Turn on mass assignment protection

Require any attribute that is going to be mass assigned to be
whitelisted, and whitelist those attributes which need it

test/unit/oauth_token_test.rb

@@ -15,7 +15,9 @@ class OauthTokenTest < ActiveSupport::TestCase
   ##
   # check that an authorized token is authorised and can be invalidated
   def test_token_authorisation
-    tok = RequestToken.create :client_application => client_applications(:oauth_web_app)
+    tok = RequestToken.create({
+      :client_application => client_applications(:oauth_web_app)
+    }, :without_protection => true)
     assert_equal false, tok.authorized?, "Token should be created unauthorised."
     tok.authorize!(users(:public_user))
     assert_equal true, tok.authorized?, "Token should now be authorised."