ActiveModel::ForbiddenAttributesError in PasswordResetsController#update

Question

I have seen Ryan railcasts episode 274 I am using rails 4 and encountered one problem.

In password_resets_controller.rb

elsif @user.update_attributes(params[:user])

IN console it showing

ActiveModel::ForbiddenAttributesError in PasswordResetsController#update

when I modified update_attributes to update_attribute it shows

wrong number of arguments (1 for 2)

params[:user] showing two value password and password_confirmation but i am using password in my login page

I do not know how to solve this issue.

Answer 1

This is because of Strong parameters feature in Rails 4. It will be raised when forbidden attributes are used for mass assignment.

You have to permit the attributes in your controller. Like this

@user.update_attributes(params.require(:user).permit(:password, :password_confirmation))

Answer 2

Had the identical issue - getting same error message when attempting to make any change to any of my resources from within Active Admin. Strong parameters were whitelisted correctly in the model's controller but it wasn't until after reviewing the documentation I realized that I needed to include the model attributes to be whitelisted in the model within app/admin/your_model.rb. Once I did this all worked correctly from within Active Admin.

app/admin/your_model.rb

ActiveAdmin.register Your_model do
  permit_params :attribute_1, :attribute_2, :attribute_3, :etc, :etc
end

This worked on my local server. After pushing changes to git and deploying to VPS it worked there as well. Make sure you restart your app. In one case I had to restart my instance. Hopefully this helps someone.