diff --git a/app/controllers/disputes/appeals_controller.rb b/app/controllers/disputes/appeals_controller.rb index 98b58d2117..797f31cf78 100644 --- a/app/controllers/disputes/appeals_controller.rb +++ b/app/controllers/disputes/appeals_controller.rb @@ -21,6 +21,6 @@ class Disputes::AppealsController < Disputes::BaseController end def appeal_params - params.require(:appeal).permit(:text) + params.expect(appeal: [:text]) end end diff --git a/app/controllers/filters_controller.rb b/app/controllers/filters_controller.rb index 8c4e867e93..bd24905a77 100644 --- a/app/controllers/filters_controller.rb +++ b/app/controllers/filters_controller.rb @@ -48,7 +48,7 @@ class FiltersController < ApplicationController end def resource_params - params.require(:custom_filter).permit(:title, :expires_in, :filter_action, context: [], keywords_attributes: [:id, :keyword, :whole_word, :_destroy]) + params.expect(custom_filter: [:title, :expires_in, :filter_action, context: [], keywords_attributes: [:id, :keyword, :whole_word, :_destroy]]) end def set_cache_headers diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 070852695e..c4c52cce11 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -43,7 +43,7 @@ class InvitesController < ApplicationController end def resource_params - params.require(:invite).permit(:max_uses, :expires_in, :autofollow, :comment) + params.expect(invite: [:max_uses, :expires_in, :autofollow, :comment]) end def set_cache_headers diff --git a/app/controllers/statuses_cleanup_controller.rb b/app/controllers/statuses_cleanup_controller.rb index e517bf3ae8..028c57d0d3 100644 --- a/app/controllers/statuses_cleanup_controller.rb +++ b/app/controllers/statuses_cleanup_controller.rb @@ -15,8 +15,6 @@ class StatusesCleanupController < ApplicationController else render :show end - rescue ActionController::ParameterMissing - # Do nothing end def require_functional! @@ -30,7 +28,7 @@ class StatusesCleanupController < ApplicationController end def resource_params - params.require(:account_statuses_cleanup_policy).permit(:enabled, :min_status_age, :keep_direct, :keep_pinned, :keep_polls, :keep_media, :keep_self_fav, :keep_self_bookmark, :min_favs, :min_reblogs) + params.expect(account_statuses_cleanup_policy: [:enabled, :min_status_age, :keep_direct, :keep_pinned, :keep_polls, :keep_media, :keep_self_fav, :keep_self_bookmark, :min_favs, :min_reblogs]) end def set_cache_headers diff --git a/spec/requests/disputes/appeals_spec.rb b/spec/requests/disputes/appeals_spec.rb new file mode 100644 index 0000000000..4eff09c800 --- /dev/null +++ b/spec/requests/disputes/appeals_spec.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Disputes Appeals' do + describe 'POST /disputes/appeals' do + before { sign_in strike.target_account.user } + + let(:strike) { Fabricate :account_warning } + + it 'gracefully handles invalid nested params' do + post disputes_strike_appeal_path(strike, appeal: 'invalid') + + expect(response) + .to have_http_status(400) + end + end +end diff --git a/spec/requests/filters_spec.rb b/spec/requests/filters_spec.rb index a7b2eddc1b..e9d7436b0b 100644 --- a/spec/requests/filters_spec.rb +++ b/spec/requests/filters_spec.rb @@ -13,4 +13,28 @@ RSpec.describe 'Filters' do end end end + + describe 'POST /filters' do + before { sign_in Fabricate :user } + + it 'gracefully handles invalid nested params' do + post filters_path(custom_filter: 'invalid') + + expect(response) + .to have_http_status(400) + end + end + + describe 'PUT /filters/:id' do + before { sign_in(filter.account.user) } + + let(:filter) { Fabricate :custom_filter } + + it 'gracefully handles invalid nested params' do + put filter_path(filter, custom_filter: 'invalid') + + expect(response) + .to have_http_status(400) + end + end end diff --git a/spec/requests/invites_spec.rb b/spec/requests/invites_spec.rb index 8a5ad2ccd1..2fc0161c8c 100644 --- a/spec/requests/invites_spec.rb +++ b/spec/requests/invites_spec.rb @@ -28,4 +28,13 @@ RSpec.describe 'Invites' do end end end + + describe 'POST /invites' do + it 'gracefully handles invalid nested params' do + post invites_path(invite: 'invalid') + + expect(response) + .to have_http_status(400) + end + end end diff --git a/spec/requests/statuses_cleanup_spec.rb b/spec/requests/statuses_cleanup_spec.rb new file mode 100644 index 0000000000..17a1c190ad --- /dev/null +++ b/spec/requests/statuses_cleanup_spec.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Statuses Cleanup' do + describe 'PUT /statuses_cleanup' do + before { sign_in Fabricate(:user) } + + it 'gracefully handles invalid nested params' do + put statuses_cleanup_path(account_statuses_cleanup_policy: 'invalid') + + expect(response) + .to have_http_status(400) + end + end +end