Rails: ActiveModel::ForbiddenAttributesError
Rails: ActiveModel::ForbiddenAttributesError
我正在尝试使用 OmniAuth 将 Facebook 与我的网站集成,我想我在这里遇到了一些错误。现在,当我单击 "Sign in with Facebook" 时,它确实将我带到了 Facebook,但我一登录就收到一条错误消息,显示 ActiveModel::ForbiddenAttributesError。另外,我认为我的路线也可能存在问题,但我不确定。
此外,我遵循了 RailsCasts 教程:http://railscasts.com/episodes/360-facebook-authentication?autoplay=true
编辑:错误在此行,where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
omniauth.rb
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
end
user.rb
class User < ActiveRecord::Base
def self.from_omniauth(auth)
where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.oauth_token = auth.credentials.token
user.oauth_expires_at = Time.at(auth.credentials.expires_at)
user.save!
end
end
end
routes.rb
Rails.application.routes.draw do
get 'auth/:provider/callback', to: 'sessions#create'
get 'auth/failure', ('/posts/index')
get 'signout', to: 'sessions#destroy', as: 'signout'
resources :welcome
resources :posts
root "welcome#index"
sessions_controller.rb
class SessionsController < ApplicationController
def create
user = User.from_omniauth(env["omniauth.auth"])
session[:user_id] = user.id
redirect_to root_url
end
def destroy
session[:user_id] = nil
redirect_to root_url
end
end
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
private
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
helper_method :current_user
end
像这样修改您的查找器:
class User < ActiveRecord::Base
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_initialize do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.oauth_token = auth.credentials.token
user.oauth_expires_at = Time.at(auth.credentials.expires_at)
user.save!
end
end
end
我正在尝试使用 OmniAuth 将 Facebook 与我的网站集成,我想我在这里遇到了一些错误。现在,当我单击 "Sign in with Facebook" 时,它确实将我带到了 Facebook,但我一登录就收到一条错误消息,显示 ActiveModel::ForbiddenAttributesError。另外,我认为我的路线也可能存在问题,但我不确定。
此外,我遵循了 RailsCasts 教程:http://railscasts.com/episodes/360-facebook-authentication?autoplay=true
编辑:错误在此行,where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
omniauth.rb
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
end
user.rb
class User < ActiveRecord::Base
def self.from_omniauth(auth)
where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.oauth_token = auth.credentials.token
user.oauth_expires_at = Time.at(auth.credentials.expires_at)
user.save!
end
end
end
routes.rb
Rails.application.routes.draw do
get 'auth/:provider/callback', to: 'sessions#create'
get 'auth/failure', ('/posts/index')
get 'signout', to: 'sessions#destroy', as: 'signout'
resources :welcome
resources :posts
root "welcome#index"
sessions_controller.rb
class SessionsController < ApplicationController
def create
user = User.from_omniauth(env["omniauth.auth"])
session[:user_id] = user.id
redirect_to root_url
end
def destroy
session[:user_id] = nil
redirect_to root_url
end
end
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
private
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
helper_method :current_user
end
像这样修改您的查找器:
class User < ActiveRecord::Base
def self.from_omniauth(auth)
where(provider: auth.provider, uid: auth.uid).first_or_initialize do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.oauth_token = auth.credentials.token
user.oauth_expires_at = Time.at(auth.credentials.expires_at)
user.save!
end
end
end