New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added `reverse_merge`/`reverse_merge!` to AC::Parameters: #28355

Merged
merged 1 commit into from Mar 10, 2017

Conversation

Projects
None yet
5 participants
@Edouard-chin
Contributor

Edouard-chin commented Mar 9, 2017

Hey guys 馃憢 ,

Added reverse_merge/reverse_merge! to AC::Parameters:

  • This PR adds the reverse_merge and reverse_merge! methods to ActionController::Parameters
  • Fixes #28353
Q A
Branch Master
Fixes #28353
New feature? yes
Tests pass?
BC breaks? no

@Edouard-chin Edouard-chin force-pushed the Edouard-chin:reversemerge-for-strongparameters branch Mar 9, 2017

@kamipo

This comment has been minimized.

Member

kamipo commented Mar 9, 2017

Duplicate of #27198.

@Edouard-chin

This comment has been minimized.

Contributor

Edouard-chin commented Mar 9, 2017

Oh thanks, should have make a search before 馃槄

Added `reverse_merge`/`reverse_merge!` to AC::Parameters:
- This PR adds the `reverse_merge` and `reverse_merge!` method to `ActionController::Parameters`
- Fixes #28353

@Edouard-chin Edouard-chin force-pushed the Edouard-chin:reversemerge-for-strongparameters branch to 4d79862 Mar 9, 2017

@rafaelfranca rafaelfranca merged commit 4d79862 into rails:master Mar 10, 2017

2 checks passed

codeclimate no new or fixed issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

rafaelfranca added a commit that referenced this pull request Mar 10, 2017

Merge pull request #28355 from Edouard-chin/reversemerge-for-strongpa鈥
鈥ameters

Added `reverse_merge`/`reverse_merge!` to AC::Parameters:

[Rafael Mendon莽a Fran莽a + Mitsutaka Mimura]

@Edouard-chin Edouard-chin deleted the Edouard-chin:reversemerge-for-strongparameters branch Mar 10, 2017

@kirs

This comment has been minimized.

Member

kirs commented Mar 12, 2017

I believe @rafaelfranca had reasons to merge the PR, but my two cents are that when we moved to non-Hash strong parameters in Rails 5, the idea was that we should make developers explicitly convert the input into the hash before doing any operations like merging defaults. user_params.to_h.reverse_merge() would work in this case.

@Edouard-chin

This comment has been minimized.

Contributor

Edouard-chin commented Mar 12, 2017

Thanks for the explanation @kirs, I wasn't aware of the context. Make now sense why Rafael was concerned about security issue. Will leave it up to you if you want to revert :)

WendyBeth added a commit to littlelines/otwarchive that referenced this pull request Jul 11, 2017

Re-implements reverse_merge! in tag model method
It looks like reverse_merge! will be available for ActionController::Parameters in 5.1:

It looks like it was merged in here: rails/rails#28355

And that pull is referenced by an issue that references the current deprecationg
warning, here: rails/rails#28353

Adding reverse_merge back makes the other_a tests pass. So it seems like the
deprecation warning can be ignored.

sarken added a commit to otwcode/otwarchive that referenced this pull request Aug 7, 2017

AO3-5033 Rails 5.0 upgrade (#2958)
* Updates to Rails 5.0.3 and clears up all dependency conflicts

* Removes test_after_commit gem - now available in Rails by default

Comments out rpm_contrib - gem triggers `cannot call config on nil` in Rails,
but cannot be upgraded because the version specified in the Gemfile was the last
version because the Gem was deprecated

* Removes rpm_contrib gem for the time dealing to deal with other issues

* Uses version of google_visualr that protects from undefined method helper_method

winston/google_visualr#104

* Removes unnecessary primary key definition from RolesUser model

* Exchanges deprecated *_filter methods with *_action

* Updates post syntax for specs in api/api_works

* Fixes two typos in api works spec

* Fixes :store_location has not been defined error

skip_* actions in Rails 5 will now raise if the provided method is not defined.

plataformatec/devise#4207

* Ensures an AdminSetting will always exist when signing in an admin

* Updates to Rails 5-compatible version of Authlogic

* Fixes UserSession's inability to recognize params

Due to changes in controller params, UserSession was not recognizing the raw
params as valid login credentials. Separating the params out into a hash solved
this issue.

