RailsCan't mass-assign protected attributes

Question

I'm trying a simple authentication system with has_secure_password and I am getting the error listed in the title. I've seen this question several times but none of the advice or fixes for others are working for me. I'm at the point where I"m sure I must have a simple error but I can find none. Posted below is my relevant code:

Gemfile:

gem 'rails', '3.2.13'

gem 'bcrypt-ruby'

users_controller:

class UsersController < ApplicationController
def new
  @user = User.new
end

def create
  @user = User.new(params{:user})
  if @user.save
    session[:user_id] = @user.id
    redirect_to root_url, notice: "User created"
  else
    render "new"
    end
  end
end

user model:

class User < ActiveRecord::Base
  has_secure_password
  attr_accessible :email, :password, :password_confirmation

  validates :password, presence: true, length: { minimum: 6 }
  validates_confirmation_of :password

  validates :password_confirmation, presence: true
end

user form:

<div class="field">
  <%= f.label :email %><br />
  <%= f.text_field :email %>
</div>
<div class="field">
  <%= f.label :password %><br />
  <%= f.password_field :password %>
</div>
<div class="field">
  <%= f.label :password_confirmation %><br />
  <%= f.password_field :password_confirmation %>
</div>
<div class="actions"><%= f.submit "Sign Up" %></div>
<% end %>

Migration:

class CreateUsers < ActiveRecord::Migration
  def change
    create_table :users do |t|
      t.string :email
      t.string :password_digest

      t.timestamps
    end
  end
end

Here is the actual error I'm getting:

Can't mass-assign protected attributes: utf8, authenticity_token, user, commit, action,      controller

Thank you in advance for any insight to my dilemma.

Answer 1

You are assigning the full params hash, which has all those fields mentioned. This is the cause

@user = User.new(params{:user})

which should be

@user = User.new(params[:user])