ActiveModel::MassAssignmentSecurity::Error in Spree::CheckoutController#skrill_return #6

Closed
msevestre opened this Issue Oct 3, 2012 · 6 comments

Projects

None yet

4 participants

@msevestre

Please this is really urgent:I get the following error when checking out with skril

Can't mass-assign protected attributes: payment_method

activemodel (3.2.8) lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
activemodel (3.2.8) lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
activemodel (3.2.8) lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
activemodel (3.2.8) lib/active_model/mass_assignment_security.rb:230:in `sanitize_for_mass_assignment'
activerecord (3.2.8) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
activerecord (3.2.8) lib/active_record/base.rb:498:in `initialize'
state_machine (1.1.2) lib/state_machine/integrations/active_record.rb:461:in `initialize'
activerecord (3.2.8) lib/active_record/reflection.rb:183:in `new'
activerecord (3.2.8) lib/active_record/reflection.rb:183:in `build_association'
activerecord (3.2.8) lib/active_record/associations/association.rb:233:in `build_record'
activerecord (3.2.8) lib/active_record/associations/collection_association.rb:432:in `block in create_record'
activerecord (3.2.8) lib/active_record/associations/collection_association.rb:149:in `block in transaction'
activerecord (3.2.8) lib/active_record/connection_adapters/abstract/database_statements.rb:192:in `transaction'
activerecord (3.2.8) lib/active_record/transactions.rb:208:in `transaction'
activerecord (3.2.8) lib/active_record/associations/collection_association.rb:148:in `transaction'
activerecord (3.2.8) lib/active_record/associations/collection_association.rb:431:in `create_record'
activerecord (3.2.8) lib/active_record/associations/collection_association.rb:119:in `create'
activerecord (3.2.8) lib/active_record/associations/collection_proxy.rb:46:in `create'
/home/mike/.rvm/gems/ruby-1.9.3-p194@yourtime/bundler/gems/spree_skrill-67ed42e5ae62/app/controllers/spree/checkout_controller_decorator.rb:11:in `skrill_return'
actionpack (3.2.8) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (3.2.8) lib/abstract_controller/base.rb:167:in `process_action'
actionpack (3.2.8) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (3.2.8) lib/abstract_controller/callbacks.rb:18:in `block in process_action'
activesupport (3.2.8) lib/active_support/callbacks.rb:502:in `_run__557865943__process_action__28316157__callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.8) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.8) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.2.8) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (3.2.8) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.2.8) lib/active_support/notifications.rb:123:in `block in instrument'
activesupport (3.2.8) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (3.2.8) lib/active_support/notifications.rb:123:in `instrument'
actionpack (3.2.8) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.2.8) lib/action_controller/metal/params_wrapper.rb:207:in `process_action'
activerecord (3.2.8) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (3.2.8) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.2.8) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.2.8) lib/action_controller/metal.rb:203:in `dispatch'
actionpack (3.2.8) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.2.8) lib/action_controller/metal.rb:246:in `block in action'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:73:in `call'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:36:in `call'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:600:in `call'
/home/mike/.rvm/gems/ruby-1.9.3-p194@yourtime/bundler/gems/spree-42eb0effebdc/core/lib/spree/core/middleware/redirect_legacy_product_url.rb:13:in `call'
/home/mike/.rvm/gems/ruby-1.9.3-p194@yourtime/bundler/gems/spree-42eb0effebdc/core/lib/spree/core/middleware/seo_assist.rb:27:in `call'
railties (3.2.8) lib/rails/engine.rb:479:in `call'
railties (3.2.8) lib/rails/railtie/configurable.rb:30:in `method_missing'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:600:in `call'
warden (1.1.1) lib/warden/manager.rb:35:in `block in call'
warden (1.1.1) lib/warden/manager.rb:34:in `catch'
warden (1.1.1) lib/warden/manager.rb:34:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.4.1) lib/rack/etag.rb:23:in `call'
rack (1.4.1) lib/rack/conditionalget.rb:25:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/flash.rb:242:in `call'
rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/cookies.rb:339:in `call'
activerecord (3.2.8) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.2.8) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (3.2.8) lib/active_support/callbacks.rb:405:in `_run__208316434__call__17061252__callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.8) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.8) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/reloader.rb:65:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
railties (3.2.8) lib/rails/rack/logger.rb:26:in `call_app'
railties (3.2.8) lib/rails/rack/logger.rb:16:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/request_id.rb:22:in `call'
rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
rack (1.4.1) lib/rack/runtime.rb:17:in `call'
activesupport (3.2.8) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.4.1) lib/rack/lock.rb:15:in `call'
actionpack (3.2.8) lib/action_dispatch/middleware/static.rb:62:in `call'
railties (3.2.8) lib/rails/engine.rb:479:in `call'
railties (3.2.8) lib/rails/application.rb:223:in `call'
rack (1.4.1) lib/rack/content_length.rb:14:in `call'
railties (3.2.8) lib/rails/rack/log_tailer.rb:17:in `call'
thin (1.5.0) lib/thin/connection.rb:81:in `block in pre_process'
thin (1.5.0) lib/thin/connection.rb:79:in `catch'
thin (1.5.0) lib/thin/connection.rb:79:in `pre_process'
thin (1.5.0) lib/thin/connection.rb:54:in `process'
thin (1.5.0) lib/thin/connection.rb:39:in `receive_data'
eventmachine (1.0.0) lib/eventmachine.rb:187:in `run_machine'
eventmachine (1.0.0) lib/eventmachine.rb:187:in `run'
thin (1.5.0) lib/thin/backends/base.rb:63:in `start'
thin (1.5.0) lib/thin/server.rb:159:in `start'
rack (1.4.1) lib/rack/handler/thin.rb:13:in `run'
rack (1.4.1) lib/rack/server.rb:265:in `start'
railties (3.2.8) lib/rails/commands/server.rb:70:in `start'
railties (3.2.8) lib/rails/commands.rb:55:in `block in <top (required)>'
railties (3.2.8) lib/rails/commands.rb:50:in `tap'
railties (3.2.8) lib/rails/commands.rb:50:in `<top (required)>'
script/rails:6:in `require'
script/rails:6:in `<main>'
@schof
Contributor
schof commented Oct 3, 2012

