aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/parameters
Commit message (Collapse)AuthorAgeFilesLines
* Remove duplicate test and fix a typo in the testPrathamesh Sonpatki2016-07-122-6/+1
| | | | | - Tests for dup'ing params was separately added in a separate file in https://github.com/rails/rails/pull/25735.
* Trust `Object#dup` in `ActionController::Parameters`, using ↵Tim Rogers2016-07-081-1/+19
| | | | | | `#initialize_copy` to manually duplicate the underlying parameters hash It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
* Changes to a dupped `ActionController::Parameters` mutate the originalTim Rogers2016-07-071-0/+25
| | | | | | | | | | | | | | When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following: ``` params = ActionController::Parameters.new(foo: "bar") duplicated_params = params.dup duplicated_params.delete(:foo) params == duplicated_params ``` This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
* Merge pull request #24177 from vipulnsward/rename-testRafael França2016-07-011-1/+1
|\ | | | | Renamed NestedParametersTest to NestedParametersPermitTest
| * - Renamed NestedParametersTest to NestedParametersPermitTest, to indicate ↵Vipul A M2016-03-131-1/+1
| | | | | | | | what we are actually testing in this file
* | `params.permitted?` is false by defaultJon Moss2016-06-231-0/+6
| | | | | | | | | | In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+."
* | Filter scalar values when params permit hashes or arraysSean Griffin2016-04-151-0/+9
|/ | | | | | This brings the behavior more inline with other similar cases, such as receiving a hash when an array of scalars was expected. Prior to this commit, the key would be present, but the value would be `nil`
* Add `ActionController::Parameters#dig`Sean Griffin2016-03-091-0/+20
| | | | | | This method will only be added when used with Ruby 2.3.0 or greater. This method has the same behavior as `Hash#dig`, except it will convert hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
* Show permitted flag in the output of AC::Parameters#inspectPrathamesh Sonpatki2016-02-241-3/+13
| | | | - Fixes #23822.
* Deprecate AC::Parameters#== with a HashBenjamin Quorning2016-02-191-2/+4
|
* Fix AC::Parameters#== with other AC::ParametersBenjamin Quorning2016-02-191-0/+33
| | | | Creating a protected getter method for `@parameters`.
* Tests for AC::Parameters#==Benjamin Quorning2016-02-191-0/+6
|
* fields_for_style needs to test for AC::ParametersAaron Patterson2016-02-171-0/+21
| | | | | | | | | | | | | While iterating an AC::Parameters object, the object will mutate itself and stick AC::Parameters objects where there used to be hashes: https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632 If you use `permit` after this iteration, the `fields_for_style` method wouldn't return true because the child objects are now AC::Parameters objects rather than Hashes. fixes #23701
* Implement ActionController::Parameters#inspectBenjamin Quorning2016-02-171-0/+9
| | | | Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
* Remove `const_missing` which fallback to deprecated `NEVER_UNPERMITTED_PARAMS`Ryuta Kamizono2016-02-151-6/+0
| | | | `NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
* Fix `ActionController::Parameters#==` bugJon Moss2016-01-211-0/+6
| | | | See bug #21032.
* Merge pull request #22985 from akshay-vishnoi/fix-typoRafael França2016-01-161-1/+1
|\ | | | | test `include?`- fix typo
| * test `include?`- fix typoAkshay Vishnoi2016-01-091-1/+1
| |
* | AC::Parameters#at_json: restore Rails 4.2’s valueclaudiob2016-01-121-0/+6
|/ | | | | | Fixes #23026 See discussion at #23026
* Merge pull request #22850 from prathamesh-sonpatki/fix_ac_params_unsafe_h_2Kasper Timm Hansen2015-12-311-0/+8
|\ | | | | Fix AC::Parameters#to_unsafe_h to return all unfiltered values
| * Fix AC::Parameters#to_unsafe_h to return all unfiltered valuesPrathamesh Sonpatki2015-12-311-0/+8
| | | | | | | | | | | | | | - AC::Parameters#convert_parameters_to_hashes should return filtered or unfiltered values based on whether it is called from `to_h` or `to_unsafe_h` instead of always defaulting to `to_h`. - Fixes #22841
* | Fix test for AC::Parameters#to_unsafe_hPrathamesh Sonpatki2015-12-301-2/+2
|/ | | | - Test should call `to_unsafe_h` instead of `to_h`
* Add AC::Parameters#include?Justin Coyne2015-12-291-0/+6
| | | | Fixes #22818
* Only dup Ruby's Hash and Array.Kasper Timm Hansen2015-12-171-0/+28
| | | | | | | | When calling `to_h` on an `ActionController::Parameters` instance it would `deep_dup` its internal parameters. This inadvertently called `dup` on a passed Active Record model which would create new models. Fix by only dupping Ruby's Arrays and Hashes.
* Make Parameters#to_h and #to_unsafe_h return HWIAPrem Sichanugrist2015-12-141-4/+4
| | | | | | | This makes these two methods to be more inline with the previous behavior of Parameters as Parameters used to be inherited from HWIA. Fixes #21391
* Remove skip on tests that have been fixed.Guo Xiang Tan2015-10-241-4/+0
|
* Removed duplicate requiring minitest/mock as it is already required in ↵Ronak Jangir2015-08-261-1/+0
| | | | method_call_assertions
* Fix state being carried over from previous transactionRoque Pinel2015-07-201-1/+1
| | | | | | | | | | | | | | | This clears the transaction record state when the transaction finishes with a `:committed` status. Considering the following example where `name` is a required attribute. Before we had `new_record?` returning `true` for a persisted record: ```ruby author = Author.create! name: 'foo' author.name = nil author.save # => false author.new_record? # => true ```
* Fix exception overwritten for parameters fetch methodRoque Pinel2015-07-181-0/+13
| | | | | | | | | When executing an `ActionController::Parameters#fetch` with a block that raises a `KeyError` the raised `KeyError` will be rescued and converted to an `ActionController::ParameterMissing` exception, covering up the original exception. [Jonas Schubert Erlandsson & Roque Pinel]
* Skip a few failing tests on JRuby with the attached ticketsRobin Dupret2015-07-171-0/+4
|
* Make AC::Parameters not inherited from HashPrem Sichanugrist2015-07-152-3/+1
| | | | | | | | This is another take at #14384 as we decided to wait until `master` is targeting Rails 5.0. This commit is implementation-complete, as it guarantees that all the public methods on the hash-inherited Parameters are still working (based on test case). We can decide to follow-up later if we want to remove some methods out from Parameters.
* Return super in ActionController::Parameters.const_missingShuhei Kagawa2015-03-281-1/+8
| | | | | | | | | | | | | | | | | | | | | The current implementation of ActionController::Parameters.const_missing returns `ActionController::Parameters.always_permitted_parameters` even if its `super` returns a constant without raising error. This prevents its subclass in a autoloading module/class from taking advantage of autoloading constants. class SomeParameters < ActionController::Parameters def do_something DefinedSomewhere.do_something end end In the code above, `DefinedSomewhere` is to be autoloaded with `Module.const_missing` but `ActionController::Parameters.const_missing` returns `always_permitted_parameters` instead of the autoloaded constant. This pull request fixes the issue respecting `const_missing`'s `super`.
* Add AC::Parameters#to_unsafe_hPrem Sichanugrist2014-12-121-0/+6
| | | | | | | | | As suggested in #16299([1]), this method should be a new public API for retrieving unfiltered parameters from `ActionController::Parameters` object, given that `Parameters#to_hash` will no longer work in Rails 5.0+ as we stop inheriting `Parameters` from `Hash`. [1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919
* Fix failing test on several methods on ParameterPrem Sichanugrist2014-08-182-2/+11
| | | | | | | * `each` * `each_pair` * `delete` * `select!`
* Seperate Parameters accessors and mutators testsPrem Sichanugrist2014-08-183-57/+215
|
* Add missing `Hash` methods to `AC::Parameters`Prem Sichanugrist2014-08-181-0/+21
| | | | | | | | | | | | This is to make sure that `permitted` status is maintained on the resulting object. I found these methods that needs to be redefined by looking for `self.class.new` in the code. * extract! * transform_keys * transform_values
* Make `AC::Params#to_h` return Hash with safe keysPrem Sichanugrist2014-08-181-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
* Merge pull request #15933 from rafael/masterRafael Mendonça França2014-06-271-0/+29
|\ | | | | | | | | | | Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
| * Improvements per code review.Rafael Chacón2014-06-271-0/+29
| | | | | | | | | | | | * General style fixes. * Add changes to configuration guide. * Add missing tests.
* | adds some details to the rationale of converted_arrays [ci skip]Xavier Noria2014-06-071-1/+1
| |
* | adds a regression test for the strong params converted arrays cacheXavier Noria2014-06-071-1/+18
| | | | | | | | This is a regression test for 29844dd.
* | Revert "Convert StrongParameters cache to a hash. This fixes an unbounded"Xavier Noria2014-06-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot cache keys because arrays are mutable. We rather want to cache the arrays. This behaviour is tailor-made for the usage pattern strongs params is designed for. In a forthcoming commit I am going to add a test that covers why we need to cache by value. Every strong params instance has a live span of a request, the cache goes away with the object. Since strong params have such a concrete intention, it would be interesting to see if there are actually any real-world use cases that are an actual leak, one that practically may matter. I am not convinced that the theoretical leak has any practical consequences, but if it can be shown there are, then I believe we should either get rid of the cache (which is an optimization), or else wipe it in the mutating API. This reverts commit e63be2769c039e4e9ada523a8497ce3206cc8a9b.
* | Convert StrongParameters cache to a hash. This fixes an unboundedRyan Davis2014-06-031-1/+1
| | | | | | | | | | | | memory leak demonstrated on @tenderlove's latest blog post: http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html
* | Simple Sungularize ActionController::UnpermittedParameters error in case ↵Serj L2014-02-241-4/+26
| | | | | | | | when only 1 parameter is unpermitted.
* | unify param.require testsArthur Neves2014-01-231-10/+0
| |
* | AC::Parameters#permit! permits hashes in array valuesXavier Noria2013-12-231-3/+11
| |
* | optimizes array conversion in AC::ParametersXavier Noria2013-12-211-0/+5
| |
* | converts hashes in arrays of unfiltered params to unpermitted params [fixes ↵Xavier Noria2013-12-211-0/+7
| | | | | | | | #13382]
* | Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-021-7/+1
| | | | | | | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* | Merge pull request #9660 from ↵Guillermo Iguaran2013-11-011-1/+7
|\ \ | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty