Fix ActionController::Parameters in API issue

author: Eugen Rochko <eugen@zeonfederated.com> 2017-04-04 01:33:34 +0200
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-04-04 01:33:34 +0200
commit: 4c53af64f0b10bc11473df5e3fd1cd7a11b755f6 (patch)
tree: 9bad122ae3a66b4171f48947cbb33496e2f8b2de /app/controllers/api/v1/apps_controller.rb
parent: f722bd2387df9163760014e9555928ec487ae95f (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb
index ca9dd0b7e..2ec7280af 100644
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -4,6 +4,12 @@ class Api::V1::AppsController < ApiController
   respond_to :json
 
   def create
-    @app = Doorkeeper::Application.create!(name: params[:client_name], redirect_uri: params[:redirect_uris], scopes: (params[:scopes] || Doorkeeper.configuration.default_scopes), website: params[:website])
+    @app = Doorkeeper::Application.create!(name: app_params[:client_name], redirect_uri: app_params[:redirect_uris], scopes: (app_params[:scopes] || Doorkeeper.configuration.default_scopes), website: app_params[:website])
+  end
+
+  private
+
+  def app_params
+    params.permit(:client_name, :redirect_uris, :scopes, :website)
   end
 end
author	Eugen Rochko <eugen@zeonfederated.com>	2017-04-04 01:33:34 +0200
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-04-04 01:33:34 +0200
commit	4c53af64f0b10bc11473df5e3fd1cd7a11b755f6 (patch)
tree	9bad122ae3a66b4171f48947cbb33496e2f8b2de /app/controllers/api/v1/apps_controller.rb
parent	f722bd2387df9163760014e9555928ec487ae95f (diff)