From 47b74e6e160b6fcbd47caeed6c98ae995e180a80 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Fri, 7 Apr 2006 22:26:25 +0000
Subject: Added ActionController.filter_parameter_logging that makes it easy to
 remove passwords, credit card numbers, and other sensitive information from
 being logged when a request is handled #1897 [jeremye@bsa.ca.gov]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/test/controller/filter_params_test.rb | 42 ++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 actionpack/test/controller/filter_params_test.rb

(limited to 'actionpack/test/controller/filter_params_test.rb')

diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb
new file mode 100644
index 0000000000..5ad0d7f81d
--- /dev/null
+++ b/actionpack/test/controller/filter_params_test.rb
@@ -0,0 +1,42 @@
+require File.dirname(__FILE__) + '/../abstract_unit'
+
+class FilterParamController < ActionController::Base
+end
+
+class FilterParamTest < Test::Unit::TestCase
+  def setup
+    @controller = FilterParamController.new
+  end
+  
+  def test_filter_parameters
+    assert FilterParamController.respond_to?(:filter_parameter_logging)
+    assert !@controller.respond_to?(:filter_parameters)
+    
+    FilterParamController.filter_parameter_logging
+    assert @controller.respond_to?(:filter_parameters)
+    
+    test_hashes = [[{},{},[]],
+    [{'foo'=>'bar'},{'foo'=>'bar'},[]],
+    [{'foo'=>'bar'},{'foo'=>'bar'},%w'food'],
+    [{'foo'=>'bar'},{'foo'=>'[FILTERED]'},%w'foo'],
+    [{'foo'=>'bar', 'bar'=>'foo'},{'foo'=>'[FILTERED]', 'bar'=>'foo'},%w'foo baz'],
+    [{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
+    [{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
+    [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana']]
+    
+    test_hashes.each do |before_filter, after_filter, filter_words|
+      FilterParamController.filter_parameter_logging(*filter_words)
+      assert_equal after_filter, @controller.filter_parameters(before_filter)
+      
+      filter_words.push('blah')
+      FilterParamController.filter_parameter_logging(*filter_words) do |key, value|
+        value.reverse! if key =~ /bargain/
+      end
+
+      before_filter['barg'] = {'bargain'=>'gain', 'blah'=>'bar', 'bar'=>{'bargain'=>{'blah'=>'foo'}}}
+      after_filter['barg'] = {'bargain'=>'niag', 'blah'=>'[FILTERED]', 'bar'=>{'bargain'=>{'blah'=>'[FILTERED]'}}}
+
+      assert_equal after_filter, @controller.filter_parameters(before_filter)
+    end
+  end
+end
-- 
cgit v1.2.3