0

I'm trying to use OmniAuth to integrate Facebook with my website, and I think I'm getting a few errors here. Right now when I click "Sign in with Facebook" it does bring me to Facebook, but soon as I sign in I get an error saying ActiveModel::ForbiddenAttributesError. Also, I think there might be an issue my routes as well but I'm not sure.

Also, I followed this RailsCasts tutorial: http://railscasts.com/episodes/360-facebook-authentication?autoplay=true

Edit: The error is on this line here, where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|

omniauth.rb

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
end

user.rb

class User < ActiveRecord::Base
  def self.from_omniauth(auth)
    where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
      user.provider = auth.provider
      user.uid = auth.uid
      user.name = auth.info.name
      user.oauth_token = auth.credentials.token
      user.oauth_expires_at = Time.at(auth.credentials.expires_at)
      user.save!
    end
  end
end

routes.rb

Rails.application.routes.draw do

  get 'auth/:provider/callback', to: 'sessions#create'
  get 'auth/failure',  ('/posts/index')
  get 'signout', to: 'sessions#destroy', as: 'signout'

  resources :welcome
  resources :posts

  root "welcome#index"

sessions_controller.rb

class SessionsController < ApplicationController
  def create
    user = User.from_omniauth(env["omniauth.auth"])
    session[:user_id] = user.id
    redirect_to root_url
  end

  def destroy
    session[:user_id] = nil
    redirect_to root_url
  end
end

application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  private

  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end
  helper_method :current_user
end
roguerat
  • 219
  • 4
  • 16
  • possible duplicate of [Rails 4.1.5 omniauth strong parameters](http://stackoverflow.com/questions/25399414/rails-4-1-5-omniauth-strong-parameters) – Fei Sep 10 '15 at 13:38

1 Answers1

4

Modify your finder like so:

class User < ActiveRecord::Base
  def self.from_omniauth(auth)
    where(provider: auth.provider, uid: auth.uid).first_or_initialize do |user|
      user.provider = auth.provider
      user.uid = auth.uid
      user.name = auth.info.name
      user.oauth_token = auth.credentials.token
      user.oauth_expires_at = Time.at(auth.credentials.expires_at)
      user.save!
    end
  end
end
coderhs
  • 4,357
  • 1
  • 16
  • 25
  • Awesome, that seemed to solve that problem. Except when I now click the link to sign in with Facebook I get a blank page, with a little error written in red at the top saying `The parameter app_id is required`. Do you have any idea what that means? – roguerat Feb 20 '15 at 03:03
  • hm nevermind I fixed it but I'm unsure why this fixed it... in my `omniauth.rb` I removed both of the `ENV`s that are infront of the app id and fb secret and it now works. It's awesome it works but I'm unsure if that will cause problems in the future? – roguerat Feb 20 '15 at 03:05
  • So instead of the ENV you wrote the app_id and secret directly into the file? – coderhs Feb 20 '15 at 03:31
  • Yes, you see in my `omniauth.rb` where it says `ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']` (with my real app_id and face_book of course). It still looks exactly like that, except I removed both of the `ENV`s and that fixed my issue. I'm confused as to why and if this bad... – roguerat Feb 20 '15 at 03:36
  • If its working in development now it shouldn't cause an error, but still i suggest you deploy to staging or run it in production env in your local machine itself to confirm. Also if you found my answer useful, do give an up vote :) – coderhs Feb 20 '15 at 03:51