search

rails / protected_attributes

Protect attributes from mass-assignment in ActiveRecord models.
MIT License
228 stars 92 forks source link

Integrate with strong parameters. Closes #41 #43 #68

Closed ur5us closed 9 years ago

ur5us commented 9 years ago

This patch adds strong parameters protection to every model, which does not use a protection macro.

I've rebased @senny's commits from PR #43 against the latest master. All tests should be passing now. Apologies for the previous PR spam, my rebase strategy was wrong. Moreover, I've closed PR #51 which sole purpose was to fix PR #43 by merging the latest master branch. So with PR I'm using rebase to have a clean history of commits.

Further reading can be found in #41.

ur5us commented 9 years ago

Ugh, the tests for the PR didn't pass for Ruby 2.2.2/Gemfile-rails-4.2 but the initial test for my commit did pass. On my local machine the tests pass most of the time but not always, not sure what's causing. /cc @senny @rafaelfranca

ur5us commented 9 years ago

I'm using the following command to run the tests:

BUNDLE_GEMFILE=./gemfiles/Gemfile-rails-4.2 bundle exec rake test

If I run the tests often enough they'll break occasionally.

1) Failure:
AttributeSanitizationTest#test_mass_assigning_invalid_attribute [/Users/ur5us/dev/github/protected_attributes/test/attribute_sanitization_test.rb:102]:
[ActiveRecord::UnknownAttributeError] exception expected, not
Class: <NameError>
Message: <"undefined local variable or method `i_dont_even_exist=' for #<Firm:0x007fc802a4f4a8>">
---Backtrace---
/Users/ur5us/.rvm/gems/ruby-2.2.2/gems/activemodel-4.2.1/lib/active_model/attribute_methods.rb:433:in `method_missing'
/Users/ur5us/.rvm/gems/ruby-2.2.2/gems/activerecord-4.2.1/lib/active_record/attribute_assignment.rb:54:in `public_send'
/Users/ur5us/.rvm/gems/ruby-2.2.2/gems/activerecord-4.2.1/lib/active_record/attribute_assignment.rb:54:in `_assign_attribute'
/Users/ur5us/.rvm/gems/ruby-2.2.2/gems/activerecord-4.2.1/lib/active_record/attribute_assignment.rb:41:in `block in assign_attributes'
/Users/ur5us/.rvm/gems/ruby-2.2.2/gems/activerecord-4.2.1/lib/active_record/attribute_assignment.rb:35:in `each'
/Users/ur5us/.rvm/gems/ruby-2.2.2/gems/activerecord-4.2.1/lib/active_record/attribute_assignment.rb:35:in `assign_attributes'
/Users/ur5us/dev/github/protected_attributes/test/attribute_sanitization_test.rb:103:in `block in test_mass_assigning_invalid_attribute'
---------------

175 runs, 626 assertions, 1 failures, 0 errors, 0 skips
rake aborted!
Command failed with status (1): [ruby -I"test" -w  "/Users/ur5us/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/rake/rake_test_loader.rb" "test/**/*_test.rb" ]
ur5us commented 9 years ago

Using the same seed I can replicate the failing test, using 

BUNDLE_GEMFILE=./gemfiles/Gemfile-rails-4.2 bundle exec rake test TESTOPTS="--seed=37562"
rafaelfranca commented 9 years ago

I merged #41 since the code was the same. Thank you for the pull request.