ActiveModel::ForbiddenAttributesError when creating new user

I guess you are using Rails 4. If so, the needed parameters must be marked as required.

You might want to do it like this:

class UsersController < ApplicationController  def create    @user = User.new(user_params)    # ...  end  private  def user_params    params.require(:user).permit(:username, :email, :password, :salt, :encrypted_password)  endend

For those using CanCan. People might be experiencing this if they use CanCan with Rails 4+. Try AntonTrapps's rather clean workaround solution here until CanCan gets updated:

In the ApplicationController:

before_filter do  resource = controller_name.singularize.to_sym  method = "#{resource}_params"  params[resource] &&= send(method) if respond_to?(method, true)end

and in the resource controller (for example NoteController):

privatedef note_params  params.require(:note).permit(:what, :ever)end

Update:

Here's a continuation project for CanCan called CanCanCan, which looks promising:

CanCanCan

There is an easier way to avoid the Strong Parameters at all, you just need to convert the parameters to a regular hash, as:

unlocked_params = ActiveSupport::HashWithIndifferentAccess.new(params)model.create!(unlocked_params)

This defeats the purpose of strong parameters of course, but if you are in a situation like mine (I'm doing my own management of allowed params in another part of my system) this will get the job done.