durable_parameters 0.2.3

data/test/durable_parameters_test.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DurableParametersTest < Minitest::Test
+  def test_top_level_aliases_are_defined
+    assert defined?(StrongParameters::Parameters)
+    assert defined?(StrongParameters::ApplicationParams)
+    assert defined?(StrongParameters::ParamsRegistry)
+    assert defined?(StrongParameters::ForbiddenAttributesProtection)
+  end
+
+  def test_aliases_point_to_core_classes
+    assert_equal StrongParameters::Core::Parameters, StrongParameters::Parameters
+    assert_equal StrongParameters::Core::ApplicationParams, StrongParameters::ApplicationParams
+    assert_equal StrongParameters::Core::ParamsRegistry, StrongParameters::ParamsRegistry
+    assert_equal StrongParameters::Core::ForbiddenAttributesProtection, StrongParameters::ForbiddenAttributesProtection
+  end
+
+
+
+  def test_module_has_version
+    assert defined?(StrongParameters::VERSION)
+    assert StrongParameters::VERSION.is_a?(String)
+    assert_match(/\A\d+\.\d+\.\d+(\.\w+)?\z/, StrongParameters::VERSION)
+  end
+
+  def test_core_module_is_defined
+    assert defined?(StrongParameters::Core)
+    assert StrongParameters::Core.is_a?(Module)
+  end
+
+  def test_strong_parameters_is_module
+    assert StrongParameters.is_a?(Module)
+  end
+
+  def test_adapter_loading_rails
+    # Rails is loaded in test_helper, so railtie and log_subscriber should be required
+    # We can't easily test the require calls, but we can check if the adapters are available
+    # Since Rails is defined, the Rails adapter should be loaded
+    assert defined?(StrongParameters::Adapters::Rails)
+  end
+
+  def test_adapter_loading_sinatra
+    # Test that Sinatra adapter would be loaded if Sinatra was defined
+    # Since Sinatra is not defined in this test suite, we can't test the require
+    # But we can check that the adapter file exists
+    adapter_path = File.join(__dir__, '..', 'lib', 'durable_parameters', 'adapters', 'sinatra.rb')
+    assert File.exist?(adapter_path), "Sinatra adapter file should exist"
+  end
+
+  def test_adapter_loading_hanami
+    adapter_path = File.join(__dir__, '..', 'lib', 'durable_parameters', 'adapters', 'hanami.rb')
+    assert File.exist?(adapter_path), "Hanami adapter file should exist"
+  end
+
+  def test_adapter_loading_rage
+    adapter_path = File.join(__dir__, '..', 'lib', 'durable_parameters', 'adapters', 'rage.rb')
+    assert File.exist?(adapter_path), "Rage adapter file should exist"
+  end
+
+  def test_aliases_are_not_redefined_if_already_defined
+    # Test that if StrongParameters::Parameters is already defined, it won't be redefined
+    original_value = StrongParameters::Parameters
+    # Simulate re-requiring (though in practice it's already required)
+    # Since the code uses unless defined?(Parameters), and Parameters is StrongParameters::Parameters
+    # It should not redefine if already defined
+    assert_equal original_value, StrongParameters::Parameters
+  end
+
+  def test_adapters_module_is_defined
+    assert defined?(StrongParameters::Adapters)
+    assert StrongParameters::Adapters.is_a?(Module)
+  end
+
+  def test_rails_adapter_is_module
+    assert StrongParameters::Adapters::Rails.is_a?(Module)
+  end
+
+  def test_sinatra_adapter_file_exists_and_loadable
+    adapter_path = File.join(__dir__, '..', 'lib', 'durable_parameters', 'adapters', 'sinatra.rb')
+    assert File.exist?(adapter_path)
+    # Test that it can be required without error
+    assert require 'durable_parameters/adapters/sinatra'
+    assert defined?(StrongParameters::Adapters::Sinatra)
+  end
+
+  def test_hanami_adapter_file_exists_and_loadable
+    adapter_path = File.join(__dir__, '..', 'lib', 'durable_parameters', 'adapters', 'hanami.rb')
+    assert File.exist?(adapter_path)
+    # Test that it can be required without error
+    assert require 'durable_parameters/adapters/hanami'
+    assert defined?(StrongParameters::Adapters::Hanami)
+  end
+
+  def test_rage_adapter_file_exists_and_loadable
+    adapter_path = File.join(__dir__, '..', 'lib', 'durable_parameters', 'adapters', 'rage.rb')
+    assert File.exist?(adapter_path)
+    # Test that it can be required without error
+    assert require 'durable_parameters/adapters/rage'
+    assert defined?(StrongParameters::Adapters::Rage)
+  end
+
+  def test_version_is_not_empty
+    refute StrongParameters::VERSION.empty?
+  end
+
+  def test_core_classes_are_accessible_via_aliases
+    # Test that the aliases work for instantiation or basic methods
+    assert StrongParameters::Parameters.new({}).is_a?(StrongParameters::Core::Parameters)
+    assert StrongParameters::ApplicationParams.is_a?(Class)
+    assert StrongParameters::ParamsRegistry.is_a?(Class)
+    assert StrongParameters::ForbiddenAttributesProtection.is_a?(Module)
+  end
+end

