moderate_parameters 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +96 -0
- data/README.md +4 -2
- data/lib/moderate_parameters/moderate_parameters.rb +34 -34
- data/lib/moderate_parameters/version.rb +1 -1
- data/moderate_parameters.gemspec +35 -32
- metadata +26 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a3dab509d7471d97c25322b1998d917fdb04b41993a53b4550fe80b47bfcf51
|
|
4
|
+
data.tar.gz: 8e0cf544739a1ac9ad0c2153a231b4edafcff7ddc86ca861a3622673a4da1eca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c511925780bb70b27d3654ed9c13cbc41806b05bf8e6bcb2f6d5a154e5f66cd78c75afad4b43ea8df38edab3199d3d2549876e24ecc857340a8964d589d4811a
|
|
7
|
+
data.tar.gz: 3c0bb1b989d4b5bc20709d36854823050a0f28912fd098ecb4b8d96f279364dab02b1dc45200a3aea5dc0ebe2767599c172908ec6860b90ff50bc802183a83c0
|
data/.gitignore
CHANGED
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
moderate_parameters (0.1.0)
|
|
5
|
+
actionpack (>= 3.0, < 6.1)
|
|
6
|
+
activemodel (>= 3.0, < 6.1)
|
|
7
|
+
activesupport (>= 3.0, < 6.1)
|
|
8
|
+
railties (>= 3.0, < 6.1)
|
|
9
|
+
|
|
10
|
+
GEM
|
|
11
|
+
remote: https://rubygems.org/
|
|
12
|
+
specs:
|
|
13
|
+
actionpack (5.2.3)
|
|
14
|
+
actionview (= 5.2.3)
|
|
15
|
+
activesupport (= 5.2.3)
|
|
16
|
+
rack (~> 2.0)
|
|
17
|
+
rack-test (>= 0.6.3)
|
|
18
|
+
rails-dom-testing (~> 2.0)
|
|
19
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
|
20
|
+
actionview (5.2.3)
|
|
21
|
+
activesupport (= 5.2.3)
|
|
22
|
+
builder (~> 3.1)
|
|
23
|
+
erubi (~> 1.4)
|
|
24
|
+
rails-dom-testing (~> 2.0)
|
|
25
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.3)
|
|
26
|
+
activemodel (5.2.3)
|
|
27
|
+
activesupport (= 5.2.3)
|
|
28
|
+
activesupport (5.2.3)
|
|
29
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
30
|
+
i18n (>= 0.7, < 2)
|
|
31
|
+
minitest (~> 5.1)
|
|
32
|
+
tzinfo (~> 1.1)
|
|
33
|
+
builder (3.2.3)
|
|
34
|
+
coderay (1.1.2)
|
|
35
|
+
concurrent-ruby (1.1.5)
|
|
36
|
+
crass (1.0.4)
|
|
37
|
+
diff-lcs (1.3)
|
|
38
|
+
erubi (1.8.0)
|
|
39
|
+
i18n (1.6.0)
|
|
40
|
+
concurrent-ruby (~> 1.0)
|
|
41
|
+
loofah (2.2.3)
|
|
42
|
+
crass (~> 1.0.2)
|
|
43
|
+
nokogiri (>= 1.5.9)
|
|
44
|
+
method_source (0.9.2)
|
|
45
|
+
mini_portile2 (2.4.0)
|
|
46
|
+
minitest (5.11.3)
|
|
47
|
+
nokogiri (1.10.4)
|
|
48
|
+
mini_portile2 (~> 2.4.0)
|
|
49
|
+
pry (0.12.2)
|
|
50
|
+
coderay (~> 1.1.0)
|
|
51
|
+
method_source (~> 0.9.0)
|
|
52
|
+
rack (2.0.7)
|
|
53
|
+
rack-test (1.1.0)
|
|
54
|
+
rack (>= 1.0, < 3)
|
|
55
|
+
rails-dom-testing (2.0.3)
