Rails 4 Strong Params - Githubissues

markets / invisible_captcha

🍯 Unobtrusive and flexible spam protection for Rails apps

https://rubygems.org/gems/invisible_captcha

MIT License

1.16k stars 66 forks source link

Rails 4 Strong Params #1

Closed balancedcomp closed 10 years ago

balancedcomp commented 10 years ago

Do I need to add 'baz_id' to my params.require?

markets commented 10 years ago

Do you use Model (attribute validation in the model) style or Controller (with before_filter) style implementation?

Model: you need to keep attribute (:subtitle for example) to the attributes hash, so you need to permit the attribute (example: params.require(:topic).permit(:subtitle)).
Controller: you need to call before_filter :check_invisible_captcha before any other before_filter in order to perform the invisible_captcha validation with expected parameters and values, so you just need to not change the params hash.

If you can provide a little more information of your implementation case or a sample code, I can probably be more specific.

Anyway, documentation needs an update about strong_parameters :+1:

balancedcomp commented 10 years ago

Sorry, I used the controller style. In your model style above, I take it 'subtitle' is the honeypot attribute? it seems like that would be better for me anyway, if I can set my own attr name via model style .

markets commented 10 years ago

Yes, :subtitle is the honeypot. For example (class Topic):

Model style:

In your form:

<%= form_for(@topic) do |f| %>
  <%= f.invisible_captcha :subtitle %>
<% end %>

In your model:

class Topic < ActiveRecord::Base
  attr_accessor :subtitle # virtual attribute, honeypot
  validates :subtitle, :invisible_captcha => true
end

In your contoller permit the param: params.require(:topic).permit(:subtitle).

Controller style:

In your form:

<%= form_for(@topic) do |f| %>
  <%= invisible_captcha %>
<% end %>

In your controller add: before_filter :check_invisible_captcha

Controller style (resource oriented):

In your form:

<%= form_for(@topic) do |f| %>
  <%= f.invisible_captcha :subtitle %>
<% end %>

In your controller:

def create
  if invisible_captcha?(:topic, :subtitle)
    head 200 # or redirect_to new_topic_path
  else
    # regular workflow
  end
end

I think these examples enhance the current documentation. I'll do an update soon.

balancedcomp commented 10 years ago

They really do! Thanks for picking this project up!

Jarrett Green CHIEF PRODUCT DEVELOPMENT OFFICER

tel. 316-927-2668 www. balancedcomp.com tw. @balancedcomp

BalancedComp

Accurate. Tailored. Balanced.

On Wed, Nov 20, 2013 at 5:44 PM, Marc Anguera Insa <notifications@github.com

wrote:

Yes, :subtitle is the honeypot. For example (class Topic):

Model style:

In your form:

<%= form_for(@topic) do |f| %> <%= f.invisible_captcha :subtitle %> <% end %>

In your model:

class Activity < ActiveRecord::Base attr_accessor :subtitle # virtual attribute, honeypot validates :subtitle, :invisible_captcha => true end

In your contoller permit the param: params.require(:topic).permit(:subtitle).

Controller style:

In your form:

<%= form_for(@topic) do |f| %> <%= invisible_captcha %> <% end %>

In your controller add: before_filter :check_invisible_captcha

Controller style (resource oriented):

In your form:

<%= form_for(@topic) do |f| %> <%= f.invisible_captcha :subtitle %> <% end %>

In your controller:

def create if invisible_captcha?(:topic, :subtitle) head 200 # or redirect_to new_topic_path else

regular workflow

end end

I think these examples enhance the current documentation. I'll do an update soon.

— Reply to this email directly or view it on GitHubhttps://github.com/markets/invisible_captcha/issues/1#issuecomment-28944551 .

markets commented 10 years ago

You're welcome @balancedcomp. Stars are appreciated :smiley:

I'll keep issue open until I can update documentation.