apicasso 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/apicasso/apidocs_controller.rb +1 -1
  3. data/app/controllers/apicasso/application_controller.rb +0 -13
  4. data/app/controllers/apicasso/crud_controller.rb +13 -0
  5. data/lib/apicasso/version.rb +1 -1
  6. data/spec/dummy/log/test.log +2050 -0
  7. data/spec/requests/plurarized/bad_requests_with_plurarize_spec.rb +51 -0
  8. data/spec/requests/plurarized/requests_with_plurarize_spec.rb +337 -0
  9. data/spec/requests/{bad_requests_spec.rb → singularized/bad_requests_spec.rb} +0 -0
  10. data/spec/requests/{requests_spec.rb → singularized/requests_spec.rb} +13 -22
  11. data/spec/token/token_spec.rb +18 -0
  12. metadata +12 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '008a3e92922e32986a11c43d51478f4dd3eb8e44e287abf9027952c6415b00d3'
4
- data.tar.gz: 146ae0b052be05e8f9a9dbf5c32563d39469e6887c1343d4c4e8ac70206c0708
3
+ metadata.gz: 9f97d82fa4adce27dc1554104e77c6b6feef8b18278ff7d0b4976ab50b3d41b5
4
+ data.tar.gz: dc5780ab2577de9344c1c108101184c38f58ac6a1c85213eae437287f9aadc92
5
5
  SHA512:
6
- metadata.gz: 93ae0a99e84f211f429d6daa80ba0f8690fb7903c155ad6e769f8cef18e8ee2ae8b52783460af857e464d750822a9d2876d23d75fb88323890a817597a950e08
7
- data.tar.gz: 8ff1d500a8daea84d2b6137cc8a7cefcbf5b71097d9263f8c7a1588ac7c1d7f3efbd1a48b43b9f7156611b9510c8c3f615d1c9af4801c492443401c891e6ea8a
6
+ metadata.gz: b0fe68e61a194f736b710fc8ed39194520f2e8d515937886f085fa4eb4c50ca96d699001d894db8c2e8df039611b18cec7faa3900040c7b99dec61a250890615
7
+ data.tar.gz: b8a454334bbf8825563d2f1c81aab99d971b1cab0d840a70dc1c99ac59579342eca245e47182f193446979f3a76e0d9d745dabcb3bd67617bb019ba3c8f5cb47
data/app/controllers/apicasso/apidocs_controller.rb CHANGED
@@ -4,7 +4,7 @@ module Apicasso
4
4
  # Controller used to generate an application Swagger JSON, used by
5
5
  # SwaggerUI to generate beautiful API documentation
6
6
  class ApidocsController < Apicasso::ApplicationController
7
- skip_before_action :restrict_access
7
+ skip_before_action :restrict_access, :klasses_allowed, :set_root_resource
8
8
 
9
9
  include Swagger::Blocks
10
10
  # Default application settings for documentation generation.
data/app/controllers/apicasso/application_controller.rb CHANGED
@@ -7,9 +7,7 @@ module Apicasso
7
7
  class ApplicationController < ActionController::API
8
8
  include ActionController::HttpAuthentication::Token::ControllerMethods
9
9
  prepend_before_action :restrict_access
10
- prepend_before_action :klasses_allowed
11
10
  before_action :set_root_resource
12
- before_action :bad_request?
13
11
  after_action :register_api_request
14
12
 
15
13
  include SqlSecurity
@@ -162,11 +160,6 @@ module Apicasso
162
160
  uri.to_s
163
161
  end
164
162
 
165
- # Check for a bad request to be more secure
166
- def klasses_allowed
167
- raise ActionController::BadRequest.new('Bad hacker, stop be bully or I will tell to your mom!') unless descendants_included?
168
- end
169
-
170
163
  # Check if it's a descendant model allowed
171
164
  def descendants_included?
172
165
  DESCENDANTS_UNDERSCORED.include?(param_attribute.to_s.underscore)
@@ -188,11 +181,5 @@ module Apicasso
188
181
  authorize! opts[:action], opts[:resource] if opts[:resource].present?
189
182
  authorize! opts[:action], opts[:object] if opts[:object].present?
190
183
  end
191
-
192
- # Check for SQL injection before requests and
193
- # raise a exception when find
194
- def bad_request?
195
- raise ActionController::BadRequest.new('Bad hacker, stop be bully or I will tell to your mom!') unless sql_injection(resource)
196
- end
197
184
  end
198
185
  end
data/app/controllers/apicasso/crud_controller.rb CHANGED
@@ -3,6 +3,8 @@
3
3
  module Apicasso
4
4
  # Controller to consume read-only data to be used on client's frontend
5
5
  class CrudController < Apicasso::ApplicationController
6
+ prepend_before_action :klasses_allowed
7
+ before_action :bad_request?
6
8
  before_action :set_object, except: %i[index create schema]
7
9
  before_action :set_nested_resource, only: %i[nested_index]
8
10
  before_action :set_records, only: %i[index]
@@ -224,5 +226,16 @@ module Apicasso
224
226
  end
225
227
  end.compact
226
228
  end
229
+
230
+ # Check for SQL injection before requests and
231
+ # raise a exception when find
232
+ def bad_request?
233
+ raise ActionController::BadRequest.new('Bad hacker, stop be bully or I will tell to your mom!') unless sql_injection(resource)
234
+ end
235
+
236
+ # Check for a bad request to be more secure
237
+ def klasses_allowed
238
+ raise ActionController::BadRequest.new('Bad hacker, stop be bully or I will tell to your mom!') unless descendants_included?
239
+ end
227
240
  end
228
241
  end
data/lib/apicasso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Apicasso
2
- VERSION = '0.6.0'.freeze
2
+ VERSION = '0.6.1'.freeze
3
3
  end