aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security/sanitizer_test.rb')
-rw-r--r--activemodel/test/cases/mass_assignment_security/sanitizer_test.rb50
1 files changed, 0 insertions, 50 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
deleted file mode 100644
index b141cec059..0000000000
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-require "cases/helper"
-require 'active_support/logger'
-
-class SanitizerTest < ActiveModel::TestCase
- attr_accessor :logger
-
- class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
- def deny?(key)
- ['admin', 'id'].include?(key)
- end
- end
-
- def setup
- @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new(self)
- @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new(self)
- @authorizer = Authorizer.new
- end
-
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- attributes = @logger_sanitizer.sanitize(self.class, original_attributes, @authorizer)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- end
-
- test "debug mass assignment removal with LoggerSanitizer" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- log = StringIO.new
- self.logger = ActiveSupport::Logger.new(log)
- @logger_sanitizer.sanitize(self.class, original_attributes, @authorizer)
- assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
- end
-
- test "debug mass assignment removal with StrictSanitizer" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- assert_raise ActiveModel::MassAssignmentSecurity::Error do
- @strict_sanitizer.sanitize(self.class, original_attributes, @authorizer)
- end
- end
-
- test "mass assignment insensitive attributes" do
- original_attributes = {'id' => 1, 'first_name' => 'allowed'}
-
- assert_nothing_raised do
- @strict_sanitizer.sanitize(self.class, original_attributes, @authorizer)
- end
- end
-
-end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 10:48:14 +0000