When running functional tests on my controller code in a Rails 3 project, I have a fatal error; the params variable contains controller and action, and ActiveModel is not happy about it:

ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes: controller, action
    /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
    /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
    /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
    /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.2.1/lib/active_model/mass_assignment_security.rb:228:in `sanitize_for_mass_assignment'
    /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.2.1/lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
    /Users/phooze/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.2.1/lib/active_record/base.rb:495:in `initialize'
    /Users/phooze/Documents/rails-app/app/controllers/credentials_controller.rb:40:in `new'

The application call is to the “new” method (where the error is occurring), the code is:

  # Credential#create (POST)
  def create
      @credential = Credential.new(params)
      # ... controller continues
  end

Finally, my test case:

  test "should create credential" do
    assert_difference('Credential.count', 1) do
      post :create, { :fid => "foobarbaz", :credentials_hash => "f00ba7f00ba7", :uid => "10023", :cid => "342" }
    end
    assert_response :created
  end

Changing my controller code to a “separate” parameter hash containing ONLY the fid, credentials_hash, uid, and cid makes it work. I’m pretty sure Rails is trying to be “nice” and provide me with addtional values for testing, but it seems to be causing problems.

Any recommendations on how to solve this?