aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/filter_params_test.rb
blob: 8c9e4f81dee2e986635704fd7a705c3e93206fa5 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

require 'abstract_unit'

class FilterParamController < ActionController::Base
  def payment
    head :ok
  end
end

class FilterParamTest < ActionController::TestCase
  tests FilterParamController

  class MockLogger
    attr_reader :logged
    attr_accessor :level
    
    def initialize
      @level = Logger::DEBUG
    end
    
    def method_missing(method, *args)
      @logged ||= []
      @logged << args.first
    end
  end

  setup :set_logger

  def test_filter_parameters
    assert FilterParamController.respond_to?(:filter_parameter_logging)
    assert !@controller.respond_to?(:filter_parameters)

    FilterParamController.filter_parameter_logging
    assert @controller.respond_to?(:filter_parameters)

    test_hashes = [[{},{},[]],
    [{'foo'=>nil},{'foo'=>nil},[]],
    [{'foo'=>'bar'},{'foo'=>'bar'},[]],
    [{'foo'=>'bar'},{'foo'=>'bar'},%w'food'],
    [{'foo'=>'bar'},{'foo'=>'[FILTERED]'},%w'foo'],
    [{'foo'=>'bar', 'bar'=>'foo'},{'foo'=>'[FILTERED]', 'bar'=>'foo'},%w'foo baz'],
    [{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
    [{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
    [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana']]

    test_hashes.each do |before_filter, after_filter, filter_words|
      FilterParamController.filter_parameter_logging(*filter_words)
      assert_equal after_filter, @controller.__send__(:filter_parameters, before_filter)

      filter_words.push('blah')
      FilterParamController.filter_parameter_logging(*filter_words) do |key, value|
        value.reverse! if key =~ /bargain/
      end

      before_filter['barg'] = {'bargain'=>'gain', 'blah'=>'bar', 'bar'=>{'bargain'=>{'blah'=>'foo'}}}
      after_filter['barg'] = {'bargain'=>'niag', 'blah'=>'[FILTERED]', 'bar'=>{'bargain'=>{'blah'=>'[FILTERED]'}}}

      assert_equal after_filter, @controller.__send__(:filter_parameters, before_filter)
    end
  end

  def test_filter_parameters_is_protected
    FilterParamController.filter_parameter_logging(:foo)
    assert !FilterParamController.action_methods.include?('filter_parameters')
    assert_raise(NoMethodError) { @controller.filter_parameters([{'password' => '[FILTERED]'}]) }
  end

  def test_filter_parameters_inside_logs
    FilterParamController.filter_parameter_logging(:lifo, :amount)

    get :payment, :lifo => 'Pratik', :amount => '420', :step => '1'

    filtered_params_logs = logs.detect {|l| l =~ /\AParameters/ }

    assert filtered_params_logs.index('"amount"=>"[FILTERED]"')
    assert filtered_params_logs.index('"lifo"=>"[FILTERED]"')
    assert filtered_params_logs.index('"step"=>"1"')
  end

  private

  def set_logger
    @controller.logger = MockLogger.new
  end
  
  def logs
    @logs ||= @controller.logger.logged.compact.map {|l| l.to_s.strip}
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 17:28:22 +0000