* Removes association rule that barred chapters from being saved on work

* Sets halt_callback_chains_on_return to false, as is Rails 5 default

* Replaces deprecated 'uniq' method on AR objects with 'distinct' in works
controller

* Adds gem to maintain controller test assertions

* Updates outdated get/post/put argument syntax in works/defautl rails actions
spec

* Uses updated Devise test helper method module in spec helper

* Adds some Rails 5 default files

* Only includes Devise helpers in controller specs

* Sets up filter chain to not halt when a method returns false

* Adds updates to callback methods responding to new callback functionality

* Updates call to resque scheduler tasks in resque.rake

* Fixes bug where work does not save when setting 'authors' attribute

* Fixes spec/lib/collectible_spec by moving observer into a model callback

* Moves observer methods to model callbacks

* Fixes organization of callbacks to prevent MySql2 bugs

* Ensures require locale is loaded when comment callbacks are fired

* Reverts work factories to old behavior that uses authors virtual attribute over
pseuds

* Ensures required locale exists in all tests

* Uses root_url instead of root_path in user_mailer view

* Ensures that AdminSetting exists in admin invitations feature spec

* Fixes test bug that didn't set the default locale as a user's preferred locale

Hard-coding '1' as the preferred_locale for a new preference makes tests nearly
impossible to maintain when the database cleaner is removing and adding Locales
on a per-test basis.

* Allows params passed by view to be sent to controller

This prevents an error indicating that the use of `params.merge` in the
AlphabetHelper is unsave. However, because the parameters will be whitelisted
once handed to the controller, this should not be a problem in the helper.

* Fixes bug where archive questions were not considered 'changed' after save

* Makes admins/admin_post_news.feature pass

* Ensures AdminSetting exists where required in admins/admin_skins feature

* Makes admins/admin_works features pass

TODO: Figure out a way to ensure AdminSetting exists wherever it's needed
without changing all of the tests like this

* Makes authenticate admins features pass

* Fixes admnin_fnok.feature failures

* Moves AdminSetting, Language, and Locale location requirement to before block

* Updates page.body check to capture expected html tags in content

* Extracts out text testing step that checks for html tags

Capybara intentionally does not see html with the `have_content` method, but
there are features in admin_post_news that are testing specifically for the
presence of user-entered html tags. In order to ensure those continue testing
what they're supposed to, I wrote a separate step specifically for features
where matching against certain html tags is part of what's under test.

* Removes monkey patch that should no longer be necessary

* Allows edit_search to be passed along to params in search results

Same concept as this commit:

littlelines@e2807bc

* Extracts html-aware step assertion versus non html-aware

* Fixes argument references in creatable module

* Fixes typo

* Fixes typo

* Fixes string concatenation and mailer template issue

* Fix bug in the Work model related to Rails 5 callback functionality changes

* Fixes undefined method in works controller

* Adds unit test to capture work saving bug on smaller scale

* Fixes validation on creatorship model

* Fixes the passing of params to a url_for method in a view

* Fixes unpermitted params passed to url in view

* Removes call to undefined method

* Updates deprecated use of uniq in several places

* burn me to the ground

* Fixes params mutation not picking up on new class name for ActionController
params

* Fixes nested parameter identifiers in strong params

* Removes unused line of code in feature step definition

* Removes outdated fix that has been addressed by other code

* Fixes bug in collection_item after_commit callback

In Rails 4.2 and before, ActiveRecord suppressed errors raised within callbacks.
Therefore it was suppressing a case in the collection_item after_commit callback
being called when a collection has been destroyed. The callback reference's the
collection's collection_preference object and calls a method on it
(email_notify). The collection_preference record has been destroyed at this
point. In 4.2 and before, AR suppressed the error and moved on. Since it's
happening in an if statement, it worked effectively to not send out the
notification and treat the error as a false case.

This PR just explicitly spells out the false case so that an error isn't raised,
since it will not be suppressed.

