From 58399e1dc3e40b0f6cf8f5da31d694267afdf328 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Chac=C3=B3n?= Date: Fri, 27 Jun 2014 13:08:40 -0700 Subject: Improvements per code review. * General style fixes. * Add changes to configuration guide. * Add missing tests. --- .../action_controller/metal/strong_parameters.rb | 7 +++--- .../parameters/always_permitted_parameters_test.rb | 29 ++++++++++++++++++++++ guides/source/configuring.md | 4 ++- railties/test/application/configuration_test.rb | 25 +++++++++++++++++++ 4 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 actionpack/test/controller/parameters/always_permitted_parameters_test.rb diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 71dca877b6..45d819c29a 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -105,11 +105,10 @@ module ActionController # params are present. The default includes both 'controller' and 'action' # because they are added by Rails and should be of no concern. One way # to change these is to specify `always_permitted_parameters` in your - # config, e.g. - # `config.always_permitted_parameters = %w( controller action format )` - + # config. For instance: + # + # config.always_permitted_parameters = %w( controller action format ) cattr_accessor :always_permitted_parameters - self.always_permitted_parameters = %w( controller action ) def self.const_missing(const_name) diff --git a/actionpack/test/controller/parameters/always_permitted_parameters_test.rb b/actionpack/test/controller/parameters/always_permitted_parameters_test.rb new file mode 100644 index 0000000000..059f310d49 --- /dev/null +++ b/actionpack/test/controller/parameters/always_permitted_parameters_test.rb @@ -0,0 +1,29 @@ +require 'abstract_unit' +require 'action_controller/metal/strong_parameters' + +class AlwaysPermittedParametersTest < ActiveSupport::TestCase + def setup + ActionController::Parameters.action_on_unpermitted_parameters = :raise + ActionController::Parameters.always_permitted_parameters = %w( controller action format ) + end + + def teardown + ActionController::Parameters.action_on_unpermitted_parameters = false + ActionController::Parameters.always_permitted_parameters = %w( controller action ) + end + + test "shows deprecations warning on NEVER_UNPERMITTED_PARAMS" do + assert_deprecated do + ActionController::Parameters::NEVER_UNPERMITTED_PARAMS + end + end + + test "permits parameters that are whitelisted" do + params = ActionController::Parameters.new({ + book: { pages: 65 }, + format: "json" + }) + permitted = params.permit book: [:pages] + assert permitted.permitted? + end +end diff --git a/guides/source/configuring.md b/guides/source/configuring.md index b14f8b6e7f..8bbe149a1c 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -311,6 +311,8 @@ The schema dumper adds one additional configuration option: * `config.action_controller.action_on_unpermitted_parameters` enables logging or raising an exception if parameters that are not explicitly permitted are found. Set to `:log` or `:raise` to enable. The default value is `:log` in development and test environments, and `false` in all other environments. +* `config.action_controller.always_permitted_parameters` sets a list of whitelisted parameters that are permitted by default. The default values are `['controller', 'action']`. + ### Configuring Action Dispatch * `config.action_dispatch.session_store` sets the name of the store for session data. The default is `:cookie_store`; other valid options include `:active_record_store`, `:mem_cache_store` or the name of your own custom class. @@ -773,7 +775,7 @@ error similar to given below will be thrown. ActiveRecord::ConnectionTimeoutError - could not obtain a database connection within 5 seconds. The max pool size is currently 5; consider increasing it: ``` -If you get the above error, you might want to increase the size of connection +If you get the above error, you might want to increase the size of connection pool by incrementing the `pool` option in `database.yml` NOTE. If you have enabled `Rails.threadsafe!` mode then there could be a chance that several threads may be accessing multiple connections simultaneously. So depending on your current request load, you could very well have multiple threads contending for a limited amount of connections. diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 95cab30de7..a5307b104b 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -605,6 +605,31 @@ module ApplicationTests assert_equal %w( controller action format ), ActionController::Parameters.always_permitted_parameters end + test "config.action_controller.always_permitted_parameters = ['controller','action','format'] does not raise exeception" do + app_file 'app/controllers/posts_controller.rb', <<-RUBY + class PostsController < ActionController::Base + def create + render text: params.permit(post: [:title]) + end + end + RUBY + + add_to_config <<-RUBY + routes.prepend do + resources :posts + end + config.action_controller.always_permitted_parameters = %w( controller action format ) + config.action_controller.action_on_unpermitted_parameters = :raise + RUBY + + require "#{app_path}/config/environment" + + assert_equal :raise, ActionController::Parameters.action_on_unpermitted_parameters + + post "/posts", {post: {"title" =>"zomg"}, format: "json"} + assert_equal 200, last_response.status + end + test "config.action_controller.action_on_unpermitted_parameters is :log by default on development" do ENV["RAILS_ENV"] = "development" -- cgit v1.2.3