From 86d09ff21e606b0db4eaa07ae8d5cd6e4528772d Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sat, 22 Feb 2020 17:41:45 +0000
Subject: [PATCH] Bring strong parameters code from spree to
 payment_methods_controller

This code comes from spree commit https://github.com/openfoodfoundation/spree/commit/fbc2d150f640399d73baab5295416da7131b95e7
---
 .../spree/admin/payment_methods_controller.rb          | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/spree/admin/payment_methods_controller.rb b/app/controllers/spree/admin/payment_methods_controller.rb
index 4665417bcf..a1303eed0f 100644
--- a/app/controllers/spree/admin/payment_methods_controller.rb
+++ b/app/controllers/spree/admin/payment_methods_controller.rb
@@ -15,7 +15,7 @@ module Spree
         @payment_method = params[:payment_method].
           delete(:type).
           constantize.
-          new(params[:payment_method])
+          new(payment_method_params)
         @object = @payment_method
 
         invoke_callbacks(:create, :before)
@@ -40,8 +40,8 @@ module Spree
           @payment_method = PaymentMethod.find(params[:id])
         end
 
-        payment_method_params = params[ActiveModel::Naming.param_key(@payment_method)] || {}
-        attributes = params[:payment_method].merge(payment_method_params)
+        update_params = params[ActiveModel::Naming.param_key(@payment_method)] || {}
+        attributes = payment_method_params.merge(update_params)
         attributes.each do |k, _v|
           if k.include?("password") && attributes[k].blank?
             attributes.delete(k)
@@ -100,6 +100,10 @@ module Spree
 
       private
 
+      def payment_method_params
+        params.require(:payment_method).permit!
+      end
+
       def force_environment
         params[:payment_method][:environment] = Rails.env unless spree_current_user.admin?
       end