No mass assignment allowed for Rails 4.1
instead of having attr_accessible :username, :email, :password, :password_confirmation in your model, use strong parameters.
You’ll do this in your UsersController:
def user_params
params.require(:user).permit(:username, :email, :password, :password_confirmation)
end
then call the user_params method in your controller actions.