* Fixes reference to comment in comment callback

* Updates destroy_all call in work model

destroy_all with args is deprecated

* Removes deprecated passing of :reload as argument

* Replaces deprecated uniq with distinct

* Fixes deprecated use of Mime::HTML

* Fixes params.merge! issues on stats page

* Fixes stack level too deep error

rails/rails#28908

The *_changed? method no longer gets reset/gets reset in a different way now

* Updates outdated method

* Removes deprecated uniq and replaces it with distinct

* Fixes the use of a class in FactoryGirl lookup, which is deprecated

* Fixes use of deprecated Hash methods on Parameters objects in tag model

* Permits params to be passed from link on search results page

* Updates deprecated use of controller methods to include named args

* Updates deprecated use of 'uniq' with 'distinct'

* Updates deprecated `redirect_to :back` usage

* Fixes series controller spec failures & deprecation

* Fixes wrangling guidelines controller spec failure & remaining deprecations

* Passes an id, not an AR record, to ActiveRecord.find

* Ensures that archivist is an archivist

* Ensures that cache is cleared between tests

* Allows nested ActionController::Parameters to be manipulated in
ApplicationController

* Ensures batch urls are handed as array to api works controller

* Adds @work.destroy back to after(:all) block now that underlying problem has
been addressed

* Fixes mistake in inbox controller spec

* Ensures params[:prompt] is not nil in prompts controller spec

* Checks for blank param, instead of nil, to evade blank strings

* Changes params checking in works controller to reflect new methods of changing
params

rails/rails#26075

* Updates call to skip sanitize_params in autocomplete controller

* Fixes mistakes in mailer classes

* Comments out all observers

* Prevents error in work callback

Weird problem.

@work.destroy is triggering the *_save callbacks when running:

`RAILS_ENV=test bundle exec rspec spec/lib/works_owner_spec.rb[1:4:2:1:2]`

(when the work's owner is a collection)

This is happening on master. I'd consider it unexpected behavior, but it doesn't
seem to have any side-effects. The only reason it's causing an error now is
because Rails 5 no longer swallows errors raised in callbacks (in this case,
undefined method published_at for nil, because the work's chapters have already
been deleted by the time the *_save callbacks are re-triggered).

* Fixes expectation that expected double error

Upgrade fixed email has already been taken error to only appear once. Yay!

* Fixes reliance on specific implementation details of errors#add from Rails

* Ensures halt_callback_chains_on_return_false behaves as expected

* Fixes before_validation check on tag model

* Fixes bug

work.comments is not an AR Association Collection, it's a Relation object, and
therefore no longer responds to << as a method on work.comments. But
work.first_chapter.comments << comment does the same thing for the purposes
of the tests in requests/comments_spec.

* Makes definition of importing_for_others in works controller explicit

* Re-implements reverse_merge! in tag model method

It looks like reverse_merge! will be available for ActionController::Parameters in 5.1:

It looks like it was merged in here: rails/rails#28355

And that pull is referenced by an issue that references the current deprecationg
warning, here: rails/rails#28353

Adding reverse_merge back makes the other_a tests pass. So it seems like the
deprecation warning can be ignored.

* Pagination no longer wraps current page in a 'span' tag

* Removes unused observer files

* Removes unused commented out code

* Addresses deprecation warnings in specs

* Updates post_first_chapter method in work to save chapter as expected

* Fixed failures in chapters controller spec

* Cleans up

* Fixes deprecated use of render :nothing

* Fixes problem with the tests running too fast to catch difference in updated_at
where it matters

* Forces work.cache_key to bust when coauthor destroys their account

* Ensures updated_at comparison is not on reloaded work object

* Fixes line issue

* Fixes indentation in feature

* Makes protected methods protected in comment model

sarken added a commit to otwcode/otwarchive that referenced this pull request Aug 18, 2017

AO3-5034 Rails 5 dot 1 upgrade (#2980)
* Updates to Rails 5.0.3 and clears up all dependency conflicts

* Removes test_after_commit gem - now available in Rails by default

Comments out rpm_contrib - gem triggers `cannot call config on nil` in Rails,
but cannot be upgraded because the version specified in the Gemfile was the last
version because the Gem was deprecated

* Removes rpm_contrib gem for the time dealing to deal with other issues

* Uses version of google_visualr that protects from undefined method helper_method

winston/google_visualr#104

* Removes unnecessary primary key definition from RolesUser model

* Exchanges deprecated *_filter methods with *_action

* Updates post syntax for specs in api/api_works

* Fixes two typos in api works spec

* Fixes :store_location has not been defined error

skip_* actions in Rails 5 will now raise if the provided method is not defined.

plataformatec/devise#4207

* Ensures an AdminSetting will always exist when signing in an admin

* Updates to Rails 5-compatible version of Authlogic

* Fixes UserSession's inability to recognize params

Due to changes in controller params, UserSession was not recognizing the raw
params as valid login credentials. Separating the params out into a hash solved
this issue.

* Removes association rule that barred chapters from being saved on work

* Sets halt_callback_chains_on_return to false, as is Rails 5 default

* Replaces deprecated 'uniq' method on AR objects with 'distinct' in works
controller

* Adds gem to maintain controller test assertions

* Updates outdated get/post/put argument syntax in works/defautl rails actions
spec

* Uses updated Devise test helper method module in spec helper

* Adds some Rails 5 default files

* Only includes Devise helpers in controller specs

* Sets up filter chain to not halt when a method returns false

* Adds updates to callback methods responding to new callback functionality

* Updates call to resque scheduler tasks in resque.rake

* Fixes bug where work does not save when setting 'authors' attribute

* Fixes spec/lib/collectible_spec by moving observer into a model callback

* Moves observer methods to model callbacks

* Fixes organization of callbacks to prevent MySql2 bugs

* Ensures require locale is loaded when comment callbacks are fired

* Reverts work factories to old behavior that uses authors virtual attribute over
pseuds

* Ensures required locale exists in all tests

* Uses root_url instead of root_path in user_mailer view

* Ensures that AdminSetting exists in admin invitations feature spec

* Fixes test bug that didn't set the default locale as a user's preferred locale

Hard-coding '1' as the preferred_locale for a new preference makes tests nearly
impossible to maintain when the database cleaner is removing and adding Locales
on a per-test basis.

* Allows params passed by view to be sent to controller

This prevents an error indicating that the use of `params.merge` in the
AlphabetHelper is unsave. However, because the parameters will be whitelisted
once handed to the controller, this should not be a problem in the helper.

* Fixes bug where archive questions were not considered 'changed' after save

* Makes admins/admin_post_news.feature pass

* Ensures AdminSetting exists where required in admins/admin_skins feature

* Makes admins/admin_works features pass

TODO: Figure out a way to ensure AdminSetting exists wherever it's needed
without changing all of the tests like this

* Makes authenticate admins features pass

* Fixes admnin_fnok.feature failures

* Moves AdminSetting, Language, and Locale location requirement to before block

* Updates page.body check to capture expected html tags in content

* Extracts out text testing step that checks for html tags

Capybara intentionally does not see html with the `have_content` method, but
there are features in admin_post_news that are testing specifically for the
presence of user-entered html tags. In order to ensure those continue testing
what they're supposed to, I wrote a separate step specifically for features
where matching against certain html tags is part of what's under test.

* Removes monkey patch that should no longer be necessary

* Allows edit_search to be passed along to params in search results

Same concept as this commit:

littlelines@e2807bc

* Extracts html-aware step assertion versus non html-aware

* Fixes argument references in creatable module

* Fixes typo

* Fixes typo

* Fixes string concatenation and mailer template issue

* Fix bug in the Work model related to Rails 5 callback functionality changes

* Fixes undefined method in works controller

* Adds unit test to capture work saving bug on smaller scale

* Fixes validation on creatorship model

* Fixes the passing of params to a url_for method in a view

* Fixes unpermitted params passed to url in view

* Removes call to undefined method

* Updates deprecated use of uniq in several places

* burn me to the ground

* Fixes params mutation not picking up on new class name for ActionController
params

* Fixes nested parameter identifiers in strong params

* Removes unused line of code in feature step definition

* Removes outdated fix that has been addressed by other code

* Fixes bug in collection_item after_commit callback

In Rails 4.2 and before, ActiveRecord suppressed errors raised within callbacks.
Therefore it was suppressing a case in the collection_item after_commit callback
being called when a collection has been destroyed. The callback reference's the
collection's collection_preference object and calls a method on it
(email_notify). The collection_preference record has been destroyed at this
point. In 4.2 and before, AR suppressed the error and moved on. Since it's
happening in an if statement, it worked effectively to not send out the
notification and treat the error as a false case.

This PR just explicitly spells out the false case so that an error isn't raised,
since it will not be suppressed.

* Fixes reference to comment in comment callback

* Updates destroy_all call in work model

destroy_all with args is deprecated

* Removes deprecated passing of :reload as argument

* Replaces deprecated uniq with distinct

* Fixes deprecated use of Mime::HTML

* Fixes params.merge! issues on stats page

* Fixes stack level too deep error

rails/rails#28908

The *_changed? method no longer gets reset/gets reset in a different way now

* Updates outdated method

* Removes deprecated uniq and replaces it with distinct

* Fixes the use of a class in FactoryGirl lookup, which is deprecated

* Fixes use of deprecated Hash methods on Parameters objects in tag model

* Permits params to be passed from link on search results page

* Updates deprecated use of controller methods to include named args

* Updates deprecated use of 'uniq' with 'distinct'

* Updates deprecated `redirect_to :back` usage

* Fixes series controller spec failures & deprecation

* Fixes wrangling guidelines controller spec failure & remaining deprecations

* Passes an id, not an AR record, to ActiveRecord.find

* Ensures that archivist is an archivist

* Ensures that cache is cleared between tests

* Allows nested ActionController::Parameters to be manipulated in
ApplicationController

* Ensures batch urls are handed as array to api works controller

* Adds @work.destroy back to after(:all) block now that underlying problem has
been addressed

* Fixes mistake in inbox controller spec

* Ensures params[:prompt] is not nil in prompts controller spec

* Checks for blank param, instead of nil, to evade blank strings

* Changes params checking in works controller to reflect new methods of changing
params

rails/rails#26075

* Updates call to skip sanitize_params in autocomplete controller

* Fixes mistakes in mailer classes

* Comments out all observers

* Prevents error in work callback

Weird problem.

@work.destroy is triggering the *_save callbacks when running:

`RAILS_ENV=test bundle exec rspec spec/lib/works_owner_spec.rb[1:4:2:1:2]`

(when the work's owner is a collection)

This is happening on master. I'd consider it unexpected behavior, but it doesn't
seem to have any side-effects. The only reason it's causing an error now is
because Rails 5 no longer swallows errors raised in callbacks (in this case,
undefined method published_at for nil, because the work's chapters have already
been deleted by the time the *_save callbacks are re-triggered).

* Fixes expectation that expected double error

Upgrade fixed email has already been taken error to only appear once. Yay!

* Fixes reliance on specific implementation details of errors#add from Rails

* Ensures halt_callback_chains_on_return_false behaves as expected

* Fixes before_validation check on tag model

* Fixes bug

work.comments is not an AR Association Collection, it's a Relation object, and
therefore no longer responds to << as a method on work.comments. But
work.first_chapter.comments << comment does the same thing for the purposes
of the tests in requests/comments_spec.

* Makes definition of importing_for_others in works controller explicit

* Re-implements reverse_merge! in tag model method

It looks like reverse_merge! will be available for ActionController::Parameters in 5.1:

It looks like it was merged in here: rails/rails#28355

And that pull is referenced by an issue that references the current deprecationg
warning, here: rails/rails#28353

Adding reverse_merge back makes the other_a tests pass. So it seems like the
deprecation warning can be ignored.

* Pagination no longer wraps current page in a 'span' tag

* Removes unused observer files

* Removes unused commented out code

* Addresses deprecation warnings in specs

* Updates post_first_chapter method in work to save chapter as expected

* Fixed failures in chapters controller spec

* Cleans up

* Fixes deprecated use of render :nothing

* Fixes problem with the tests running too fast to catch difference in updated_at
where it matters

* Forces work.cache_key to bust when coauthor destroys their account

* Ensures updated_at comparison is not on reloaded work object

* Upgrades to Rails 5.1

Required upgrades to cucumber-rails, authlogic, acts_as_list, and
activerecord-mysql-connect as well

* Replaces alias_method_chain with module#prepend

* Specifies version of all migrations

Not entirely certain how specific this has to be, but because all of these
migrations *worked* in 4.2, it seems reasonable they can inherit from
ActiveRecord::Migration[4.2].

