auto_strong_parameters 0.0.4 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dddcaa6e82b8ee32c7c48e829645a716a51298ebdc0e354951782454e6c50a7e
-  data.tar.gz: df7e2c4d6ac02ae237d5d432269be80e5f9182b583216201909dfc99b724e3dc
+  metadata.gz: fabd8f4e0268992eefe957cfe8c6787bd7d37c96f866859c4badd2e1b3ac11bd
+  data.tar.gz: cee5efc7064816c8787e4b0c59a4909cade8f63620db9a4f6c49fc119ee47ae4
 SHA512:
-  metadata.gz: b311a61ef84324b1cd74e98bafcfa9e11a0b0493baa1e03bc388907cf31f7c06bf079d073349a63167a9936deb5bb6d6e6996c20f4c39ed6b21d2956a850510f
-  data.tar.gz: 9dde9aa41c0af04cbb757429acbf98b3826c981c8d6162468665c2863bcebb6606eac066b384eb72b82566447bee69a407ca6287e80a04410448234f06000236
+  metadata.gz: 9d02baee4ff7f2a36c05f6dd5efb1309fe9656bcc1880c58ac30bf09b6c0c841b5b34c5b2572d1a4b0f494d701e5d7c7ed5f9fcb9e7579f66b6f238329732a9d
+  data.tar.gz: e1ca46986d421cb6d1c1a10efed5624644d493853806b6db64d43eb611f9cd0981a7b865783df5481aa497c2d8cff6d6b1ff2e832fd14c750cae2227dc279438

data/Rakefile

@@ -9,3 +9,29 @@ end
 
 desc "Run tests"
 task default: :test
+
+task :appr_31 do
+  cmd = <<~CMD
+    # Run appraisals under Ruby 3.1
+    rbenv local 3.1.7
+    echo "Testing Ruby 3.1 Rails versions..." &&
+    bundle exec appraisal rails-4-2 rake test > /dev/null 2>&1 && echo "✅ Rails 4.2: PASSED" || echo "❌ Rails 4.2: FAILED" &&
+    bundle exec appraisal rails-5-2 rake test > /dev/null 2>&1 && echo "✅ Rails 5.2: PASSED" || echo "❌ Rails 5.2: FAILED"
+  CMD
+  system cmd
+end
+
+task :appr_33 do
+  cmd = <<~CMD
+    # Run Ruby 3.3 appraisals
+    rbenv local 3.3.7
+    echo "Testing Ruby 3.3 Rails versions..." &&
+    bundle exec appraisal rails-6-0 rake test > /dev/null 2>&1 && echo "✅ Rails 6.0: PASSED" || echo "❌ Rails 6.0: FAILED" &&
+    bundle exec appraisal rails-6-1 rake test > /dev/null 2>&1 && echo "✅ Rails 6.1: PASSED" || echo "❌ Rails 6.1: FAILED" &&
+    bundle exec appraisal rails-7-0 rake test > /dev/null 2>&1 && echo "✅ Rails 7.0: PASSED" || echo "❌ Rails 7.0: FAILED" &&
+    bundle exec appraisal rails-7-1 rake test > /dev/null 2>&1 && echo "✅ Rails 7.1: PASSED" || echo "❌ Rails 7.1: FAILED" &&
+    bundle exec appraisal rails-7-2 rake test > /dev/null 2>&1 && echo "✅ Rails 7.2: PASSED" || echo "❌ Rails 7.2: FAILED" &&
+    bundle exec appraisal rails-8-0 rake test > /dev/null 2>&1 && echo "✅ Rails 8.0: PASSED" || echo "❌ Rails 8.0: FAILED"
+  CMD
+  system cmd
+end

data/lib/auto_strong_parameters/auto_form_params.rb

@@ -4,17 +4,44 @@ module AutoStrongParameters::AutoFormParams
   extend ActiveSupport::Concern
 
   included do
-    attr_reader :_asp_fields
+    attr_reader :_asp_fields, :_asp_original_options
   end
 
-  ASP_NAME_REGEX = /\sname=\"(.+?)\"/
+  ASP_NAME_REGEX = /\bname=\"(.+?)\"/
   ASP_DIGIT_REGEX = /\[\d+\]/
 
   TRACKED_FIELDS = %w(
-    search_field telephone_field date_field time_field datetime_field
-    month_field week_field url_field email_field number_field range_field
-    file_field password_field text_area text_field radio_button phone_field
-    select collection_select trix_editor
+    check_box
+    collection_check_boxes
+    collection_radio_buttons
+    collection_select
+    color_field
+    date_field
+    datetime_field
+    datetime_local_field
+    email_field
+    file_field
+    grouped_collection_select
+    hidden_field
+    month_field
+    number_field
+    password_field
+    phone_field
+    radio_button
+    range_field
+    rich_text_area
+    rich_textarea
+    search_field
+    select
+    telephone_field
+    text_area
+    textarea
+    text_field
+    time_field
+    time_zone_select
+    trix_editor
+    url_field
+    week_field
   )
 
   TRACKED_FIELDS.each do |name|
@@ -27,19 +54,41 @@ module AutoStrongParameters::AutoFormParams
     RUBY_EVAL
   end
 
+  # Override form_for to capture original options (Rails 4+). This is the only
+  # way to capture data attributes that are provided via string like
+  # "data-asp-disabled".
+  def form_for(record, options = {}, &block)
+    @_asp_original_options = options.dup
+    super
+  end
+
+  # Override form_with to capture original options (Rails 5+).
+  def form_with(**args, &block)
+    @_asp_original_options = args.dup
+
+    # Rails 8 requires model to be an object or false, not nil
+    # If model is nil and url is provided, set model to false for Rails 8 compatibility
+    if args[:model].nil? && args[:url]
+      args[:model] = false
+    end
+
+    super(**args, &block)
+  end
+
   private
 
   def _asp_track_field(field)
     @_asp_fields ||= []
-    @_asp_fields << field.match(ASP_NAME_REGEX)[1].gsub(ASP_DIGIT_REGEX, '[]')
+
+    if match_data = field.match(ASP_NAME_REGEX)
+      @_asp_fields << match_data[1].gsub(ASP_DIGIT_REGEX, '[]')
+    end
   end
 
   # Generate a hidden input with the signed value of the params shape for this
   # form. Append to the form.
   def _asp_hidden_tag
     if _asp_fields.present?
-      # puts "========= Adding tag =========="
-      # puts _asp_fields.inspect
       name = AutoStrongParameters.asp_message_key
       to_sign = asp_fields_to_shape
       signature = AutoStrongParameters.verifier.generate(to_sign)
@@ -57,7 +106,9 @@ module AutoStrongParameters::AutoFormParams
   def form_tag_with_body(html_options, content)
     output = form_tag_html(html_options)
     output << content.to_s if content
-    output << _asp_hidden_tag
+    if auto_strong_parameters_enabled?(html_options)
+      output << _asp_hidden_tag
+    end
     output.safe_concat("</form>")
   end
 
@@ -69,4 +120,26 @@ module AutoStrongParameters::AutoFormParams
       Rack::Utils.parse_nested_query(_asp_fields.join("=&") + "=")
     )
   end
+
+  def auto_strong_parameters_enabled?(opts)
+    return false if AutoStrongParameters.disabled?
+
+    # Check both processed options and original options
+    # Use trailing predicates instead of ||= to handle false values.
+    inline_val = opts.dig("data", :asp_disabled)
+    inline_val = opts["data-asp-disabled"] if inline_val.nil?
+    inline_val = opts[:data_asp_disabled] if inline_val.nil?
+    inline_val = opts[:'data-asp-disabled'] if inline_val.nil?
+
+    # If not found in processed options, check original options from form_for
+    if inline_val.nil? && defined?(@_asp_original_options) && @_asp_original_options
+      inline_val = @_asp_original_options["data-asp-disabled"]
+      inline_val = @_asp_original_options[:'data-asp-disabled'] if inline_val.nil?
+    end
+
+    # If inline_val is blank, ASP is enabled by default
+    # If inline_val is explicitly set to disable ASP, honor that
+    # Otherwise ASP is enabled (including for 'enabled' and 'false' values)
+    !inline_val.to_s.in?(['disabled', 'true'])
+  end
 end

data/lib/auto_strong_parameters/auto_permit.rb

@@ -5,12 +5,24 @@ module AutoStrongParameters
     def auto_permit!(key)
       shape = asp_auto_permitted_params
 
