Merge pull request doorkeeper-gem#72 from cicloid/master

Fix for mass-assignment
jaimeiniesta · Apr 12, 2012 · a442099 · a442099
2 parents f5e520e + 9e17acf
commit a442099
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/app/models/doorkeeper/application.rb b/app/models/doorkeeper/application.rb
@@ -15,6 +15,8 @@ class Application < ActiveRecord::Base
 
     before_validation :generate_uid, :generate_secret, :on => :create
 
+    attr_accessible :name, :redirect_uri
+
     def self.column_names_with_table
       self.column_names.map { |c| "oauth_applications.#{c}" }
     end

diff --git a/spec/models/doorkeeper/application_spec.rb b/spec/models/doorkeeper/application_spec.rb
@@ -115,6 +115,12 @@ module Doorkeeper
         Factory(:access_token, :resource_owner_id => resource_owner.id, :application => application)
         Application.authorized_for(resource_owner).should == [application]
       end
+
+      it "should fail to mass assign a new application" do
+        mass_assign = { name: 'Something', redirect_uri: 'http://somewhere.com/something', uid: 123, secret: 'something'   }
+        Application.create(mass_assign).uid.should_not == 123
+      end
+
     end
   end
 end