diff --git a/app/controllers/benefit_forms_controller.rb b/app/controllers/benefit_forms_controller.rb
index 2f59d72..97721c9 100644
--- a/app/controllers/benefit_forms_controller.rb
+++ b/app/controllers/benefit_forms_controller.rb
@@ -11,7 +11,7 @@ class BenefitFormsController < ApplicationController
      file = params[:type].constantize.new(path)
      send_file file, disposition: "attachment"
    rescue
-     redirect_to user_benefit_forms_path(user_id: current_user.user_id)
+     redirect_to user_benefit_forms_path(user_id: current_user.id)
    end
   end
 
@@ -23,7 +23,7 @@ class BenefitFormsController < ApplicationController
     else
       flash[:error] = "Something went wrong"
     end
-    redirect_to user_benefit_forms_path(user_id: current_user.user_id)
+    redirect_to user_benefit_forms_path(user_id: current_user.id)
   end
 
 end
diff --git a/spec/vulnerabilities/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb
index 1d4c3e7..2e27350 100644
--- a/spec/vulnerabilities/mass_assignment_spec.rb
+++ b/spec/vulnerabilities/mass_assignment_spec.rb
@@ -12,8 +12,8 @@ feature "mass assignment" do
 
     login(@normal_user)
 
-    params = {user: {admin: "t",
-                        user_id: @normal_user.id,
+    params = { user:  { admin: "t",
+                        id: @normal_user.id,
                         password: @normal_user.clear_password,
                         password_confirmation: @normal_user.clear_password}}
     page.driver.put "/users/#{@normal_user.id}.json", params