Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #7251 from rails/integrate-strong_parameters

Integrate strong_parameters in Rails 4
  • Loading branch information...
commit c49d959e9d40101f1712a452004695f4ce27d84c 2 parents ade7010 + 3919fcd
@dhh dhh authored
Showing with 662 additions and 2,232 deletions.
  1. +2 −0  actionpack/lib/action_controller.rb
  2. +1 −0  actionpack/lib/action_controller/base.rb
  3. +2 −7 actionpack/lib/action_controller/metal/params_wrapper.rb
  4. +125 −0 actionpack/lib/action_controller/metal/strong_parameters.rb
  5. +4 −0 actionpack/lib/action_controller/railtie.rb
  6. +113 −0 actionpack/test/controller/parameters/nested_parameters_test.rb
  7. +73 −0 actionpack/test/controller/parameters/parameters_permit_test.rb
  8. +10 −0 actionpack/test/controller/parameters/parameters_require_test.rb
  9. +0 −40 actionpack/test/controller/params_wrapper_test.rb
  10. +25 −0 actionpack/test/controller/permitted_params_test.rb
  11. +30 −0 actionpack/test/controller/required_params_test.rb
  12. +0 −1  actionpack/test/fixtures/company.rb
  13. +2 −1  activemodel/lib/active_model.rb
  14. +19 −0 activemodel/lib/active_model/deprecated_mass_assignment_security.rb
  15. +14 −0 activemodel/lib/active_model/forbidden_attributes_protection.rb
  16. +0 −350 activemodel/lib/active_model/mass_assignment_security.rb
  17. +0 −40 activemodel/lib/active_model/mass_assignment_security/permission_set.rb
  18. +0 −74 activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
  19. +16 −0 activemodel/test/cases/deprecated_mass_assignment_security_test.rb
  20. +36 −0 activemodel/test/cases/forbidden_attributes_protection_test.rb
  21. +0 −20 activemodel/test/cases/mass_assignment_security/black_list_test.rb
  22. +0 −36 activemodel/test/cases/mass_assignment_security/permission_set_test.rb
  23. +0 −50 activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
  24. +0 −19 activemodel/test/cases/mass_assignment_security/white_list_test.rb
  25. +0 −118 activemodel/test/cases/mass_assignment_security_test.rb
  26. +0 −12 activemodel/test/cases/secure_password_test.rb
  27. +5 −0 activemodel/test/models/account.rb
  28. +1 −3 activemodel/test/models/administrator.rb
  29. +0 −76 activemodel/test/models/mass_assignment_specific.rb
  30. +3 −0  activemodel/test/models/project.rb
  31. +1 −2  activemodel/test/models/visitor.rb
  32. +3 −3 activerecord/lib/active_record/associations/association.rb
  33. +10 −10 activerecord/lib/active_record/associations/collection_association.rb
  34. +6 −7 activerecord/lib/active_record/associations/collection_proxy.rb
  35. +2 −2 activerecord/lib/active_record/associations/has_many_through_association.rb
  36. +8 −8 activerecord/lib/active_record/associations/singular_association.rb
  37. +9 −87 activerecord/lib/active_record/attribute_assignment.rb
  38. +2 −3 activerecord/lib/active_record/attribute_methods/primary_key.rb
  39. +3 −3 activerecord/lib/active_record/core.rb
  40. +11 −27 activerecord/lib/active_record/nested_attributes.rb
  41. +9 −9 activerecord/lib/active_record/persistence.rb
  42. +2 −2 activerecord/lib/active_record/reflection.rb
  43. +6 −6 activerecord/lib/active_record/relation.rb
  44. +0 −1  activerecord/lib/active_record/schema_migration.rb
  45. +3 −3 activerecord/lib/active_record/validations.rb
  46. +0 −5 activerecord/lib/rails/generators/active_record/model/templates/model.rb
  47. +0 −35 activerecord/test/cases/associations/has_many_associations_test.rb
  48. +0 −15 activerecord/test/cases/associations/has_many_through_associations_test.rb
  49. +0 −32 activerecord/test/cases/associations/has_one_associations_test.rb
  50. +0 −4 activerecord/test/cases/base_test.rb
  51. +6 −22 activerecord/test/cases/deprecated_dynamic_methods_test.rb
  52. +1 −1  activerecord/test/cases/dup_test.rb
  53. +49 −0 activerecord/test/cases/forbidden_attributes_protection_test.rb
  54. +0 −966 activerecord/test/cases/mass_assignment_security_test.rb
  55. +0 −40 activerecord/test/cases/persistence_test.rb
  56. +0 −6 activerecord/test/cases/validations_test.rb
  57. +3 −5 activerecord/test/models/bulb.rb
  58. +0 −1  activerecord/test/models/company.rb
  59. +0 −1  activerecord/test/models/company_in_module.rb
  60. +0 −12 activerecord/test/models/person.rb
  61. +0 −2  activerecord/test/models/reader.rb
  62. +0 −2  activerecord/test/models/reply.rb
  63. +0 −5 railties/lib/rails/generators/rails/app/templates/config/application.rb
  64. +0 −3  railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt
  65. +0 −5 railties/lib/rails/generators/rails/app/templates/config/environments/test.rb.tt
  66. +2 −0  railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb
  67. +14 −2 railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
  68. +22 −13 railties/test/application/configuration_test.rb
  69. +0 −1  railties/test/application/loading_test.rb
  70. +0 −15 railties/test/generators/app_generator_test.rb
  71. +0 −10 railties/test/generators/model_generator_test.rb
  72. +5 −2 railties/test/generators/scaffold_controller_generator_test.rb
  73. +4 −4 railties/test/generators/scaffold_generator_test.rb
  74. +0 −3  railties/test/isolation/abstract_unit.rb
View
2  actionpack/lib/action_controller.rb
@@ -2,6 +2,7 @@
require 'abstract_controller'
require 'action_dispatch'
require 'action_controller/metal/live'
+require 'action_controller/metal/strong_parameters'
module ActionController
extend ActiveSupport::Autoload
@@ -34,6 +35,7 @@ module ActionController
autoload :Rescue
autoload :Responder
autoload :Streaming
+ autoload :StrongParameters
autoload :Testing
autoload :UrlFor
end
View
1  actionpack/lib/action_controller/base.rb
@@ -214,6 +214,7 @@ def self.without_modules(*modules)
Caching,
MimeResponds,
ImplicitRender,
+ StrongParameters,
Cookies,
Flash,
View
9 actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -42,9 +42,7 @@ module ActionController
# end
#
# On ActiveRecord models with no +:include+ or +:exclude+ option set,
- # if attr_accessible is set on that model, it will only wrap the accessible
- # parameters, else it will only wrap the parameters returned by the class
- # method attribute_names.
+ # it will only wrap the parameters returned by the class method attribute_names.
#
# If you're going to pass the parameters to an +ActiveModel+ object (such as
# <tt>User.new(params[:user])</tt>), you might consider passing the model class to
@@ -165,10 +163,7 @@ def _set_wrapper_defaults(options, model=nil)
unless options[:include] || options[:exclude]
model ||= _default_wrap_model
- role = options.fetch(:as, :default)
- if model.respond_to?(:accessible_attributes) && model.accessible_attributes(role).present?
- options[:include] = model.accessible_attributes(role).to_a
- elsif model.respond_to?(:attribute_names) && model.attribute_names.present?
+ if model.respond_to?(:attribute_names) && model.attribute_names.present?
options[:include] = model.attribute_names
end
end
View
125 actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -0,0 +1,125 @@
+require 'active_support/concern'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/rescuable'
+
+module ActionController
+ class ParameterMissing < KeyError
+ attr_reader :param
+
+ def initialize(param)
+ @param = param
+ super("key not found: #{param}")
+ end
+ end
+
+ class Parameters < ActiveSupport::HashWithIndifferentAccess
+ cattr_accessor :permit_all_parameters, instance_accessor: false
+ attr_accessor :permitted
+ alias :permitted? :permitted
+
+ def initialize(attributes = nil)
+ super(attributes)
+ @permitted = self.class.permit_all_parameters
+ end
+
+ def permit!
+ @permitted = true
+ self
+ end
+
+ def require(key)
+ self[key].presence || raise(ParameterMissing.new(key))
+ end
+
+ alias :required :require
+
+ def permit(*filters)
+ params = self.class.new
+
+ filters.each do |filter|
+ case filter
+ when Symbol, String then
+ params[filter] = self[filter] if has_key?(filter)
+ when Hash then
+ self.slice(*filter.keys).each do |key, value|
+ return unless value
+
+ key = key.to_sym
+
+ params[key] = each_element(value) do |value|
+ # filters are a Hash, so we expect value to be a Hash too
+ next if filter.is_a?(Hash) && !value.is_a?(Hash)
+
+ value = self.class.new(value) if !value.respond_to?(:permit)
+
+ value.permit(*Array.wrap(filter[key]))
+ end
+ end
+ end
+ end
+
+ params.permit!