* Removes unnecessary initialization file

ActiveSupport.halt_callback_chains_on_return_false= is deprecated, and the
behavior exists by default in 5.1, so this initializer is no longer needed.

* Adds note about deprecated :controller and :action segments

* Updates validation with deprecated syntax in tag_nomination

* Uses much easier method of replacing alias_method_chain

* Fixes unpermitted params not being able to be converted to a hash

* Replaces deprecated code with functional equivalents

* Upgrades bullet gem

* Fixes undefined method 'destroy' for nil:NilClass

* Adds 'skip_pipeline: true' option to javascript_include_tags

* Hands the expected empty hash as params, instead of nil

* Adds `skip_pipeline: true` to stylesheet_link_tag

* Updates deprecated method calls

* Fixes controller spec failures

* Passes id to method that expects an id, instead of an AR object

* Removes `saved_change_for_attribute` from before_save callback

According to the reasoning [here](rails/rails#25337),
`changed_attribute?` methods will only raise a deprecation warning in `after_*`
callbacks. `changed_attribute?` is still perfectly legitimate used elsewhere.

* Adds `skip_pipeline: true` to image tag evoking public image

* Whitelists session params

* Changes saved_change_to_attribute back to attribute_changed? where applicable

* Changes attribute_changed? to saved_change_to_attribute? in after_* callback

* Updates _changed to saved_change_to_ in after_* callback

* Fixes Rails.cache returning incorrect hash in work tag_groups

* Fixes deprecated method in after_* callbacks

* Uses compatible globalize fork

* Adds `skip_pipeline` to all image_tags that reference image in public/

* Fixes deprecations in user model

* Removes removed 'uniq' method from AR objects

* Fixes wrong method in collection validation

* Fixes the has_one definition in tag_set saving a prompt multiple times when a
challenge signup is created

* Fixes before_save callback

* Ensures saved_change_* update is only made in after_* callbacks

* Fixes delete_all method call

* Removes _before_last_save methods

* Fixes typo

* Fixes bug in work after_save callback

Because of the change in AR's checking of dirty attributes, changing an
attribute within an after_* callback and then checking whether or not that
attribute has been changed - using either `attribute_changed?` or
`saved_change_to_attribute` - will always return false. Since
`attribute_changed?` still works in before_* callbacks, changing this particular
callback to a before_* callback maintains the original behavior.

* Deals with change to attribute not being noticed in after_* callbacks whilst
preserving after_* callback behavior

* Removes outdated route definition

* Removes catch-all route definition and starts addressing associated test
failures

* WIP - replace catch-all routes with whitelisted routes

* There is no reason for get :show to exist in the api controller

It 'show' action in admin/api_controller redirects to index,
the route being searched for is "admin/api/show" which
should never be hit and is never hit anywhere else in the application anyway.

* Adds more whitelisted routes

* WIP continued for whitelisting used routes

* WIP - Fixes route failures in controller specs

* Finishes (hopeful) whitelisting routes used by app

* Fixes deprecated use of atribute_was? in user model

* Removes deprecation warnings caused by autocomplete methods

* Fixes line issue

* Fixes indentation in feature

* Makes protected methods protected in comment model

* Renames update_sanitizer_version back to original filename

* Adds ApplicationRecord class & inherits all models from it

Moves ActiveRecord::Base monkeypatch into ApplicationRecord class

* Fixes ApplicationRecord class

1. It's an abstract class
2. There was a typo

* Specifies Rails version in migration file

* Ensures models inheriting from ApplicationRecord see the correct
WillPaginate.per_page default

* Updates spec syntax in works spec

* Whitelists new autocomplete route

* Explicitly allows use of :should syntax for RSpec

* Fix merge conflict

* Tidy up the diff

* I think this is right...

* Removes files that were unintentionally added back in by a merge

* Re-adds required line to notification method in comment model

* Adds required check to tag model method

@jeremyyap jeremyyap referenced this pull request Oct 24, 2017

Closed

Upgrade to Rails 5.1 #2616

11 of 11 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment