I'd include it just in case.

Any help would be greatly appreciated!

Answer 1

I had the same issue a few weeks ago and fixed it with by changing the line below. Essentially you should explicitly pass the parameters into your query.

where(provider: auth.provider, uid: auth.uid).first_or_create do |user|

You can find a Devise issue about this.