durable_parameters 0.2.3

data/test/transformation_test.rb

@@ -0,0 +1,360 @@
+require 'test_helper'
+
+class TransformationTest < Minitest::Test
+  def setup
+    ActionController::ParamsRegistry.clear!
+  end
+
+  def teardown
+    ActionController::ParamsRegistry.clear!
+  end
+
+  # Test basic transformation
+  def test_basic_transformation
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'UserParams'
+      end
+
+      allow :email
+      allow :name
+
+      transform :email do |value, metadata|
+        value&.downcase&.strip
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:user, params_class)
+
+    params = ActionController::Parameters.new(
+      user: {
+        email: '  TEST@EXAMPLE.COM  ',
+        name: 'John Doe'
+      }
+    )
+
+    result = params.require(:user).transform_params
+
+    assert_equal 'test@example.com', result[:email]
+    assert_equal 'John Doe', result[:name]
+  end
+
+  # Test transformation with metadata
+  def test_transformation_with_metadata
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'PostParams'
+      end
+
+      allow :title
+      allow :published
+
+      metadata :current_user
+
+      transform :published do |value, metadata|
+        # Only admins can publish
+        metadata[:current_user]&.fetch(:admin, false) ? value : false
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:post, params_class)
+
+    # Test with admin user
+    admin_user = { admin: true }
+    params1 = ActionController::Parameters.new(
+      post: {
+        title: 'My Post',
+        published: true
+      }
+    )
+
+    result1 = params1.require(:post).transform_params(current_user: admin_user)
+    assert_equal true, result1[:published]
+
+    # Test with non-admin user
+    regular_user = { admin: false }
+    params2 = ActionController::Parameters.new(
+      post: {
+        title: 'My Post',
+        published: true
+      }
+    )
+
+    result2 = params2.require(:post).transform_params(current_user: regular_user)
+    assert_equal false, result2[:published]
+  end
+
+  # Test multiple transformations
+  def test_multiple_transformations
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'AccountParams'
+      end
+
+      allow :email
+      allow :username
+      allow :bio
+
+      transform :email do |value, metadata|
+        value&.downcase&.strip
+      end
+
+      transform :username do |value, metadata|
+        value&.strip&.gsub(/\s+/, '_')
+      end
+
+      transform :bio do |value, metadata|
+        value&.strip&.slice(0, 200)
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:account, params_class)
+
+    params = ActionController::Parameters.new(
+      account: {
+        email: '  Admin@Example.COM  ',
+        username: '  john   doe  ',
+        bio: 'A' * 300
+      }
+    )
+
+    result = params.require(:account).transform_params
+
+    assert_equal 'admin@example.com', result[:email]
+    assert_equal 'john_doe', result[:username]  # gsub(/\s+/, '_') replaces consecutive spaces with single underscore
+    assert_equal 200, result[:bio].length
+  end
+
+  # Test transformation with nil value
+  def test_transformation_with_nil_value
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'UserParams'
+      end
+
+      allow :email
+
+      transform :email do |value, metadata|
+        value&.downcase
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:user, params_class)
+
+    params = ActionController::Parameters.new(
+      user: {
+        email: nil
+      }
+    )
+
+    result = params.require(:user).transform_params
+
+    assert_nil result[:email]
+  end
+
+  # Test transformation doesn't affect denied attributes
+  def test_transformation_ignores_denied_attributes
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'UserParams'
+      end
+
+      allow :email
+      deny :role
+
+      transform :email do |value, metadata|
+        value&.downcase
+      end
+
+      transform :role do |value, metadata|
+        'admin'  # This should never be applied since role is denied
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:user, params_class)
+
+    params = ActionController::Parameters.new(
+      user: {
+        email: 'TEST@EXAMPLE.COM',
+        role: 'user'
+      }
+    )
+
+    result = params.require(:user).transform_params
+
+    assert_equal 'test@example.com', result[:email]
+    assert_nil result[:role]  # Denied attributes are filtered out
+  end
+
+  # Test transformation with action-specific metadata
+  def test_transformation_with_action_metadata
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'ArticleParams'
+      end
+
+      allow :slug
+
+      transform :slug do |value, metadata|
