After upgrading Rails 4.1.4 to 4.1.5 i get errors with my facebook omniauth session everything was working fine since then.
When i create a User Session i get an ActiveModel::ForbiddenAttributesError
Route:
match 'auth/:provider/callback', to: 'sessions#create', as: 'signin', via: :get
Session#create controller:
def create
user = User.from_omniauth(env["omniauth.auth"])
session[:user_id] = user.id
session[:user_name] = user.name
redirect_to root_path
end
and a user model like this:
def self.from_omniauth(auth)
where(auth.slice(:provider, :uid)).first_or_create.tap do |user|
user.provider ||= auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.save
end
end
I can bypass the ActiveModel error by adding a permit! method in my User Model like that:
where(auth.slice(:provider, :uid).permit!).first_or_create.tap do |user|
But it override the first user from the database...
The session[:user_id] seems to always be the first User from the database.
I don't know if it's a strong parameters problem, an Omniauth problem or both?
Replace you current finder:
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.save
end
end