From 1e923b498492424ae627d7a2c61339148f887503 Mon Sep 17 00:00:00 2001
From: Gannon McGibbon <gannon.mcgibbon@gmail.com>
Date: Mon, 7 Jan 2019 14:05:50 -0500
Subject: Allow strong params in ActiveRecord::Base#exists?

Allow `ActionController::Params` as argument of
`ActiveRecord::Base#exists?`
---
 activerecord/CHANGELOG.md                                 |  4 ++++
 activerecord/lib/active_record/relation/finder_methods.rb |  2 ++
 activerecord/test/cases/finder_test.rb                    |  9 +++++++++
 activerecord/test/support/stubs/strong_parameters.rb      | 15 +++++++++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 activerecord/test/support/stubs/strong_parameters.rb

diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index ca072be5e1..77f3fca880 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,7 @@
+*   Allow `ActionController::Params` as argument of `ActiveRecord::Base#exists?`.
+
+    *Gannon McGibbon*
+
 *   Deprecate passing `migrations_paths` to `connection.assume_migrated_upto_version`.
 
     *Ryuta Kamizono*
diff --git a/activerecord/lib/active_record/relation/finder_methods.rb b/activerecord/lib/active_record/relation/finder_methods.rb
index dc03b196f4..fd84f9c46b 100644
--- a/activerecord/lib/active_record/relation/finder_methods.rb
+++ b/activerecord/lib/active_record/relation/finder_methods.rb
@@ -312,6 +312,8 @@ module ActiveRecord
 
       return false if !conditions || limit_value == 0
 
+      conditions = sanitize_forbidden_attributes(conditions)
+
       if eager_loading?
         relation = apply_join_dependency(eager_loading: false)
         return relation.exists?(conditions)
diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb
index 961ae03a4c..1c53362bac 100644
--- a/activerecord/test/cases/finder_test.rb
+++ b/activerecord/test/cases/finder_test.rb
@@ -21,6 +21,7 @@ require "models/dog"
 require "models/car"
 require "models/tyre"
 require "models/subscriber"
+require "support/stubs/strong_parameters"
 
 class FinderTest < ActiveRecord::TestCase
   fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :author_addresses, :customers, :categories, :categorizations, :cars
@@ -224,6 +225,14 @@ class FinderTest < ActiveRecord::TestCase
     assert_equal true, Subscriber.exists?("   ")
   end
 
+  def test_exists_with_strong_parameters
+    assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo"))
+
+    Subscriber.create!(nick: "foo")
+
+    assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo"))
+  end
+
   def test_exists_passing_active_record_object_is_not_permitted
     assert_raises(ArgumentError) do
       Topic.exists?(Topic.new)
diff --git a/activerecord/test/support/stubs/strong_parameters.rb b/activerecord/test/support/stubs/strong_parameters.rb
new file mode 100644
index 0000000000..acba3a4504
--- /dev/null
+++ b/activerecord/test/support/stubs/strong_parameters.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class Parameters
+  def initialize(parameters = {})
+    @parameters = parameters.with_indifferent_access
+  end
+
+  def permitted?
+    true
+  end
+
+  def to_h
+    @parameters.to_h
+  end
+end
-- 
cgit v1.2.3