-      require(key).permit(shape[key])
+      permitted_shape = shape[key]
+
+      # Log the shape we're permitting so that developers who may need to use
+      # StrongParameters directly can easily copy the shape into a regular
+      # #permit call.
+      AutoStrongParameters.logger.debug("AutoStrongParameters: Permitting params for key '#{key}' with shape: #{permitted_shape.inspect}")
+
+      require(key).permit(permitted_shape)
     end
 
     def asp_auto_permitted_params
       if sig = self[AutoStrongParameters.asp_message_key]
-        AutoStrongParameters.verifier.verify(sig) rescue {}
+        begin
+          AutoStrongParameters.verifier.verify(sig)
+        rescue => e
+          AutoStrongParameters.logger.warn("AutoStrongParameters: Error verifying signature for params: #{e.message}")
+          {}
+        end
       else
         {}
       end.with_indifferent_access

data/lib/auto_strong_parameters/version.rb

@@ -1,3 +1,3 @@
 module AutoStrongParameters
-  VERSION = "0.0.4"
+  VERSION = "0.0.6"
 end

data/lib/auto_strong_parameters.rb

@@ -20,6 +20,23 @@ module AutoStrongParameters
     @secret ||= Rails.application.config.secret_key_base
   end
 
+  def self.enabled
+    @enabled = true if !defined?(@enabled)
+    @enabled
+  end
+
+  def self.enabled?
+    !!enabled
+  end
+
+  def self.disabled?
+    !enabled
+  end
+
+  def self.enabled=(value)
+    @enabled = value
+  end
+
   def self.to_strong_params_shape(obj)
     items = Set.new
     hsh = {}
@@ -83,4 +100,12 @@ module AutoStrongParameters
   def self.verifier=(custom_verifier)
     @verifier = custom_verifier
   end
+
+  def self.logger
+    @logger ||= Rails.logger
+  end
+
+  def self.logger=(custom_logger)
+    @logger = custom_logger
+  end
 end

data/test/apps/rails52.rb

@@ -29,8 +29,7 @@ module Rails52
     config.cache_classes = true
 
     config.eager_load = false
-    config.serve_static_files  = true
-    config.static_cache_control = "public, max-age=3600"
+    config.public_file_server.enabled = false
 
     config.consider_all_requests_local       = true
     config.action_controller.perform_caching = false

data/test/apps/rails71.rb

@@ -0,0 +1,56 @@
+require "rails"
+
+[
+  #'active_record',
+  'active_model',
+  'action_controller',
+  'action_view',
+  #'action_mailer',
+  #'active_job',
+  'rails/test_unit',
+  #'sprockets',
+].each do |framework|
+  begin
+    require "#{framework}/railtie"
+  rescue LoadError
+  end
+end
+
+require 'action_view/testing/resolvers'
+require 'rails/test_help'
+
+require 'auto_strong_parameters'
+
+require_relative './test_app'
+
+module Rails71
+  class Application < Rails::Application
+    config.root = File.expand_path("../../..", __FILE__)
+    config.cache_classes = true
+
+    config.eager_load = false
+    config.serve_static_files  = true
+    config.static_cache_control = "public, max-age=3600"
+
+    config.consider_all_requests_local       = true
+    config.action_controller.perform_caching = false
+
+    config.action_dispatch.show_exceptions = false
+
+    config.action_controller.allow_forgery_protection = false
+
+    config.active_support.deprecation = :stderr
+
+    config.active_support.test_order = :sorted
+
+    config.middleware.delete Rack::Lock
+    config.middleware.delete ActionDispatch::Flash
+    config.secret_key_base = TestApp.secret_key_base
+    routes.append(&TestApp.routes)
+  end
+end
+
+require_relative './models'
+require_relative './basic_controller'
+
+Rails71::Application.initialize!

data/test/apps/rails72.rb

@@ -0,0 +1,56 @@
+require "rails"
+
+[
+  #'active_record',
+  'active_model',
+  'action_controller',
+  'action_view',
+  #'action_mailer',
+  #'active_job',
+  'rails/test_unit',
+  #'sprockets',
+].each do |framework|
+  begin
+    require "#{framework}/railtie"
+  rescue LoadError
+  end
+end
+
+require 'action_view/testing/resolvers'
+require 'rails/test_help'
+
+require 'auto_strong_parameters'
+
+require_relative './test_app'
+
+module Rails72
+  class Application < Rails::Application
+    config.root = File.expand_path("../../..", __FILE__)
+    config.cache_classes = true
+
+    config.eager_load = false
+    config.serve_static_files  = true
+    config.static_cache_control = "public, max-age=3600"
+
+    config.consider_all_requests_local       = true
+    config.action_controller.perform_caching = false
+
+    config.action_dispatch.show_exceptions = false
+
+    config.action_controller.allow_forgery_protection = false
+
+    config.active_support.deprecation = :stderr
+
+    config.active_support.test_order = :sorted
+
+    config.middleware.delete Rack::Lock
+    config.middleware.delete ActionDispatch::Flash
+    config.secret_key_base = TestApp.secret_key_base
+    routes.append(&TestApp.routes)
+  end
+end
+
+require_relative './models'
+require_relative './basic_controller'
+
+Rails72::Application.initialize!

