Rails 4.1.5 omniauth strong parameters

半城伤御伤魂 提交于 2020-01-09 09:02:56

问题


After upgrading Rails 4.1.4 to 4.1.5 i get errors with my facebook omniauth session everything was working fine since then. When i create a User Session i get an ActiveModel::ForbiddenAttributesError

Route:

  match 'auth/:provider/callback', to: 'sessions#create', as: 'signin', via: :get

Session#create controller:

  def create
        user = User.from_omniauth(env["omniauth.auth"])
        session[:user_id] = user.id 
        session[:user_name] = user.name

      redirect_to root_path
  end

and a user model like this:

  def self.from_omniauth(auth)
    where(auth.slice(:provider, :uid)).first_or_create.tap do |user|
      user.provider ||= auth.provider 
      user.uid = auth.uid
      user.name = auth.info.name
      user.save
    end
  end

I can bypass the ActiveModel error by adding a permit! method in my User Model like that:

where(auth.slice(:provider, :uid).permit!).first_or_create.tap do |user|

But it override the first user from the database... The session[:user_id] seems to always be the first User from the database.

I don't know if it's a strong parameters problem, an Omniauth problem or both?


回答1:


Replace you current finder:

def self.from_omniauth(auth)
  where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
    user.provider = auth.provider 
    user.uid      = auth.uid
    user.name     = auth.info.name
    user.save
  end
end



回答2:


I created a detailed writeup of what is happening here:

Rails 4.1.5 Security Fix Breaks Model.where(attributes)

Snippet:

YIKES! Rails 4.1.5 requires you to use safe params for any param to where that is_a? Hash For example, if you were doing a Model.where using slice to take some keys out of some object that derives from Hash, then your code will throw this error when you migrate from Rails 4.1.4 to Rails 4.1.5:

An ActiveModel::ForbiddenAttributesError occurred in omniauth_callbacks#facebook: ActiveModel::ForbiddenAttributesError




回答3:


My solution is like this.

# extend the object and add method
auth_hash_extended = auth.slice(:provider, :uid)
def auth_hash_extended.permitted?()
  true
end

where( auth_hash_extended ).first_or_create do |user|
    user.provider = auth.provider
    #blablabla
end

If you have difficulty in separating hash into key-value sets, you may use this way.



来源:https://stackoverflow.com/questions/25399414/rails-4-1-5-omniauth-strong-parameters

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!