aboutsummaryrefslogblamecommitdiffstats
path: root/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
blob: 9a73a5ad915e9315f1295967a472771e746c51f4 (plain) (tree)
1
2
3
4
5
6
7
8
                      
                
                                                  
 
                                           

                            
                                                          



                         
                        




















                                                                             
                                                                                     


     
require "cases/helper"
require 'logger'
require 'active_support/core_ext/object/inclusion'

class SanitizerTest < ActiveModel::TestCase

  class SanitizingAuthorizer
    include ActiveModel::MassAssignmentSecurity::Sanitizer

    attr_accessor :logger

    def deny?(key)
      key.in?(['admin'])
    end

  end

  def setup
    @sanitizer = SanitizingAuthorizer.new
  end

  test "sanitize attributes" do
    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
    attributes = @sanitizer.sanitize(original_attributes)

    assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
    assert !attributes.key?('admin'),     "Denied key should be rejected"
  end

  test "debug mass assignment removal" do
    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
    log = StringIO.new
    @sanitizer.logger = Logger.new(log)
    @sanitizer.sanitize(original_attributes)
    assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
  end

end