Support for strong parameters in Rails 3.1.6

Gemfile.lock

@@ -1,45 +1,59 @@
 PATH
   remote: .
   specs:
-    strong_parameters (0.1.2)
-      actionpack (>= 3.2.0)
-      activemodel (>= 3.2.0)
+    strong_parameters (0.1.3)
+      actionpack (>= 3.1.6)
+      activemodel (>= 3.1.6)
+      railties (>= 3.1.6)
 
 GEM
   remote: http://rubygems.org/
   specs:
-    actionpack (3.2.2)
-      activemodel (= 3.2.2)
-      activesupport (= 3.2.2)
+    actionpack (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.1)
       rack (~> 1.4.0)
-      rack-cache (~> 1.1)
+      rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.1.2)
-    activemodel (3.2.2)
-      activesupport (= 3.2.2)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.6)
+      activesupport (= 3.2.6)
       builder (~> 3.0.0)
-    activesupport (3.2.2)
+    activesupport (3.2.6)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     builder (3.0.0)
     erubis (2.7.0)
     hike (1.2.1)
     i18n (0.6.0)
-    journey (1.0.3)
-    multi_json (1.2.0)
+    journey (1.0.4)
+    json (1.7.3)
+    multi_json (1.3.6)
     rack (1.4.1)
     rack-cache (1.2)
       rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
     rack-test (0.6.1)
       rack (>= 1.0)
+    railties (3.2.6)
+      actionpack (= 3.2.6)
+      activesupport (= 3.2.6)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
     rake (0.9.2.2)
-    sprockets (2.1.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sprockets (2.1.3)
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    thor (0.15.3)
     tilt (1.3.3)
 
 PLATFORMS

lib/action_controller/parameters.rb

@@ -21,6 +21,10 @@ def initialize(attributes = nil)
       @permitted = false
     end
 
+     def nested_under_indifferent_access    #### MonkeyPatched to support update operation on Hashes. It has been done for Rails 3.1.6
+     	self
+     end
+
     def permit!
       @permitted = true
       self
@@ -66,7 +70,7 @@ def [](key)
 
     def fetch(key, *args)
       convert_hashes_to_parameters(key, super)
-    rescue KeyError
+    rescue KeyError,IndexError
       raise ActionController::ParameterMissing.new(key)
     end
 

lib/strong_parameters/version.rb

@@ -1,3 +1,3 @@
 module StrongParameters
-  VERSION = "0.1.3"
+  VERSION = "0.1.3.af1"
 end

strong_parameters.gemspec

@@ -14,9 +14,9 @@ Gem::Specification.new do |s|
   s.files = Dir["{app,config,db,lib}/**/*"] + ["MIT-LICENSE", "Rakefile", "README.rdoc"]
   s.test_files = Dir["test/**/*"]
 
-  s.add_dependency "actionpack", ">= 3.2.0"
-  s.add_dependency "activemodel", ">= 3.2.0"
-  s.add_dependency "railties", ">= 3.2.0"
+  s.add_dependency "actionpack", ">= 3.1.6"
+  s.add_dependency "activemodel", ">= 3.1.6"
+  s.add_dependency "railties", ">= 3.1.6"
 
   s.add_development_dependency "rake"
 end

test/action_controller_required_params_test.rb

@@ -11,20 +11,20 @@ class ActionControllerRequiredParamsTest < ActionController::TestCase
   tests BooksController
 
   test "missing required parameters will raise exception" do
-    post :create, { magazine: { name: "Mjallo!" } }
+    post :create, { :magazine=> { :name=> "Mjallo!" } }
     assert_response :bad_request
 
-    post :create, { book: { title: "Mjallo!" } }
+    post :create, { :book=> { :title=> "Mjallo!" } }
     assert_response :bad_request
   end
 
   test "required parameters that are present will not raise" do
-    post :create, { book: { name: "Mjallo!" } }
+    post :create, { :book=> { :name=> "Mjallo!" } }
     assert_response :ok
   end
 
   test "missing parameters will be mentioned in the return" do
-    post :create, { magazine: { name: "Mjallo!" } }
+    post :create, { :magazine=> { :name=> "Mjallo!" } }
     assert_equal "Required parameter missing: book", response.body
   end
 end

test/action_controller_tainted_params_test.rb

@@ -2,24 +2,24 @@
 
 class PeopleController < ActionController::Base
   def create
-    render text: params[:person].permitted? ? "untainted" : "tainted"
+    render :text=> params[:person].permitted? ? "untainted" : "tainted"
   end
 
   def create_with_permit
-    render text: params[:person].permit(:name).permitted? ? "untainted" : "tainted"
+    render :text=> params[:person].permit(:name).permitted? ? "untainted" : "tainted"
   end
 end
 
 class ActionControllerTaintedParamsTest < ActionController::TestCase
   tests PeopleController
 
   test "parameters are tainted" do
-    post :create, { person: { name: "Mjallo!" } }
+    post :create, { :person=> { :name=> "Mjallo!" } }
     assert_equal "tainted", response.body
   end
 
   test "parameters can be permitted and are then not tainted" do
-    post :create_with_permit, { person: { name: "Mjallo!" } }
+    post :create_with_permit, { :person=> { :name=> "Mjallo!" } }
     assert_equal "untainted", response.body
   end
 end

test/active_model_mass_assignment_taint_protection_test.rb

@@ -10,21 +10,21 @@ class Person
 class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase
   test "forbidden attributes cannot be used for mass updating" do
     assert_raises(ActiveModel::ForbiddenAttributes) do
-      Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(a: "b"))
+      Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(:a=> "b"))
     end
   end
 
   test "permitted attributes can be used for mass updating" do
     assert_nothing_raised do
       assert_equal({ "a" => "b" },
-        Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(a: "b").permit(:a)))
+        Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(:a=> "b").permit(:a)))
     end
   end
 
   test "regular attributes should still be allowed" do
     assert_nothing_raised do
-      assert_equal({ a: "b" },
-        Person.new.sanitize_for_mass_assignment(a: "b"))
+      assert_equal({ :a=> "b" },
+        Person.new.sanitize_for_mass_assignment(:a=> "b"))
     end
   end
 end

test/nested_parameters_test.rb

@@ -4,23 +4,23 @@
 class NestedParametersTest < ActiveSupport::TestCase
   test "permitted nested parameters" do
     params = ActionController::Parameters.new({
-      book: {
-        title: "Romeo and Juliet",
-        authors: [{
-          name: "William Shakespeare",
-          born: "1564-04-26"
+      :book=> {
+        :title=> "Romeo and Juliet",
+        :authors=> [{
+          :name=> "William Shakespeare",
+          :born=> "1564-04-26"
         }, {
-          name: "Christopher Marlowe"
+          :name=> "Christopher Marlowe"
         }],
-        details: {
-          pages: 200,
-          genre: "Tragedy"
+        :details=> {
+          :pages=> 200,
+          :genre=> "Tragedy"
         }
       },
-      magazine: "Mjallo!"
+      :magazine=> "Mjallo!"
     })
 
-    permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ]
+    permitted = params.permit :book=> [ :title, { :authors=> [ :name ] }, { :details=> :pages } ]
 
     assert permitted.permitted?
     assert_equal "Romeo and Juliet", permitted[:book][:title]
@@ -34,62 +34,47 @@ class NestedParametersTest < ActiveSupport::TestCase
 
   test "nested arrays with strings" do
     params = ActionController::Parameters.new({
-      :book => {
-        :genres => ["Tragedy"]
+      :book=> {
+        :genres=> ["Tragedy"]
       }
     })
 
-    permitted = params.permit :book => :genres
+    permitted = params.permit :book=> :genres
     assert_equal ["Tragedy"], permitted[:book][:genres]
   end
 
-  test "permit may specify symbols or strings" do
+  test "nested array with strings that should be hashes" do       
     params = ActionController::Parameters.new({
-      :book => {
-        :title => "Romeo and Juliet",
-        :author => "William Shakespeare"
-      },
-      :magazine => "Shakespeare Today"
-    })
-
-    permitted = params.permit({:book => ["title", :author]}, "magazine")
-    assert_equal "Romeo and Juliet", permitted[:book][:title]
-    assert_equal "William Shakespeare", permitted[:book][:author]
-    assert_equal "Shakespeare Today", permitted[:magazine]
-  end
-
-  test "nested array with strings that should be hashes" do
-    params = ActionController::Parameters.new({
-      book: {
-        genres: ["Tragedy"]
+      :book=> {
+        :genres=> ["Tragedy"]
       }
     })
 
-    permitted = params.permit book: { genres: :type }
-    assert_empty permitted[:book][:genres]
+    permitted = params.permit :book=> { :genres=> :type }
+    assert permitted[:book][:genres].empty?
   end
 
-  test "nested array with strings that should be hashes and additional values" do
+  test "nested array with strings that should be hashes and additional values" do    
     params = ActionController::Parameters.new({
-      book: {
-        title: "Romeo and Juliet",
-        genres: ["Tragedy"]
+      :book=> {
+        :title=> "Romeo and Juliet",
+        :genres=> ["Tragedy"]
       }
     })
 
-    permitted = params.permit book: [ :title, { genres: :type } ]
+    permitted = params.permit :book=> [ :title, { :genres=> :type } ]
     assert_equal "Romeo and Juliet", permitted[:book][:title]
-    assert_empty permitted[:book][:genres]
+    assert permitted[:book][:genres].empty?
   end
 
   test "nested string that should be a hash" do
     params = ActionController::Parameters.new({
-      book: {
-        genre: "Tragedy"
+      :book=> {
+        :genre=> "Tragedy"
       }
     })
 
-    permitted = params.permit book: { genre: :type }
+    permitted = params.permit :book=> { :genre=> :type }
     assert_nil permitted[:book][:genre]
   end
 end

test/parameters_require_test.rb

@@ -4,7 +4,7 @@
 class ParametersRequireTest < ActiveSupport::TestCase
   test "required parameters must be present not merely not nil" do
     assert_raises(ActionController::ParameterMissing) do
-      ActionController::Parameters.new(person: {}).require(:person)
+      ActionController::Parameters.new(:person=> {}).require(:person)
     end
   end
 end

test/parameters_taint_test.rb

@@ -1,10 +1,11 @@
 require 'test_helper'
 require 'action_controller/parameters'
 
+
 class ParametersTaintTest < ActiveSupport::TestCase
   setup do
-    @params = ActionController::Parameters.new({ person: { 
-      age: "32", name: { first: "David", last: "Heinemeier Hansson" }
+    @params = ActionController::Parameters.new({ :person=> { 
+      :age=> "32", :name=> { :first=> "David", :last=> "Heinemeier" }
     }})
   end
 
@@ -34,18 +35,30 @@ class ParametersTaintTest < ActiveSupport::TestCase
   end
 
   test "permitted is sticky on mutators" do
-    assert !@params.delete_if { |k| k == :person }.permitted?
-    assert !@params.keep_if { |k,v| k == :person }.permitted?
+    assert !@params.delete_if { |k,v| k == :person }.permitted?
+    #assert [email protected]_if { |k,v| k == :person }.permitted?     ### keep_if is not present in 3.1,its a feature of Rails 3.2 . So commenting it out
+  end
+
+  test "deleting the parameters" do
+    params = {:app_bundle => {"release_path"=>"test", 
+                              "domain_name"=>"foo.bar.com", 
+                              "name"=>"thenewapp", 
+                              "repository_name"=>"https://repo2.com/branches", 
+                              "supports_primary_user"=>"1"}}
+    params = ActionController::Parameters.new(params)
+
+    x = params[:app_bundle].delete(:repository_name)
+    assert_equal "https://repo2.com/branches", x
+    assert_nil params[:app_bundle]["repository_name"]
   end
 
   test "permitted is sticky beyond merges" do
-    assert !@params.merge(a: "b").permitted?
+    assert !@params.merge(:a=> "b").permitted?
   end
 
   test "modifying the parameters" do
     @params[:person][:hometown] = "Chicago"
-    @params[:person][:family] = { brother: "Jonas" }
-
+    @params[:person][:family] = { :brother=> "Jonas" }
     assert_equal "Chicago", @params[:person][:hometown]
     assert_equal "Jonas", @params[:person][:family][:brother]
   end