blob: 122bc7e11498ed0ee35bfc1a798c92b33c76a42d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
require "cases/helper"
class SanitizerTest < ActiveRecord::TestCase
class SanitizingAuthorizer
include ActiveRecord::MassAssignmentSecurity::Sanitizer
attr_accessor :logger
def deny?(key)
[ 'admin' ].include?(key)
end
end
def setup
@sanitizer = SanitizingAuthorizer.new
end
test "sanitize attributes" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
attributes = @sanitizer.sanitize(original_attributes)
assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
assert !attributes.key?('admin'), "Denied key should be rejected"
end
test "debug mass assignment removal" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
log = StringIO.new
@sanitizer.logger = Logger.new(log)
@sanitizer.sanitize(original_attributes)
assert (log.string =~ /admin/), "Should log removed attributes: #{log.string}"
end
end
|