merb-param-protection 1.0.15 → 1.1.0.pre

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -1,73 +1,64 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), "..", "rake_helpers"))
2
-
3
- ##############################################################################
4
- # Package && release
5
- ##############################################################################
6
- RUBY_FORGE_PROJECT = "merb"
7
- PROJECT_URL = "http://merbivore.com"
8
- PROJECT_SUMMARY = "Merb plugin that provides params_accessible and params_protected class methods"
9
- PROJECT_DESCRIPTION = PROJECT_SUMMARY
10
-
11
- GEM_AUTHOR = "Lance Carlson"
12
- GEM_EMAIL = "lancecarlson@gmail.com"
13
-
14
- GEM_NAME = "merb-param-protection"
15
- PKG_BUILD = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
16
- GEM_VERSION = Merb::VERSION + PKG_BUILD
17
-
18
- RELEASE_NAME = "REL #{GEM_VERSION}"
19
-
20
- require "extlib/tasks/release"
21
-
22
- spec = Gem::Specification.new do |s|
23
- s.rubyforge_project = RUBY_FORGE_PROJECT
24
- s.name = GEM_NAME
25
- s.version = GEM_VERSION
26
- s.platform = Gem::Platform::RUBY
27
- s.has_rdoc = true
28
- s.extra_rdoc_files = ["README", "LICENSE"]
29
- s.summary = PROJECT_SUMMARY
30
- s.description = PROJECT_DESCRIPTION
31
- s.author = GEM_AUTHOR
32
- s.email = GEM_EMAIL
33
- s.homepage = PROJECT_URL
34
- s.add_dependency('merb-core', "~> #{Merb::VERSION}")
35
- s.require_path = 'lib'
36
- s.files = %w(LICENSE README Rakefile) + Dir.glob("{lib,specs}/**/*")
37
- end
1
+ require 'rubygems'
2
+ require 'rake'
38
3
 
39
- Rake::GemPackageTask.new(spec) do |pkg|
40
- pkg.gem_spec = spec
41
- end
4
+ # Assume a typical dev checkout to fetch the current merb-core version
5
+ require File.expand_path('../../merb-core/lib/merb-core/version', __FILE__)
42
6
 
43
- desc "Install the gem"
44
- task :install do
45
- Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
46
- end
7
+ # Load this library's version information
8
+ require File.expand_path('../lib/merb-param-protection/version', __FILE__)
47
9
 
48
- desc "Uninstall the gem"
49
- task :uninstall do
50
- Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
51
- end
10
+ begin
11
+
12
+ gem 'jeweler', '~> 1.4'
13
+ require 'jeweler'
14
+
15
+ Jeweler::Tasks.new do |gemspec|
16
+
17
+ gemspec.version = Merb::ParamProtection::VERSION
18
+
19
+ gemspec.name = "merb-param-protection"
20
+ gemspec.description = "Merb plugin that helps protecting sensible parameters"
21
+ gemspec.summary = "Merb plugin that provides params_accessible and params_protected class methods"
22
+
23
+ gemspec.authors = [ "Lance Carlson" ]
24
+ gemspec.email = "lancecarlson@gmail.com"
25
+ gemspec.homepage = "http://merbivore.com/"
26
+
27
+ gemspec.files = %w(LICENSE Rakefile README TODO) + Dir['{lib,spec}/**/*']
28
+
29
+ # Runtime dependencies
30
+ gemspec.add_dependency 'merb-core', "~> #{Merb::VERSION}"
31
+
32
+ # Development dependencies
33
+ gemspec.add_development_dependency 'rspec', '>= 1.2.9'
52
34
 
53
- desc "Create a gemspec file"
54
- task :gemspec do
55
- File.open("#{GEM_NAME}.gemspec", "w") do |file|
56
- file.puts spec.to_ruby
57
35
  end
36
+
37
+ Jeweler::GemcutterTasks.new
38
+
39
+ rescue LoadError
40
+ puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
58
41
  end
59
42
 
60
- desc "Run all examples (or a specific spec with TASK=xxxx)"
61
- Spec::Rake::SpecTask.new('spec') do |t|
62
- t.spec_opts = ["-cfs"]
63
- t.spec_files = begin
64
- if ENV["TASK"]
65
- ENV["TASK"].split(',').map { |task| "spec/**/#{task}_spec.rb" }
66
- else
67
- FileList['spec/**/*_spec.rb']
68
- end
69
- end
43
+ require 'spec/rake/spectask'
44
+ Spec::Rake::SpecTask.new(:spec) do |spec|
45
+ spec.spec_opts << '--options' << 'spec/spec.opts' if File.exists?('spec/spec.opts')
46
+ spec.libs << 'lib' << 'spec'
47
+ spec.spec_files = FileList['spec/**/*_spec.rb']
70
48
  end
71
49
 
72
- desc 'Default: run spec examples'
73
- task :default => 'spec'
50
+ Spec::Rake::SpecTask.new(:rcov) do |spec|
51
+ spec.libs << 'lib' << 'spec'
52
+ spec.pattern = 'spec/**/*_spec.rb'
53
+ spec.rcov = true
54
+ end
55
+
56
+ task :default => :spec
57
+
58
+ require 'rake/rdoctask'
59
+ Rake::RDocTask.new do |rdoc|
60
+ rdoc.rdoc_dir = 'rdoc'
61
+ rdoc.title = "test_gem #{Merb::ParamProtection::VERSION}"
62
+ rdoc.rdoc_files.include('README*')
63
+ rdoc.rdoc_files.include('lib/**/*.rb')
64
+ end
data/TODO ADDED
@@ -0,0 +1,4 @@
1
+ TODO:
2
+ DRY up the code
3
+ Finish spec'ing
4
+ Allow specification of any parameter?
@@ -96,8 +96,8 @@ if defined?(Merb::Plugins)
96
96
  # If the key exists on the opposite method, raise exception
97
97
  if self.send(params_method).include?(key)
98
98
  case method
99
- when :accessible_params_args : raise "Cannot make accessible a controller (#{self}) that is already protected"
100
- when :protected_params_args : raise "Cannot protect controller (#{self}) that is already accessible"
99
+ when :accessible_params_args then raise "Cannot make accessible a controller (#{self}) that is already protected"
100
+ when :protected_params_args then raise "Cannot protect controller (#{self}) that is already accessible"
101
101
  end
102
102
  end
103
103
  end
@@ -0,0 +1,5 @@
1
+ module Merb
2
+ module ParamProtection
3
+ VERSION = '1.1.0.pre'.freeze
4
+ end
5
+ end
@@ -0,0 +1,114 @@
1
+ require 'spec_helper'
2
+
3
+ describe "merb-param-protection" do
4
+ describe "Controller", "parameter filtering" do
5
+ describe "accessible parameters" do
6
+ class ParamsAccessibleController < Merb::Controller
7
+ params_accessible :customer => [:name, :phone, :email], :address => [:street, :zip]
8
+ params_accessible :post => [:title, :body]
9
+ def create; end
10
+ end
11
+
12
+ class ParamsProtectedController < Merb::Controller
13
+ params_protected :customer => [:activated?, :password], :address => [:long, :lat]
14
+ def update; end
15
+ end
16
+
17
+
18
+ it "should store the accessible parameters for that controller" do
19
+ pending
20
+ @params_accessible_controller = ParamsAccessibleController.new( fake_request )
21
+ @params_accessible_controller.stub!(:initialize_params_filter)
22
+
23
+ # FIXME : this call to dispatch is where I break
24
+ @params_accessible_controller.dispatch('create')
25
+ @params_accessible_controller.accessible_params_args.should == {
26
+ :address=> [:street, :zip], :post=> [:title, :body], :customer=> [:name, :phone, :email]
27
+ }
28
+ end
29
+
30
+ it "should remove the parameters from the request that are not accessible" do
31
+ pending
32
+ @params_accessible_controller = ParamsAccessibleController.new( fake_request )
33
+ # FIXME : this call to dispatch is where I break
34
+ @params_accessible_controller.dispatch('create')
35
+ end
36
+ end
37
+
38
+ describe "protected parameters" do
39
+ before(:each) do
40
+ pending
41
+ @params_protected_controller = ParamsProtectedController.new( fake_request )
42
+ # FIXME : this call to dispatch is where I break
43
+ #@params_protected_controller.dispatch('update')
44
+ end
45
+
46
+ it "should store the protected parameters for that controller" do
47
+ @params_protected_controller.protected_params_args.should == {
48
+ :address=> [:long, :lat], :customer=> [:activated?, :password]
49
+ }
50
+ end
51
+ end
52
+
53
+ describe "param clash prevention" do
54
+ it "should raise an error 'cannot make accessible'" do
55
+ lambda {
56
+ class TestAccessibleController < Merb::Controller
57
+ params_protected :customer => [:password]
58
+ params_accessible :customer => [:name, :phone, :email]
59
+ def index; end
60
+ end
61
+ }.should raise_error(/Cannot make accessible a controller \(.*?TestAccessibleController\) that is already protected/)
62