+        if metadata[:action] == :create
+          # Auto-generate slug on create
+          value || "article-#{Time.now.to_i}"
+        else
+          # Keep existing slug on update
+          value
+        end
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:article, params_class)
+
+    # Create action with no slug
+    params1 = ActionController::Parameters.new(article: { slug: nil })
+    result1 = params1.require(:article).transform_params(action: :create)
+    assert_match(/^article-\d+$/, result1[:slug])
+
+    # Update action with slug
+    params2 = ActionController::Parameters.new(article: { slug: 'my-slug' })
+    result2 = params2.require(:article).transform_params(action: :update)
+    assert_equal 'my-slug', result2[:slug]
+  end
+
+  # Test transformation inheritance
+  def test_transformation_inheritance
+    base_params = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'BaseParams'
+      end
+
+      allow :email
+
+      transform :email do |value, metadata|
+        value&.downcase
+      end
+    end
+
+    child_params = Class.new(base_params) do
+      def self.name
+        'ChildParams'
+      end
+
+      allow :name
+
+      transform :name do |value, metadata|
+        value&.upcase
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:child, child_params)
+
+    params = ActionController::Parameters.new(
+      child: {
+        email: 'TEST@EXAMPLE.COM',
+        name: 'john doe'
+      }
+    )
+
+    result = params.require(:child).transform_params
+
+    assert_equal 'test@example.com', result[:email]  # From parent
+    assert_equal 'JOHN DOE', result[:name]  # From child
+  end
+
+  # Test transformation without params class (should not raise)
+  def test_transformation_without_params_class
+    params = ActionController::Parameters.new(
+      user: {
+        email: 'TEST@EXAMPLE.COM'
+      }
+    )
+
+    result = params.require(:user).transform_params
+
+    # Should return empty permitted params (no transformation or filtering)
+    assert result.permitted?
+    assert_nil result[:email]
+  end
+
+  # Test transformation with complex metadata
+  def test_transformation_with_complex_metadata
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'CommentParams'
+      end
+
+      allow :content
+      allow :author_name
+
+      metadata :current_user, :ip_address
+
+      transform :author_name do |value, metadata|
+        if metadata[:current_user]
+          metadata[:current_user][:name]
+        else
+          "Anonymous (#{metadata[:ip_address]})"
+        end
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:comment, params_class)
+
+    # With current_user
+    params1 = ActionController::Parameters.new(
+      comment: {
+        content: 'Great post!',
+        author_name: 'ignored'
+      }
+    )
+
+    result1 = params1.require(:comment).transform_params(
+      current_user: { name: 'John Doe' },
+      ip_address: '192.168.1.1'
+    )
+
+    assert_equal 'John Doe', result1[:author_name]
+
+    # Without current_user
+    params2 = ActionController::Parameters.new(
+      comment: {
+        content: 'Great post!',
+        author_name: 'ignored'
+      }
+    )
+
+    result2 = params2.require(:comment).transform_params(
+      ip_address: '192.168.1.100'
+    )
+
+    assert_equal 'Anonymous (192.168.1.100)', result2[:author_name]
+  end
+
+  # Test that transformations are applied before filtering
+  def test_transformations_applied_before_filtering
+    params_class = Class.new(ActionController::ApplicationParams) do
+      def self.name
+        'ProductParams'
+      end
+
+      allow :price
+
+      # Transform price from cents to dollars
+      transform :price do |value, metadata|
+        value.is_a?(Numeric) ? value / 100.0 : value
+      end
+    end
+
+    ActionController::ParamsRegistry.register(:product, params_class)
+
+    params = ActionController::Parameters.new(
+      product: {
+        price: 1999,  # 19.99 in cents
+        other: 'ignored'
+      }
+    )
+
+    result = params.require(:product).transform_params
+
+    assert_equal 19.99, result[:price]
+    assert_nil result[:other]  # Not allowed
+  end
+end

metadata

@@ -0,0 +1,223 @@
+--- !ruby/object:Gem::Specification
+name: durable_parameters
+version: !ruby/object:Gem::Version
+  version: 0.2.3
+platform: ruby
+authors:
+- David J Berube
+bindir: bin
+cert_chain: []
+date: 1980-01-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.4'
+description: Durable Parameters provides a whitelist-based approach to mass assignment
+  protection. This gem is framework-agnostic with adapters for Rails, Sinatra, Hanami,
+  and Rage.
+email:
+- djberube@durableprogramming.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/params/account_params.rb.example
+- app/params/application_params.rb
+- lib/durable_parameters.rb
+- lib/durable_parameters/adapters/hanami.rb
+- lib/durable_parameters/adapters/rage.rb
+- lib/durable_parameters/adapters/rails.rb
+- lib/durable_parameters/adapters/sinatra.rb
+- lib/durable_parameters/core.rb
+- lib/durable_parameters/core/application_params.rb
+- lib/durable_parameters/core/configuration.rb
+- lib/durable_parameters/core/forbidden_attributes_protection.rb
+- lib/durable_parameters/core/parameters.rb
+- lib/durable_parameters/core/params_registry.rb
+- lib/durable_parameters/log_subscriber.rb
+- lib/durable_parameters/railtie.rb
+- lib/durable_parameters/version.rb
+- lib/generators/rails/USAGE
+- lib/generators/rails/durable_parameters_controller_generator.rb
+- lib/generators/rails/templates/controller.rb
+- lib/legacy/action_controller/application_params.rb
+- lib/legacy/action_controller/parameters.rb
+- lib/legacy/action_controller/params_registry.rb
+- lib/legacy/active_model/forbidden_attributes_protection.rb
+- test/action_controller_required_params_test.rb
+- test/action_controller_tainted_params_test.rb
+- test/active_model_mass_assignment_taint_protection_test.rb
+- test/application_params_array_test.rb
+- test/application_params_edge_cases_test.rb
+- test/application_params_test.rb
+- test/controller_generator_test.rb
+- test/core_parameters_test.rb
+- test/durable_parameters_test.rb
+- test/enhanced_error_messages_test.rb
+- test/gemfiles/Gemfile.rails-3.0.x
+- test/gemfiles/Gemfile.rails-3.1.x
+- test/gemfiles/Gemfile.rails-3.2.x
+- test/log_on_unpermitted_params_test.rb
+- test/metadata_validation_test.rb
+- test/multi_parameter_attributes_test.rb
+- test/parameters_core_methods_test.rb
+- test/parameters_integration_test.rb
+- test/parameters_permit_test.rb
+- test/parameters_require_test.rb
+- test/parameters_taint_test.rb
+- test/params_registry_concurrency_test.rb
+- test/params_registry_test.rb
+- test/permit_by_model_test.rb
+- test/raise_on_unpermitted_params_test.rb
+- test/test_helper.rb
+- test/transform_params_edge_cases_test.rb
+- test/transformation_test.rb
+homepage: https://github.com/durableprogramming/durable_parameters
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Framework-agnostic durable parameters with adapters for Rails, Sinatra, Hanami,
+  and Rage
+test_files:
+- test/action_controller_required_params_test.rb
+- test/action_controller_tainted_params_test.rb
+- test/active_model_mass_assignment_taint_protection_test.rb
+- test/application_params_array_test.rb
+- test/application_params_edge_cases_test.rb
+- test/application_params_test.rb
+- test/controller_generator_test.rb
+- test/core_parameters_test.rb
+- test/durable_parameters_test.rb
+- test/enhanced_error_messages_test.rb
+- test/gemfiles/Gemfile.rails-3.0.x
+- test/gemfiles/Gemfile.rails-3.1.x
+- test/gemfiles/Gemfile.rails-3.2.x
+- test/log_on_unpermitted_params_test.rb
+- test/metadata_validation_test.rb
+- test/multi_parameter_attributes_test.rb
+- test/parameters_core_methods_test.rb
+- test/parameters_integration_test.rb
+- test/parameters_permit_test.rb
+- test/parameters_require_test.rb
+- test/parameters_taint_test.rb
+- test/params_registry_concurrency_test.rb
+- test/params_registry_test.rb
+- test/permit_by_model_test.rb
+- test/raise_on_unpermitted_params_test.rb
+- test/test_helper.rb
+- test/transform_params_edge_cases_test.rb
+- test/transformation_test.rb