|
|
56
|
+
activesupport (>= 4.2.0)
|
|
57
|
+
nokogiri (>= 1.6)
|
|
58
|
+
rails-html-sanitizer (1.0.4)
|
|
59
|
+
loofah (~> 2.2, >= 2.2.2)
|
|
60
|
+
railties (5.2.3)
|
|
61
|
+
actionpack (= 5.2.3)
|
|
62
|
+
activesupport (= 5.2.3)
|
|
63
|
+
method_source
|
|
64
|
+
rake (>= 0.8.7)
|
|
65
|
+
thor (>= 0.19.0, < 2.0)
|
|
66
|
+
rake (10.5.0)
|
|
67
|
+
rspec (3.8.0)
|
|
68
|
+
rspec-core (~> 3.8.0)
|
|
69
|
+
rspec-expectations (~> 3.8.0)
|
|
70
|
+
rspec-mocks (~> 3.8.0)
|
|
71
|
+
rspec-core (3.8.0)
|
|
72
|
+
rspec-support (~> 3.8.0)
|
|
73
|
+
rspec-expectations (3.8.2)
|
|
74
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
75
|
+
rspec-support (~> 3.8.0)
|
|
76
|
+
rspec-mocks (3.8.0)
|
|
77
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
78
|
+
rspec-support (~> 3.8.0)
|
|
79
|
+
rspec-support (3.8.0)
|
|
80
|
+
thor (0.20.3)
|
|
81
|
+
thread_safe (0.3.6)
|
|
82
|
+
tzinfo (1.2.5)
|
|
83
|
+
thread_safe (~> 0.1)
|
|
84
|
+
|
|
85
|
+
PLATFORMS
|
|
86
|
+
ruby
|
|
87
|
+
|
|
88
|
+
DEPENDENCIES
|
|
89
|
+
bundler (~> 2.0.1)
|
|
90
|
+
moderate_parameters!
|
|
91
|
+
pry (~> 0.12.2)
|
|
92
|
+
rake (~> 10.0)
|
|
93
|
+
rspec (~> 3.0)
|
|
94
|
+
|
|
95
|
+
BUNDLED WITH
|
|
96
|
+
2.0.1
|
data/README.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
|
|
1
|
+
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
By [Hint.io](https://hint.io)
|
|
4
|
+
|
|
5
|
+
In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet. Moderate Parameters is a tool that provides safety nets and logging of data sources in the controller by extending `ActionController::Parameters` functionality.
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
@@ -20,47 +20,47 @@ module ActionController
|
|
|
20
20
|
|
|
21
21
|
private
|
|
22
22
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
end
|
|
23
|
+
def custom_logging(params, controller_name, action)
|
|
24
|
+
unpermitted_keys(params).each do |k|
|
|
25
|
+
ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
|
|
26
|
+
payload[:controller] = controller_name
|
|
27
|
+
payload[:action] = action
|
|
28
|
+
payload[:message] = "#{@context || 'Top Level'} is missing: #{k}"
|
|
30
29
|
end
|
|
31
30
|
end
|
|
31
|
+
end
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
33
|
+
def non_scalar?(value)
|
|
34
|
+
value.is_a?(Array) || value.is_a?(Parameters)
|
|
35
|
+
end
|
|
36
36
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
EMPTY_HASH = {}
|
|
38
|
+
def cust_hash_filter(params, filter, controller_name, action)