+ end
+
+ def [](key)
+ convert_hashes_to_parameters(key, super)
+ end
+
+ def fetch(key, *args)
+ convert_hashes_to_parameters(key, super)
+ rescue KeyError
+ raise ActionController::ParameterMissing.new(key)
+ end
+
+ def slice(*keys)
+ self.class.new(super)
+ end
+
+ def dup
+ super.tap do |duplicate|
+ duplicate.instance_variable_set :@permitted, @permitted
+ end
+ end
+
+ private
+ def convert_hashes_to_parameters(key, value)
+ if value.is_a?(Parameters) || !value.is_a?(Hash)
+ value
+ else
+ # Convert to Parameters on first access
+ self[key] = self.class.new(value)
+ end
+ end
+
+ def each_element(object)
+ if object.is_a?(Array)
+ object.map { |el| yield el }.compact
+ elsif object.is_a?(Hash) && object.keys.all? { |k| k =~ /\A-?\d+\z/ }
+ hash = object.class.new
+ object.each { |k,v| hash[k] = yield v }
+ hash
+ else
+ yield object
+ end
+ end
+ end
+
+ module StrongParameters
@schneems Collaborator

Can we add some docs for StrongParameters module and Parameters class? Seems trivial, but when I find myself code spelunking in a new file while trying to add a bugfix or feature having the intent of classes in comments in the file makes the experience much easier.

@frodsan
frodsan added a note

I'm currently working on that #7692 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ extend ActiveSupport::Concern
+ include ActiveSupport::Rescuable
+
+ included do
+ rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
+ render text: "Required parameter missing: #{parameter_missing_exception.param}", status: :bad_request
+ end
+ end
+
+ def params
+ @_params ||= Parameters.new(request.parameters)
+ end
+
+ def params=(val)
+ @_params = val.is_a?(Hash) ? Parameters.new(val) : val
+ end
+ end
+end
View
4 actionpack/lib/action_controller/railtie.rb
@@ -19,6 +19,10 @@ class Railtie < Rails::Railtie #:nodoc:
ActionController::Helpers.helpers_path = app.helpers_paths
end
+ initializer "action_controller.parameters_config" do |app|
+ ActionController::Parameters.permit_all_parameters = app.config.action_controller.delete(:permit_all_parameters)
+ end
+
initializer "action_controller.set_configs" do |app|
paths = app.config.paths
options = app.config.action_controller
View
113 actionpack/test/controller/parameters/nested_parameters_test.rb
@@ -0,0 +1,113 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class NestedParametersTest < ActiveSupport::TestCase
+ test "permitted nested parameters" do
+ params = ActionController::Parameters.new({
+ book: {
+ title: "Romeo and Juliet",
+ authors: [{
+ name: "William Shakespeare",
+ born: "1564-04-26"
+ }, {
+ name: "Christopher Marlowe"
+ }],
+ details: {
+ pages: 200,
+ genre: "Tragedy"
+ }
+ },
+ magazine: "Mjallo!"
+ })
+
+ permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ]
+
+ assert permitted.permitted?
+ assert_equal "Romeo and Juliet", permitted[:book][:title]
+ assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
+ assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
+ assert_equal 200, permitted[:book][:details][:pages]
+ assert_nil permitted[:book][:details][:genre]
+ assert_nil permitted[:book][:authors][1][:born]

Shouldn't it be 0 instead of 1? The authors[1] doesn't have a born attribute in the original params, so it would be nil anyway.

@radar
radar added a note

Fixed with #7693.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ assert_nil permitted[:magazine]
+ end
+
+ test "nested arrays with strings" do
+ params = ActionController::Parameters.new({
+ :book => {
+ :genres => ["Tragedy"]
+ }
+ })
+
+ permitted = params.permit :book => :genres
+ assert_equal ["Tragedy"], permitted[:book][:genres]
+ end
+
+ test "permit may specify symbols or strings" do
+ params = ActionController::Parameters.new({
+ :book => {
+ :title => "Romeo and Juliet",
+ :author => "William Shakespeare"
+ },
+ :magazine => "Shakespeare Today"
+ })
+
+ permitted = params.permit({:book => ["title", :author]}, "magazine")
+ assert_equal "Romeo and Juliet", permitted[:book][:title]
+ assert_equal "William Shakespeare", permitted[:book][:author]
+ assert_equal "Shakespeare Today", permitted[:magazine]
+ end
+
+ test "nested array with strings that should be hashes" do
+ params = ActionController::Parameters.new({
+ book: {
+ genres: ["Tragedy"]
+ }
+ })
+
+ permitted = params.permit book: { genres: :type }
+ assert_empty permitted[:book][:genres]
+ end
+
+ test "nested array with strings that should be hashes and additional values" do
+ params = ActionController::Parameters.new({
+ book: {
+ title: "Romeo and Juliet",
+ genres: ["Tragedy"]
+ }
+ })
+
+ permitted = params.permit book: [ :title, { genres: :type } ]
+ assert_equal "Romeo and Juliet", permitted[:book][:title]
+ assert_empty permitted[:book][:genres]
+ end
+
+ test "nested string that should be a hash" do
+ params = ActionController::Parameters.new({
+ book: {
+ genre: "Tragedy"
+ }
+ })
+
+ permitted = params.permit book: { genre: :type }
+ assert_nil permitted[:book][:genre]
+ end
+
+ test "fields_for-style nested params" do
+ params = ActionController::Parameters.new({
+ book: {
+ authors_attributes: {
+ :'0' => { name: 'William Shakespeare', age_of_death: '52' },
+ :'-1' => { name: 'Unattributed Assistant' }
+ }
+ }
+ })
+ permitted = params.permit book: { authors_attributes: [ :name ] }
+
+ assert_not_nil permitted[:book][:authors_attributes]['0']
+ assert_not_nil permitted[:book][:authors_attributes]['-1']
+ assert_nil permitted[:book][:authors_attributes]['0'][:age_of_death]
+ assert_equal 'William Shakespeare', permitted[:book][:authors_attributes]['0'][:name]
+ assert_equal 'Unattributed Assistant', permitted[:book][:authors_attributes]['-1'][:name]
+ end
+end
View
73 actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -0,0 +1,73 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class ParametersPermitTest < ActiveSupport::TestCase
+ setup do
+ @params = ActionController::Parameters.new({ person: {
+ age: "32", name: { first: "David", last: "Heinemeier Hansson" }
+ }})
+ end
+
+ test "fetch raises ParameterMissing exception" do
+ e = assert_raises(ActionController::ParameterMissing) do
+ @params.fetch :foo
+ end
+ assert_equal :foo, e.param
+ end
+
+ test "fetch doesnt raise ParameterMissing exception if there is a default" do
+ assert_equal "monkey", @params.fetch(:foo, "monkey")
+ assert_equal "monkey", @params.fetch(:foo) { "monkey" }
+ end
+
+ test "permitted is sticky on accessors" do
+ assert !@params.slice(:person).permitted?
+ assert !@params[:person][:name].permitted?
+
+ @params.each { |key, value| assert(value.permitted?) if key == :person }
+
+ assert !@params.fetch(:person).permitted?
+
+ assert !@params.values_at(:person).first.permitted?
+ end
+
+ test "permitted is sticky on mutators" do
+ assert !@params.delete_if { |k| k == :person }.permitted?
+ assert !@params.keep_if { |k,v| k == :person }.permitted?
+ end
+
+ test "permitted is sticky beyond merges" do
+ assert !@params.merge(a: "b").permitted?
+ end
+
+ test "modifying the parameters" do
+ @params[:person][:hometown] = "Chicago"
+ @params[:person][:family] = { brother: "Jonas" }
+
+ assert_equal "Chicago", @params[:person][:hometown]
+ assert_equal "Jonas", @params[:person][:family][:brother]
+ end
+
+ test "permitting parameters that are not there should not include the keys" do
+ assert !@params.permit(:person, :funky).has_key?(:funky)
+ end
+
+ test "permit state is kept on a dup" do
+ @params.permit!
+ assert_equal @params.permitted?, @params.dup.permitted?
+ end
+
+ test "permitted takes a default value when Parameters.permit_all_parameters is set" do
+ begin
+ ActionController::Parameters.permit_all_parameters = true
+ params = ActionController::Parameters.new({ person: {
+ age: "32", name: { first: "David", last: "Heinemeier Hansson" }
+ }})
+
+ assert params.slice(:person).permitted?
+ assert params[:person][:name].permitted?
+ ensure
+ ActionController::Parameters.permit_all_parameters = false
+ end
+ end
+end
View
10 actionpack/test/controller/parameters/parameters_require_test.rb
@@ -0,0 +1,10 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class ParametersRequireTest < ActiveSupport::TestCase
+ test "required parameters must be present not merely not nil" do
+ assert_raises(ActionController::ParameterMissing) do
+ ActionController::Parameters.new(person: {}).require(:person)
+ end
+ end
+end
View
40 actionpack/test/controller/params_wrapper_test.rb
@@ -155,7 +155,6 @@ def test_nested_params
end
def test_derived_wrapped_keys_from_matching_model
- User.expects(:respond_to?).with(:accessible_attributes).returns(false)
User.expects(:respond_to?).with(:attribute_names).returns(true)
User.expects(:attribute_names).twice.returns(["username"])
@@ -168,7 +167,6 @@ def test_derived_wrapped_keys_from_matching_model
def test_derived_wrapped_keys_from_specified_model
with_default_wrapper_options do
- Person.expects(:respond_to?).with(:accessible_attributes).returns(false)
Person.expects(:respond_to?).with(:attribute_names).returns(true)
Person.expects(:attribute_names).twice.returns(["username"])
@@ -179,46 +177,8 @@ def test_derived_wrapped_keys_from_specified_model
assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
end
end
-
- def test_accessible_wrapped_keys_from_matching_model
- User.expects(:respond_to?).with(:accessible_attributes).returns(true)
- User.expects(:accessible_attributes).with(:default).twice.returns(["username"])
-
- with_default_wrapper_options do
- @request.env['CONTENT_TYPE'] = 'application/json'
- post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
- assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'user' => { 'username' => 'sikachu' }})
- end
- end
-
- def test_accessible_wrapped_keys_from_specified_model
- with_default_wrapper_options do
- Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
- Person.expects(:accessible_attributes).with(:default).twice.returns(["username"])
-
- UsersController.wrap_parameters Person
-
- @request.env['CONTENT_TYPE'] = 'application/json'
- post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
- assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
- end
- end
-
- def test_accessible_wrapped_keys_with_role_from_specified_model
- with_default_wrapper_options do
- Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
- Person.expects(:accessible_attributes).with(:admin).twice.returns(["username"])
-
- UsersController.wrap_parameters Person, :as => :admin
-
- @request.env['CONTENT_TYPE'] = 'application/json'
- post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
- assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
- end
- end
def test_not_wrapping_abstract_model
- User.expects(:respond_to?).with(:accessible_attributes).returns(false)
User.expects(:respond_to?).with(:attribute_names).returns(true)
User.expects(:attribute_names).returns([])
View
25 actionpack/test/controller/permitted_params_test.rb
@@ -0,0 +1,25 @@
+require 'abstract_unit'
+
+class PeopleController < ActionController::Base
+ def create
+ render text: params[:person].permitted? ? "permitted" : "forbidden"
+ end
+
+ def create_with_permit
+ render text: params[:person].permit(:name).permitted? ? "permitted" : "forbidden"
+ end
+end
+
+class ActionControllerPermittedParamsTest < ActionController::TestCase
+ tests PeopleController
+
+ test "parameters are forbidden" do
+ post :create, { person: { name: "Mjallo!" } }
+ assert_equal "forbidden", response.body
+ end
+
+ test "parameters can be permitted and are then not forbidden" do
+ post :create_with_permit, { person: { name: "Mjallo!" } }
+ assert_equal "permitted", response.body
+ end
+end
View
30 actionpack/test/controller/required_params_test.rb
@@ -0,0 +1,30 @@
+require 'abstract_unit'
+
+class BooksController < ActionController::Base
+ def create
+ params.require(:book).require(:name)
+ head :ok
+ end
+end
+
+class ActionControllerRequiredParamsTest < ActionController::TestCase
+ tests BooksController
+
+ test "missing required parameters will raise exception" do
+ post :create, { magazine: { name: "Mjallo!" } }
+ assert_response :bad_request
+
+ post :create, { book: { title: "Mjallo!" } }
+ assert_response :bad_request
+ end
+
+ test "required parameters that are present will not raise" do
+ post :create, { book: { name: "Mjallo!" } }
+ assert_response :ok
+ end
+
+ test "missing parameters will be mentioned in the return" do
+ post :create, { magazine: { name: "Mjallo!" } }
+ assert_equal "Required parameter missing: book", response.body
+ end
+end
View
1  actionpack/test/fixtures/company.rb
@@ -1,6 +1,5 @@
class Company < ActiveRecord::Base
has_one :mascot
- attr_protected :rating
self.sequence_name = :companies_nonstd_seq
validates_presence_of :name
View
3  activemodel/lib/active_model.rb
@@ -34,9 +34,10 @@ module ActiveModel
autoload :Conversion
autoload :Dirty
autoload :EachValidator, 'active_model/validator'
+ autoload :ForbiddenAttributesProtection
autoload :Lint
- autoload :MassAssignmentSecurity
autoload :Model
+ autoload :DeprecatedMassAssignmentSecurity
autoload :Name, 'active_model/naming'
autoload :Naming
autoload :Observer, 'active_model/observing'
View
19 activemodel/lib/active_model/deprecated_mass_assignment_security.rb
@@ -0,0 +1,19 @@
+module ActiveModel
+ module DeprecatedMassAssignmentSecurity
+ extend ActiveSupport::Concern
+
+ module ClassMethods
+ def attr_protected(*args)
+ raise "`attr_protected` is extracted out of Rails into a gem. " \
+ "Please use new recommended protection model for params " \
+ "or add `protected_attributes` to your Gemfile to use old one."
+ end
+
+ def attr_accessible(*args)
+ raise "`attr_accessible` is extracted out of Rails into a gem. " \
+ "Please use new recommended protection model for params " \
+ "or add `protected_attributes` to your Gemfile to use old one."
+ end
+ end
+ end
+end
View
14 activemodel/lib/active_model/forbidden_attributes_protection.rb
@@ -0,0 +1,14 @@
+module ActiveModel
+ class ForbiddenAttributesError < StandardError
+ end
+
+ module ForbiddenAttributesProtection
+ def sanitize_for_mass_assignment(attributes, options = {})
+ if attributes.respond_to?(:permitted?) && !attributes.permitted?
+ raise ActiveModel::ForbiddenAttributesError
+ else
+ attributes
+ end
+ end
+ end
+end
View
350 activemodel/lib/active_model/mass_assignment_security.rb
@@ -1,350 +0,0 @@
-require 'active_support/core_ext/string/inflections'
-require 'active_model/mass_assignment_security/permission_set'
-require 'active_model/mass_assignment_security/sanitizer'
-
-module ActiveModel
- # == Active Model Mass-Assignment Security
- #
- # Mass assignment security provides an interface for protecting attributes
- # from end-user assignment. For more complex permissions, mass assignment
- # security may be handled outside the model by extending a non-ActiveRecord
- # class, such as a controller, with this behavior.
- #
- # For example, a logged in user may need to assign additional attributes
- # depending on their role:
- #
- # class AccountsController < ApplicationController
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessible :first_name, :last_name
- # attr_accessible :first_name, :last_name, :plan_id, as: :admin
- #
- # def update
- # ...
- # @account.update_attributes(account_params)
- # ...
- # end
- #
- # protected
- #
- # def account_params
- # role = admin ? :admin : :default
- # sanitize_for_mass_assignment(params[:account], role)
- # end
- #
- # end
- #
- # === Configuration options
- #
- # * <tt>mass_assignment_sanitizer</tt> - Defines sanitize method. Possible
- # values are:
- # * <tt>:logger</tt> (default) - writes filtered attributes to logger
- # * <tt>:strict</tt> - raise <tt>ActiveModel::MassAssignmentSecurity::Error</tt>
- # on any protected attribute update.
- #
- # You can specify your own sanitizer object eg. <tt>MySanitizer.new</tt>.
- # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for
- # example implementation.
- module MassAssignmentSecurity
- extend ActiveSupport::Concern
-
- included do
- class_attribute :_accessible_attributes, instance_writer: false
- class_attribute :_protected_attributes, instance_writer: false
- class_attribute :_active_authorizer, instance_writer: false
-
- class_attribute :_mass_assignment_sanitizer, instance_writer: false
- self.mass_assignment_sanitizer = :logger
- end
-
- module ClassMethods
- # Attributes named in this macro are protected from mass-assignment
- # whenever attributes are sanitized before assignment. A role for the
- # attributes is optional, if no role is provided then <tt>:default</tt>
- # is used. A role can be defined by using the <tt>:as</tt> option with a
- # symbol or an array of symbols as the value.
- #
- # Mass-assignment to these attributes will simply be ignored, to assign
- # to them you can use direct writer methods. This is meant to protect
- # sensitive attributes from being overwritten by malicious users
- # tampering with URLs or forms.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessor :name, :email, :logins_count
- #
- # attr_protected :logins_count
- # # Suppose that admin can not change email for customer
- # attr_protected :logins_count, :email, as: :admin
- #
- # def assign_attributes(values, options = {})
- # sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
- # send("#{k}=", v)
- # end
- # end
- # end
- #
- # When using the <tt>:default</tt> role:
- #
- # customer = Customer.new
- # customer.assign_attributes({ name: 'David', email: 'a@b.com', logins_count: 5 }, as: :default)
- # customer.name # => "David"
- # customer.email # => "a@b.com"
- # customer.logins_count # => nil
- #
- # And using the <tt>:admin</tt> role:
- #
- # customer = Customer.new
- # customer.assign_attributes({ name: 'David', email: 'a@b.com', logins_count: 5}, as: :admin)
- # customer.name # => "David"
- # customer.email # => nil
- # customer.logins_count # => nil
- #
- # customer.email = 'c@d.com'
- # customer.email # => "c@d.com"
- #
- # To start from an all-closed default and enable attributes as needed,
- # have a look at +attr_accessible+.
- #
- # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
- # +attr_protected+ to sanitize attributes provides basically the same
- # functionality, but it makes a bit tricky to deal with nested attributes.
- def attr_protected(*args)
- options = args.extract_options!
- role = options[:as] || :default
-
- self._protected_attributes = protected_attributes_configs.dup
-
- Array(role).each do |name|
- self._protected_attributes[name] = self.protected_attributes(name) + args
- end
-
- self._active_authorizer = self._protected_attributes
- end
-
- # Specifies a white list of model attributes that can be set via
- # mass-assignment.
- #
- # Like +attr_protected+, a role for the attributes is optional,
- # if no role is provided then <tt>:default</tt> is used. A role can be
- # defined by using the <tt>:as</tt> option with a symbol or an array of
- # symbols as the value.
- #
- # This is the opposite of the +attr_protected+ macro: Mass-assignment
- # will only set attributes in this list, to assign to the rest of
- # attributes you can use direct writer methods. This is meant to protect
- # sensitive attributes from being overwritten by malicious users
- # tampering with URLs or forms. If you'd rather start from an all-open
- # default and restrict attributes as needed, have a look at
- # +attr_protected+.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessor :name, :credit_rating
- #
- # # Both admin and default user can change name of a customer
- # attr_accessible :name, as: [:admin, :default]
- # # Only admin can change credit rating of a customer
- # attr_accessible :credit_rating, as: :admin
- #
- # def assign_attributes(values, options = {})
- # sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
- # send("#{k}=", v)
- # end
- # end
- # end
- #
- # When using the <tt>:default</tt> role:
- #
- # customer = Customer.new
- # customer.assign_attributes({ name: 'David', credit_rating: 'Excellent', last_login: 1.day.ago }, as: :default)
- # customer.name # => "David"
- # customer.credit_rating # => nil
- #
- # customer.credit_rating = 'Average'
- # customer.credit_rating # => "Average"
- #
- # And using the <tt>:admin</tt> role:
- #
- # customer = Customer.new
- # customer.assign_attributes({ name: 'David', credit_rating: 'Excellent', last_login: 1.day.ago }, as: :admin)
- # customer.name # => "David"
- # customer.credit_rating # => "Excellent"
- #
- # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
- # +attr_accessible+ to sanitize attributes provides basically the same
- # functionality, but it makes a bit tricky to deal with nested attributes.
- def attr_accessible(*args)
- options = args.extract_options!
- role = options[:as] || :default
-
- self._accessible_attributes = accessible_attributes_configs.dup
-
- Array(role).each do |name|
- self._accessible_attributes[name] = self.accessible_attributes(name) + args
- end
-
- self._active_authorizer = self._accessible_attributes
- end
-
- # Returns an instance of <tt>ActiveModel::MassAssignmentSecurity::BlackList</tt>
- # with the attributes protected by #attr_protected method. If no +role+
- # is provided, then <tt>:default</tt> is used.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessor :name, :email, :logins_count
- #
- # attr_protected :logins_count
- # attr_protected :logins_count, :email, as: :admin
- # end
- #
- # Customer.protected_attributes
- # # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count"}>
- #
- # Customer.protected_attributes(:default)
- # # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count"}>
- #
- # Customer.protected_attributes(:admin)
- # # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count", "email"}>
- def protected_attributes(role = :default)
- protected_attributes_configs[role]
- end
-
- # Returns an instance of <tt>ActiveModel::MassAssignmentSecurity::WhiteList</tt>
- # with the attributes protected by #attr_accessible method. If no +role+
- # is provided, then <tt>:default</tt> is used.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessor :name, :credit_rating
- #
- # attr_accessible :name, as: [:admin, :default]
- # attr_accessible :credit_rating, as: :admin
- # end
- #
- # Customer.accessible_attributes
- # # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
- #
- # Customer.accessible_attributes(:default)
- # # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
- #
- # Customer.accessible_attributes(:admin)
- # # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name", "credit_rating"}>
- def accessible_attributes(role = :default)
- accessible_attributes_configs[role]
- end
-
- # Returns a hash with the protected attributes (by #attr_accessible or
- # #attr_protected) per role.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessor :name, :credit_rating
- #
- # attr_accessible :name, as: [:admin, :default]
- # attr_accessible :credit_rating, as: :admin
- # end
- #
- # Customer.active_authorizers
- # # => {
- # # :admin=> #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name", "credit_rating"}>,
- # # :default=>#<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
- # #  }
- def active_authorizers
- self._active_authorizer ||= protected_attributes_configs
- end
- alias active_authorizer active_authorizers
-
- # Returns an empty array by default. You can still override this to define
- # the default attributes protected by #attr_protected method.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # def self.attributes_protected_by_default
- # [:name]
- # end
- # end
- #
- # Customer.protected_attributes
- # # => #<ActiveModel::MassAssignmentSecurity::BlackList: {:name}>
- def attributes_protected_by_default
- []
- end
-
- # Defines sanitize method.
- #
- # class Customer
- # include ActiveModel::MassAssignmentSecurity
- #
- # attr_accessor :name
- #
- # attr_protected :name
- #
- # def assign_attributes(values)
- # sanitize_for_mass_assignment(values).each do |k, v|
- # send("#{k}=", v)
- # end
- # end
- # end
- #
- # # See ActiveModel::MassAssignmentSecurity::StrictSanitizer for more information.
- # Customer.mass_assignment_sanitizer = :strict
- #
- # customer = Customer.new
- # customer.assign_attributes(name: 'David')
- # # => ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes for Customer: name
- #
- # Also, you can specify your own sanitizer object.
- #
- # class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
- # def process_removed_attributes(klass, attrs)
- # raise StandardError
- # end
- # end
- #
- # Customer.mass_assignment_sanitizer = CustomSanitizer.new
- #
- # customer = Customer.new
- # customer.assign_attributes(name: 'David')
- # # => StandardError: StandardError
- def mass_assignment_sanitizer=(value)
- self._mass_assignment_sanitizer = if value.is_a?(Symbol)
- const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
- else
- value
- end
- end
-
- private
-
- def protected_attributes_configs
- self._protected_attributes ||= begin
- Hash.new { |h,k| h[k] = BlackList.new(attributes_protected_by_default) }
- end
- end
-
- def accessible_attributes_configs
- self._accessible_attributes ||= begin
- Hash.new { |h,k| h[k] = WhiteList.new }
- end
- end
- end
-
- protected
-
- def sanitize_for_mass_assignment(attributes, role = nil) #:nodoc:
- _mass_assignment_sanitizer.sanitize(self.class, attributes, mass_assignment_authorizer(role))
- end
-
- def mass_assignment_authorizer(role) #:nodoc:
- self.class.active_authorizer[role || :default]
- end
- end
-end
View
40 activemodel/lib/active_model/mass_assignment_security/permission_set.rb
@@ -1,40 +0,0 @@
-require 'set'
-
-module ActiveModel
- module MassAssignmentSecurity
- class PermissionSet < Set #:nodoc:
-
- def +(values)
- super(values.compact.map(&:to_s))
- end
-
- def include?(key)
- super(remove_multiparameter_id(key))
- end
-
- def deny?(key)
- raise NotImplementedError, "#deny?(key) supposed to be overwritten"
- end
-
- protected
-
- def remove_multiparameter_id(key)
- key.to_s.gsub(/\(.+/, '')
- end
- end
-
- class WhiteList < PermissionSet #:nodoc:
-
- def deny?(key)
- !include?(key)
- end
- end
-
- class BlackList < PermissionSet #:nodoc:
-
- def deny?(key)
- include?(key)
- end
- end
- end
-end
View
74 activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -1,74 +0,0 @@
-module ActiveModel
- module MassAssignmentSecurity
- class Sanitizer #:nodoc:
- # Returns all attributes not denied by the authorizer.
- def sanitize(klass, attributes, authorizer)
- rejected = []
- sanitized_attributes = attributes.reject do |key, value|
- rejected << key if authorizer.deny?(key)
- end
- process_removed_attributes(klass, rejected) unless rejected.empty?
- sanitized_attributes
- end
-
- protected
-
- def process_removed_attributes(klass, attrs)
- raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
- end
- end
-
- class LoggerSanitizer < Sanitizer #:nodoc:
- def initialize(target)
- @target = target
- super()
- end
-
- def logger
- @target.logger
- end
-
- def logger?
- @target.respond_to?(:logger) && @target.logger
- end
-
- def backtrace
- if defined? Rails
- Rails.backtrace_cleaner.clean(caller)
- else
- caller
- end
- end
-
- def process_removed_attributes(klass, attrs)
- if logger?
- logger.warn do
- "WARNING: Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}\n" +
- backtrace.map { |trace| "\t#{trace}" }.join("\n")
- end
- end
- end
- end
-
- class StrictSanitizer < Sanitizer #:nodoc:
- def initialize(target = nil)
- super()
- end
-
- def process_removed_attributes(klass, attrs)
- return if (attrs - insensitive_attributes).empty?
- raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
- end
-
- def insensitive_attributes
- ['id']
- end
- end
-
- class Error < StandardError #:nodoc:
- def initialize(klass, attrs)
- super("Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}")
- end
- end
- end
-end
View
16 activemodel/test/cases/deprecated_mass_assignment_security_test.rb
@@ -0,0 +1,16 @@
+require 'cases/helper'
+require 'models/project'
+
+class DeprecatedMassAssignmentSecurityTest < ActiveModel::TestCase
+ def test_attr_accessible_raise_error
+ assert_raise RuntimeError, /protected_attributes/ do
+ Project.attr_accessible :username
+ end
+ end
+
+ def test_attr_protected_raise_error
+ assert_raise RuntimeError, /protected_attributes/ do
+ Project.attr_protected :username
+ end
+ end
+end
View
36 activemodel/test/cases/forbidden_attributes_protection_test.rb
@@ -0,0 +1,36 @@
+require 'cases/helper'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'models/account'
+
+class ProtectedParams < ActiveSupport::HashWithIndifferentAccess
+ attr_accessor :permitted
+ alias :permitted? :permitted
+
+ def initialize(attributes)
+ super(attributes)
+ @permitted = false
+ end
+
+ def permit!
+ @permitted = true
+ self
+ end
+end
+
+class ActiveModelMassUpdateProtectionTest < ActiveSupport::TestCase
+ test "forbidden attributes cannot be used for mass updating" do
+ params = ProtectedParams.new({ "a" => "b" })
+ assert_raises(ActiveModel::ForbiddenAttributesError) do
+ Account.new.sanitize_for_mass_assignment(params)
+ end
+ end
+
+ test "permitted attributes can be used for mass updating" do
+ params = ProtectedParams.new({ "a" => "b" }).permit!
+ assert_equal({ "a" => "b" }, Account.new.sanitize_for_mass_assignment(params))
+ end
+
+ test "regular attributes should still be allowed" do
+ assert_equal({ a: "b" }, Account.new.sanitize_for_mass_assignment(a: "b"))
+ end
+end
View
20 activemodel/test/cases/mass_assignment_security/black_list_test.rb
@@ -1,20 +0,0 @@
-require "cases/helper"
-
-class BlackListTest < ActiveModel::TestCase
-
- def setup
- @black_list = ActiveModel::MassAssignmentSecurity::BlackList.new
- @included_key = 'admin'
- @black_list += [ @included_key ]
- end
-
- test "deny? is true for included items" do
- assert_equal true, @black_list.deny?(@included_key)
- end
-
- test "deny? is false for non-included items" do
- assert_equal false, @black_list.deny?('first_name')
- end
-
-
-end
View
36 activemodel/test/cases/mass_assignment_security/permission_set_test.rb
@@ -1,36 +0,0 @@
-require "cases/helper"
-
-class PermissionSetTest < ActiveModel::TestCase
-
- def setup
- @permission_list = ActiveModel::MassAssignmentSecurity::PermissionSet.new
- end
-
- test "+ stringifies added collection values" do
- symbol_collection = [ :admin ]
- new_list = @permission_list += symbol_collection
-
- assert new_list.include?('admin'), "did not add collection to #{@permission_list.inspect}}"
- end
-
- test "+ compacts added collection values" do
- added_collection = [ nil ]
- new_list = @permission_list + added_collection
- assert_equal new_list, @permission_list, "did not add collection to #{@permission_list.inspect}}"
- end
-
- test "include? normalizes multi-parameter keys" do
- multi_param_key = 'admin(1)'
- new_list = @permission_list += [ 'admin' ]
-
- assert new_list.include?(multi_param_key), "#{multi_param_key} not found in #{@permission_list.inspect}"
- end
-
- test "include? normal keys" do
- normal_key = 'admin'
- new_list = @permission_list += [ normal_key ]
-
- assert new_list.include?(normal_key), "#{normal_key} not found in #{@permission_list.inspect}"
- end
-
-end
View
50 activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -1,50 +0,0 @@
-require "cases/helper"
-require 'active_support/logger'
-
-class SanitizerTest < ActiveModel::TestCase
- attr_accessor :logger
-
- class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
- def deny?(key)
- ['admin', 'id'].include?(key)
- end
- end
-
- def setup
- @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new(self)
- @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new(self)
- @authorizer = Authorizer.new
- end
-
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- attributes = @logger_sanitizer.sanitize(self.class, original_attributes, @authorizer)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- end
-
- test "debug mass assignment removal with LoggerSanitizer" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- log = StringIO.new
- self.logger = ActiveSupport::Logger.new(log)
- @logger_sanitizer.sanitize(self.class, original_attributes, @authorizer)
- assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
- end
-
- test "debug mass assignment removal with StrictSanitizer" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- assert_raise ActiveModel::MassAssignmentSecurity::Error do
- @strict_sanitizer.sanitize(self.class, original_attributes, @authorizer)
- end
- end
-
- test "mass assignment insensitive attributes" do
- original_attributes = {'id' => 1, 'first_name' => 'allowed'}
-
- assert_nothing_raised do
- @strict_sanitizer.sanitize(self.class, original_attributes, @authorizer)
- end
- end
-
-end
View
19 activemodel/test/cases/mass_assignment_security/white_list_test.rb
@@ -1,19 +0,0 @@
-require "cases/helper"
-
-class WhiteListTest < ActiveModel::TestCase
-
- def setup
- @white_list = ActiveModel::MassAssignmentSecurity::WhiteList.new
- @included_key = 'first_name'
- @white_list += [ @included_key ]
- end
-
- test "deny? is false for included items" do
- assert_equal false, @white_list.deny?(@included_key)
- end
-
- test "deny? is true for non-included items" do
- assert_equal true, @white_list.deny?('admin')
- end
-
-end
View
118 activemodel/test/cases/mass_assignment_security_test.rb
@@ -1,118 +0,0 @@
-require "cases/helper"
-require 'models/mass_assignment_specific'
-
-
-class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
-
- def process_removed_attributes(klass, attrs)
- raise StandardError
- end
-
-end
-
-class MassAssignmentSecurityTest < ActiveModel::TestCase
- def test_attribute_protection
- user = User.new
- expected = { "name" => "John Smith", "email" => "john@smith.com" }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
- assert_equal expected, sanitized
- end
-
- def test_attribute_protection_when_role_is_nil
- user = User.new
- expected = { "name" => "John Smith", "email" => "john@smith.com" }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), nil)
- assert_equal expected, sanitized
- end
-
- def test_only_moderator_role_attribute_accessible
- user = SpecialUser.new
- expected = { "name" => "John Smith", "email" => "john@smith.com" }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), :moderator)
- assert_equal expected, sanitized
-
- sanitized = user.sanitize_for_mass_assignment({ "name" => "John Smith", "email" => "john@smith.com", "admin" => true })
- assert_equal({}, sanitized)
- end
-
- def test_attributes_accessible
- user = Person.new
- expected = { "name" => "John Smith", "email" => "john@smith.com" }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
- assert_equal expected, sanitized
- end
-
- def test_attributes_accessible_with_admin_role
- user = Person.new
- expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
- assert_equal expected, sanitized
- end
-
- def test_attributes_accessible_with_roles_given_as_array
- user = Account.new
- expected = { "name" => "John Smith", "email" => "john@smith.com" }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
- assert_equal expected, sanitized
- end
-
- def test_attributes_accessible_with_admin_role_when_roles_given_as_array
- user = Account.new
- expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
- sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
- assert_equal expected, sanitized
- end
-
- def test_attributes_protected_by_default
- firm = Firm.new
- expected = { }
- sanitized = firm.sanitize_for_mass_assignment({ "type" => "Client" })
- assert_equal expected, sanitized
- end
-
- def test_mass_assignment_protection_inheritance
- assert_blank LoosePerson.accessible_attributes
- assert_equal Set.new(['credit_rating', 'administrator']), LoosePerson.protected_attributes
-
- assert_blank LoosePerson.accessible_attributes
- assert_equal Set.new(['credit_rating']), LoosePerson.protected_attributes(:admin)
-
- assert_blank LooseDescendant.accessible_attributes
- assert_equal Set.new(['credit_rating', 'administrator', 'phone_number']), LooseDescendant.protected_attributes
-
- assert_blank LooseDescendantSecond.accessible_attributes
- assert_equal Set.new(['credit_rating', 'administrator', 'phone_number', 'name']), LooseDescendantSecond.protected_attributes,
- 'Running attr_protected twice in one class should merge the protections'
-
- assert_blank TightPerson.protected_attributes - TightPerson.attributes_protected_by_default
- assert_equal Set.new(['name', 'address']), TightPerson.accessible_attributes
-
- assert_blank TightPerson.protected_attributes(:admin) - TightPerson.attributes_protected_by_default
- assert_equal Set.new(['name', 'address', 'admin']), TightPerson.accessible_attributes(:admin)
-
- assert_blank TightDescendant.protected_attributes - TightDescendant.attributes_protected_by_default
- assert_equal Set.new(['name', 'address', 'phone_number']), TightDescendant.accessible_attributes
-
- assert_blank TightDescendant.protected_attributes(:admin) - TightDescendant.attributes_protected_by_default
- assert_equal Set.new(['name', 'address', 'admin', 'super_powers']), TightDescendant.accessible_attributes(:admin)
- end
-
- def test_mass_assignment_multiparameter_protector
- task = Task.new
- attributes = { "starting(1i)" => "2004", "starting(2i)" => "6", "starting(3i)" => "24" }
- sanitized = task.sanitize_for_mass_assignment(attributes)
- assert_equal sanitized, { }
- end
-
- def test_custom_sanitizer
- old_sanitizer = User._mass_assignment_sanitizer
-
- user = User.new
- User.mass_assignment_sanitizer = CustomSanitizer.new
- assert_raise StandardError do
- user.sanitize_for_mass_assignment("admin" => true)
- end
- ensure
- User.mass_assignment_sanitizer = old_sanitizer
- end
-end
View
12 activemodel/test/cases/secure_password_test.rb
@@ -54,18 +54,6 @@ class SecurePasswordTest < ActiveModel::TestCase
assert @user.authenticate("secret")
end
- test "visitor#password_digest should be protected against mass assignment" do
- assert Visitor.active_authorizers[:default].kind_of?(ActiveModel::MassAssignmentSecurity::BlackList)
- assert Visitor.active_authorizers[:default].include?(:password_digest)
- end
-
- test "Administrator's mass_assignment_authorizer should be WhiteList" do
- active_authorizer = Administrator.active_authorizers[:default]
- assert active_authorizer.kind_of?(ActiveModel::MassAssignmentSecurity::WhiteList)
- assert !active_authorizer.include?(:password_digest)
- assert active_authorizer.include?(:name)
- end
-
test "User should not be created with blank digest" do
assert_raise RuntimeError do
@user.run_callbacks :create
View
5 activemodel/test/models/account.rb
@@ -0,0 +1,5 @@
+class Account
+ include ActiveModel::ForbiddenAttributesProtection
+
+ public :sanitize_for_mass_assignment
+end
View
4 activemodel/test/models/administrator.rb
@@ -2,12 +2,10 @@ class Administrator
extend ActiveModel::Callbacks
include ActiveModel::Validations
include ActiveModel::SecurePassword
- include ActiveModel::MassAssignmentSecurity
-
+
define_model_callbacks :create
attr_accessor :name, :password_digest
- attr_accessible :name
has_secure_password
end
View
76 activemodel/test/models/mass_assignment_specific.rb
@@ -1,76 +0,0 @@
-class User
- include ActiveModel::MassAssignmentSecurity
- attr_protected :admin
-
- public :sanitize_for_mass_assignment
-end
-
-class SpecialUser
- include ActiveModel::MassAssignmentSecurity
- attr_accessible :name, :email, :as => :moderator
-
- public :sanitize_for_mass_assignment
-end
-
-class Person
- include ActiveModel::MassAssignmentSecurity
- attr_accessible :name, :email
- attr_accessible :name, :email, :admin, :as => :admin
-
- public :sanitize_for_mass_assignment
-end
-
-class Account
- include ActiveModel::MassAssignmentSecurity
- attr_accessible :name, :email, :as => [:default, :admin]
- attr_accessible :admin, :as => :admin
-
- public :sanitize_for_mass_assignment
-end
-
-class Firm
- include ActiveModel::MassAssignmentSecurity
-
- public :sanitize_for_mass_assignment
-
- def self.attributes_protected_by_default
- ["type"]
- end
-end
-
-class Task
- include ActiveModel::MassAssignmentSecurity
- attr_protected :starting
-
- public :sanitize_for_mass_assignment
-end
-
-class LoosePerson
- include ActiveModel::MassAssignmentSecurity
- attr_protected :credit_rating, :administrator
- attr_protected :credit_rating, :as => :admin
-end
-
-class LooseDescendant < LoosePerson
- attr_protected :phone_number
-end
-
-class LooseDescendantSecond< LoosePerson
- attr_protected :phone_number
- attr_protected :name
-end
-
-class TightPerson
- include ActiveModel::MassAssignmentSecurity
- attr_accessible :name, :address
- attr_accessible :name, :address, :admin, :as => :admin
-
- def self.attributes_protected_by_default
- ["mobile_number"]
- end
-end
-
-class TightDescendant < TightPerson
- attr_accessible :phone_number
- attr_accessible :super_powers, :as => :admin
-end
View
3  activemodel/test/models/project.rb
@@ -0,0 +1,3 @@
+class Project
+ include ActiveModel::DeprecatedMassAssignmentSecurity
+end
View
3  activemodel/test/models/visitor.rb
@@ -2,8 +2,7 @@ class Visitor
extend ActiveModel::Callbacks
include ActiveModel::Validations
include ActiveModel::SecurePassword
- include ActiveModel::MassAssignmentSecurity
-
+
define_model_callbacks :create
has_secure_password(validations: false)
View
6 activerecord/lib/active_record/associations/association.rb
@@ -233,10 +233,10 @@ def invertible_for?(record)
def stale_state
end
- def build_record(attributes, options)
- reflection.build_association(attributes, options) do |record|
+ def build_record(attributes)
+ reflection.build_association(attributes) do |record|
attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
- record.assign_attributes(attributes, :without_protection => true)
+ record.assign_attributes(attributes)
end
end
end
View
20 activerecord/lib/active_record/associations/collection_association.rb
@@ -95,22 +95,22 @@ def last(*args)
first_or_last(:last, *args)
end
- def build(attributes = {}, options = {}, &block)
+ def build(attributes = {}, &block)
if attributes.is_a?(Array)
- attributes.collect { |attr| build(attr, options, &block) }
+ attributes.collect { |attr| build(attr, &block) }
else
- add_to_target(build_record(attributes, options)) do |record|
+ add_to_target(build_record(attributes)) do |record|
yield(record) if block_given?
end
end
end
- def create(attributes = {}, options = {}, &block)
- create_record(attributes, options, &block)
+ def create(attributes = {}, &block)
+ create_record(attributes, &block)
end
- def create!(attributes = {}, options = {}, &block)
- create_record(attributes, options, true, &block)
+ def create!(attributes = {}, &block)
+ create_record(attributes, true, &block)
end
# Add +records+ to this association. Returns +self+ so method calls may
@@ -425,16 +425,16 @@ def merge_target_lists(persisted, memory)
persisted + memory
end
- def create_record(attributes, options, raise = false, &block)
+ def create_record(attributes, raise = false, &block)
unless owner.persisted?
raise ActiveRecord::RecordNotSaved, "You cannot call create unless the parent is saved"
end
if attributes.is_a?(Array)
- attributes.collect { |attr| create_record(attr, options, raise, &block) }
+ attributes.collect { |attr| create_record(attr, raise, &block) }
else
transaction do
- add_to_target(build_record(attributes, options)) do |record|
+ add_to_target(build_record(attributes)) do |record|
yield(record) if block_given?
insert_record(record, true, raise)
end
View
13 activerecord/lib/active_record/associations/collection_proxy.rb
@@ -222,8 +222,8 @@ def last(*args)
#
# person.pets.size # => 5 # size of the collection
# person.pets.count # => 0 # count from database
- def build(attributes = {}, options = {}, &block)
- @association.build(attributes, options, &block)
+ def build(attributes = {}, &block)
+ @association.build(attributes, &block)
end
##
@@ -253,8 +253,8 @@ def build(attributes = {}, options = {}, &block)
# # #<Pet id: 2, name: "Spook", person_id: 1>,
# # #<Pet id: 3, name: "Choo-Choo", person_id: 1>
# # ]
- def create(attributes = {}, options = {}, &block)
- @association.create(attributes, options, &block)
+ def create(attributes = {}, &block)
+ @association.create(attributes, &block)
end
##
@@ -265,14 +265,13 @@ def create(attributes = {}, options = {}, &block)
# end
#
# class Pet
- # attr_accessible :name
# validates :name, presence: true
# end
#
# person.pets.create!(name: nil)
# # => ActiveRecord::RecordInvalid: Validation failed: Name can't be blank
- def create!(attributes = {}, options = {}, &block)
- @association.create!(attributes, options, &block)
+ def create!(attributes = {}, &block)
+ @association.create!(attributes, &block)
end
##
View
4 activerecord/lib/active_record/associations/has_many_through_association.rb
@@ -96,10 +96,10 @@ def save_through_record(record)
@through_records.delete(record.object_id)
end
- def build_record(attributes, options = {})
+ def build_record(attributes)
ensure_not_nested
- record = super(attributes, options)
+ record = super(attributes)
inverse = source_reflection.inverse_of
if inverse
View
16 activerecord/lib/active_record/associations/singular_association.rb
@@ -17,16 +17,16 @@ def writer(record)
replace(record)
end
- def create(attributes = {}, options = {}, &block)
- create_record(attributes, options, &block)
+ def create(attributes = {}, &block)
+ create_record(attributes, &block)
end
- def create!(attributes = {}, options = {}, &block)
- create_record(attributes, options, true, &block)
+ def create!(attributes = {}, &block)
+ create_record(attributes, true, &block)
end
- def build(attributes = {}, options = {})
- record = build_record(attributes, options)
+ def build(attributes = {})
+ record = build_record(attributes)
yield(record) if block_given?
set_new_record(record)
record
@@ -51,8 +51,8 @@ def set_new_record(record)
replace(record)
end
- def create_record(attributes, options, raise_error = false)
- record = build_record(attributes, options)
+ def create_record(attributes, raise_error = false)
+ record = build_record(attributes)
yield(record) if block_given?
saved = record.save
set_new_record(record)
View
96 activerecord/lib/active_record/attribute_assignment.rb
@@ -1,98 +1,32 @@
module ActiveRecord
- ActiveSupport.on_load(:active_record_config) do
- mattr_accessor :whitelist_attributes, instance_accessor: false
- mattr_accessor :mass_assignment_sanitizer, instance_accessor: false
- end
-
module AttributeAssignment
extend ActiveSupport::Concern
- include ActiveModel::MassAssignmentSecurity
-
- included do
- initialize_mass_assignment_sanitizer
- end
-
- module ClassMethods
- def inherited(child) # :nodoc:
- child.send :initialize_mass_assignment_sanitizer if self == Base
- super
- end
-
- private
-
- # The primary key and inheritance column can never be set by mass-assignment for security reasons.
- def attributes_protected_by_default
- default = [ primary_key, inheritance_column ]
- default << 'id' unless primary_key.eql? 'id'
- default
- end
-
- def initialize_mass_assignment_sanitizer
- attr_accessible(nil) if Model.whitelist_attributes
- self.mass_assignment_sanitizer = Model.mass_assignment_sanitizer if Model.mass_assignment_sanitizer
- end
- end
+ include ActiveModel::DeprecatedMassAssignmentSecurity
+ include ActiveModel::ForbiddenAttributesProtection
# Allows you to set all the attributes at once by passing in a hash with keys
# matching the attribute names (which again matches the column names).
#
- # If any attributes are protected by either +attr_protected+ or
- # +attr_accessible+ then only settable attributes will be assigned.
- #
- # class User < ActiveRecord::Base
- # attr_protected :is_admin
- # end
- #
- # user = User.new
- # user.attributes = { :username => 'Phusion', :is_admin => true }
- # user.username # => "Phusion"
- # user.is_admin? # => false
+ # If the passed hash responds to permitted? method and the return value
+ # of this method is false an ActiveModel::ForbiddenAttributesError exception
+ # is raised.
def attributes=(new_attributes)
return unless new_attributes.is_a?(Hash)
assign_attributes(new_attributes)
end
- # Allows you to set all the attributes for a particular mass-assignment
- # security role by passing in a hash of attributes with keys matching
- # the attribute names (which again matches the column names) and the role
- # name using the :as option.
- #
- # To bypass mass-assignment security you can use the :without_protection => true
- # option.
- #
- # class User < ActiveRecord::Base
- # attr_accessible :name
- # attr_accessible :name, :is_admin, :as => :admin
- # end
- #
- # user = User.new
- # user.assign_attributes({ :name => 'Josh', :is_admin => true })
- # user.name # => "Josh"
- # user.is_admin? # => false
- #
- # user = User.new
- # user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
- # user.name # => "Josh"
- # user.is_admin? # => true
- #
- # user = User.new
- # user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
- # user.name # => "Josh"
- # user.is_admin? # => true
- def assign_attributes(new_attributes, options = {})
+ # Allows you to set all the attributes by passing in a hash of attributes with
+ # keys matching the attribute names (which again matches the column names)
+ def assign_attributes(new_attributes)
return if new_attributes.blank?
attributes = new_attributes.stringify_keys
multi_parameter_attributes = []
nested_parameter_attributes = []
- previous_options = @mass_assignment_options
- @mass_assignment_options = options
- unless options[:without_protection]
- attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role)
- end
+ attributes = sanitize_for_mass_assignment(attributes)
attributes.each do |k, v|
if k.include?("(")
@@ -106,18 +40,6 @@ def assign_attributes(new_attributes, options = {})
assign_nested_parameter_attributes(nested_parameter_attributes) unless nested_parameter_attributes.empty?
assign_multiparameter_attributes(multi_parameter_attributes) unless multi_parameter_attributes.empty?
- ensure
- @mass_assignment_options = previous_options
- end
-
- protected
-
- def mass_assignment_options
- @mass_assignment_options ||= {}
- end
-
- def mass_assignment_role
- mass_assignment_options[:as] || :default
end
private
View
5 activerecord/lib/active_record/attribute_methods/primary_key.rb
@@ -18,7 +18,7 @@ def id
# Sets the primary key value
def id=(value)
- write_attribute(self.class.primary_key, value)
+ write_attribute(self.class.primary_key, value) if self.class.primary_key
end
# Queries the primary key value
@@ -53,8 +53,7 @@ def dangerous_attribute_method?(method_name)
end
# Defines the primary key field -- can be overridden in subclasses. Overwriting will negate any effect of the
- # primary_key_prefix_type setting, though. Since primary keys are usually protected from mass assignment,
- # remember to let your database generate them or include the key in +attr_accessible+.
+ # primary_key_prefix_type setting, though.
def primary_key
@primary_key = reset_primary_key unless defined? @primary_key
@primary_key
View
6 activerecord/lib/active_record/core.rb
@@ -172,7 +172,7 @@ def relation #:nodoc:
#
# # Instantiates a single new object bypassing mass-assignment security
# User.new({ :first_name => 'Jamie', :is_admin => true }, :without_protection => true)
- def initialize(attributes = nil, options = {})
+ def initialize(attributes = nil)
defaults = self.class.column_defaults.dup
defaults.each { |k, v| defaults[k] = v.dup if v.duplicable? }
@@ -183,7 +183,7 @@ def initialize(attributes = nil, options = {})
ensure_proper_type
populate_with_current_scope_attributes
- assign_attributes(attributes, options) if attributes
+ assign_attributes(attributes) if attributes
yield self if block_given?
run_callbacks :initialize unless _initialize_callbacks.empty?
@@ -386,7 +386,7 @@ def init_internals
@destroyed = false
@marked_for_destruction = false
@new_record = true
- @mass_assignment_options = nil
+ @txn = nil
@_start_transaction_state = {}
end
end
View
38 activerecord/lib/active_record/nested_attributes.rb
@@ -194,18 +194,6 @@ class TooManyRecords < ActiveRecordError
# the parent model is saved. This happens inside the transaction initiated
# by the parents save method. See ActiveRecord::AutosaveAssociation.
#
- # === Using with attr_accessible
- #
- # The use of <tt>attr_accessible</tt> can interfere with nested attributes
- # if you're not careful. For example, if the <tt>Member</tt> model above
- # was using <tt>attr_accessible</tt> like this:
- #
- # attr_accessible :name
- #
- # You would need to modify it to look like this:
- #
- # attr_accessible :name, :posts_attributes
- #
# === Validating the presence of a parent model
#
# If you want to validate that a child record is associated with a parent
@@ -224,9 +212,7 @@ class TooManyRecords < ActiveRecordError
module ClassMethods
REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } }
- # Defines an attributes writer for the specified association(s). If you
- # are using <tt>attr_protected</tt> or <tt>attr_accessible</tt>, then you
- # will need to add the attribute writer to the allowed list.
+ # Defines an attributes writer for the specified association(s).
#
# Supported options:
# [:allow_destroy]
@@ -296,7 +282,7 @@ def accepts_nested_attributes_for(*attr_names)
remove_method(:#{association_name}_attributes=)
end
def #{association_name}_attributes=(attributes)
- assign_nested_attributes_for_#{type}_association(:#{association_name}, attributes, mass_assignment_options)
+ assign_nested_attributes_for_#{type}_association(:#{association_name}, attributes)
end
eoruby
else
@@ -340,15 +326,15 @@ def assign_nested_attributes_for_one_to_one_association(association_name, attrib
if (options[:update_only] || !attributes['id'].blank?) && (record = send(association_name)) &&
(options[:update_only] || record.id.to_s == attributes['id'].to_s)
- assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy], assignment_opts) unless call_reject_if(association_name, attributes)
+ assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy]) unless call_reject_if(association_name, attributes)
- elsif attributes['id'].present? && !assignment_opts[:without_protection]
+ elsif attributes['id'].present?
raise_nested_attributes_record_not_found(association_name, attributes['id'])
elsif !reject_new_record?(association_name, attributes)
method = "build_#{association_name}"
if respond_to?(method)
- send(method, attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+ send(method, attributes.except(*UNASSIGNABLE_KEYS))
else
raise ArgumentError, "Cannot build association `#{association_name}'. Are you trying to build a polymorphic one-to-one association?"
end
@@ -382,7 +368,7 @@ def assign_nested_attributes_for_one_to_one_association(association_name, attrib
# { :name => 'John' },
# { :id => '2', :_destroy => true }
# ])
- def assign_nested_attributes_for_collection_association(association_name, attributes_collection, assignment_opts = {})
+ def assign_nested_attributes_for_collection_association(association_name, attributes_collection)
options = self.nested_attributes_options[association_name]
unless attributes_collection.is_a?(Hash) || attributes_collection.is_a?(Array)
@@ -427,7 +413,7 @@ def assign_nested_attributes_for_collection_association(association_name, attrib
if attributes['id'].blank?
unless reject_new_record?(association_name, attributes)
- association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+ association.build(attributes.except(*UNASSIGNABLE_KEYS))
end
elsif existing_record = existing_records.detect { |record| record.id.to_s == attributes['id'].to_s }
unless association.loaded? || call_reject_if(association_name, attributes)
@@ -443,10 +429,8 @@ def assign_nested_attributes_for_collection_association(association_name, attrib
end
if !call_reject_if(association_name, attributes)
- assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy], assignment_opts)
+ assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy])
end
- elsif assignment_opts[:without_protection]
- association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
else
raise_nested_attributes_record_not_found(association_name, attributes['id'])
end
@@ -455,8 +439,8 @@ def assign_nested_attributes_for_collection_association(association_name, attrib
# Updates a record with the +attributes+ or marks it for destruction if
# +allow_destroy+ is +true+ and has_destroy_flag? returns +true+.
- def assign_to_or_mark_for_destruction(record, attributes, allow_destroy, assignment_opts)
- record.assign_attributes(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+ def assign_to_or_mark_for_destruction(record, attributes, allow_destroy)
+ record.assign_attributes(attributes.except(*UNASSIGNABLE_KEYS))
record.mark_for_destruction if has_destroy_flag?(attributes) && allow_destroy
end
@@ -487,7 +471,7 @@ def raise_nested_attributes_record_not_found(association_name, record_id)
end
def unassignable_keys(assignment_opts)
- assignment_opts[:without_protection] ? UNASSIGNABLE_KEYS - %w[id] : UNASSIGNABLE_KEYS
+ UNASSIGNABLE_KEYS
end
end
end
View
18 activerecord/lib/active_record/persistence.rb
@@ -35,11 +35,11 @@ module ClassMethods
# User.create([{ :first_name => 'Jamie' }, { :first_name => 'Jeremy' }]) do |u|
# u.is_admin = false
# end
- def create(attributes = nil, options = {}, &block)
+ def create(attributes = nil, &block)
if attributes.is_a?(Array)
- attributes.collect { |attr| create(attr, options, &block) }
+ attributes.collect { |attr| create(attr, &block) }
else
- object = new(attributes, options, &block)
+ object = new(attributes, &block)
object.save
object
end
@@ -186,24 +186,24 @@ def update_attribute(name, value)
#
# When updating model attributes, mass-assignment security protection is respected.
# If no +:as+ option is supplied then the +:default+ role will be used.
- # If you want to bypass the protection given by +attr_protected+ and
- # +attr_accessible+ then you can do so using the +:without_protection+ option.
- def update_attributes(attributes, options = {})
+ # If you want to bypass the forbidden attributes protection then you can do so using
+ # the +:without_protection+ option.
+ def update_attributes(attributes)
# The following transaction covers any possible database side-effects of the
# attributes assignment. For example, setting the IDs of a child collection.
with_transaction_returning_status do
- assign_attributes(attributes, options)
+ assign_attributes(attributes)
save
end
end
# Updates its receiver just like +update_attributes+ but calls <tt>save!</tt> instead
# of +save+, so an exception is raised if the record is invalid.
- def update_attributes!(attributes, options = {})
+ def update_attributes!(attributes)
# The following transaction covers any possible database side-effects of the
# attributes assignment. For example, setting the IDs of a child collection.
with_transaction_returning_status do
- assign_attributes(attributes, options)
+ assign_attributes(attributes)
save!
end
end
View
4 activerecord/lib/active_record/reflection.rb
@@ -181,8 +181,8 @@ def initialize(*args)
# Returns a new, unsaved instance of the associated class. +options+ will
# be passed to the class's constructor.
- def build_association(*options, &block)
- klass.new(*options, &block)
+ def build_association(attributes, &block)
+ klass.new(attributes, &block)
end
def table_name
View
12 activerecord/lib/active_record/relation.rb
@@ -151,22 +151,22 @@ def create!(*args, &block)
# user.last_name = "O'Hara"
# end
# # => <User id: 2, first_name: 'Scarlett', last_name: 'Johansson'>
- def first_or_create(attributes = nil, options = {}, &block)
- first || create(attributes, options, &block)
+ def first_or_create(attributes = nil, &block)
+ first || create(attributes, &block)
end
# Like <tt>first_or_create</tt> but calls <tt>create!</tt> so an exception is raised if the created record is invalid.
#
# Expects arguments in the same format as <tt>Base.create!</tt>.
- def first_or_create!(attributes = nil, options = {}, &block)
- first || create!(attributes, options, &block)
+ def first_or_create!(attributes = nil, &block)
+ first || create!(attributes, &block)
end
# Like <tt>first_or_create</tt> but calls <tt>new</tt> instead of <tt>create</tt>.
#