ActiveModel::ForbiddenAttributesError #324

Closed
kulisu opened this Issue May 3, 2016 · 4 comments

Comments

Projects
None yet
2 participants
@kulisu

kulisu commented May 3, 2016

  • /opt/dradispro/dradispro/current/app/controllers/attachments_controller.rb
  • /opt/dradispro/dradispro/current/app/controllers/password_resets_controller.rb
  • app/controllers/dradis/pro/issuelib/admin/issuelib/entries_controller.rb
  • .. etc ?
@etdsoft

This comment has been minimized.

Show comment
Hide comment
@etdsoft

etdsoft May 4, 2016

Contributor

Hi @kulisu thanks for this.

How do you trigger the error on:

./app/controllers/attachments_controller.rb

and

./app/controllers/password_resets_controller.rb

This seems like it could be related to the Rails 4 migration but I haven't been able to reproduce.

I suspect the 3rd one is some sort of typo? The .gem file has nothing to do with ActiveModel controllers.

Contributor

etdsoft commented May 4, 2016

Hi @kulisu thanks for this.

How do you trigger the error on:

./app/controllers/attachments_controller.rb

and

./app/controllers/password_resets_controller.rb

This seems like it could be related to the Rails 4 migration but I haven't been able to reproduce.

I suspect the 3rd one is some sort of typo? The .gem file has nothing to do with ActiveModel controllers.

@kulisu

This comment has been minimized.

Show comment
Hide comment
@kulisu

kulisu May 4, 2016

Hello @etdsoft,

thanks for your quick reply.
it's seems that some controllers didnt migrate to Rails4.

i'm so sorry that attachments_controller.rb is a typo and it's related to #325 issue.
password_resets_controller.rb, entries_controller.rb are still using old-style to update attributes.

and how to reproduce these ?
just click the reset password link, submit a new password and you will get a 500 server error.
and the error will happen when you trying to update an issue in IssueLibrary lol.

# File: password_resets_controller.rb
# Line: 19,47

    elsif !params[:user][:password].blank? && @user.update_attributes(params[:user])

# File: entries_controller.rb
# Line: 20,10

      if @entry.update_attributes(params[:entry])
# monkey patch temporarily here :D

# File: config/initializers/z_99_PATCH_EntriesController.rb
if @entry.update_attributes(entry_params)

private
  def entry_params
    # dont forget :state, we found that we cant update issue's state.
    params.require(:entry).permit(:content, :state)
  end
end

# File: config/initializers/z_99_PATCH_PasswordResetsController.rb
elsif !params[:user][:password].blank? && @user.update_attributes(user_params)

private
  def user_params
    params.require(:user).permit(:password, :password_confirmation)
  end

kulisu commented May 4, 2016

Hello @etdsoft,

thanks for your quick reply.
it's seems that some controllers didnt migrate to Rails4.

i'm so sorry that attachments_controller.rb is a typo and it's related to #325 issue.
password_resets_controller.rb, entries_controller.rb are still using old-style to update attributes.

and how to reproduce these ?
just click the reset password link, submit a new password and you will get a 500 server error.
and the error will happen when you trying to update an issue in IssueLibrary lol.

# File: password_resets_controller.rb
# Line: 19,47

    elsif !params[:user][:password].blank? && @user.update_attributes(params[:user])

# File: entries_controller.rb
# Line: 20,10

      if @entry.update_attributes(params[:entry])
# monkey patch temporarily here :D

# File: config/initializers/z_99_PATCH_EntriesController.rb
if @entry.update_attributes(entry_params)

private
  def entry_params
    # dont forget :state, we found that we cant update issue's state.
    params.require(:entry).permit(:content, :state)
  end
end

# File: config/initializers/z_99_PATCH_PasswordResetsController.rb
elsif !params[:user][:password].blank? && @user.update_attributes(user_params)

private
  def user_params
    params.require(:user).permit(:password, :password_confirmation)
  end
@etdsoft

This comment has been minimized.

Show comment
Hide comment
@etdsoft

etdsoft May 6, 2016

Contributor

There is a new version of IssueLibrary add-on that it's compatible with Rails 4, please get in touch with Support to get it.

Confirmed bug in PasswordResetsController, upon changing the password. I had checked the creation of the password reset, and that seemed to have worked before.

Contributor

etdsoft commented May 6, 2016

There is a new version of IssueLibrary add-on that it's compatible with Rails 4, please get in touch with Support to get it.

Confirmed bug in PasswordResetsController, upon changing the password. I had checked the creation of the password reset, and that seemed to have worked before.

@etdsoft etdsoft added the bug label May 6, 2016

@etdsoft etdsoft added this to the v2.3 milestone May 6, 2016

@etdsoft

This comment has been minimized.

Show comment
Hide comment
@etdsoft

etdsoft May 24, 2016

Contributor

Fixed, ships in v2.3

Contributor

etdsoft commented May 24, 2016

Fixed, ships in v2.3

@etdsoft etdsoft closed this May 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment