Search code examples
ruby-on-railsdeviselinkedin-api

Omniauth Callback

Im using devise with my rails 4 app. I authenticate with Facebook, LinkedIn and email.

I've just started to use Figaro and the only change I have made to my code is to swap the password that I use for my email account out of the production.rb into my application.yml file.

Now, when I test the LinkedIn registration link, I get an error saying that something went wrong (after pressing "Register with LinkedIn"). I get the same error when I try to authenticate with the other options.

I have a callback error in my omniauth callback controller for linkedin. The line with the problem is the '@user.send_admin_email' below:

def linkedin
    @user = User.find_for_linkedin_oauth(request.env["omniauth.auth"])
      if @user.persisted?
        @user.send_admin_mail

        redirect_to root_path, :event => :authentication
        # sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
        #  set_flash_message(:notice, :success, :kind => "LinkedIn") if is_navigational_format?
        else
          session["devise.linkedin_data"] = request.env["omniauth.auth"]
          redirect_to root_path
        end
      end

I have a mailer set up which sends me an email to tell me when there is a new registration. It uses the email address for which I moved the password from production.rb to application.yml

Does anyone know how to resolve this error?

Thank you very much

Solution

  • Hmm, it seems a "strong parameter" problem to me. Check your "send_admin_mail" to see if there is a "update_atributes" (or a "save").

    My guess is that your user.rb is something like:

    class User < ActiveRecord::Base
...
attr_accessor :extras

def self.find_for_linkedin_oauth(access_token, signed_in_resource=nil)
  ...
  user = User.where(...)
  ...
  user.extras = access_token.extras
  ...
end

def send_admin_mail
  ...
  self.update_attributes(some_attribute: extras["some_attribute"])
  ...
end

    If you are doing this, "save" will try to do an UPDATE with a non-permitted parameter. The correct version must be something this:

    self.update_attributes(some_attribute: extras.permit(:some_attribute))

    If I'm not wrong, the first implementation worked in the previous versions of strong parameters, but not anymore.