From 04f94674a575c7d800af4b58bfc8859d2691726e Mon Sep 17 00:00:00 2001
From: dferrazm <d.ferrazm@gmail.com>
Date: Wed, 26 Oct 2016 10:58:33 +0200
Subject: [PATCH] Remove the dependency for `protected_attributes` in order to
 make it Rails 5 compliant.

---
 Appraisals                                 |  2 --
 README.rdoc                                |  8 +++++++-
 gemfiles/activerecord_4_0.gemfile          |  3 +--
 gemfiles/activerecord_4_1.gemfile          |  3 +--
 lib/songkick/oauth2/model/authorization.rb |  3 ---
 lib/songkick/oauth2/model/client.rb        |  3 ---
 spec/songkick/oauth2/model/client_spec.rb  | 11 -----------
 spec/spec_helper.rb                        |  2 --
 8 files changed, 9 insertions(+), 26 deletions(-)

diff --git a/Appraisals b/Appraisals
index f8462efe..b93f4658 100644
--- a/Appraisals
+++ b/Appraisals
@@ -26,12 +26,10 @@ if RUBY_VERSION >= '1.9'
   appraise 'activerecord_4_0' do
     gem 'activerecord', '~> 4.0.0'
     gem 'mysql', '~> 2.9.0' if ENV['DB'] == 'mysql'
-    gem 'protected_attributes', '~> 1.0.0'
   end
 
   appraise 'activerecord_4_1' do
     gem 'activerecord', '~> 4.1.0'
     gem 'mysql', '~> 2.9.0' if ENV['DB'] == 'mysql'
-    gem 'protected_attributes', '~> 1.0.0'
   end
 end
diff --git a/README.rdoc b/README.rdoc
index d0a0cde7..71440207 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -172,6 +172,13 @@ you should show its details to the user registering the client: its
 <tt>client_secret</tt> is not stored in plain text so you can only read it when
 you initially create the client object.
 
+==== Note on protecting Client attributes
+
+It is important to make sure to protect the <tt>Client</tt> model attributes from mass-assigning. Either using
+<tt>protected attributes</tt> (Rails < 4) or <tt>strong parameters</tt> (Rails >= 4).
+
+Do not allow the attributes <tt>client_id</tt> and <tt>client_secret</tt> to be mass-assigned. Usually, you'll only allow
+the attributes <tt>name</tt> and <tt>redirect_uri</tt> to be mass-assigned.
 
 === OAuth request endpoint
 
@@ -401,4 +408,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
-
diff --git a/gemfiles/activerecord_4_0.gemfile b/gemfiles/activerecord_4_0.gemfile
index 1800e878..40e7c3ba 100644
--- a/gemfiles/activerecord_4_0.gemfile
+++ b/gemfiles/activerecord_4_0.gemfile
@@ -4,6 +4,5 @@ source "https://rubygems.org"
 
 gem "activerecord", "~> 4.0.0"
 gem "mysql", "~> 2.9.0"
-gem "protected_attributes", "~> 1.0.0"
 
-gemspec :path=>"../"
\ No newline at end of file
+gemspec :path=>"../"
diff --git a/gemfiles/activerecord_4_1.gemfile b/gemfiles/activerecord_4_1.gemfile
index ee06ee8e..014c6bfc 100644
--- a/gemfiles/activerecord_4_1.gemfile
+++ b/gemfiles/activerecord_4_1.gemfile
@@ -4,6 +4,5 @@ source "https://rubygems.org"
 
 gem "activerecord", "~> 4.1.0"
 gem "mysql", "~> 2.9.0"
-gem "protected_attributes", "~> 1.0.0"
 
-gemspec :path=>"../"
\ No newline at end of file
+gemspec :path=>"../"
diff --git a/lib/songkick/oauth2/model/authorization.rb b/lib/songkick/oauth2/model/authorization.rb
index 75a71340..a090aff8 100644
--- a/lib/songkick/oauth2/model/authorization.rb
+++ b/lib/songkick/oauth2/model/authorization.rb
@@ -17,8 +17,6 @@ class Authorization < ActiveRecord::Base
         validates_uniqueness_of :refresh_token_hash, :scope => :client_id, :allow_nil => true
         validates_uniqueness_of :access_token_hash,                        :allow_nil => true
 
-        attr_accessible nil
-
         class << self
           private :create, :new
         end
@@ -134,4 +132,3 @@ def scopes
     end
   end
 end
-
diff --git a/lib/songkick/oauth2/model/client.rb b/lib/songkick/oauth2/model/client.rb
index 88d2c6aa..f56f6e29 100644
--- a/lib/songkick/oauth2/model/client.rb
+++ b/lib/songkick/oauth2/model/client.rb
@@ -15,8 +15,6 @@ class Client < ActiveRecord::Base
         validates_presence_of   :name, :redirect_uri
         validate :check_format_of_redirect_uri
 
-        attr_accessible :name, :redirect_uri
-
         before_create :generate_credentials
 
         def self.create_client_id
@@ -56,4 +54,3 @@ def generate_credentials
     end
   end
 end
-
diff --git a/spec/songkick/oauth2/model/client_spec.rb b/spec/songkick/oauth2/model/client_spec.rb
index d9d22f8c..c91388f2 100644
--- a/spec/songkick/oauth2/model/client_spec.rb
+++ b/spec/songkick/oauth2/model/client_spec.rb
@@ -32,16 +32,6 @@
     @client.should_not be_valid
   end
 
-  it "cannot mass-assign client_id" do
-    @client.update_attributes(:client_id => 'foo')
-    @client.client_id.should_not == 'foo'
-  end
-
-  it "cannot mass-assign client_secret" do
-    @client.update_attributes(:client_secret => 'foo')
-    @client.client_secret.should_not == 'foo'
-  end
-
   it "has client_id and client_secret filled in" do
     @client.client_id.should_not be_nil
     @client.client_secret.should_not be_nil
@@ -52,4 +42,3 @@
     Songkick::OAuth2::Model::Authorization.count.should be_zero
   end
 end
-
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 0716bfb0..976f2b0a 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -2,7 +2,6 @@
 require 'bundler/setup'
 
 require 'active_record'
-require 'protected_attributes' if defined?(ActiveRecord::VERSION) && ActiveRecord::VERSION::MAJOR > 3
 
 require 'songkick/oauth2/provider'
 
@@ -79,4 +78,3 @@ def create_authorization(params)
     end
   end
 end
-