data/test/enhanced_error_messages_test.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class EnhancedErrorMessagesTest < Minitest::Test
+  def setup
+    @params = StrongParameters::Core::Parameters.new(
+      usr: { name: 'John', email: 'john@example.com' },
+      account: { balance: 100 },
+      data: { value: 'test' }
+    )
+  end
+
+  def test_parameter_missing_includes_available_keys_in_error_message
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      @params.require(:missing_key)
+    end
+
+    assert_match(/Available keys:/, error.message)
+    assert_match(/usr/, error.message)
+    assert_match(/account/, error.message)
+    assert_match(/data/, error.message)
+  end
+
+  def test_parameter_missing_suggests_similar_keys
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      @params.require(:user)  # Similar to 'usr'
+    end
+
+    assert_match(/Did you mean\?/, error.message)
+    assert_match(/usr/, error.message)
+  end
+
+  def test_parameter_missing_suggests_keys_starting_with_same_letter
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      @params.require(:accounts)  # Similar to 'account'
+    end
+
+    assert_match(/Did you mean\?/, error.message)
+    assert_match(/account/, error.message)
+  end
+
+  def test_parameter_missing_does_not_suggest_when_no_similar_keys_exist
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      @params.require(:xyz)
+    end
+
+    # Should show available keys but not suggestions
+    assert_match(/Available keys:/, error.message)
+    refute_match(/Did you mean\?/, error.message)
+  end
+
+  def test_parameter_missing_with_empty_params_shows_helpful_message
+    empty_params = StrongParameters::Core::Parameters.new({})
+
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      empty_params.require(:user)
+    end
+
+    assert_match(/param is missing or the value is empty: user/, error.message)
+  end
+
+  def test_parameter_missing_with_nested_params
+    params = StrongParameters::Core::Parameters.new(
+      user: { profile: { name: 'John' } }
+    )
+
+    user_params = params.require(:user)
+
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      user_params.require(:preferences)
+    end
+
+    assert_match(/Available keys:/, error.message)
+    assert_match(/profile/, error.message)
+  end
+
+  def test_parameter_missing_stores_param_attribute
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      @params.require(:missing)
+    end
+
+    assert_equal 'missing', error.param
+  end
+
+  def test_parameter_missing_when_value_is_empty_hash
+    params = StrongParameters::Core::Parameters.new(user: {})
+
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      params.require(:user)
+    end
+
+    assert_match(/param is missing or the value is empty: user/, error.message)
+  end
+
+  def test_parameter_missing_when_value_is_empty_array
+    params = StrongParameters::Core::Parameters.new(tags: [])
+
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      params.require(:tags)
+    end
+
+    assert_match(/param is missing or the value is empty: tags/, error.message)
+  end
+
+  def test_parameter_missing_suggestion_with_partial_match
+    params = StrongParameters::Core::Parameters.new(
+      user_profile: { name: 'John' },
+      user_settings: { theme: 'dark' }
+    )
+
+    error = assert_raises(StrongParameters::Core::ParameterMissing) do
+      params.require(:user)
+    end
+
+    assert_match(/Did you mean\?/, error.message)
+    # Should suggest keys containing 'user'
+    assert_match(/user_profile|user_settings/, error.message)
+  end
+end