|
|
39
|
+
filter = filter.with_indifferent_access
|
|
40
40
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
41
|
+
# Slicing filters out non-declared keys.
|
|
42
|
+
slice(*filter.keys).each do |key, value|
|
|
43
|
+
next unless value
|
|
44
|
+
next unless has_key? key
|
|
45
45
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
end
|
|
46
|
+
if filter[key] == EMPTY_ARRAY
|
|
47
|
+
# Declaration { comment_ids: [] }.
|
|
48
|
+
array_of_permitted_scalars?(self[key]) do |val|
|
|
49
|
+
params[key] = val
|
|
50
|
+
end
|
|
51
|
+
elsif filter[key] == EMPTY_HASH
|
|
52
|
+
# Declaration { preferences: {} }.
|
|
53
|
+
if value.is_a?(Parameters)
|
|
54
|
+
params[key] = permit_any_in_parameters(value)
|
|
55
|
+
end
|
|
56
|
+
elsif non_scalar?(value)
|
|
57
|
+
# Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
|
|
58
|
+
params[key] = each_element(value) do |element|
|
|
59
|
+
element.instance_variable_set '@context', "Parent #{key}"
|
|
60
|
+
element.moderate(controller_name, action, *Array.wrap(filter[key]))
|
|
62
61
|
end
|
|
63
62
|
end
|
|
64
63
|
end
|
|
64
|
+
end
|
|
65
65
|
end
|
|
66
|
-
end
|
|
66
|
+
end
|
data/moderate_parameters.gemspec
CHANGED
|
@@ -1,45 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
|
|
2
|
-
lib = File.expand_path(
|
|
3
|
+
lib = File.expand_path('lib', __dir__)
|
|
3
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
-
require
|
|
5
|
+
require 'moderate_parameters/version'
|
|
5
6
|
|
|
6
7
|
Gem::Specification.new do |spec|
|
|
7
|
-
spec.name
|
|
8
|
-
spec.version
|
|
9
|
-
spec.authors
|
|
10
|
-
spec.email
|
|
11
|
-
|
|
12
|
-
spec.summary
|
|
13
|
-
spec.description
|
|
14
|
-
|
|
15
|
-
spec.
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
|
8
|
+
spec.name = 'moderate_parameters'
|
|
9
|
+
spec.version = ModerateParameters::VERSION
|
|
10
|
+
spec.authors = ['Kyle Boe']
|
|
11
|
+
spec.email = ['kyle@hint.io']
|
|
12
|
+
|
|
13
|
+
spec.summary = 'Protected Attributes to Strong Parameters migration tool'
|
|
14
|
+
spec.description = 'A tool for migrating Rails applications from Protected ' \
|
|
15
|
+
'Attributes to Strong Parameters.'
|
|
16
|
+
spec.homepage = 'https://github.com/hintmedia/moderate_parameters'
|
|
17
|
+
spec.license = 'MIT'
|
|
18
|
+
|
|
19
19
|
if spec.respond_to?(:metadata)
|
|
20
|
-
spec.metadata[
|
|
21
|
-
spec.metadata[
|
|
22
|
-
spec.metadata[
|
|
20
|
+
spec.metadata['homepage_uri'] = spec.homepage
|
|
21
|
+
spec.metadata['source_code_uri'] = 'https://github.com/hintmedia/moderate_parameters'
|
|
22
|
+
spec.metadata['changelog_uri'] = 'https://github.com/hintmedia/moderate_parameters/blob/master/CHANGELOG.md'
|
|
23
23
|
else
|
|
24
|
-
raise
|
|
25
|
-
|
|
24
|
+
raise 'RubyGems 2.0 or newer is required to protect against ' \
|
|
25
|
+
'public gem pushes.'
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
28
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
|
29
|
+
`git ls-files -z`.split("\x0").reject do |f|
|
|
30
|
+
f.match(%r{^(test|spec|features)/})
|
|
31
|
+
end
|
|
32
32
|
end
|
|
33
|
-
spec.bindir =
|
|
33
|
+
spec.bindir = 'bin'
|
|
34
34
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
35
|
-
spec.require_paths = [
|
|
35
|
+
spec.require_paths = ['lib']
|
|
36
|
+
|
|
37
|
+
spec.required_ruby_version = '>= 2.3.1'
|
|
36
38
|
|
|
37
|
-
spec.add_dependency
|
|
38
|
-
spec.add_dependency
|
|
39
|
-
spec.add_dependency
|
|
40
|
-
spec.add_dependency
|
|
39
|
+
spec.add_dependency 'actionpack', '>= 3.0', '< 6.1'
|
|
40
|
+
spec.add_dependency 'activemodel', '>= 3.0', '< 6.1'
|
|
41
|
+
spec.add_dependency 'activesupport', '>= 3.0', '< 6.1'