+ # TODO "#<Class:0xa9c598c>::TestProtectedController" is generated in ruby 1.9
63
+ end
64
+
65
+ it "should raise an error 'cannot protect'" do
66
+ lambda {
67
+ class TestProtectedController < Merb::Controller
68
+ params_accessible :customer => [:name, :phone, :email]
69
+ params_protected :customer => [:password]
70
+ def index; end
71
+ end
72
+ }.should raise_error(/Cannot protect controller \(.*?TestProtectedController\) that is already accessible/)
73
+ # TODO "#<Class:0x92bfbd4>::TestProtectedController" is generated in ruby 1.9
74
+ end
75
+ end
76
+ end
77
+
78
+ describe "param filtering" do
79
+ before(:each) do
80
+ Merb::Router.prepare do
81
+ @test_route = match("/the/:place/:goes/here").to(:controller => "Test", :action => "show").name(:test)
82
+ @default_route = default_routes
83
+ end
84
+ end
85
+
86
+ it "should remove specified params" do
87
+ post_body = "post[title]=hello%20there&post[body]=some%20text&post[status]=published&post[author_id]=1&commit=Submit"
88
+ request = fake_request( {:request_method => 'POST'}, {:post_body => post_body})
89
+ request.remove_params_from_object(:post, [:status, :author_id])
90
+ request.params[:post][:title].should == "hello there"
91
+ request.params[:post][:body].should == "some text"
92
+ request.params[:post][:status].should_not == "published"
93
+ request.params[:post][:author_id].should_not == 1
94
+ request.params[:commit].should == "Submit"
95
+ end
96
+
97
+ it "should restrict parameters" do
98
+ post_body = "post[title]=hello%20there&post[body]=some%20text&post[status]=published&post[author_id]=1&commit=Submit"
99
+ request = fake_request( {:request_method => 'POST'}, {:post_body => post_body})
100
+ request.restrict_params(:post, [:title, :body])
101
+ request.params[:post][:title].should == "hello there"
102
+ request.params[:post][:body].should == "some text"
103
+ request.params[:post][:status].should_not == "published"
104
+ request.params[:post][:author_id].should_not == 1
105
+ request.params[:commit].should == "Submit"
106
+ request.trashed_params.should == {"status"=>"published", "author_id"=>"1"}
107
+ end
108
+ end
109
+
110
+ it "should not have any plugin methods accidently exposed as actions" do
111
+ Merb::Controller.callable_actions.should be_empty
112
+ end
113
+
114
+ end
data/spec/spec.opts ADDED
@@ -0,0 +1,2 @@
1
+ --format specdoc
2
+ --colour
@@ -0,0 +1,33 @@
1
+ require "rubygems"
2
+
3
+ # Use current merb-core sources if running from a typical dev checkout.
4
+ lib = File.expand_path('../../../merb-core/lib', __FILE__)
5
+ $LOAD_PATH.unshift(lib) if File.directory?(lib)
6
+ require 'merb-core'
7
+
8
+ # The lib under test
9
+ require "merb-param-protection"
10
+
11
+ # Satisfies Autotest and anyone else not using the Rake tasks
12
+ require 'spec'
13
+
14
+
15
+ Spec::Runner.configure do |config|
16
+ config.include(Merb::Test::ViewHelper)
17
+ config.include(Merb::Test::RouteHelper)
18
+ config.include(Merb::Test::ControllerHelper)
19
+ end
20
+
21
+ def new_controller(action = 'index', controller = nil, additional_params = {})
22
+ request = OpenStruct.new
23
+ request.params = {:action => action, :controller => (controller.to_s || "Test")}
24
+ request.params.update(additional_params)
25
+ request.cookies = {}
26
+ request.accept ||= '*/*'
27
+
28
+ yield request if block_given?
29
+
30
+ response = OpenStruct.new
31
+ response.read = ""
32
+ (controller || Merb::Controller).build(request, response)
33
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-param-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.15
4
+ version: 1.1.0.pre
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lance Carlson
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-11-04 00:00:00 +00:00
12
+ date: 2010-02-20 00:00:00 +00:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,30 +20,45 @@ dependencies:
20
20
  requirements:
21
21
  - - ~>
22
22
  - !ruby/object:Gem::Version
23
- version: 1.0.15
23
+ version: 1.1.0.pre
24
24
  version:
25
- description: Merb plugin that provides params_accessible and params_protected class methods
25
+ - !ruby/object:Gem::Dependency
26
+ name: rspec
27
+ type: :development
28
+ version_requirement:
29
+ version_requirements: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 1.2.9
34
+ version:
35
+ description: Merb plugin that helps protecting sensible parameters
26
36
  email: lancecarlson@gmail.com
27
37
  executables: []
28
38
 
