Filter :id in User.build for now

Rails 4 seem to allow setting the id through supplied parameters
The controllers ported to strong_parameters should guard against
attacks over this vector, but I didn't want to remove the specs
that test this here

app/models/user.rb

@@ -355,7 +355,7 @@ class User < ActiveRecord::Base
 
   ###Helpers############
   def self.build(opts = {})
-    u = User.new(opts.except(:person))
+    u = User.new(opts.except(:person, :id))
     u.setup(opts)
     u
   end
@@ -369,7 +369,7 @@ class User < ActiveRecord::Base
     errors = self.errors
     errors.delete :person
     return if errors.size > 0
-    self.set_person(Person.new(opts[:person] || {} ))
+    self.set_person(Person.new((opts[:person] || {}).except(:id)))
     self.generate_keys
     self
   end