Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

loosen strong parameters enforcement to allow persona edition

  • Loading branch information...
commit d1f60032cc6b4cff10f1f78f84d4fc57ab350457 1 parent 0f02d7a
@Systho Systho authored
View
3  app/controllers/masq/personas_controller.rb
@@ -60,7 +60,8 @@ def persona
end
def persona_params
- params.require(:persona).permit(:title)
+ rejected_keys = [:created_at, :updated_at, :account_id, :deletable]
+ params.require(:persona).permit!.except(rejected_keys)
end
def redirect_back_or_default(default)
View
10 test/dummy/config/database.yml
@@ -8,3 +8,13 @@ test:
encoding: utf8
pool: 5
timeout: 5000
+
+development:
+ adapter: sqlite3
+ database: db/development.sqlite3
+ username:
+ password:
+ host: localhost
+ encoding: utf8
+ pool: 5
+ timeout: 5000
View
1  test/dummy/config/masq.yml
@@ -121,6 +121,7 @@ default: &default
development:
<<: *default
+ send_activation_mail: false
test:
<<: *default
View
84 test/dummy/db/schema.rb
@@ -9,34 +9,34 @@
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
# you'll amass, the slower it'll run and the greater likelihood for issues).
#
-# It's strongly recommended to check this file into your version control system.
+# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20120312120000) do
+ActiveRecord::Schema.define(version: 20120312120000) do
- create_table "masq_accounts", :force => true do |t|
- t.boolean "enabled", :default => true
- t.string "login", :null => false
- t.string "email", :null => false
- t.string "crypted_password", :limit => 40, :null => false
- t.string "salt", :limit => 40, :null => false
+ create_table "masq_accounts", force: true do |t|
+ t.boolean "enabled", default: true
+ t.string "login", null: false
+ t.string "email", null: false
+ t.string "crypted_password", limit: 40, null: false
+ t.string "salt", limit: 40, null: false
t.string "remember_token"
- t.string "password_reset_code", :limit => 40
- t.string "activation_code", :limit => 40
- t.string "yubico_identity", :limit => 12
+ t.string "password_reset_code", limit: 40
+ t.string "activation_code", limit: 40
+ t.string "yubico_identity", limit: 12
t.integer "public_persona_id"
t.datetime "last_authenticated_at"
t.boolean "last_authenticated_with_yubikey"
- t.boolean "yubikey_mandatory", :default => false, :null => false
+ t.boolean "yubikey_mandatory", default: false, null: false
t.datetime "remember_token_expires_at"
t.datetime "activated_at"
t.datetime "created_at"
t.datetime "updated_at"
end
- add_index "masq_accounts", ["email"], :name => "index_masq_accounts_on_email", :unique => true
- add_index "masq_accounts", ["login"], :name => "index_masq_accounts_on_login", :unique => true
+ add_index "masq_accounts", ["email"], name: "index_masq_accounts_on_email", unique: true
+ add_index "masq_accounts", ["login"], name: "index_masq_accounts_on_login", unique: true
- create_table "masq_open_id_associations", :force => true do |t|
+ create_table "masq_open_id_associations", force: true do |t|
t.binary "server_url"
t.binary "secret"
t.string "handle"
@@ -45,24 +45,24 @@
t.integer "lifetime"
end
- create_table "masq_open_id_nonces", :force => true do |t|
- t.string "server_url", :null => false
- t.string "salt", :null => false
- t.integer "timestamp", :null => false
+ create_table "masq_open_id_nonces", force: true do |t|
+ t.string "server_url", null: false
+ t.string "salt", null: false
+ t.integer "timestamp", null: false
end
- create_table "masq_open_id_requests", :force => true do |t|
- t.string "token", :limit => 40
+ create_table "masq_open_id_requests", force: true do |t|
+ t.string "token", limit: 40
t.text "parameters"
t.datetime "created_at"
t.datetime "updated_at"
end
- add_index "masq_open_id_requests", ["token"], :name => "index_masq_open_id_requests_on_token", :unique => true
+ add_index "masq_open_id_requests", ["token"], name: "index_masq_open_id_requests_on_token", unique: true
- create_table "masq_personas", :force => true do |t|
- t.integer "account_id", :null => false
- t.string "title", :null => false
+ create_table "masq_personas", force: true do |t|
+ t.integer "account_id", null: false
+ t.string "title", null: false
t.string "nickname"
t.string "email"
t.string "fullname"
@@ -70,7 +70,7 @@
t.string "country"
t.string "language"
t.string "timezone"
- t.string "gender", :limit => 1
+ t.string "gender", limit: 1
t.string "address"
t.string "address_additional"
t.string "city"
@@ -97,38 +97,32 @@
t.string "biography"
t.string "web_default"
t.string "web_blog"
- t.integer "dob_day", :limit => 2
- t.integer "dob_month", :limit => 2
+ t.integer "dob_day", limit: 2
+ t.integer "dob_month", limit: 2
t.integer "dob_year"
- t.boolean "deletable", :default => true, :null => false
+ t.boolean "deletable", default: true, null: false
t.datetime "created_at"
t.datetime "updated_at"
end
- add_index "masq_personas", ["account_id", "title"], :name => "index_masq_personas_on_account_id_and_title", :unique => true
+ add_index "masq_personas", ["account_id", "title"], name: "index_masq_personas_on_account_id_and_title", unique: true
- create_table "masq_release_policies", :force => true do |t|
- t.integer "site_id", :null => false
- t.string "property", :null => false
+ create_table "masq_release_policies", force: true do |t|
+ t.integer "site_id", null: false
+ t.string "property", null: false
t.string "type_identifier"
end
- add_index "masq_release_policies", ["site_id", "property", "type_identifier"], :name => "index_masq_release_policies", :unique => true
+ add_index "masq_release_policies", ["site_id", "property", "type_identifier"], name: "index_masq_release_policies", unique: true
- create_table "masq_sites", :force => true do |t|
- t.integer "account_id", :null => false
- t.integer "persona_id", :null => false
- t.string "url", :null => false
+ create_table "masq_sites", force: true do |t|
+ t.integer "account_id", null: false
+ t.integer "persona_id", null: false
+ t.string "url", null: false
t.datetime "created_at"
t.datetime "updated_at"
end
- add_index "masq_sites", ["account_id", "url"], :name => "index_masq_sites_on_account_id_and_url", :unique => true
-
- create_table "masq_timezones", :force => true do |t|
- t.string "name", :limit => 60, :null => false
- end
-
- add_index "masq_timezones", ["name"], :name => "index_masq_timezones_on_name", :unique => true
+ add_index "masq_sites", ["account_id", "url"], name: "index_masq_sites_on_account_id_and_url", unique: true
end
View
2  test/functional/masq/personas_controller_test.rb
@@ -61,6 +61,8 @@ def test_should_update_persona
login_as(:standard)
put :update, :id => personas(:public).id, :persona => valid_persona_attributes
assert_redirected_to account_personas_path
+ expected_attributes = Persona.new(valid_persona_attributes).attributes.reject{|_, v| v.nil?}
+ assert_equal expected_attributes, Persona.find(personas(:public).id).attributes.slice(*expected_attributes.keys)
end
def test_should_require_login_for_destroy
Please sign in to comment.
Something went wrong with that request. Please try again.