moderate_parameters 0.2.6 → 0.3.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +40 -40
  3. data/README.md +14 -1
  4. data/lib/generators/templates/moderate_parameters.rb +2 -0
  5. data/lib/moderate_parameters/logger.rb +1 -3
  6. data/lib/moderate_parameters/parameters.rb +64 -7
  7. data/lib/moderate_parameters/version.rb +1 -1
  8. data/moderate_parameters.gemspec +2 -2
  9. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa022d8afad78e0d873a348c3c6b904126bb4667a1a121ff3f649f2ac1279f25
4
- data.tar.gz: 4d2f9811d68673a8edfbb96eda872950c34f199d0f6fb0c856ab5dbaecc2f357
3
+ metadata.gz: ccebf986537b995e0dda4aaba0fac77329a0f87b885f36eb4b1a0b85b03dfb9b
4
+ data.tar.gz: a8fd30ef1653f7376370643772066700535effc2f2a6eef88e410f3724cc3314
5
5
  SHA512:
6
- metadata.gz: 27f5bd24d222651ce688faf335d6c387f216fd6bf8a6a225654cf4085e5f03deebe9249cb61f68748854b61434b899031b73a5f203e427bcd28d8338b3d1f995
7
- data.tar.gz: e0a9b7507d86dfba2c61721c8fca95544b0dd571bf2163c28d251ebab73cbc7af890c8bea04717f0c54289eaffc9939fb473e6d29a67b39b3c108f3f058e62ee
6
+ metadata.gz: ef57958d1feb5a3a7d965bba16e829ddcfecdf881a17ae5ef4c9413ae2a13447b76999ee463381b376abb029055407e4bc99dbadbf1df510a9f888958133caf9
7
+ data.tar.gz: b65cc1997e65da4ae7c88045652edef1f73fa6efe417a4f0e6c41b711b89ed21f9eb8f97cfdd576dd09e7b307d4960cd82cf60cd4613620c5d0cd44ebed2c2b0
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- moderate_parameters (0.2.2)
4
+ moderate_parameters (0.3.4)
5
5
  actionpack (>= 4.2, < 6.1)
6
6
  activemodel (>= 4.2, < 6.1)
7
7
  activesupport (>= 4.2, < 6.1)
@@ -10,51 +10,51 @@ PATH
10
10
  GEM
11
11
  remote: https://rubygems.org/
12
12
  specs:
13
- actionpack (6.0.0)
14
- actionview (= 6.0.0)
15
- activesupport (= 6.0.0)
16
- rack (~> 2.0)
13
+ actionpack (6.0.3.4)
14
+ actionview (= 6.0.3.4)
15
+ activesupport (= 6.0.3.4)
16
+ rack (~> 2.0, >= 2.0.8)
17
17
  rack-test (>= 0.6.3)
18
18
  rails-dom-testing (~> 2.0)
19
19
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
20
- actionview (6.0.0)
21
- activesupport (= 6.0.0)
20
+ actionview (6.0.3.4)
21
+ activesupport (= 6.0.3.4)
22
22
  builder (~> 3.1)
23
23
  erubi (~> 1.4)
24
24
  rails-dom-testing (~> 2.0)
25
25
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
26
- activemodel (6.0.0)
27
- activesupport (= 6.0.0)
28
- activesupport (6.0.0)
26
+ activemodel (6.0.3.4)
27
+ activesupport (= 6.0.3.4)
28
+ activesupport (6.0.3.4)
29
29
  concurrent-ruby (~> 1.0, >= 1.0.2)
30
30
  i18n (>= 0.7, < 2)
31
31
  minitest (~> 5.1)
32
32
  tzinfo (~> 1.1)
33
- zeitwerk (~> 2.1, >= 2.1.8)
33
+ zeitwerk (~> 2.2, >= 2.2.2)
34
34
  appraisal (2.2.0)
35
35
  bundler
36
36
  rake
37
37
  thor (>= 0.14.0)
38
- builder (3.2.3)
38
+ builder (3.2.4)
39
39
  coderay (1.1.2)
40
- concurrent-ruby (1.1.5)
41
- crass (1.0.5)
40
+ concurrent-ruby (1.1.7)
41
+ crass (1.0.6)
42
42
  diff-lcs (1.3)
43
43
  erubi (1.9.0)
44
- i18n (1.7.0)
44
+ i18n (1.8.5)
45
45
  concurrent-ruby (~> 1.0)
46
- loofah (2.3.1)
46
+ loofah (2.7.0)
47
47
  crass (~> 1.0.2)
48
48
  nokogiri (>= 1.5.9)
49
49
  method_source (0.9.2)
50
50
  mini_portile2 (2.4.0)
51
- minitest (5.12.2)
52
- nokogiri (1.10.4)
51
+ minitest (5.14.2)
52
+ nokogiri (1.10.10)
53
53
  mini_portile2 (~> 2.4.0)
54
54
  pry (0.12.2)
55
55
  coderay (~> 1.1.0)
56
56
  method_source (~> 0.9.0)
57
- rack (2.0.7)
57
+ rack (2.2.3)
58
58
  rack-test (1.1.0)
59
59
  rack (>= 1.0, < 3)
60
60
  rails-dom-testing (2.0.3)
@@ -62,45 +62,45 @@ GEM
62
62
  nokogiri (>= 1.6)
63
63
  rails-html-sanitizer (1.3.0)
64
64
  loofah (~> 2.3)
65
- railties (6.0.0)
66
- actionpack (= 6.0.0)
67
- activesupport (= 6.0.0)
65
+ railties (6.0.3.4)
66
+ actionpack (= 6.0.3.4)
67
+ activesupport (= 6.0.3.4)
68
68
  method_source
69
69
  rake (>= 0.8.7)
70
70
  thor (>= 0.20.3, < 2.0)
71
- rake (10.5.0)
72
- rspec (3.8.0)
73
- rspec-core (~> 3.8.0)
74
- rspec-expectations (~> 3.8.0)
75
- rspec-mocks (~> 3.8.0)
76
- rspec-core (3.8.2)
77
- rspec-support (~> 3.8.0)
78
- rspec-expectations (3.8.4)
71
+ rake (13.0.1)
72
+ rspec (3.9.0)
73
+ rspec-core (~> 3.9.0)
74
+ rspec-expectations (~> 3.9.0)
75
+ rspec-mocks (~> 3.9.0)
76
+ rspec-core (3.9.1)
77
+ rspec-support (~> 3.9.1)
78
+ rspec-expectations (3.9.0)
79
79
  diff-lcs (>= 1.2.0, < 2.0)
80
- rspec-support (~> 3.8.0)
81
- rspec-mocks (3.8.1)
80
+ rspec-support (~> 3.9.0)
81
+ rspec-mocks (3.9.1)
82
82
  diff-lcs (>= 1.2.0, < 2.0)
83
- rspec-support (~> 3.8.0)
84
- rspec-support (3.8.2)
83
+ rspec-support (~> 3.9.0)
84
+ rspec-support (3.9.2)
85
85
  rspec_junit_formatter (0.4.1)
86
86
  rspec-core (>= 2, < 4, != 2.12.0)
87
- thor (0.20.3)
87
+ thor (1.0.1)
88
88
  thread_safe (0.3.6)
89
- tzinfo (1.2.5)
89
+ tzinfo (1.2.7)
90
90
  thread_safe (~> 0.1)
91
- zeitwerk (2.2.0)
91
+ zeitwerk (2.4.0)
92
92
 
93
93
  PLATFORMS
94
94
  ruby
95
95
 
96
96
  DEPENDENCIES
97
97
  appraisal (= 2.2.0)
98
- bundler (~> 2.0.1)
98
+ bundler (~> 2.0)
99
99
  moderate_parameters!
100
100
  pry (~> 0.12.2)
101
- rake (~> 10.0)
101
+ rake (~> 13.0)
102
102
  rspec (~> 3.0)
103
103
  rspec_junit_formatter (= 0.4.1)
104
104
 
105
105
  BUNDLED WITH
106
- 2.0.1
106
+ 2.1.4
data/README.md CHANGED
@@ -5,6 +5,8 @@
5
5
 
6
6
  By [Hint.io](https://hint.io)
7
7
 
8
+ [![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
9
+
8
10
  In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
9
11
 
10
12
  Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
@@ -111,7 +113,7 @@ end
111
113
 
112
114
  We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
113
115
 
114
- This means that we can remove `moderate_parameters` and move to using `permit` as a part of `strong_parameters`:
116
+ This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
115
117
 
116
118
  ```ruby
117
119
  class PeopleController < ActionController::Base
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
129
131
  end
130
132
  ```
131
133
 
134
+ It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
135
+
136
+ ```ruby
137
+ class Person < ActiveRecord::Base
138
+ # attr_accessible :name, :age, :height
139
+
140
+ . . .
141
+
142
+ end
143
+ ```
144
+
132
145
  ## Contributing
133
146
 
134
147
  Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
data/lib/generators/templates/moderate_parameters.rb CHANGED
@@ -4,4 +4,6 @@ ModerateParameters.configure do |config|
4
4
  # Enables/Disables logging occurrences of
5
5
  # reading/writing from ActionController::Parameters.
6
6
  config.breadcrumbs_enabled = false
7
+ # Sets where to log the ModerateParameters output
8
+ config.logger = ActiveSupport::Logger.new('log/moderate_parameters.log')
7
9
  end
data/lib/moderate_parameters/logger.rb CHANGED
@@ -1,7 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- $moderate_parameters_logger = ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')
4
-
5
3
  ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
6
- $moderate_parameters_logger.info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
4
+ (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
7
5
  end
data/lib/moderate_parameters/parameters.rb CHANGED
@@ -8,25 +8,50 @@ module ModerateParameters
8
8
  filters.each do |filter|
9
9
  case filter
10
10
  when Symbol, String
11
- permitted_scalar_filter(params, filter)
11
+ if non_scalar?(self[filter])
12
+ non_scalar_value_filter(params, filter, controller_name, action)
13
+ else
14
+ permitted_scalar_filter(params, filter)
15
+ end
12
16
  when Hash
13
17
  cust_hash_filter(params, filter, controller_name, action)
14
18
  end
15
19
  end
16
20
 
17
21
  incoming_params_logging(params, controller_name, action)
18
- permit!
22
+ dup.permit!
19
23
  end
20
24
 
21
25
  private
22
26
 
27
+ def write_to_log(options)
28
+ ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
29
+ payload.merge!(options)
30
+ end
31
+ end
32
+
23
33
  def incoming_params_logging(params, controller_name, action)
24
34
  unpermitted_keys(params).each do |k|
25
- ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
26
- payload[:controller] = controller_name
27
- payload[:action] = action
28
- payload[:message] = "#{@context || 'Top Level'} is missing: #{k}"
29
- end
35
+ write_to_log(message: "#{@context || 'Top Level'} is missing: #{k}",
36
+ action: action,
37
+ controller: controller_name)
38
+ end
39
+ end
40
+
41
+ def non_scalar_value_filter(params, key, controller_name, action)
42
+ if has_key?(key) && !permitted_scalar?(self[key])
43
+ params[key] = self[key].class.new
44
+ write_to_log(message: "#{@context || 'Top Level'} is missing: #{params[key]} value for #{key}",
45
+ action: action,
46
+ controller: controller_name)
47
+ end
48
+ end
49
+
50
+ def array_of_permitted_scalars?(value)
51
+ if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
52
+ return true unless block_given?
53
+
54
+ yield value
30
55
  end
31
56
  end
32
57
 
@@ -34,6 +59,38 @@ module ModerateParameters
34
59
  value.is_a?(Array) || value.is_a?(Parameters)
35
60
  end
36
61
 
62
+ def permit_any_in_array(array)
63
+ [].tap do |sanitized|
64
+ array.each do |element|
65
+ case element
66
+ when ->(e) { permitted_scalar?(e) }
67
+ sanitized << element
68
+ when Parameters
69
+ sanitized << permit_any_in_parameters(element)
70
+ else
71
+ # Log it
72
+ end
73
+ end
74
+ end
75
+ end
76
+
77
+ def permit_any_in_parameters(params)
78
+ self.class.new.tap do |sanitized|
79
+ params.each do |key, value|
80
+ case value
81
+ when ->(v) { permitted_scalar?(v) }
82
+ sanitized[key] = value
83
+ when Array
84
+ sanitized[key] = permit_any_in_array(value)
85
+ when Parameters
86
+ sanitized[key] = permit_any_in_parameters(value)
87
+ else
88
+ # Log It
89
+ end
90
+ end
91
+ end
92
+ end
93
+
37
94
  EMPTY_HASH ||= {}
38
95
  EMPTY_ARRAY ||= []
39
96
  def cust_hash_filter(params, filter, controller_name, action)
data/lib/moderate_parameters/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ModerateParameters
4
- VERSION = '0.2.6'
4
+ VERSION = '0.3.4'
5
5
  end
data/moderate_parameters.gemspec CHANGED
@@ -41,9 +41,9 @@ Gem::Specification.new do |spec|
41
41
  spec.add_dependency 'activesupport', '>= 4.2', '< 6.1'
42
42
  spec.add_dependency 'railties', '>= 4.2', '< 6.1'
43
43
 
44
- spec.add_development_dependency 'bundler', '~> 2.0.1'
44
+ spec.add_development_dependency 'bundler', '~> 2.0'
45
45
  spec.add_development_dependency 'pry', '~> 0.12.2'
46
- spec.add_development_dependency 'rake', '~> 10.0'
46
+ spec.add_development_dependency 'rake', '~> 13.0'
47
47
  spec.add_development_dependency 'rspec', '~> 3.0'
48
48
  spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
49
49
  spec.add_development_dependency 'appraisal', '2.2.0'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: moderate_parameters
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.6
4
+ version: 0.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kyle Boe
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-12-19 00:00:00.000000000 Z
11
+ date: 2020-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -96,14 +96,14 @@ dependencies:
96
96
  requirements:
97
97
  - - "~>"
98
98
  - !ruby/object:Gem::Version
99
- version: 2.0.1
99
+ version: '2.0'
100
100
  type: :development
101
101
  prerelease: false
102
102
  version_requirements: !ruby/object:Gem::Requirement
103
103
  requirements:
104
104
  - - "~>"
105
105
  - !ruby/object:Gem::Version
106
- version: 2.0.1
106
+ version: '2.0'
107
107
  - !ruby/object:Gem::Dependency
108
108
  name: pry
109
109
  requirement: !ruby/object:Gem::Requirement
@@ -124,14 +124,14 @@ dependencies:
124
124
  requirements:
125
125
  - - "~>"
126
126
  - !ruby/object:Gem::Version
127
- version: '10.0'
127
+ version: '13.0'
128
128
  type: :development
129
129
  prerelease: false
130
130
  version_requirements: !ruby/object:Gem::Requirement
131
131
  requirements:
132
132
  - - "~>"
133
133
  - !ruby/object:Gem::Version
134
- version: '10.0'
134
+ version: '13.0'
135
135
  - !ruby/object:Gem::Dependency
136
136
  name: rspec
137
137
  requirement: !ruby/object:Gem::Requirement