moderate_params 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 92178039a3f6e508d9841e763ca4e9bf4b0172b1b425e716aa58c55387e6614b
4
+ data.tar.gz: 0b704bf08773b0e0fca4d4c198229356c0af76d5829e003fb351bdc53908e1c6
5
+ SHA512:
6
+ metadata.gz: 86b9f12fd878e234c434100c33e61952e7a556d78d42a88662684ec8274d40284d09e049c4c5ce0a350c8603c0a375d92863fe85fc6564151d1052a423b0206a
7
+ data.tar.gz: ef96d8c4350b43d9e935afac6a62727ed4a24f4c3db84b5d05dd8ea9d5e55b49ee3b95b311d3b806ee64244632f1f3db5deb4273bc047f8de6944feada368830
data/.gitignore ADDED
@@ -0,0 +1,11 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.0
7
+ before_install: gem install bundler -v 1.17.2
data/CHANGELOG.md ADDED
@@ -0,0 +1,5 @@
1
+ ### 0.1.0 - 2019-03-25
2
+
3
+ * Init Project
4
+ * moderate_params.log
5
+ * Extend ActionController::Parameters functionality
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at mike@hint.io. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in moderate_params.gemspec
6
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Mike Calhoun
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,129 @@
1
+ # `moderate_params`
2
+
3
+ In the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html), it can be difficult to determine what data is originating from within the app and what is coming from the internet. `moderate_params` is a tool that provides safety nets and logging of data sources in the controller by extending `ActionController::Parameters` functionality.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'moderate_params'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install moderate_params
20
+
21
+ ## Usage
22
+
23
+ Given a form at `/people/new` that submits data to the `PeopleController#create` action like so:
24
+
25
+ ```ruby
26
+ { person: { name: 'Kyle', age: '26', height: '180' } }
27
+ ```
28
+
29
+ With a model that looks like:
30
+
31
+ ```ruby
32
+ class Person < ActiveRecord::Base
33
+ attr_accessible :name, :age, :height
34
+
35
+ . . .
36
+
37
+ end
38
+ ```
39
+
40
+ And a controller looks like this:
41
+
42
+ ```ruby
43
+ class PeopleController < ActionController::Base
44
+ def create
45
+ Person.create(params[:person])
46
+ end
47
+
48
+ . . .
49
+
50
+ end
51
+ ```
52
+
53
+ We can add `moderate_params` by following the `strong_parameters` implementation method with a couple slight changes.
54
+
55
+ Add a private params method for the controller calling `moderate` (with `controller_name` and `action_name` as the first two args) instead of `permit`:
56
+
57
+ ```ruby
58
+ class PeopleController < ActionController::Base
59
+ def create
60
+ Person.create(person_params) # Was Person.create(params[:person])
61
+ end
62
+
63
+ . . .
64
+
65
+ private
66
+
67
+ def person_params
68
+ params.require(:person).moderate(controller_name, action_name, :name)
69
+ end
70
+ end
71
+ ```
72
+
73
+ This will cause the `person_params` to flow the same way they did before (getting passed to the model without interruption),
74
+ but the params that are not included in the argument of `moderate` will be logged to `/log/moderate_params.log`
75
+
76
+ Meaning that, after submitting the aforementioned data, our `moderate_params.log` will look like so:
77
+
78
+ people#create Top Level is missing: age
79
+ people#create Top Level is missing: height
80
+
81
+ We can fix this by adding `age` and `height` to `person_params` like so:
82
+
83
+ ```ruby
84
+ class PeopleController < ActionController::Base
85
+ def create
86
+ Person.create(person_params)
87
+ end
88
+
89
+ . . .
90
+
91
+ private
92
+
93
+ def person_params
94
+ params.require(:person).moderate(controller_name, action_name, :name, :age, :height)
95
+ end
96
+ end
97
+ ```
98
+
99
+ We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_params.log` file.
100
+
101
+ This means that we can remove `moderate_params` and move to using `permit` as a part of `strong_parameters`:
102
+
103
+ ```ruby
104
+ class PeopleController < ActionController::Base
105
+ def create
106
+ Person.create(person_params)
107
+ end
108
+
109
+ . . .
110
+
111
+ private
112
+
113
+ def person_params
114
+ params.require(:person).permit(:name, :age, :height)
115
+ end
116
+ end
117
+ ```
118
+
119
+ ## Contributing
120
+
121
+ Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_params. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
122
+
123
+ ## License
124
+
125
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
126
+
127
+ ## Code of Conduct
128
+
129
+ Everyone interacting in the moderate_params project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/hintmedia/moderate_params/blob/master/CODE_OF_CONDUCT.md).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "moderate_params"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "moderate_params/version"
4
+ require "moderate_params/logger"
5
+ require "moderate_params/strong_params_monkey_patch"
6
+
7
+ module ModerateParams
8
+ end
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ $moderate_params_logger = Logger.new("#{Rails.root}/log/moderate_params.log")
4
+
5
+ ActiveSupport::Notifications.subscribe('moderate_params') do |name, start, finish, id, payload|
6
+ $moderate_params_logger.info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
7
+ end
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ module ActionController
4
+ class Parameters
5
+ def moderate(controller_name, action, *filters)
6
+ params = self.class.new
7
+
8
+ filters.each do |filter|
9
+ case filter
10
+ when Symbol, String
11
+ permitted_scalar_filter(params, filter)
12
+ when Hash
13
+ cust_hash_filter(params, filter, controller_name, action)
14
+ end
15
+ end
16
+
17
+ unpermitted_parameters!(params)
18
+ custom_logging(params, controller_name, action)
19
+ permit!
