From 60508bdeff10bd96fe507c84e9ba77231a7d9be5 Mon Sep 17 00:00:00 2001 From: Deepak Date: Tue, 3 Jul 2012 17:26:11 -0700 Subject: [PATCH] Support for strong parameters in Rails 3.1.6 --- Gemfile.lock | 42 +++++++---- lib/action_controller/parameters.rb | 6 +- lib/strong_parameters/version.rb | 2 +- strong_parameters.gemspec | 6 +- .../action_controller_required_params_test.rb | 8 +-- test/action_controller_tainted_params_test.rb | 8 +-- ...l_mass_assignment_taint_protection_test.rb | 8 +-- test/nested_parameters_test.rb | 71 ++++++++----------- test/parameters_require_test.rb | 2 +- test/parameters_taint_test.rb | 27 +++++-- 10 files changed, 98 insertions(+), 82 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 337adec..148a5b0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,45 +1,59 @@ PATH remote: . specs: - strong_parameters (0.1.2) - actionpack (>= 3.2.0) - activemodel (>= 3.2.0) + strong_parameters (0.1.3) + actionpack (>= 3.1.6) + activemodel (>= 3.1.6) + railties (>= 3.1.6) GEM remote: http://rubygems.org/ specs: - actionpack (3.2.2) - activemodel (= 3.2.2) - activesupport (= 3.2.2) + actionpack (3.2.6) + activemodel (= 3.2.6) + activesupport (= 3.2.6) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.1) rack (~> 1.4.0) - rack-cache (~> 1.1) + rack-cache (~> 1.2) rack-test (~> 0.6.1) - sprockets (~> 2.1.2) - activemodel (3.2.2) - activesupport (= 3.2.2) + sprockets (~> 2.1.3) + activemodel (3.2.6) + activesupport (= 3.2.6) builder (~> 3.0.0) - activesupport (3.2.2) + activesupport (3.2.6) i18n (~> 0.6) multi_json (~> 1.0) builder (3.0.0) erubis (2.7.0) hike (1.2.1) i18n (0.6.0) - journey (1.0.3) - multi_json (1.2.0) + journey (1.0.4) + json (1.7.3) + multi_json (1.3.6) rack (1.4.1) rack-cache (1.2) rack (>= 0.4) + rack-ssl (1.3.2) + rack rack-test (0.6.1) rack (>= 1.0) + railties (3.2.6) + actionpack (= 3.2.6) + activesupport (= 3.2.6) + rack-ssl (~> 1.3.2) + rake (>= 0.8.7) + rdoc (~> 3.4) + thor (>= 0.14.6, < 2.0) rake (0.9.2.2) - sprockets (2.1.2) + rdoc (3.12) + json (~> 1.4) + sprockets (2.1.3) hike (~> 1.2) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + thor (0.15.3) tilt (1.3.3) PLATFORMS diff --git a/lib/action_controller/parameters.rb b/lib/action_controller/parameters.rb index 467e372..c18f6c7 100644 --- a/lib/action_controller/parameters.rb +++ b/lib/action_controller/parameters.rb @@ -21,6 +21,10 @@ def initialize(attributes = nil) @permitted = false end + def nested_under_indifferent_access #### MonkeyPatched to support update operation on Hashes. It has been done for Rails 3.1.6 + self + end + def permit! @permitted = true self @@ -66,7 +70,7 @@ def [](key) def fetch(key, *args) convert_hashes_to_parameters(key, super) - rescue KeyError + rescue KeyError,IndexError raise ActionController::ParameterMissing.new(key) end diff --git a/lib/strong_parameters/version.rb b/lib/strong_parameters/version.rb index 2ca3081..61ecd5f 100644 --- a/lib/strong_parameters/version.rb +++ b/lib/strong_parameters/version.rb @@ -1,3 +1,3 @@ module StrongParameters - VERSION = "0.1.3" + VERSION = "0.1.3.af1" end diff --git a/strong_parameters.gemspec b/strong_parameters.gemspec index 6b65f09..838d56a 100644 --- a/strong_parameters.gemspec +++ b/strong_parameters.gemspec @@ -14,9 +14,9 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,db,lib}/**/*"] + ["MIT-LICENSE", "Rakefile", "README.rdoc"] s.test_files = Dir["test/**/*"] - s.add_dependency "actionpack", ">= 3.2.0" - s.add_dependency "activemodel", ">= 3.2.0" - s.add_dependency "railties", ">= 3.2.0" + s.add_dependency "actionpack", ">= 3.1.6" + s.add_dependency "activemodel", ">= 3.1.6" + s.add_dependency "railties", ">= 3.1.6" s.add_development_dependency "rake" end diff --git a/test/action_controller_required_params_test.rb b/test/action_controller_required_params_test.rb index c4a034d..a965db4 100644 --- a/test/action_controller_required_params_test.rb +++ b/test/action_controller_required_params_test.rb @@ -11,20 +11,20 @@ class ActionControllerRequiredParamsTest < ActionController::TestCase tests BooksController test "missing required parameters will raise exception" do - post :create, { magazine: { name: "Mjallo!" } } + post :create, { :magazine=> { :name=> "Mjallo!" } } assert_response :bad_request - post :create, { book: { title: "Mjallo!" } } + post :create, { :book=> { :title=> "Mjallo!" } } assert_response :bad_request end test "required parameters that are present will not raise" do - post :create, { book: { name: "Mjallo!" } } + post :create, { :book=> { :name=> "Mjallo!" } } assert_response :ok end test "missing parameters will be mentioned in the return" do - post :create, { magazine: { name: "Mjallo!" } } + post :create, { :magazine=> { :name=> "Mjallo!" } } assert_equal "Required parameter missing: book", response.body end end diff --git a/test/action_controller_tainted_params_test.rb b/test/action_controller_tainted_params_test.rb index 8afae04..9f93bcc 100644 --- a/test/action_controller_tainted_params_test.rb +++ b/test/action_controller_tainted_params_test.rb @@ -2,11 +2,11 @@ class PeopleController < ActionController::Base def create - render text: params[:person].permitted? ? "untainted" : "tainted" + render :text=> params[:person].permitted? ? "untainted" : "tainted" end def create_with_permit - render text: params[:person].permit(:name).permitted? ? "untainted" : "tainted" + render :text=> params[:person].permit(:name).permitted? ? "untainted" : "tainted" end end @@ -14,12 +14,12 @@ class ActionControllerTaintedParamsTest < ActionController::TestCase tests PeopleController test "parameters are tainted" do - post :create, { person: { name: "Mjallo!" } } + post :create, { :person=> { :name=> "Mjallo!" } } assert_equal "tainted", response.body end test "parameters can be permitted and are then not tainted" do - post :create_with_permit, { person: { name: "Mjallo!" } } + post :create_with_permit, { :person=> { :name=> "Mjallo!" } } assert_equal "untainted", response.body end end diff --git a/test/active_model_mass_assignment_taint_protection_test.rb b/test/active_model_mass_assignment_taint_protection_test.rb index 88351be..b0360e2 100644 --- a/test/active_model_mass_assignment_taint_protection_test.rb +++ b/test/active_model_mass_assignment_taint_protection_test.rb @@ -10,21 +10,21 @@ class Person class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase test "forbidden attributes cannot be used for mass updating" do assert_raises(ActiveModel::ForbiddenAttributes) do - Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(a: "b")) + Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(:a=> "b")) end end test "permitted attributes can be used for mass updating" do assert_nothing_raised do assert_equal({ "a" => "b" }, - Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(a: "b").permit(:a))) + Person.new.sanitize_for_mass_assignment(ActionController::Parameters.new(:a=> "b").permit(:a))) end end test "regular attributes should still be allowed" do assert_nothing_raised do - assert_equal({ a: "b" }, - Person.new.sanitize_for_mass_assignment(a: "b")) + assert_equal({ :a=> "b" }, + Person.new.sanitize_for_mass_assignment(:a=> "b")) end end end diff --git a/test/nested_parameters_test.rb b/test/nested_parameters_test.rb index 74405ec..cb6e6e0 100644 --- a/test/nested_parameters_test.rb +++ b/test/nested_parameters_test.rb @@ -4,23 +4,23 @@ class NestedParametersTest < ActiveSupport::TestCase test "permitted nested parameters" do params = ActionController::Parameters.new({ - book: { - title: "Romeo and Juliet", - authors: [{ - name: "William Shakespeare", - born: "1564-04-26" + :book=> { + :title=> "Romeo and Juliet", + :authors=> [{ + :name=> "William Shakespeare", + :born=> "1564-04-26" }, { - name: "Christopher Marlowe" + :name=> "Christopher Marlowe" }], - details: { - pages: 200, - genre: "Tragedy" + :details=> { + :pages=> 200, + :genre=> "Tragedy" } }, - magazine: "Mjallo!" + :magazine=> "Mjallo!" }) - permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ] + permitted = params.permit :book=> [ :title, { :authors=> [ :name ] }, { :details=> :pages } ] assert permitted.permitted? assert_equal "Romeo and Juliet", permitted[:book][:title] @@ -34,62 +34,47 @@ class NestedParametersTest < ActiveSupport::TestCase test "nested arrays with strings" do params = ActionController::Parameters.new({ - :book => { - :genres => ["Tragedy"] + :book=> { + :genres=> ["Tragedy"] } }) - permitted = params.permit :book => :genres + permitted = params.permit :book=> :genres assert_equal ["Tragedy"], permitted[:book][:genres] end - test "permit may specify symbols or strings" do + test "nested array with strings that should be hashes" do params = ActionController::Parameters.new({ - :book => { - :title => "Romeo and Juliet", - :author => "William Shakespeare" - }, - :magazine => "Shakespeare Today" - }) - - permitted = params.permit({:book => ["title", :author]}, "magazine") - assert_equal "Romeo and Juliet", permitted[:book][:title] - assert_equal "William Shakespeare", permitted[:book][:author] - assert_equal "Shakespeare Today", permitted[:magazine] - end - - test "nested array with strings that should be hashes" do - params = ActionController::Parameters.new({ - book: { - genres: ["Tragedy"] + :book=> { + :genres=> ["Tragedy"] } }) - permitted = params.permit book: { genres: :type } - assert_empty permitted[:book][:genres] + permitted = params.permit :book=> { :genres=> :type } + assert permitted[:book][:genres].empty? end - test "nested array with strings that should be hashes and additional values" do + test "nested array with strings that should be hashes and additional values" do params = ActionController::Parameters.new({ - book: { - title: "Romeo and Juliet", - genres: ["Tragedy"] + :book=> { + :title=> "Romeo and Juliet", + :genres=> ["Tragedy"] } }) - permitted = params.permit book: [ :title, { genres: :type } ] + permitted = params.permit :book=> [ :title, { :genres=> :type } ] assert_equal "Romeo and Juliet", permitted[:book][:title] - assert_empty permitted[:book][:genres] + assert permitted[:book][:genres].empty? end test "nested string that should be a hash" do params = ActionController::Parameters.new({ - book: { - genre: "Tragedy" + :book=> { + :genre=> "Tragedy" } }) - permitted = params.permit book: { genre: :type } + permitted = params.permit :book=> { :genre=> :type } assert_nil permitted[:book][:genre] end end diff --git a/test/parameters_require_test.rb b/test/parameters_require_test.rb index d210635..b026f3b 100644 --- a/test/parameters_require_test.rb +++ b/test/parameters_require_test.rb @@ -4,7 +4,7 @@ class ParametersRequireTest < ActiveSupport::TestCase test "required parameters must be present not merely not nil" do assert_raises(ActionController::ParameterMissing) do - ActionController::Parameters.new(person: {}).require(:person) + ActionController::Parameters.new(:person=> {}).require(:person) end end end diff --git a/test/parameters_taint_test.rb b/test/parameters_taint_test.rb index d750836..f2aa6e5 100644 --- a/test/parameters_taint_test.rb +++ b/test/parameters_taint_test.rb @@ -1,10 +1,11 @@ require 'test_helper' require 'action_controller/parameters' + class ParametersTaintTest < ActiveSupport::TestCase setup do - @params = ActionController::Parameters.new({ person: { - age: "32", name: { first: "David", last: "Heinemeier Hansson" } + @params = ActionController::Parameters.new({ :person=> { + :age=> "32", :name=> { :first=> "David", :last=> "Heinemeier" } }}) end @@ -34,18 +35,30 @@ class ParametersTaintTest < ActiveSupport::TestCase end test "permitted is sticky on mutators" do - assert !@params.delete_if { |k| k == :person }.permitted? - assert !@params.keep_if { |k,v| k == :person }.permitted? + assert !@params.delete_if { |k,v| k == :person }.permitted? + #assert !@params.keep_if { |k,v| k == :person }.permitted? ### keep_if is not present in 3.1,its a feature of Rails 3.2 . So commenting it out + end + + test "deleting the parameters" do + params = {:app_bundle => {"release_path"=>"test", + "domain_name"=>"foo.bar.com", + "name"=>"thenewapp", + "repository_name"=>"https://repo2.com/branches", + "supports_primary_user"=>"1"}} + params = ActionController::Parameters.new(params) + + x = params[:app_bundle].delete(:repository_name) + assert_equal "https://repo2.com/branches", x + assert_nil params[:app_bundle]["repository_name"] end test "permitted is sticky beyond merges" do - assert !@params.merge(a: "b").permitted? + assert !@params.merge(:a=> "b").permitted? end test "modifying the parameters" do @params[:person][:hometown] = "Chicago" - @params[:person][:family] = { brother: "Jonas" } - + @params[:person][:family] = { :brother=> "Jonas" } assert_equal "Chicago", @params[:person][:hometown] assert_equal "Jonas", @params[:person][:family][:brother] end