ActiveModel::ForbiddenAttributesError Ror4

Question

Upgrading an older rails app to 4.2.10. I am using the sorcery Gem. The app worked fine in RoR 3.2.8

Line 45 ---> @user = User.new(params[:user])

Extracted source (around line #45):

      # POST /users.json
       def create
        @user = User.new(params[:user])

         respond_to do |format|
          if @user.save



  # PUT /users/1
  # PUT /users/1.json
  def update
   @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to @user, notice: 'User was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end

def create method

def create
       @user = User.new(params[:user])

        respond_to do |format|
          if @user.save
            format.html { render action: "thanks", notice: 'User was 
    successfully created.' }
            format.json { render json: @user, status: :created, 
location: @user }
          else
             format.html { render action: "new" }
             format.json { render json: @user.errors, status: 
 :unprocessable_entity }
         end
        end
      end

Answer 1

In rails 4 or later you need to use strong parameter as below

def permit_user_params
  params.require(:user).permit(:name, :email, :etc)
end

and use this permitted parameter as

def create
       @user = User.new(permit_user_params)

        respond_to do |format|
          if @user.save
            format.html { render action: "thanks", notice: 'User was 
    successfully created.' }
            format.json { render json: @user, status: :created, 
location: @user }
          else
             format.html { render action: "new" }
             format.json { render json: @user.errors, status: 
 :unprocessable_entity }
         end
        end
      end

Hope it will helps you.