data/test/apps/rails80.rb

@@ -0,0 +1,56 @@
+require "rails"
+
+[
+  #'active_record',
+  'active_model',
+  'action_controller',
+  'action_view',
+  #'action_mailer',
+  #'active_job',
+  'rails/test_unit',
+  #'sprockets',
+].each do |framework|
+  begin
+    require "#{framework}/railtie"
+  rescue LoadError
+  end
+end
+
+require 'action_view/testing/resolvers'
+require 'rails/test_help'
+
+require 'auto_strong_parameters'
+
+require_relative './test_app'
+
+module Rails80
+  class Application < Rails::Application
+    config.root = File.expand_path("../../..", __FILE__)
+    config.cache_classes = true
+
+    config.eager_load = false
+    config.serve_static_files  = true
+    config.static_cache_control = "public, max-age=3600"
+
+    config.consider_all_requests_local       = true
+    config.action_controller.perform_caching = false
+
+    config.action_dispatch.show_exceptions = false
+
+    config.action_controller.allow_forgery_protection = false
+
+    config.active_support.deprecation = :stderr
+
+    config.active_support.test_order = :sorted
+
+    config.middleware.delete Rack::Lock
+    config.middleware.delete ActionDispatch::Flash
+    config.secret_key_base = TestApp.secret_key_base
+    routes.append(&TestApp.routes)
+  end
+end
+
+require_relative './models'
+require_relative './basic_controller'
+
+Rails80::Application.initialize!

data/test/auto_form_params_test.rb

@@ -5,6 +5,12 @@ require 'test_helper'
 class AutoFormParamsTest < ActionController::TestCase
   setup do
     @controller = BasicController.new
+    @original_view_paths = BasicController.view_paths
+  end
+
+  teardown do
+    # Restore original view paths
+    BasicController.view_paths = @original_view_paths
   end
 
   def signature
@@ -45,11 +51,312 @@ class AutoFormParamsTest < ActionController::TestCase
 