|
|
42
|
+
spec.add_dependency 'railties', '>= 3.0', '< 6.1'
|
|
41
43
|
|
|
42
|
-
spec.add_development_dependency
|
|
43
|
-
spec.add_development_dependency
|
|
44
|
-
spec.add_development_dependency
|
|
44
|
+
spec.add_development_dependency 'bundler', '~> 2.0.1'
|
|
45
|
+
spec.add_development_dependency 'pry', '~> 0.12.2'
|
|
46
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
|
47
|
+
spec.add_development_dependency 'rspec', '~> 3.0'
|
|
45
48
|
end
|
metadata
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: moderate_parameters
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
- Kyle Boe
|
|
7
|
+
- Kyle Boe
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-09-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: actionpack
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
@@ -31,7 +31,7 @@ dependencies:
|
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: '6.1'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
|
-
name:
|
|
34
|
+
name: activemodel
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - ">="
|
|
@@ -51,7 +51,7 @@ dependencies:
|
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
52
|
version: '6.1'
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
|
54
|
-
name:
|
|
54
|
+
name: activesupport
|
|
55
55
|
requirement: !ruby/object:Gem::Requirement
|
|
56
56
|
requirements:
|
|
57
57
|
- - ">="
|
|
@@ -96,14 +96,28 @@ dependencies:
|
|
|
96
96
|
requirements:
|
|
97
97
|
- - "~>"
|
|
98
98
|
- !ruby/object:Gem::Version
|
|
99
|
-
version:
|
|
99
|
+
version: 2.0.1
|
|
100
|
+
type: :development
|
|
101
|
+
prerelease: false
|
|
102
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
103
|
+
requirements:
|
|
104
|
+
- - "~>"
|
|
105
|
+
- !ruby/object:Gem::Version
|
|
106
|
+
version: 2.0.1
|
|
107
|
+
- !ruby/object:Gem::Dependency
|
|
108
|
+
name: pry
|
|
109
|
+
requirement: !ruby/object:Gem::Requirement
|
|
110
|
+
requirements:
|
|
111
|
+
- - "~>"
|
|
112
|
+
- !ruby/object:Gem::Version
|
|
113
|
+
version: 0.12.2
|
|
100
114
|
type: :development
|
|
101
115
|
prerelease: false
|
|
102
116
|
version_requirements: !ruby/object:Gem::Requirement
|
|
103
117
|
requirements:
|
|
104
118
|
- - "~>"
|
|
105
119
|
- !ruby/object:Gem::Version
|
|
106
|
-
version:
|
|
120
|
+
version: 0.12.2
|
|
107
121
|
- !ruby/object:Gem::Dependency
|
|
108
122
|
name: rake
|
|
109
123
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -135,7 +149,7 @@ dependencies:
|
|
|
135
149
|
description: A tool for migrating Rails applications from Protected Attributes to
|
|
136
150
|
Strong Parameters.
|
|
137
151
|
email:
|
|
138
|
-
- kyle@hint.io
|
|
152
|
+
- kyle@hint.io
|
|
139
153
|
executables:
|
|
140
154
|
- console
|
|
141
155
|
- setup
|
|
@@ -148,6 +162,7 @@ files:
|
|
|
148
162
|
- CHANGELOG.md
|
|
149
163
|
- CODE_OF_CONDUCT.md
|
|
150
164
|
- Gemfile
|
|
165
|
+
- Gemfile.lock
|
|
151
166
|
- LICENSE.txt
|
|
152
167
|
- README.md
|
|
153
168
|
- Rakefile
|
|
@@ -173,14 +188,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
173
188
|
requirements:
|
|
174
189
|
- - ">="
|
|
175
190
|
- !ruby/object:Gem::Version
|
|
176
|
-
version:
|
|
191
|
+
version: 2.3.1
|
|
177
192
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
178
193
|
requirements:
|
|
179
194
|
- - ">="
|
|
180
195
|
- !ruby/object:Gem::Version
|
|
181
196
|
version: '0'
|
|
182
197
|
requirements: []
|
|
183
|
-
rubygems_version: 3.0.
|
|
198
|
+
rubygems_version: 3.0.3
|
|
184
199
|
signing_key:
|
|
185
200
|
specification_version: 4
|
|
186
201
|
summary: Protected Attributes to Strong Parameters migration tool
|