introduce strong_parameters

Gemfile

@@ -61,6 +61,7 @@ gem 'seed-fu'
 gem 'sidekiq'
 gem 'sinatra', require: nil
 gem 'slim'  # required for sidekiq-web
+gem 'strong_parameters' # remove when we upgrade to Rails 4
 gem 'therubyracer', require: 'v8'
 gem 'thin'
 gem 'diffy', require: false

Gemfile.lock

@@ -434,6 +434,10 @@ GEM
     slop (3.4.4)
     sorcerer (0.3.10)
     spork (0.9.2)
+    strong_parameters (0.2.1)
+      actionpack (~> 3.0)
+      activemodel (~> 3.0)
+      railties (~> 3.0)
     temple (0.6.4)
     terminal-notifier-guard (1.5.3)
     therubyracer (0.11.4)
@@ -542,6 +546,7 @@ DEPENDENCIES
   sinatra
   slim
   sprockets!
+  strong_parameters
   terminal-notifier-guard
   therubyracer
   thin

app/controllers/user_actions_controller.rb

@@ -1,6 +1,8 @@
 class UserActionsController < ApplicationController
   def index
-    requires_parameters(:username)
+    params.require(:username)
+    params.permit(:filter, :offset)
+
     per_chunk = 60
 
     user = fetch_user_from_params
@@ -26,7 +28,7 @@ def index
   end
 
   def show
-    requires_parameters(:id)
+    params.require(:id)
     render json: UserAction.stream_item(params[:id], guardian)
   end
 

spec/controllers/user_actions_controller_spec.rb

@@ -3,6 +3,10 @@
 describe UserActionsController do
   context 'index' do
 
+    it 'fails if username is not specified' do
+      expect { xhr :get, :index }.to raise_error
+    end
+
     it 'renders list correctly' do
       ActiveRecord::Base.observers.enable :all
       post = Fabricate(:post)