require "abstract_unit"
require "action_dispatch"
require "active_record"

class JsonParamsParsingTest < ActionDispatch::IntegrationTest
  def test_prevent_null_query
    # Make sure we have data to find
    klass = Class.new(ActiveRecord::Base) do
      def self.name; 'Foo'; end
      establish_connection adapter: "sqlite3", database: ":memory:"
      connection.create_table "foos" do |t|
        t.string :title
        t.timestamps null: false
      end
    end
    klass.create
    assert klass.first

    app = ->(env) {
      request = ActionDispatch::Request.new env
      params = ActionController::Parameters.new request.parameters
      if params[:t]
        klass.find_by_title(params[:t])
      else
        nil
      end
    }

    assert_nil app.call(make_env({ 't' => nil }))
    assert_nil app.call(make_env({ 't' => [nil] }))

    [[[nil]], [[[nil]]]].each do |data|
      assert_nil app.call(make_env({ 't' => data }))
    end
  ensure
    klass.connection.drop_table("foos")
  end

  private
    def make_env json
      data = JSON.dump json
      content_length = data.length
      {
        'CONTENT_LENGTH' => content_length,
        'CONTENT_TYPE'   => 'application/json',
        'rack.input'     => StringIO.new(data)
      }
    end
end