20
+ end
21
+
22
+ private
23
+
24
+ def custom_logging(params, controller_name, action)
25
+ unpermitted_keys(params).each do |k|
26
+ ActiveSupport::Notifications.instrument('moderate_params') do |payload|
27
+ payload[:controller] = controller_name
28
+ payload[:action] = action
29
+ payload[:message] = "#{@context || 'Top Level'} is missing: #{k}"
30
+ end
31
+ end
32
+ end
33
+
34
+ def non_scalar?(value)
35
+ value.is_a?(Array) || value.is_a?(Parameters)
36
+ end
37
+
38
+ EMPTY_HASH = {}
39
+ def cust_hash_filter(params, filter, controller_name, action)
40
+ filter = filter.with_indifferent_access
41
+
42
+ # Slicing filters out non-declared keys.
43
+ slice(*filter.keys).each do |key, value|
44
+ next unless value
45
+ next unless has_key? key
46
+
47
+ if filter[key] == EMPTY_ARRAY
48
+ # Declaration { comment_ids: [] }.
49
+ array_of_permitted_scalars?(self[key]) do |val|
50
+ params[key] = val
51
+ end
52
+ elsif filter[key] == EMPTY_HASH
53
+ # Declaration { preferences: {} }.
54
+ if value.is_a?(Parameters)
55
+ params[key] = permit_any_in_parameters(value)
56
+ end
57
+ elsif non_scalar?(value)
58
+ # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
59
+ params[key] = each_element(value) do |element|
60
+ element.instance_variable_set '@context', "Parent #{key}"
61
+ element.moderate(controller_name, action, *Array.wrap(filter[key]))
62
+ end
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module ModerateParams
4
+ VERSION = "0.1.0"
5
+ end
@@ -0,0 +1,40 @@
1
+
2
+ lib = File.expand_path("../lib", __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require "moderate_params/version"
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "moderate_params"
8
+ spec.version = ModerateParams::VERSION
9
+ spec.authors = ["Kyle Boe, Mike Calhoun"]
10
+ spec.email = ["kyle@hint.io, mike@hint.io"]
11
+
12
+ spec.summary = %q{Strong Parameters migration tool}
13
+ spec.description = %q{A tool for migrating Rails applications to Strong Parameters.}
14
+ spec.homepage = "https://github.com/hintmedia/moderate_params"
15
+ spec.license = "MIT"
16
+
17
+ # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
18
+ # to allow pushing to a single host or delete this section to allow pushing to any host.
19
+ if spec.respond_to?(:metadata)
20
+ spec.metadata["homepage_uri"] = spec.homepage
21
+ spec.metadata["source_code_uri"] = "https://github.com/hintmedia/moderate_params"
22
+ spec.metadata["changelog_uri"] = "https://github.com/hintmedia/moderate_params/blob/master/CHANGELOG.md"
23
+ else
24
+ raise "RubyGems 2.0 or newer is required to protect against " \
25
+ "public gem pushes."
26
+ end
27
+
28
+ # Specify which files should be added to the gem when it is released.
29
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
30
+ spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
31
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
32
+ end
33
+ spec.bindir = "exe"
34
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
35
+ spec.require_paths = ["lib"]
36
+
37
+ spec.add_development_dependency "bundler", "~> 1.17"
38
+ spec.add_development_dependency "rake", "~> 10.0"
39
+ spec.add_development_dependency "rspec", "~> 3.0"
40
+ end
metadata ADDED
@@ -0,0 +1,104 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: moderate_params
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Kyle Boe, Mike Calhoun
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-03-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.17'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.17'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ description: A tool for migrating Rails applications to Strong Parameters.
56
+ email:
57
+ - kyle@hint.io, mike@hint.io
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - ".rspec"
64
+ - ".travis.yml"
65
+ - CHANGELOG.md
66
+ - CODE_OF_CONDUCT.md
67
+ - Gemfile
68
+ - LICENSE.txt
69
+ - README.md
70
+ - Rakefile
71
+ - bin/console
72
+ - bin/setup
73
+ - lib/moderate_params.rb
74
+ - lib/moderate_params/logger.rb
75
+ - lib/moderate_params/moderate_strong_params.rb
76
+ - lib/moderate_params/version.rb
77
+ - moderate_params.gemspec
78
+ homepage: https://github.com/hintmedia/moderate_params
79
+ licenses:
80
+ - MIT
81
+ metadata:
82
+ homepage_uri: https://github.com/hintmedia/moderate_params
83
+ source_code_uri: https://github.com/hintmedia/moderate_params
84
+ changelog_uri: https://github.com/hintmedia/moderate_params/blob/master/CHANGELOG.md
85
+ post_install_message:
86
+ rdoc_options: []
87
+ require_paths:
88
+ - lib
89
+ required_ruby_version: !ruby/object:Gem::Requirement
90
+ requirements:
91
+ - - ">="
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
94
+ required_rubygems_version: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ requirements: []
100
+ rubygems_version: 3.0.1
101
+ signing_key:
102
+ specification_version: 4
103
+ summary: Strong Parameters migration tool
104
+ test_files: []