data/test/gemfiles/Gemfile.rails-3.0.x

@@ -0,0 +1,14 @@
+source 'http://rubygems.org'
+gemspec :path => "./../.."
+
+gem "actionpack", "~> 3.0.0"
+gem "railties", "~> 3.0.0"
+gem "activemodel", "~> 3.0.0"
+
+if RUBY_VERSION < '1.9.3'
+  gem 'rake', '~> 10.0'
+  gem 'i18n', '~> 0.6.11'
+  gem 'rdoc', '~> 4.2.2'
+else
+  gem 'rake'
+end

data/test/gemfiles/Gemfile.rails-3.1.x

@@ -0,0 +1,14 @@
+source 'http://rubygems.org'
+gemspec :path => "./../.."
+
+gem "actionpack", "~> 3.1.0"
+gem "railties", "~> 3.1.0"
+gem "activemodel", "~> 3.1.0"
+
+if RUBY_VERSION < '1.9.3'
+  gem 'rake', '~> 10.0'
+  gem 'i18n', '~> 0.6.11'
+  gem 'rack-cache', '< 1.3'
+else
+  gem 'rake'
+end

data/test/gemfiles/Gemfile.rails-3.2.x

@@ -0,0 +1,14 @@
+source 'http://rubygems.org'
+gemspec :path => "./../.."
+
+gem "actionpack", "~> 3.2.0"
+gem "railties", "~> 3.2.0"
+gem "activemodel", "~> 3.2.0"
+
+if RUBY_VERSION < '1.9.3'
+  gem 'rake', '~> 10.0'
+  gem 'i18n', '~> 0.6.11'
+  gem 'rack-cache', '< 1.3'
+else
+  gem 'rake'
+end

data/test/log_on_unpermitted_params_test.rb

@@ -0,0 +1,49 @@
+require 'test_helper'
+
+class LogOnUnpermittedParamsTest < Minitest::Test
+  def setup
+    ActionController::Parameters.action_on_unpermitted_parameters = :log
+  end
+
+  def teardown
+    ActionController::Parameters.action_on_unpermitted_parameters = false
+  end
+
+  def test_logs_on_unexpected_params
+    params = ActionController::Parameters.new({
+      :book => { :pages => 65 },
+      :fishing => "Turnips"
+    })
+
+    assert_logged("Unpermitted parameters: fishing") do
+      params.permit(:book => [:pages])
+    end
+  end
+
+  def test_logs_on_unexpected_nested_params
+    params = ActionController::Parameters.new({
+      :book => { :pages => 65, :title => "Green Cats and where to find then." }
+    })
+
+    assert_logged("Unpermitted parameters: title") do
+      params.permit(:book => [:pages])
+    end
+  end
+
+  private
+
+  def assert_logged(message)
+    old_logger = ActionController::Base.logger
+    log = StringIO.new
+    ActionController::Base.logger = Logger.new(log)
+
+    begin
+      yield
+
+      log.rewind
+      assert_match message, log.read
+    ensure
+      ActionController::Base.logger = old_logger
+    end
+  end
+end

