aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/mass_assignment_security
diff options
context:
space:
mode:
authorBogdan Gusiev <agresso@gmail.com>2011-05-30 11:34:00 +0300
committerBogdan Gusiev <agresso@gmail.com>2011-05-30 11:34:00 +0300
commitaa2639e746d8af5d7673bbbbbccbe868edeb0161 (patch)
tree0c52328245ded53d61a01c68c9e45897e4d35d79 /activemodel/test/cases/mass_assignment_security
parent96525d632d47847ae5a8d6658ad396b74ecfb6f1 (diff)
downloadrails-aa2639e746d8af5d7673bbbbbccbe868edeb0161.tar.gz
rails-aa2639e746d8af5d7673bbbbbccbe868edeb0161.tar.bz2
rails-aa2639e746d8af5d7673bbbbbccbe868edeb0161.zip
ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer method
In order to specify your own sanitize method Implemented .mass_assignment_sanitizer configuration option
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security')
-rw-r--r--activemodel/test/cases/mass_assignment_security/sanitizer_test.rb18
1 files changed, 13 insertions, 5 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
index 8547694c24..e9e7eee0bd 100644
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -12,24 +12,32 @@ class SanitizerTest < ActiveModel::TestCase
end
def setup
- @sanitizer = ActiveModel::MassAssignmentSecurity::DefaultSanitizer.new
+ @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new
+ @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new
@authorizer = Authorizer.new
end
test "sanitize attributes" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- attributes = @sanitizer.sanitize(original_attributes, @authorizer)
+ attributes = @logger_sanitizer.sanitize(original_attributes, @authorizer)
assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
assert !attributes.key?('admin'), "Denied key should be rejected"
end
- test "debug mass assignment removal" do
+ test "debug mass assignment removal with LoggerSanitizer" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
log = StringIO.new
- @sanitizer.logger = Logger.new(log)
- @sanitizer.sanitize(original_attributes, @authorizer)
+ @logger_sanitizer.logger = Logger.new(log)
+ @logger_sanitizer.sanitize(original_attributes, @authorizer)
assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
end
+ test "debug mass assignment removal with StrictSanitizer" do
+ original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
+ assert_raise ActiveModel::MassAssignmentSecurity::Error do
+ @strict_sanitizer.sanitize(original_attributes, @authorizer)
+ end
+ end
+
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 01:41:47 +0000