moderate_parameters 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +23 -23
  3. data/README.md +14 -1
  4. data/lib/moderate_parameters/breadcrumbs.rb +63 -7
  5. data/lib/moderate_parameters/logger.rb +3 -3
  6. data/lib/moderate_parameters/parameters.rb +33 -1
  7. data/lib/moderate_parameters/version.rb +1 -1
  8. data/moderate_parameters.gemspec +1 -1
  9. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33118bf4c165859d1135b0628d3c1177560003900ea7637a4d97bb149f00fbef
4
- data.tar.gz: cef73308c79623677793428b8704e667eca870e2f4463ffc41efb878d030429d
3
+ metadata.gz: 7da243c4e3c3402126ab024168790ca875ce97288d783432ce7d7105aa0082a8
4
+ data.tar.gz: 981432f67a8d7a5e17e774dc171cc239ff2379059e164cd4e24f40b446e51a70
5
5
  SHA512:
6
- metadata.gz: 12d73a15669d2af4b6b579b1fe0905efb191bc3474bb174fb011b2065d1efbce9c91efcf9f379984139a506c85cdf1b34ca8966df6dbf996d57c8e291487ff31
7
- data.tar.gz: 68c48b72df1c5a99a7287330c4cfa2275c6cfdc8ccfc5c6af28db5b24e5b4bff232709e24c949a58d645fbb0ef1ea9fe0e751f7ad6e01c8c9348ab578eb3ff58
6
+ metadata.gz: f87a7a589852fccbc9dce81f5d4e041aeda5bbedbdadccd8a17599e5266a25cdc98b48047cf80886360c5f3e596b2b07aa705a2bd86f2ff575e929fac271740e
7
+ data.tar.gz: c0f48cd8721c99870af9229902bb26e7a3b805109afce9ea2fde53cce48266c546ccf267396db2780e1c34093556e63939db90fe0b399367e113394467b87af4
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- moderate_parameters (0.3.0)
4
+ moderate_parameters (0.4.0)
5
5
  actionpack (>= 4.2, < 6.1)
6
6
  activemodel (>= 4.2, < 6.1)
7
7
  activesupport (>= 4.2, < 6.1)
@@ -10,51 +10,51 @@ PATH
10
10
  GEM
11
11
  remote: https://rubygems.org/
12
12
  specs:
13
- actionpack (6.0.2.1)
14
- actionview (= 6.0.2.1)
15
- activesupport (= 6.0.2.1)
13
+ actionpack (6.0.3.4)
14
+ actionview (= 6.0.3.4)
15
+ activesupport (= 6.0.3.4)
16
16
  rack (~> 2.0, >= 2.0.8)
17
17
  rack-test (>= 0.6.3)
18
18
  rails-dom-testing (~> 2.0)
19
19
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
20
- actionview (6.0.2.1)
21
- activesupport (= 6.0.2.1)
20
+ actionview (6.0.3.4)
21
+ activesupport (= 6.0.3.4)
22
22
  builder (~> 3.1)
23
23
  erubi (~> 1.4)
24
24
  rails-dom-testing (~> 2.0)
25
25
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
26
- activemodel (6.0.2.1)
27
- activesupport (= 6.0.2.1)
28
- activesupport (6.0.2.1)
26
+ activemodel (6.0.3.4)
27
+ activesupport (= 6.0.3.4)
28
+ activesupport (6.0.3.4)
29
29
  concurrent-ruby (~> 1.0, >= 1.0.2)
30
30
  i18n (>= 0.7, < 2)
31
31
  minitest (~> 5.1)
32
32
  tzinfo (~> 1.1)
33
- zeitwerk (~> 2.2)
33
+ zeitwerk (~> 2.2, >= 2.2.2)
34
34
  appraisal (2.2.0)
35
35
  bundler
36
36
  rake
37
37
  thor (>= 0.14.0)
38
38
  builder (3.2.4)
39
39
  coderay (1.1.2)
40
- concurrent-ruby (1.1.5)
40
+ concurrent-ruby (1.1.7)
41
41
  crass (1.0.6)
42
42
  diff-lcs (1.3)
43
43
  erubi (1.9.0)
44
- i18n (1.8.2)
44
+ i18n (1.8.5)
45
45
  concurrent-ruby (~> 1.0)
46
- loofah (2.4.0)
46
+ loofah (2.7.0)
47
47
  crass (~> 1.0.2)
48
48
  nokogiri (>= 1.5.9)
49
49
  method_source (0.9.2)
50
50
  mini_portile2 (2.4.0)
51
- minitest (5.14.0)
52
- nokogiri (1.10.7)
51
+ minitest (5.14.2)
52
+ nokogiri (1.10.10)
53
53
  mini_portile2 (~> 2.4.0)
54
54
  pry (0.12.2)
55
55
  coderay (~> 1.1.0)
56
56
  method_source (~> 0.9.0)
57
- rack (2.1.1)
57
+ rack (2.2.3)
58
58
  rack-test (1.1.0)
59
59
  rack (>= 1.0, < 3)
60
60
  rails-dom-testing (2.0.3)
@@ -62,13 +62,13 @@ GEM
62
62
  nokogiri (>= 1.6)
63
63
  rails-html-sanitizer (1.3.0)
64
64
  loofah (~> 2.3)
65
- railties (6.0.2.1)
66
- actionpack (= 6.0.2.1)
67
- activesupport (= 6.0.2.1)
65
+ railties (6.0.3.4)
66
+ actionpack (= 6.0.3.4)
67
+ activesupport (= 6.0.3.4)
68
68
  method_source
69
69
  rake (>= 0.8.7)
70
70
  thor (>= 0.20.3, < 2.0)
71
- rake (10.5.0)
71
+ rake (13.0.1)
72
72
  rspec (3.9.0)
73
73
  rspec-core (~> 3.9.0)
74
74
  rspec-expectations (~> 3.9.0)
@@ -86,9 +86,9 @@ GEM
86
86
  rspec-core (>= 2, < 4, != 2.12.0)
87
87
  thor (1.0.1)
88
88
  thread_safe (0.3.6)
89
- tzinfo (1.2.6)
89
+ tzinfo (1.2.7)
90
90
  thread_safe (~> 0.1)
91
- zeitwerk (2.2.2)
91
+ zeitwerk (2.4.0)
92
92
 
93
93
  PLATFORMS
94
94
  ruby
@@ -98,7 +98,7 @@ DEPENDENCIES
98
98
  bundler (~> 2.0)
99
99
  moderate_parameters!
100
100
  pry (~> 0.12.2)
101
- rake (~> 10.0)
101
+ rake (~> 13.0)
102
102
  rspec (~> 3.0)
103
103
  rspec_junit_formatter (= 0.4.1)
104
104
 
data/README.md CHANGED
@@ -5,6 +5,8 @@
5
5
 
6
6
  By [Hint.io](https://hint.io)
7
7
 
8
+ [![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
9
+
8
10
  In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
9
11
 
10
12
  Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
@@ -111,7 +113,7 @@ end
111
113
 
112
114
  We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
113
115
 
114
- This means that we can remove `moderate_parameters` and move to using `permit` as a part of `strong_parameters`:
116
+ This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
115
117
 
116
118
  ```ruby
117
119
  class PeopleController < ActionController::Base
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
129
131
  end
130
132
  ```
131
133
 
134
+ It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
135
+
136
+ ```ruby
137
+ class Person < ActiveRecord::Base
138
+ # attr_accessible :name, :age, :height
139
+
140
+ . . .
141
+
142
+ end
143
+ ```
144
+
132
145
  ## Contributing
133
146
 
134
147
  Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
data/lib/moderate_parameters/breadcrumbs.rb CHANGED
@@ -2,34 +2,90 @@
2
2
 
3
3
  module ModerateParameters
4
4
  module Breadcrumbs
5
- def [](key)
6
- internal_param_logging(key, 'read', caller_locations) if ModerateParameters.breadcrumbs_enabled
5
+ def []=(key, _value)
6
+ internal_param_logging(key, key?(key) ? 'overwritten' : 'added', caller_locations)
7
7
  super
8
8
  end
9
9
 
10
- def []=(key, value)
11
- internal_param_logging(key, 'overwritten', caller_locations) if ModerateParameters.breadcrumbs_enabled
10
+ def merge!(other_hash)
11
+ internal_method_logging('merge!', other_hash.keys, caller_locations)
12
+ super
13
+ end
14
+
15
+ def reverse_merge!(other_hash)
16
+ internal_method_logging('reverse_merge!', other_hash.keys, caller_locations)
12
17
  super
13
18
  end
14
19
 
15
20
  def extract!(*keys)
16
- internal_method_logging('extract!', keys, caller_locations) if ModerateParameters.breadcrumbs_enabled
21
+ internal_method_logging('extract!', keys, caller_locations)
22
+ super
23
+ end
24
+
25
+ def slice!(*keys)
26
+ internal_method_logging('slice!', keys, caller_locations)
27
+ super
28
+ end
29
+
30
+ def delete(*keys, &block)
31
+ internal_method_logging('delete', keys, caller_locations)
32
+ super
33
+ end
34
+
35
+ def reject!(&block)
36
+ internal_block_logging('reject!', caller_locations)
37
+ super
38
+ end
39
+
40
+ # Alias for #reject!
41
+ def delete_if(&block)
42
+ internal_block_logging('delete_if', caller_locations)
43
+ super
44
+ end
45
+
46
+ def select!(&block)
47
+ internal_block_logging('select!', caller_locations)
48
+ super
49
+ end
50
+
51
+ # Alias for #select!
52
+ def keep_if(&block)
53
+ internal_block_logging('keep_if', caller_locations)
17
54
  super
18
55
  end
19
56
 
20
57
  private
21
58
 
59
+ def needs_logged?
60
+ ModerateParameters.breadcrumbs_enabled &&
61
+ instance_variable_get(:@moderate_params_object_id) &&
62
+ !permitted?
63
+ end
64
+
22
65
  def internal_param_logging(key, action, stack_array)
66
+ return unless needs_logged?
67
+
23
68
  ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
24
69
  payload[:caller_locations] = stack_array
25
70
  payload[:message] = "#{key} is being #{action} on: #{stack_array.join("\n")}"
26
71
  end
27
72
  end
28
73
 