   def test_new
     get :new
-    assert_response :ok
-
-    assert_select "form[id='new_user']"
     assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']" do
       assert_select "[value=?]", signature
     end
   end
+
+  def test_form_with_malformed_field_does_not_crash
+    # This test demonstrates the bug where _asp_track_field fails when regex doesn't match
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~MALFORMED_FORM
+        <%= form_for @user, url: "/auto_permit" do |f| %>
+          <%= f.text_field :name, name: nil %>
+          <%= f.email_field :email %>
+        <% end %>
+      MALFORMED_FORM
+    )]
+
+    get :new
+    # Form should still render and include ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']"
+  end
+
+  def test_disabled_form_does_not_include_asp_hidden_tag
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", data: { asp_disabled: true } do |f| %>
+          <%= f.text_field :name %>
+          <%= f.email_field :email %>
+        <% end %>
+      DISABLED_FORM
+    )]
+
+    get :new
+    # Should NOT have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']", false
+  end
+
+  def test_globally_disabled_does_not_include_asp_hidden_tag
+    # Temporarily disable globally
+    AutoStrongParameters.enabled = false
+
+    get :new
+    # Should NOT have the ASP hidden tag when globally disabled
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']", false
+
+    # Re-enable for other tests
+    AutoStrongParameters.enabled = true
+  end
+
+  def test_enabled_methods
+    # Test default state
+    assert AutoStrongParameters.enabled?
+    refute AutoStrongParameters.disabled?
+
+    # Test setting to false
+    AutoStrongParameters.enabled = false
+    refute AutoStrongParameters.enabled?
+    assert AutoStrongParameters.disabled?
+
+    # Test setting back to true
+    AutoStrongParameters.enabled = true
+    assert AutoStrongParameters.enabled?
+    refute AutoStrongParameters.disabled?
+  end
+
+  def test_form_with_data_asp_disabled_attribute
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DATA_DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", data: { asp_disabled: "true" } do |f| %>
+          <%= f.text_field :name %>
+        <% end %>
+      DATA_DISABLED_FORM
+    )]
+
+    get :new
+    # Should NOT have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']", false
+  end
+
+  def test_form_with_data_asp_boolean_disabled_true
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DATA_DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", data: { asp_disabled: true } do |f| %>
+          <%= f.text_field :name %>
+        <% end %>
+      DATA_DISABLED_FORM
+    )]
+
+    get :new
+    # Should NOT have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']", false
+  end
+
+  def test_form_with_data_asp_boolean_disabled_false
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DATA_DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", data: { asp_disabled: false } do |f| %>
+          <%= f.text_field :name %>
+        <% end %>
+      DATA_DISABLED_FORM
+    )]
+
+    get :new
+    # Should have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']"
+  end
+
+  def test_form_with_data_asp_disabled_string_disabled
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DATA_DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", data: { asp_disabled: "disabled" } do |f| %>
+          <%= f.text_field :name %>
+        <% end %>
+      DATA_DISABLED_FORM
+    )]
+
+    get :new
+    # Should NOT have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']", false
+  end
+
+  def test_form_with_data_asp_disabled_string_enabled
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DATA_DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", data: { asp_disabled: "enabled" } do |f| %>
+          <%= f.text_field :name %>
+        <% end %>
+      DATA_DISABLED_FORM
+    )]
+
+    get :new
+    # Should have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']"
+  end
+
+  def test_form_with_data_asp_disable_long_name
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~DATA_DISABLED_FORM
+        <%= form_for @user, url: "/auto_permit", "data-asp-disabled": "disabled" do |f| %>
+          <%= f.text_field :name %>
+        <% end %>
+      DATA_DISABLED_FORM
+    )]
+
+    get :new
+    # Should NOT have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']", false
+  end
+
+  def test_form_without_data_asp_disabled_false_works
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~NORMAL_FORM
+        <%= form_for @user, url: "/auto_permit", "data-asp-disabled": false do |f| %>
+          <%= f.text_field :name %>
+          <%= f.email_field :email %>
+        <% end %>
+      NORMAL_FORM
+    )]
+
+    get :new
+    # Should have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']"
+  end
+
+  def test_form_without_data_asp_disabled_works
+    BasicController.view_paths = [ActionView::FixtureResolver.new(
+      "basic/new.html.erb" => <<~NORMAL_FORM
+        <%= form_for @user, url: "/auto_permit" do |f| %>
+          <%= f.text_field :name %>
+          <%= f.email_field :email %>
+        <% end %>
+      NORMAL_FORM
+    )]
+
+    get :new
+    # Should have the ASP hidden tag
+    assert_select "form[id='new_user'] input[name='#{AutoStrongParameters.asp_message_key}']"
+  end
+
+  # ===== form_with tests (Rails 5+) =====
+
+  unless defined? Rails42
+    def test_form_with_basic_functionality
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_BASIC
+          <%= form_with model: @user, url: "/auto_permit" do |f| %>
+            <%= f.text_field :name %>
+            <%= f.email_field :email %>
+          <% end %>
+        FORM_WITH_BASIC
+      )]
+
+      get :new
+      # Should have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']"
+    end
+
+    def test_form_with_data_asp_disabled_hash_true
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_DISABLED
+          <%= form_with model: @user, url: "/auto_permit", data: { asp_disabled: true } do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_DISABLED
+      )]
+
+      get :new
+      # Should NOT have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']", false
+    end
+
+    def test_form_with_data_asp_disabled_hash_string_true
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_DISABLED
+          <%= form_with model: @user, url: "/auto_permit", data: { asp_disabled: "true" } do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_DISABLED
+      )]
+
+      get :new
+      # Should NOT have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']", false
+    end
+
+    def test_form_with_data_asp_disabled_hash_disabled
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_DISABLED
+          <%= form_with model: @user, url: "/auto_permit", data: { asp_disabled: "disabled" } do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_DISABLED
+      )]
+
+      get :new
+      # Should NOT have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']", false
+    end
+
+    def test_form_with_data_asp_disabled_hash_false
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_ENABLED
+          <%= form_with model: @user, url: "/auto_permit", data: { asp_disabled: false } do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_ENABLED
+      )]
+
+      get :new
+      # Should have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']"
+    end
+
+    def test_form_with_data_asp_disabled_hash_enabled
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_ENABLED
+          <%= form_with model: @user, url: "/auto_permit", data: { asp_disabled: "enabled" } do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_ENABLED
+      )]
+
+      get :new
+      # Should have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']"
+    end
+
+    def test_form_with_data_asp_disable_string_key_disabled
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_STRING_DISABLED
+          <%= form_with model: @user, url: "/auto_permit", "data-asp-disabled": "disabled" do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_STRING_DISABLED
+      )]
+
+      get :new
+      # Should NOT have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']", false
+    end
+
+    def test_form_with_data_asp_disable_string_key_false
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_STRING_ENABLED
+          <%= form_with model: @user, url: "/auto_permit", "data-asp-disabled": false do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_STRING_ENABLED
+      )]
+
+      get :new
+      # Should have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']"
+    end
+
+    def test_form_with_url_syntax
+      BasicController.view_paths = [ActionView::FixtureResolver.new(
+        "basic/new.html.erb" => <<~FORM_WITH_URL
+          <%= form_with url: "/auto_permit", "data-asp-disabled": "disabled" do |f| %>
+            <%= f.text_field :name %>
+          <% end %>
+        FORM_WITH_URL
+      )]
+
+      get :new
+      # Should NOT have the ASP hidden tag
+      assert_select "form input[name='#{AutoStrongParameters.asp_message_key}']", false
+    end
+  end
 end

