3

こんにちは、devise と omniauth を使用して Facebook のログインを認証していますが、次のエラーが表示されます。

Can't mass-assign protected attributes: token
app/models/user.rb:20:in `apply_omniauth'
app/controllers/authentications_controller.rb:19:in `create'

これはユーザーモデルです:

class User < ActiveRecord::Base

  # The relationship between the User and Authentication model
  has_many :authentications, :dependent => :delete_all

  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :email, :password, :password_confirmation, :remember_me,
  # attr_accessible :title, :body

  def apply_omniauth(auth)
    # In previous omniauth, 'user_info' was used in place of 'raw_info'
    self.email = auth['extra']['raw_info']['email']
    authentications.build(:provider => auth['provider'], :uid => auth['uid'], :token => auth['credentials']['token'])
  end

end

これは私の認証コントローラーです:

class AuthenticationsController < ApplicationController
  def index
    @authentications = current_user.authentications if current_user
  end

  def create
    auth = request.env["omniauth.auth"]

    # Try to find authentication first
    authentication = Authentication.find_by_provider_and_uid(auth['provider'], auth['uid'])

    if authentication
      # Authentication found, sign the user in.
      flash[:notice] = "Signed in successfully."
      sign_in_and_redirect(:user, authentication.user)
    else
      # Authentication not found, thus a new user.
      user = User.new
      user.apply_omniauth(auth)
      if user.save(:validate => false)
        flash[:notice] = "Account created and signed in successfully."
        sign_in_and_redirect(:user, user)
      else
        flash[:error] = "Error while creating a user account. Please try again."
        redirect_to root_url
      end
    end 
  end

  def destroy
    @authentication = Authentication.find(params[:id])
    @authentication.destroy
    redirect_to authentications_url, :notice => "Successfully destroyed authentication."
  end
end

このエラーが発生する理由と修正方法を誰かが説明できますか?

4

1 に答える 1

2

認証モデルの行に追加:tokenすると、attr_accessibleうまくいくはずです。

于 2012-06-18T22:13:40.743 に答える