data/test/metadata_validation_test.rb

@@ -0,0 +1,294 @@
+require 'test_helper'
+
+class MetadataValidationTest < Minitest::Test
+  def setup
+    ActionController::ParamsRegistry.clear!
+
+    @basic_params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'BasicParams'
+      end
+
+      allow :name
+      allow :email
+    end
+
+    @params_with_metadata = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'ParamsWithMetadata'
+      end
+
+      allow :name
+      allow :email
+      metadata :ip_address, :user_agent, :session_id
+    end
+
+    ActionController::ParamsRegistry.register('Basic', @basic_params_class)
+    ActionController::ParamsRegistry.register('WithMetadata', @params_with_metadata)
+  end
+
+  def teardown
+    ActionController::ParamsRegistry.clear!
+  end
+
+  # Test current_user is always allowed without declaration
+  def test_current_user_always_allowed_without_declaration
+    params = ActionController::Parameters.new(
+      basic: {
+        name: 'Test User',
+        email: 'test@example.com'
+      }
+    )
+
+    # Should not raise even though current_user not declared
+    permitted = params.require(:basic).transform_params(current_user: Object.new)
+
+    assert_equal 'Test User', permitted[:name]
+    assert_equal 'test@example.com', permitted[:email]
+  end
+
+  # Test metadata_allowed? method
+  def test_metadata_allowed_returns_true_for_current_user
+    assert @basic_params_class.metadata_allowed?(:current_user)
+    assert @basic_params_class.metadata_allowed?('current_user')
+  end
+
+  def test_metadata_allowed_returns_false_for_undeclared_keys
+    assert !@basic_params_class.metadata_allowed?(:ip_address)
+    assert !@basic_params_class.metadata_allowed?(:random_key)
+  end
+
+  def test_metadata_allowed_returns_true_for_declared_keys
+    assert @params_with_metadata.metadata_allowed?(:ip_address)
+    assert @params_with_metadata.metadata_allowed?('user_agent')
+    assert @params_with_metadata.metadata_allowed?(:session_id)
+  end
+
+  # Test multiple metadata keys
+  def test_multiple_metadata_keys_can_be_passed
+    params = ActionController::Parameters.new(
+      with_metadata: {
+        name: 'Test User',
+        email: 'test@example.com'
+      }
+    )
+
+    # Should not raise with all declared metadata
+    permitted = params.require(:with_metadata).transform_params(
+      current_user: Object.new,
+      ip_address: '192.168.1.1',
+      user_agent: 'Mozilla/5.0',
+      session_id: 'abc123'
+    )
+
+    assert_equal 'Test User', permitted[:name]
+    assert_equal 'test@example.com', permitted[:email]
+  end
+
+  # Test error messages
+  def test_error_message_includes_undeclared_key
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    error = assert_raises(ArgumentError) do
+      params.require(:basic).transform_params(ip_address: '127.0.0.1')
+    end
+
+    assert_includes error.message, 'ip_address'
+  end
+
+  def test_error_message_includes_params_class_name
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    error = assert_raises(ArgumentError) do
+      params.require(:basic).transform_params(ip_address: '127.0.0.1')
+    end
+
+    assert_includes error.message, 'BasicParams'
+  end
+
+  def test_error_message_includes_declaration_hint
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    error = assert_raises(ArgumentError) do
+      params.require(:basic).transform_params(ip_address: '127.0.0.1')
+    end
+
+    assert_includes error.message, 'metadata :ip_address'
+  end
+
+  def test_error_message_mentions_current_user_is_always_allowed
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    error = assert_raises(ArgumentError) do
+      params.require(:basic).transform_params(ip_address: '127.0.0.1')
+    end
+
+    assert_includes error.message, 'current_user is always allowed'
+  end
+
+  # Test multiple undeclared keys
+  def test_multiple_undeclared_keys_all_mentioned_in_error
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    error = assert_raises(ArgumentError) do
+      params.require(:basic).transform_params(
+        ip_address: '127.0.0.1',
+        user_agent: 'Mozilla',
+        device_id: 'xyz'
+      )
+    end
+
+    assert_includes error.message, 'ip_address'
+    assert_includes error.message, 'user_agent'
+    assert_includes error.message, 'device_id'
+  end
+
+  # Test metadata doesn't affect the actual parameter filtering
+  def test_metadata_keys_dont_affect_parameter_filtering
+    params = ActionController::Parameters.new(
+      with_metadata: {
+        name: 'Test User',
+        email: 'test@example.com',
+        ip_address: 'should not be in result',
+        user_agent: 'should not be in result'
+      }
+    )
+
+    permitted = params.require(:with_metadata).transform_params(
+      current_user: Object.new,
+      ip_address: '192.168.1.1',
+      user_agent: 'Mozilla/5.0'
+    )
+
+    assert_equal 'Test User', permitted[:name]
+    assert_equal 'test@example.com', permitted[:email]
+    # These should not be in the permitted params because they're metadata, not allowed attributes
+    assert_nil permitted[:ip_address]
+    assert_nil permitted[:user_agent]
+  end
+
+  # Test inheritance of metadata declarations
+  def test_metadata_inherited_from_parent
+    parent_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'ParentParams'
+      end
+
+      allow :name
+      metadata :ip_address
+    end
+
+    child_class = Class.new(parent_class) do
+      def self.name
+        'ChildParams'
+      end
+
+      allow :email
+      metadata :session_id
+    end
+
+    # Child should have parent's metadata
+    assert child_class.metadata_allowed?(:ip_address)
+    # Child should have its own metadata
+    assert child_class.metadata_allowed?(:session_id)
+    # Both should allow current_user
+    assert child_class.metadata_allowed?(:current_user)
+  end
+
+  # Test empty metadata
+  def test_empty_metadata_set_by_default
+    assert_equal Set.new, @basic_params_class.allowed_metadata
+  end
+
+  # Test metadata method accepts multiple keys at once
+  def test_metadata_method_accepts_multiple_keys
+    test_class = Class.new(ActionController::ApplicationParams) do
+      metadata :key1, :key2, :key3
+    end
+
+    assert test_class.metadata_allowed?(:key1)
+    assert test_class.metadata_allowed?(:key2)
+    assert test_class.metadata_allowed?(:key3)
+  end
+
+  # Test metadata with string keys
+  def test_metadata_works_with_string_keys
+    test_class = Class.new(ActionController::ApplicationParams) do
+      metadata 'string_key'
+    end
+
+    assert test_class.metadata_allowed?(:string_key)
+    assert test_class.metadata_allowed?('string_key')
+  end
+
+  # Test that action and additional_attrs are not treated as metadata
+  def test_action_option_not_treated_as_metadata
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    # Should not raise even though action not declared as metadata
+    permitted = params.require(:basic).transform_params(action: :create)
+    assert_equal 'Test', permitted[:name]
+  end
+
+  def test_additional_attrs_option_not_treated_as_metadata
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    # Should not raise even though additional_attrs not declared as metadata
+    permitted = params.require(:basic).transform_params(additional_attrs: [:other])
+    assert_equal 'Test', permitted[:name]
+  end
+
+  def test_action_and_additional_attrs_with_current_user_all_work
+    params = ActionController::Parameters.new(
+      basic: { name: 'Test' }
+    )
+
+    # Should not raise with all non-metadata options
+    permitted = params.require(:basic).transform_params(
+      action: :create,
+      additional_attrs: [:other],
+      current_user: Object.new
+    )
+    assert_equal 'Test', permitted[:name]
+  end
+
+  # Test nil and empty values
+  def test_nil_metadata_values_allowed
+    params = ActionController::Parameters.new(
+      with_metadata: { name: 'Test' }
+    )
+
+    # Should not raise with nil metadata value
+    permitted = params.require(:with_metadata).transform_params(
+      current_user: nil,
+      ip_address: nil
+    )
+    assert_equal 'Test', permitted[:name]
+  end
+
+  def test_empty_string_metadata_values_allowed
+    params = ActionController::Parameters.new(
+      with_metadata: { name: 'Test' }
+    )
+
+    # Should not raise with empty string metadata value
+    permitted = params.require(:with_metadata).transform_params(
+      ip_address: ''
+    )
+    assert_equal 'Test', permitted[:name]
+  end
+end

data/test/multi_parameter_attributes_test.rb

@@ -0,0 +1,38 @@
+require 'test_helper'
+
+class MultiParameterAttributesTest < Minitest::Test
+  def test_permitted_multi_parameter_attribute_keys
+    params = ActionController::Parameters.new({
+      :book => {
+        "shipped_at(1i)"   => "2012",
+        "shipped_at(2i)"   => "3",
+        "shipped_at(3i)"   => "25",
+        "shipped_at(4i)"   => "10",
+        "shipped_at(5i)"   => "15",
+        "published_at(1i)" => "1999",
+        "published_at(2i)" => "2",
+        "published_at(3i)" => "5",
+        "price(1)"         => "R$",
+        "price(2f)"        => "2.02"
+      }
+    })
+
+    permitted = params.permit :book => [ :shipped_at, :price ]
+
+    assert permitted.permitted?
+
+    assert_equal "2012", permitted[:book]["shipped_at(1i)"]
+    assert_equal "3", permitted[:book]["shipped_at(2i)"]
+    assert_equal "25", permitted[:book]["shipped_at(3i)"]
+    assert_equal "10", permitted[:book]["shipped_at(4i)"]
+    assert_equal "15", permitted[:book]["shipped_at(5i)"]
+
+    assert_equal "R$", permitted[:book]["price(1)"]
+    assert_equal "2.02", permitted[:book]["price(2f)"]
+
+    assert_nil permitted[:book]["published_at(1i)"]
+    assert_nil permitted[:book]["published_at(2i)"]
+    assert_nil permitted[:book]["published_at(3i)"]
+  end
+end
+