Should be a simple fix. We're looking into it now.

@cmar cmar was assigned Oct 3, 2012
@cmar
Contributor
cmar commented Oct 3, 2012

@msevestre which version of rails and spree are you running?

@msevestre

Rails 3.2.8
Spree 1-2-stable

On Wed, Oct 3, 2012 at 3:21 PM, Chris Mar notifications@github.com wrote:

@msevestre https://github.com/msevestre which version of rails and
spree are you running?


Reply to this email directly or view it on GitHubhttps://github.com/spree/spree_skrill/issues/6#issuecomment-9118665.

@cmar
Contributor
cmar commented Oct 3, 2012

The fix for this is easy, but I'm having trouble getting the specs working so I don't want to push it yet.

Since you have an urgent need, you can make the change locally here:

https://github.com/spree/spree_skrill/blob/master/app/controllers/spree/checkout_controller_decorator.rb#L13

by changing it to

payment = @order.payments.create({:amount => @order.total,
                                         :source => skrill_transaction,
                                         :payment_method => payment_method}, :without_protection => true)

cc @radar

@msevestre

Awesome
Urgent was for me as : in the next few days or so. I'll wait until the end
of the week. If it's not pushed by then, I'll implement the fix myself
Thanks for the prompt handling

On Wed, Oct 3, 2012 at 3:37 PM, Chris Mar notifications@github.com wrote:

The fix for this is easy, but I'm having trouble getting the specs working
so I don't want to push it yet.

Since you have an urgent need, you can make the change locally here:

https://github.com/spree/spree_skrill/blob/master/app/controllers/spree/checkout_controller_decorator.rb#L13

by changing it to

payment = @order.payments.create({:amount => @order.total,
:source => skrill_transaction,
:payment_method => payment_method}, :without_protection => true)


Reply to this email directly or view it on GitHubhttps://github.com/spree/spree_skrill/issues/6#issuecomment-9119175.

@radar radar closed this in d0efa3e Oct 4, 2012
@radar
Contributor
radar commented Oct 4, 2012

This has been fixed.

@radar radar reopened this Oct 4, 2012
@radar radar closed this Oct 4, 2012
@cmar cmar was unassigned by msevestre Sep 15, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment