strong_parameters_rails2 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.rdoc +6 -0
- data/lib/action_controller/parameters.rb +36 -0
- data/lib/strong_parameters/version.rb +1 -1
- data/test/log_on_unpermitted_params_test.rb +50 -0
- data/test/raise_on_unpermitted_params_test.rb +33 -0
- data/test/test_helper.rb +2 -0
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 390a52fd9ace0f224c4e6df6db5ef48cccaa157c
|
|
4
|
+
data.tar.gz: c1b919a40b5e92922699834207bffeb7e2c0881b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b239417d4f5c9d0b3d3ca59549304e1904708ea8a682a91f3b9c2638a69040f77acf8e4aa51a3464fa1b3b63e5c17af0cb8e2d60f003af63a7ad8182cafd4711
|
|
7
|
+
data.tar.gz: 90c0e8d1fff476552cf70334958d11907f7816be47c29379515687a34b83c9d95b8af30ae1f73b68e64193624970540eca35b74c7a30138f9bdc28f991b2c075
|
data/README.rdoc
CHANGED
|
@@ -35,6 +35,12 @@ You can also use permit on nested parameters, like:
|
|
|
35
35
|
|
|
36
36
|
Thanks to Nick Kallen for the permit idea!
|
|
37
37
|
|
|
38
|
+
== Handling of Unpermitted Keys
|
|
39
|
+
|
|
40
|
+
By default parameter keys that are not explicitly permitted will be logged in the development and test environment. In other environments these parameters will simply be filtered out and ignored.
|
|
41
|
+
|
|
42
|
+
Additionally, this behaviour can be changed by changing the +ActionController::Parameters.action_on_unpermitted_parameters+ property in your initializer. If set to +:log+ the unpermitted attributes will be logged, if set to +:raise+ an exception will be raised.
|
|
43
|
+
|
|
38
44
|
== Installation
|
|
39
45
|
|
|
40
46
|
In Gemfile:
|
|
@@ -11,10 +11,25 @@ module ActionController
|
|
|
11
11
|
end
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
class UnpermittedParameters < IndexError
|
|
15
|
+
attr_reader :params
|
|
16
|
+
|
|
17
|
+
def initialize(params)
|
|
18
|
+
@params = params
|
|
19
|
+
super("found unpermitted parameters: #{params.join(", ")}")
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
14
23
|
class Parameters < HashWithIndifferentAccess
|
|
15
24
|
attr_accessor :permitted
|
|
16
25
|
alias :permitted? :permitted
|
|
17
26
|
|
|
27
|
+
cattr_accessor :action_on_unpermitted_parameters, :instance_accessor => false
|
|
28
|
+
|
|
29
|
+
# Never raise an UnpermittedParameters exception because of these params
|
|
30
|
+
# are present. They are added by Rails and it's of no concern.
|
|
31
|
+
NEVER_UNPERMITTED_PARAMS = %w( controller action )
|
|
32
|
+
|
|
18
33
|
def initialize(attributes = nil)
|
|
19
34
|
super(attributes)
|
|
20
35
|
@permitted = false
|
|
@@ -62,6 +77,8 @@ module ActionController
|
|
|
62
77
|
end
|
|
63
78
|
end
|
|
64
79
|
|
|
80
|
+
unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters
|
|
81
|
+
|
|
65
82
|
params.permit!
|
|
66
83
|
end
|
|
67
84
|
|
|
@@ -120,6 +137,25 @@ module ActionController
|
|
|
120
137
|
yield object
|
|
121
138
|
end
|
|
122
139
|
end
|
|
140
|
+
|
|
141
|
+
def unpermitted_parameters!(params)
|
|
142
|
+
return unless self.class.action_on_unpermitted_parameters
|
|
143
|
+
|
|
144
|
+
unpermitted_keys = unpermitted_keys(params)
|
|
145
|
+
|
|
146
|
+
if unpermitted_keys.any?
|
|
147
|
+
case self.class.action_on_unpermitted_parameters
|
|
148
|
+
when :log
|
|
149
|
+
ActionController::Base.logger.debug "Unpermitted parameters: #{unpermitted_keys.join(", ")}"
|
|
150
|
+
when :raise
|
|
151
|
+
raise ActionController::UnpermittedParameters.new(unpermitted_keys)
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
def unpermitted_keys(params)
|
|
157
|
+
self.keys - params.keys - NEVER_UNPERMITTED_PARAMS
|
|
158
|
+
end
|
|
123
159
|
end
|
|
124
160
|
end
|
|
125
161
|
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
require 'action_controller/parameters'
|
|
3
|
+
|
|
4
|
+
class LogOnUnpermittedParamsTest < ActiveSupport::TestCase
|
|
5
|
+
def setup
|
|
6
|
+
ActionController::Parameters.action_on_unpermitted_parameters = :log
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def teardown
|
|
10
|
+
ActionController::Parameters.action_on_unpermitted_parameters = false
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
test "logs on unexpected params" do
|
|
14
|
+
params = ActionController::Parameters.new({
|
|
15
|
+
:book => { :pages => 65 },
|
|
16
|
+
:fishing => "Turnips"
|
|
17
|
+
})
|
|
18
|
+
|
|
19
|
+
assert_logged("Unpermitted parameters: fishing") do
|
|
20
|
+
params.permit(:book => [:pages])
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
test "logs on unexpected nested params" do
|
|
25
|
+
params = ActionController::Parameters.new({
|
|
26
|
+
:book => { :pages => 65, :title => "Green Cats and where to find then." }
|
|
27
|
+
})
|
|
28
|
+
|
|
29
|
+
assert_logged("Unpermitted parameters: title") do
|
|
30
|
+
params.permit(:book => [:pages])
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
|
|
36
|
+
def assert_logged(message)
|
|
37
|
+
old_logger = ActionController::Base.logger
|
|
38
|
+
log = StringIO.new
|
|
39
|
+
ActionController::Base.logger = Logger.new(log)
|
|
40
|
+
|
|
41
|
+
begin
|
|
42
|
+
yield
|
|
43
|
+
|
|
44
|
+
log.rewind
|
|
45
|
+
assert_match message, log.read
|
|
46
|
+
ensure
|
|
47
|
+
ActionController::Base.logger = old_logger
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
require 'action_controller/parameters'
|
|
3
|
+
|
|
4
|
+
class RaiseOnUnpermittedParamsTest < ActiveSupport::TestCase
|
|
5
|
+
def setup
|
|
6
|
+
ActionController::Parameters.action_on_unpermitted_parameters = :raise
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def teardown
|
|
10
|
+
ActionController::Parameters.action_on_unpermitted_parameters = false
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
test "raises on unexpected params" do
|
|
14
|
+
params = ActionController::Parameters.new({
|
|
15
|
+
:book => { :pages => 65 },
|
|
16
|
+
:fishing => "Turnips"
|
|
17
|
+
})
|
|
18
|
+
|
|
19
|
+
assert_raises(ActionController::UnpermittedParameters) do
|
|
20
|
+
params.permit(:book => [:pages])
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
test "raises on unexpected nested params" do
|
|
25
|
+
params = ActionController::Parameters.new({
|
|
26
|
+
:book => { :pages => 65, :title => "Green Cats and where to find then." }
|
|
27
|
+
})
|
|
28
|
+
|
|
29
|
+
assert_raises(ActionController::UnpermittedParameters) do
|
|
30
|
+
params.permit(:book => [:pages])
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
data/test/test_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strong_parameters_rails2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Grosser
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2014-02-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: actionpack
|
|
@@ -112,10 +112,12 @@ files:
|
|
|
112
112
|
- test/action_controller_required_params_test.rb
|
|
113
113
|
- test/action_controller_tainted_params_test.rb
|
|
114
114
|
- test/active_record_mass_assignment_taint_protection_test.rb
|
|
115
|
+
- test/log_on_unpermitted_params_test.rb
|
|
115
116
|
- test/multi_parameter_attributes_test.rb
|
|
116
117
|
- test/nested_parameters_test.rb
|
|
117
118
|
- test/parameters_require_test.rb
|
|
118
119
|
- test/parameters_taint_test.rb
|
|
120
|
+
- test/raise_on_unpermitted_params_test.rb
|
|
119
121
|
- test/test_helper.rb
|
|
120
122
|
homepage: https://github.com/grosser/strong_parameters/tree/rails2
|
|
121
123
|
licenses:
|
|
@@ -137,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
137
139
|
version: '0'
|
|
138
140
|
requirements: []
|
|
139
141
|
rubyforge_project:
|
|
140
|
-
rubygems_version: 2.0.
|
|
142
|
+
rubygems_version: 2.0.14
|
|
141
143
|
signing_key:
|
|
142
144
|
specification_version: 4
|
|
143
145
|
summary: Permitted and required parameters for Action Pack
|
|
@@ -145,8 +147,10 @@ test_files:
|
|
|
145
147
|
- test/action_controller_required_params_test.rb
|
|
146
148
|
- test/action_controller_tainted_params_test.rb
|
|
147
149
|
- test/active_record_mass_assignment_taint_protection_test.rb
|
|
150
|
+
- test/log_on_unpermitted_params_test.rb
|
|
148
151
|
- test/multi_parameter_attributes_test.rb
|
|
149
152
|
- test/nested_parameters_test.rb
|
|
150
153
|
- test/parameters_require_test.rb
|
|
151
154
|
- test/parameters_taint_test.rb
|
|
155
|
+
- test/raise_on_unpermitted_params_test.rb
|
|
152
156
|
- test/test_helper.rb
|