data/test/test_helper.rb

@@ -5,6 +5,9 @@ require 'pry'
 ENV["RAILS_ENV"] = "test"
 ENV['DATABASE_URL'] = 'sqlite3://localhost/:memory:'
 
+# Fix for Ruby 3.1+ logger compatibility with Rails 6.0+
+require 'logger' if RUBY_VERSION >= "3.0"
+
 require 'rails'
 
 case Rails.version.slice(0, 3)
@@ -18,6 +21,12 @@ when "6.1"
   require "apps/rails61"
 when "7.0"
   require "apps/rails70"
+when "7.1"
+  require "apps/rails71"
+when "7.2"
+  require "apps/rails72"
+when "8.0"
+  require "apps/rails80"
 else
-  raise "Un-tested version of Rails: #{Rails.version}"
+  raise "Version #{Rails.version} of Rails is not configured for testing."
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: auto_strong_parameters
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.6
 platform: ruby
 authors:
 - Drew Ulmer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-24 00:00:00.000000000 Z
+date: 2025-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -91,7 +91,6 @@ files:
 - lib/auto_strong_parameters.rb
 - lib/auto_strong_parameters/auto_form_params.rb
 - lib/auto_strong_parameters/auto_permit.rb
-- lib/auto_strong_parameters/controller_permitter.rb
 - lib/auto_strong_parameters/railtie.rb
 - lib/auto_strong_parameters/version.rb
 - test/apps/basic_controller.rb
@@ -103,6 +102,9 @@ files:
 - test/apps/rails60.rb
 - test/apps/rails61.rb
 - test/apps/rails70.rb
+- test/apps/rails71.rb
+- test/apps/rails72.rb
+- test/apps/rails80.rb
 - test/apps/routes.rb
 - test/apps/test_app.rb
 - test/apps/user.rb
@@ -129,24 +131,27 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
-summary: Automatic require and permit of Strong Paramters for your Rails forms.
+summary: Automatic require and permit of Strong Parameters for your Rails forms.
 test_files:
-- test/auto_form_params_test.rb
-- test/test_helper.rb
-- test/apps/routes.rb
-- test/apps/test_app.rb
-- test/apps/rails52.rb
-- test/apps/rails42.rb
 - test/apps/basic_controller.rb
+- test/apps/models.rb
 - test/apps/parent.rb
 - test/apps/pet.rb
-- test/apps/rails61.rb
-- test/apps/models.rb
+- test/apps/rails42.rb
+- test/apps/rails52.rb
 - test/apps/rails60.rb
+- test/apps/rails61.rb
 - test/apps/rails70.rb
+- test/apps/rails71.rb
+- test/apps/rails72.rb
+- test/apps/rails80.rb
+- test/apps/routes.rb
+- test/apps/test_app.rb
 - test/apps/user.rb
-- test/auto_strong_parameters_test.rb
+- test/auto_form_params_test.rb
 - test/auto_permit_test.rb
+- test/auto_strong_parameters_test.rb
+- test/test_helper.rb

data/lib/auto_strong_parameters/controller_permitter.rb

@@ -1,2 +0,0 @@
-module AutoStrongParameters::ControllerPermitter
-end