aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/test')
-rw-r--r--activemodel/test/cases/mass_assignment_security/black_list_test.rb8
-rw-r--r--activemodel/test/cases/mass_assignment_security/sanitizer_test.rb13
-rw-r--r--activemodel/test/cases/mass_assignment_security/white_list_test.rb9
-rw-r--r--activemodel/test/cases/mass_assignment_security_test.rb20
4 files changed, 25 insertions, 25 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/black_list_test.rb b/activemodel/test/cases/mass_assignment_security/black_list_test.rb
index ed168bc016..0ec7f8719c 100644
--- a/activemodel/test/cases/mass_assignment_security/black_list_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/black_list_test.rb
@@ -16,13 +16,5 @@ class BlackListTest < ActiveModel::TestCase
assert_equal false, @black_list.deny?('first_name')
end
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' }
- attributes = @black_list.sanitize(original_attributes)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- assert !attributes.key?('admin(1)'), "Multi-parameter key should be detected"
- end
end
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
index 9a73a5ad91..8547694c24 100644
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -4,24 +4,21 @@ require 'active_support/core_ext/object/inclusion'
class SanitizerTest < ActiveModel::TestCase
- class SanitizingAuthorizer
- include ActiveModel::MassAssignmentSecurity::Sanitizer
-
- attr_accessor :logger
+ class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
def deny?(key)
key.in?(['admin'])
end
-
end
def setup
- @sanitizer = SanitizingAuthorizer.new
+ @sanitizer = ActiveModel::MassAssignmentSecurity::DefaultSanitizer.new
+ @authorizer = Authorizer.new
end
test "sanitize attributes" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- attributes = @sanitizer.sanitize(original_attributes)
+ attributes = @sanitizer.sanitize(original_attributes, @authorizer)
assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
assert !attributes.key?('admin'), "Denied key should be rejected"
@@ -31,7 +28,7 @@ class SanitizerTest < ActiveModel::TestCase
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
log = StringIO.new
@sanitizer.logger = Logger.new(log)
- @sanitizer.sanitize(original_attributes)
+ @sanitizer.sanitize(original_attributes, @authorizer)
assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
end
diff --git a/activemodel/test/cases/mass_assignment_security/white_list_test.rb b/activemodel/test/cases/mass_assignment_security/white_list_test.rb
index aa3596ad2a..737b55492a 100644
--- a/activemodel/test/cases/mass_assignment_security/white_list_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/white_list_test.rb
@@ -16,13 +16,4 @@ class WhiteListTest < ActiveModel::TestCase
assert_equal true, @white_list.deny?('admin')
end
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' }
- attributes = @white_list.sanitize(original_attributes)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- assert !attributes.key?('admin(1)'), "Multi-parameter key should be detected"
- end
-
end
diff --git a/activemodel/test/cases/mass_assignment_security_test.rb b/activemodel/test/cases/mass_assignment_security_test.rb
index 43a12eed61..a778240827 100644
--- a/activemodel/test/cases/mass_assignment_security_test.rb
+++ b/activemodel/test/cases/mass_assignment_security_test.rb
@@ -1,6 +1,15 @@
require "cases/helper"
require 'models/mass_assignment_specific'
+
+class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
+
+ def process_removed_attributes(attrs)
+ raise StandardError
+ end
+
+end
+
class MassAssignmentSecurityTest < ActiveModel::TestCase
def test_attribute_protection
@@ -76,4 +85,15 @@ class MassAssignmentSecurityTest < ActiveModel::TestCase
assert_equal sanitized, { }
end
+ def test_custom_sanitizer
+ user = User.new
+ User.mass_assignment_sanitizer = CustomSanitizer.new
+ assert_raise StandardError do
+ user.sanitize_for_mass_assignment("admin" => true)
+ end
+ ensure
+ User.mass_assignment_sanitizer = nil
+
+ end
+
end