29
39
  extensions: []
30
40
 
31
41
  extra_rdoc_files:
32
- - README
33
42
  - LICENSE
43
+ - README
44
+ - TODO
34
45
  files:
35
46
  - LICENSE
36
47
  - README
37
48
  - Rakefile
38
- - lib/merb-param-protection/merbtasks.rb
49
+ - TODO
39
50
  - lib/merb-param-protection.rb
51
+ - lib/merb-param-protection/version.rb
52
+ - spec/merb_param_protection_spec.rb
53
+ - spec/spec.opts
54
+ - spec/spec_helper.rb
40
55
  has_rdoc: true
41
- homepage: http://merbivore.com
56
+ homepage: http://merbivore.com/
42
57
  licenses: []
43
58
 
44
59
  post_install_message:
45
- rdoc_options: []
46
-
60
+ rdoc_options:
61
+ - --charset=UTF-8
47
62
  require_paths:
48
63
  - lib
49
64
  required_ruby_version: !ruby/object:Gem::Requirement
@@ -54,13 +69,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
54
69
  version:
55
70
  required_rubygems_version: !ruby/object:Gem::Requirement
56
71
  requirements:
57
- - - ">="
72
+ - - ">"
58
73
  - !ruby/object:Gem::Version
59
- version: "0"
74
+ version: 1.3.1
60
75
  version:
61
76
  requirements: []
62
77
 
63
- rubyforge_project: merb
78
+ rubyforge_project:
64
79
  rubygems_version: 1.3.5
65
80
  signing_key:
66
81
  specification_version: 3
@@ -1,6 +0,0 @@
1
- # namespace :merb_param_protection do
2
- # desc "Do something for merb_param_protection"
3
- # task :default do
4
- # puts "merb_param_protection doesn't do anything"
5
- # end
6
- # end