29
- def internal_method_logging(method, keys, stack_array)
74
+ def internal_method_logging(method, args, stack_array)
75
+ return unless needs_logged?
76
+
77
+ ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
78
+ payload[:caller_locations] = stack_array
79
+ payload[:message] = "#{method} is being called with #{args} on: #{stack_array.join("\n")}"
80
+ end
81
+ end
82
+
83
+ def internal_block_logging(method, stack_array)
84
+ return unless needs_logged?
85
+
30
86
  ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
31
87
  payload[:caller_locations] = stack_array
32
- payload[:message] = "#{method} is being called with #{keys} on: #{stack_array.join("\n")}"
88
+ payload[:message] = "#{method} is being called with a block on: #{stack_array.join("\n")}"
33
89
  end
34
90
  end
35
91
  end
data/lib/moderate_parameters/logger.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- $moderate_parameters_logger = ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')
4
-
5
3
  ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
6
- $moderate_parameters_logger.info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
4
+ (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info(
5
+ "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
6
+ )
7
7
  end
data/lib/moderate_parameters/parameters.rb CHANGED
@@ -2,7 +2,17 @@
2
2
 
3
3
  module ModerateParameters
4
4
  module Parameters
5
+ MP_OBJECT_ID = :@moderate_params_object_id
6
+ MP_PARENT_KEY = :@moderate_params_parent_key
7
+
5
8
  def moderate(controller_name, action, *filters)
9
+ log_duplicate_moderate_warning(
10
+ caller_locations,
11
+ instance_variable_get(MP_PARENT_KEY),
12
+ controller_name,
13
+ action
14
+ ) if instance_variable_get(MP_OBJECT_ID)
15
+
6
16
  params = self.class.new
7
17
 
8
18
  filters.each do |filter|
@@ -19,7 +29,15 @@ module ModerateParameters
19
29
  end
20
30
 
21
31
  incoming_params_logging(params, controller_name, action)
22
- permit!
32
+ duplicate_params = dup
33
+ instance_variable_set(MP_OBJECT_ID, duplicate_params.object_id)
34
+ duplicate_params.permit!
35
+ end
36
+
37
+ def require(key)
38
+ return super if key.is_a?(Array) || self[key].blank?
39
+ self[key].instance_variable_set(MP_PARENT_KEY, key)
40
+ super
23
41
  end
24
42
 
25
43
  private
@@ -38,6 +56,12 @@ module ModerateParameters
38
56
  end
39
57
  end
40
58
 
59
+ def log_duplicate_moderate_warning(stack_array, parent_key, controller_name, action)
60
+ write_to_log(message: ".moderate has already been called on params.require(:#{parent_key}): #{stack_array.join("\n")}",
61
+ action: action,
62
+ controller: controller_name)
63
+ end
64
+
41
65
  def non_scalar_value_filter(params, key, controller_name, action)
42
66
  if has_key?(key) && !permitted_scalar?(self[key])
43
67
  params[key] = self[key].class.new
@@ -47,6 +71,14 @@ module ModerateParameters
47
71
  end
48
72
  end
49
73
 
74
+ def array_of_permitted_scalars?(value)
75
+ if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
76
+ return true unless block_given?
77
+
78
+ yield value
79
+ end
80
+ end
81
+
50
82
  def non_scalar?(value)
51
83
  value.is_a?(Array) || value.is_a?(Parameters)
52
84
  end
data/lib/moderate_parameters/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ModerateParameters
4
- VERSION = '0.3.0'
4
+ VERSION = '0.4.0'
5
5
  end
data/moderate_parameters.gemspec CHANGED
@@ -43,7 +43,7 @@ Gem::Specification.new do |spec|
43
43
 
44
44
  spec.add_development_dependency 'bundler', '~> 2.0'
45
45
  spec.add_development_dependency 'pry', '~> 0.12.2'
46
- spec.add_development_dependency 'rake', '~> 10.0'
46
+ spec.add_development_dependency 'rake', '~> 13.0'
47
47
  spec.add_development_dependency 'rspec', '~> 3.0'
48
48
  spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
49
49
  spec.add_development_dependency 'appraisal', '2.2.0'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: moderate_parameters
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kyle Boe
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-01-22 00:00:00.000000000 Z
11
+ date: 2020-11-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -124,14 +124,14 @@ dependencies:
124
124
  requirements:
125
125
  - - "~>"
126
126
  - !ruby/object:Gem::Version
127
- version: '10.0'
127
+ version: '13.0'
128
128
  type: :development
129
129
  prerelease: false
130
130
  version_requirements: !ruby/object:Gem::Requirement
131
131
  requirements:
132
132
  - - "~>"
133
133
  - !ruby/object:Gem::Version
134
- version: '10.0'
134
+ version: '13.0'
135
135
  - !ruby/object:Gem::Dependency
136
136
  name: rspec
137
137
  requirement: !ruby/object:Gem::Requirement