remembering_strong_parameters 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/MIT-LICENSE +20 -0
- data/README.rdoc +63 -0
- data/Rakefile +28 -0
- data/lib/action_controller/parameters.rb +291 -0
- data/lib/active_model/forbidden_attributes_protection.rb +17 -0
- data/lib/remembering_strong_parameters/version.rb +3 -0
- data/lib/remembering_strong_parameters.rb +2 -0
- data/test/action_controller_required_params_test.rb +52 -0
- data/test/action_controller_tainted_params_test.rb +25 -0
- data/test/active_model_mass_assignment_taint_protection_test.rb +43 -0
- data/test/chained_require_and_permit_test.rb +85 -0
- data/test/gemfiles/Gemfile.rails-3.0.x +6 -0
- data/test/gemfiles/Gemfile.rails-3.0.x.lock +62 -0
- data/test/gemfiles/Gemfile.rails-3.1.x +6 -0
- data/test/gemfiles/Gemfile.rails-3.2.x +6 -0
- data/test/hash_from_test.rb +25 -0
- data/test/multi_parameter_attributes_test.rb +39 -0
- data/test/nested_parameters_test.rb +157 -0
- data/test/parameters_require_test.rb +10 -0
- data/test/parameters_taint_test.rb +94 -0
- data/test/strengthen_test.rb +147 -0
- data/test/strong_array_test.rb +49 -0
- data/test/test_helper.rb +28 -0
- metadata +149 -0
@@ -0,0 +1,10 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'action_controller/parameters'
|
3
|
+
|
4
|
+
class ParametersRequireTest < ActiveSupport::TestCase
|
5
|
+
test "required parameters must be present not merely not nil" do
|
6
|
+
assert_raises(ActionController::ParameterMissing) do
|
7
|
+
ActionController::Parameters.new(:person => {}).require(:person)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'action_controller/parameters'
|
3
|
+
|
4
|
+
class ParametersTaintTest < ActiveSupport::TestCase
|
5
|
+
setup do
|
6
|
+
@params = ActionController::Parameters.new({ :person => {
|
7
|
+
:age => "32", :name => { :first => "David", :last => "Heinemeier Hansson" }
|
8
|
+
}})
|
9
|
+
end
|
10
|
+
|
11
|
+
test "fetch raises ParameterMissing exception" do
|
12
|
+
e = assert_raises(ActionController::ParameterMissing) do
|
13
|
+
@params.fetch :foo
|
14
|
+
end
|
15
|
+
assert_equal :foo, e.param
|
16
|
+
end
|
17
|
+
|
18
|
+
test "fetch doesnt raise ParameterMissing exception if there is a default" do
|
19
|
+
assert_nothing_raised do
|
20
|
+
assert_equal "monkey", @params.fetch(:foo, "monkey")
|
21
|
+
assert_equal "monkey", @params.fetch(:foo) { "monkey" }
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
test "not permitted is sticky on accessors" do
|
26
|
+
assert !@params.slice(:person).strengthened?
|
27
|
+
assert !@params[:person][:name].strengthened?
|
28
|
+
assert !@params[:person].except(:name).strengthened?
|
29
|
+
|
30
|
+
@params.each { |key, value| assert(!value.strengthened?) if key == "person" }
|
31
|
+
|
32
|
+
assert !@params.fetch(:person).strengthened?
|
33
|
+
|
34
|
+
assert !@params.values_at(:person).first.strengthened?
|
35
|
+
end
|
36
|
+
|
37
|
+
test "permitted is sticky on accessors" do
|
38
|
+
@params.permit!
|
39
|
+
assert @params.slice(:person).strengthened?
|
40
|
+
assert @params[:person][:name].strengthened?
|
41
|
+
assert @params[:person].except(:name).strengthened?
|
42
|
+
|
43
|
+
@params.each { |key, value| assert(value.strengthened?) if key == "person" }
|
44
|
+
|
45
|
+
assert @params.fetch(:person).strengthened?
|
46
|
+
|
47
|
+
assert @params.values_at(:person).first.strengthened?
|
48
|
+
end
|
49
|
+
|
50
|
+
test "not permitted is sticky on mutators" do
|
51
|
+
assert !@params.delete_if { |k, v| k == "person" }.strengthened?
|
52
|
+
assert !@params.keep_if { |k, v| k == "person" }.strengthened? if @params.respond_to?(:keep_if)
|
53
|
+
end
|
54
|
+
|
55
|
+
test "permitted is sticky on mutators" do
|
56
|
+
@params['something'] = 'else'
|
57
|
+
@params.permit!
|
58
|
+
assert @params.delete_if { |k, v| k == "person" }.strengthened?
|
59
|
+
assert @params.keep_if { |k, v| k == "person" }.strengthened? if @params.respond_to?(:keep_if)
|
60
|
+
end
|
61
|
+
|
62
|
+
test "not permitted is sticky beyond merges" do
|
63
|
+
assert !@params.merge(:a => "b").strengthened?
|
64
|
+
end
|
65
|
+
|
66
|
+
test "permitted is sticky beyond merges" do
|
67
|
+
@params.permit!
|
68
|
+
assert @params.merge(:a => "b").strengthened?
|
69
|
+
end
|
70
|
+
|
71
|
+
test "modifying the parameters" do
|
72
|
+
@params[:person][:hometown] = "Chicago"
|
73
|
+
@params[:person][:family] = { :brother => "Jonas" }
|
74
|
+
|
75
|
+
assert_equal "Chicago", @params[:person][:hometown]
|
76
|
+
assert_equal "Jonas", @params[:person][:family][:brother]
|
77
|
+
end
|
78
|
+
|
79
|
+
test "permitting parameters that are not there should not include the keys" do
|
80
|
+
assert !@params.permit(:person, :funky).has_key?(:funky)
|
81
|
+
end
|
82
|
+
|
83
|
+
test "permit state is kept on a dup" do
|
84
|
+
@params.permit!
|
85
|
+
assert_equal @params.strengthened?, @params.dup.strengthened?
|
86
|
+
end
|
87
|
+
|
88
|
+
test "permit is recursive" do
|
89
|
+
@params.permit!
|
90
|
+
assert @params.strengthened?
|
91
|
+
assert @params[:person].strengthened?
|
92
|
+
assert @params[:person][:name].strengthened?
|
93
|
+
end
|
94
|
+
end
|
@@ -0,0 +1,147 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'action_controller/parameters'
|
3
|
+
|
4
|
+
class StrengthenTest < ActiveSupport::TestCase
|
5
|
+
def setup
|
6
|
+
@params = ActionController::Parameters.new(
|
7
|
+
{
|
8
|
+
:things => {
|
9
|
+
:one => 1,
|
10
|
+
:two => 2
|
11
|
+
},
|
12
|
+
|
13
|
+
:foo => :bar
|
14
|
+
}
|
15
|
+
)
|
16
|
+
end
|
17
|
+
|
18
|
+
test "required not present" do
|
19
|
+
assert_raises(ActionController::ParameterMissing) do
|
20
|
+
@params.strengthen(:something_else => :required)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
test "require not present" do
|
25
|
+
assert_raises(ActionController::ParameterMissing) do
|
26
|
+
@params.strengthen(:something_else => :require)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
test "parameters persent that are not in require" do
|
31
|
+
assert_equal(
|
32
|
+
{'foo' => :bar},
|
33
|
+
@params.strengthen(:foo => :require)
|
34
|
+
)
|
35
|
+
end
|
36
|
+
|
37
|
+
test "everything required is present" do
|
38
|
+
assert_equal(
|
39
|
+
@params,
|
40
|
+
@params.strengthen(
|
41
|
+
:foo => :require,
|
42
|
+
:things => {:one => :require, :two => :require}
|
43
|
+
)
|
44
|
+
)
|
45
|
+
end
|
46
|
+
|
47
|
+
test "no permitted params present" do
|
48
|
+
assert_equal(
|
49
|
+
{},
|
50
|
+
@params.strengthen(:something_else => :permit)
|
51
|
+
)
|
52
|
+
end
|
53
|
+
|
54
|
+
test 'only some permitted params present' do
|
55
|
+
assert_equal(
|
56
|
+
{'foo' => :bar},
|
57
|
+
@params.strengthen(:foo => :permit)
|
58
|
+
)
|
59
|
+
end
|
60
|
+
|
61
|
+
test 'everything present is permit' do
|
62
|
+
assert_equal(
|
63
|
+
@params,
|
64
|
+
@params.strengthen(
|
65
|
+
:foo => :permit,
|
66
|
+
:things => {:one => :permit, :two => :permit}
|
67
|
+
)
|
68
|
+
)
|
69
|
+
end
|
70
|
+
|
71
|
+
test 'everything present is permitted' do
|
72
|
+
assert_equal(
|
73
|
+
@params,
|
74
|
+
@params.strengthen(
|
75
|
+
:foo => :permitted,
|
76
|
+
:things => {:one => :permitted, :two => :permitted}
|
77
|
+
)
|
78
|
+
)
|
79
|
+
end
|
80
|
+
|
81
|
+
test 'everything present is within permitted' do
|
82
|
+
assert_equal(
|
83
|
+
@params,
|
84
|
+
@params.strengthen(
|
85
|
+
:foo => :permit,
|
86
|
+
:things => {:one => :permit, :two => :permit},
|
87
|
+
:something_else => :permit
|
88
|
+
)
|
89
|
+
)
|
90
|
+
end
|
91
|
+
|
92
|
+
test "everything present is permitted or required" do
|
93
|
+
assert_equal(
|
94
|
+
@params,
|
95
|
+
@params.strengthen(
|
96
|
+
:foo => :require,
|
97
|
+
:things => {:one => :permit, :two => :permit}
|
98
|
+
)
|
99
|
+
)
|
100
|
+
end
|
101
|
+
|
102
|
+
test "everything present is within permitted or is required" do
|
103
|
+
assert_equal(
|
104
|
+
@params,
|
105
|
+
@params.strengthen(
|
106
|
+
:foo => :require,
|
107
|
+
:things => {:one => :permit, :two => :permit},
|
108
|
+
:something_else => :permit
|
109
|
+
)
|
110
|
+
)
|
111
|
+
end
|
112
|
+
|
113
|
+
test "something required is missing in mixed require and permit" do
|
114
|
+
assert_raises(ActionController::ParameterMissing) do
|
115
|
+
@params.strengthen(
|
116
|
+
:foo => :require,
|
117
|
+
:things => {:one => :permit, :two => :permit},
|
118
|
+
:something_else => :require
|
119
|
+
)
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
test "child has missing required parameter" do
|
124
|
+
assert_raises(ActionController::ParameterMissing) do
|
125
|
+
@params.strengthen(
|
126
|
+
:foo => :require,
|
127
|
+
:things => {:one => :permit, :two => :permit, :three => :require},
|
128
|
+
:something_else => :permit
|
129
|
+
)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
test "strengthened?" do
|
134
|
+
assert !@params.strengthened?, "should not be true as strengthen not called"
|
135
|
+
@params.strengthen(:foo => :permit)
|
136
|
+
assert @params.strengthened?, "should be true as strengthen has been called"
|
137
|
+
end
|
138
|
+
|
139
|
+
test 'original' do
|
140
|
+
original_params = @params.clone
|
141
|
+
@params.strengthen(:foo => :permit)
|
142
|
+
assert_equal(
|
143
|
+
original_params,
|
144
|
+
@params.original
|
145
|
+
)
|
146
|
+
end
|
147
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'action_controller/parameters'
|
3
|
+
|
4
|
+
|
5
|
+
class StrongArrayTest < ActiveSupport::TestCase
|
6
|
+
|
7
|
+
def setup
|
8
|
+
@params = ActionController::StrongArray.new([
|
9
|
+
ActionController::Parameters.new({
|
10
|
+
:name => "William Shakespeare",
|
11
|
+
:born => "1564-04-26"
|
12
|
+
}),
|
13
|
+
ActionController::Parameters.new({
|
14
|
+
:name => "Christopher Marlowe"
|
15
|
+
})
|
16
|
+
])
|
17
|
+
end
|
18
|
+
|
19
|
+
test 'permit' do
|
20
|
+
permitted = @params.strengthen(:name => :permit, :born => :permit)
|
21
|
+
assert_not_equal [], permitted
|
22
|
+
permitted.each_with_index do |item, index|
|
23
|
+
assert_equal(item.keys, @params[index].keys)
|
24
|
+
assert_equal(item.values, @params[index].values)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
test 'require' do
|
29
|
+
permitted = @params.strengthen(:name => :require, :born => :permit)
|
30
|
+
assert_not_equal [], permitted
|
31
|
+
permitted.each_with_index do |item, index|
|
32
|
+
assert_equal(item.keys, @params[index].keys)
|
33
|
+
assert_equal(item.values, @params[index].values)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
test 'require with parameter missing' do
|
38
|
+
assert_raise(ActionController::ParameterMissing) do
|
39
|
+
@params.strengthen(:name => :require, :born => :require)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
test 'permit with parameter missing' do
|
44
|
+
assert_equal(
|
45
|
+
[{'name' => "William Shakespeare"}, {'name' => "Christopher Marlowe"}],
|
46
|
+
@params.strengthen(:name => :permit)
|
47
|
+
)
|
48
|
+
end
|
49
|
+
end
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# Configure Rails Environment
|
2
|
+
ENV["RAILS_ENV"] = "test"
|
3
|
+
|
4
|
+
require 'test/unit'
|
5
|
+
require 'remembering_strong_parameters'
|
6
|
+
require 'mocha'
|
7
|
+
|
8
|
+
module ActionController
|
9
|
+
SharedTestRoutes = ActionDispatch::Routing::RouteSet.new
|
10
|
+
SharedTestRoutes.draw do
|
11
|
+
match ':controller(/:action)'
|
12
|
+
end
|
13
|
+
|
14
|
+
class Base
|
15
|
+
include ActionController::Testing
|
16
|
+
include SharedTestRoutes.url_helpers
|
17
|
+
end
|
18
|
+
|
19
|
+
class ActionController::TestCase
|
20
|
+
setup do
|
21
|
+
@routes = SharedTestRoutes
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
|
27
|
+
# Load support files
|
28
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
metadata
ADDED
@@ -0,0 +1,149 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: remembering_strong_parameters
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Rob Nichols
|
9
|
+
- David Heinemeier Hansson (original strong_parameters)
|
10
|
+
autorequire:
|
11
|
+
bindir: bin
|
12
|
+
cert_chain: []
|
13
|
+
date: 2013-01-04 00:00:00.000000000 Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: actionpack
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
none: false
|
19
|
+
requirements:
|
20
|
+
- - ~>
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '3.0'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
none: false
|
27
|
+
requirements:
|
28
|
+
- - ~>
|
29
|
+
- !ruby/object:Gem::Version
|
30
|
+
version: '3.0'
|
31
|
+
- !ruby/object:Gem::Dependency
|
32
|
+
name: activemodel
|
33
|
+
requirement: !ruby/object:Gem::Requirement
|
34
|
+
none: false
|
35
|
+
requirements:
|
36
|
+
- - ~>
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '3.0'
|
39
|
+
type: :runtime
|
40
|
+
prerelease: false
|
41
|
+
version_requirements: !ruby/object:Gem::Requirement
|
42
|
+
none: false
|
43
|
+
requirements:
|
44
|
+
- - ~>
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '3.0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rake
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ! '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
type: :development
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: !ruby/object:Gem::Requirement
|
58
|
+
none: false
|
59
|
+
requirements:
|
60
|
+
- - ! '>='
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '0'
|
63
|
+
- !ruby/object:Gem::Dependency
|
64
|
+
name: mocha
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
66
|
+
none: false
|
67
|
+
requirements:
|
68
|
+
- - ~>
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: 0.12.0
|
71
|
+
type: :development
|
72
|
+
prerelease: false
|
73
|
+
version_requirements: !ruby/object:Gem::Requirement
|
74
|
+
none: false
|
75
|
+
requirements:
|
76
|
+
- - ~>
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
version: 0.12.0
|
79
|
+
description:
|
80
|
+
email:
|
81
|
+
- rob@undervale.co.uk
|
82
|
+
executables: []
|
83
|
+
extensions: []
|
84
|
+
extra_rdoc_files: []
|
85
|
+
files:
|
86
|
+
- lib/action_controller/parameters.rb
|
87
|
+
- lib/remembering_strong_parameters/version.rb
|
88
|
+
- lib/active_model/forbidden_attributes_protection.rb
|
89
|
+
- lib/remembering_strong_parameters.rb
|
90
|
+
- MIT-LICENSE
|
91
|
+
- Rakefile
|
92
|
+
- README.rdoc
|
93
|
+
- test/gemfiles/Gemfile.rails-3.0.x
|
94
|
+
- test/gemfiles/Gemfile.rails-3.2.x
|
95
|
+
- test/gemfiles/Gemfile.rails-3.0.x.lock
|
96
|
+
- test/gemfiles/Gemfile.rails-3.1.x
|
97
|
+
- test/action_controller_required_params_test.rb
|
98
|
+
- test/active_model_mass_assignment_taint_protection_test.rb
|
99
|
+
- test/strong_array_test.rb
|
100
|
+
- test/hash_from_test.rb
|
101
|
+
- test/parameters_taint_test.rb
|
102
|
+
- test/strengthen_test.rb
|
103
|
+
- test/action_controller_tainted_params_test.rb
|
104
|
+
- test/nested_parameters_test.rb
|
105
|
+
- test/test_helper.rb
|
106
|
+
- test/parameters_require_test.rb
|
107
|
+
- test/multi_parameter_attributes_test.rb
|
108
|
+
- test/chained_require_and_permit_test.rb
|
109
|
+
homepage: https://github.com/reggieb/remembering_strong_parameters
|
110
|
+
licenses: []
|
111
|
+
post_install_message:
|
112
|
+
rdoc_options: []
|
113
|
+
require_paths:
|
114
|
+
- lib
|
115
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
116
|
+
none: false
|
117
|
+
requirements:
|
118
|
+
- - ! '>='
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '0'
|
121
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
122
|
+
none: false
|
123
|
+
requirements:
|
124
|
+
- - ! '>='
|
125
|
+
- !ruby/object:Gem::Version
|
126
|
+
version: '0'
|
127
|
+
requirements: []
|
128
|
+
rubyforge_project:
|
129
|
+
rubygems_version: 1.8.24
|
130
|
+
signing_key:
|
131
|
+
specification_version: 3
|
132
|
+
summary: Permitted and required parameters for Action Pack
|
133
|
+
test_files:
|
134
|
+
- test/gemfiles/Gemfile.rails-3.0.x
|
135
|
+
- test/gemfiles/Gemfile.rails-3.2.x
|
136
|
+
- test/gemfiles/Gemfile.rails-3.0.x.lock
|
137
|
+
- test/gemfiles/Gemfile.rails-3.1.x
|
138
|
+
- test/action_controller_required_params_test.rb
|
139
|
+
- test/active_model_mass_assignment_taint_protection_test.rb
|
140
|
+
- test/strong_array_test.rb
|
141
|
+
- test/hash_from_test.rb
|
142
|
+
- test/parameters_taint_test.rb
|
143
|
+
- test/strengthen_test.rb
|
144
|
+
- test/action_controller_tainted_params_test.rb
|
145
|
+
- test/nested_parameters_test.rb
|
146
|
+
- test/test_helper.rb
|
147
|
+
- test/parameters_require_test.rb
|
148
|
+
- test/multi_parameter_attributes_test.rb
|
149
|
+
- test/chained_require_and_permit_test.rb
|