mirrors/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-01-24 02:51:43 +01:00
Code Issues Projects Releases Wiki Activity

Use expect for nested params in more controllers (#33675)

Browse Source
This commit is contained in:
Matt Jankowski 2025-01-22 03:35:34 -05:00 committed by GitHub
parent 2a6a418f48
commit d2cc28813f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 71 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/disputes/appeals_controller.rb
View File

@ -21,6 +21,6 @@ class Disputes::AppealsController < Disputes::BaseController
end
def appeal_params
params.require(:appeal).permit(:text)
params.expect(appeal: [:text])
end
end

2
app/controllers/filters_controller.rb
View File

@ -48,7 +48,7 @@ class FiltersController < ApplicationController
end
def resource_params
params.require(:custom_filter).permit(:title, :expires_in, :filter_action, context: [], keywords_attributes: [:id, :keyword, :whole_word, :_destroy])
params.expect(custom_filter: [:title, :expires_in, :filter_action, context: [], keywords_attributes: [:id, :keyword, :whole_word, :_destroy]])
end
def set_cache_headers

2
app/controllers/invites_controller.rb
View File

@ -43,7 +43,7 @@ class InvitesController < ApplicationController
end
def resource_params
params.require(:invite).permit(:max_uses, :expires_in, :autofollow, :comment)
params.expect(invite: [:max_uses, :expires_in, :autofollow, :comment])
end
def set_cache_headers

4
app/controllers/statuses_cleanup_controller.rb
View File

@ -15,8 +15,6 @@ class StatusesCleanupController < ApplicationController
else
render :show
end
rescue ActionController::ParameterMissing
# Do nothing
end
def require_functional!
@ -30,7 +28,7 @@ class StatusesCleanupController < ApplicationController
end
def resource_params
params.require(:account_statuses_cleanup_policy).permit(:enabled, :min_status_age, :keep_direct, :keep_pinned, :keep_polls, :keep_media, :keep_self_fav, :keep_self_bookmark, :min_favs, :min_reblogs)
params.expect(account_statuses_cleanup_policy: [:enabled, :min_status_age, :keep_direct, :keep_pinned, :keep_polls, :keep_media, :keep_self_fav, :keep_self_bookmark, :min_favs, :min_reblogs])
end
def set_cache_headers

18
spec/requests/disputes/appeals_spec.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Disputes Appeals' do
describe 'POST /disputes/appeals' do
before { sign_in strike.target_account.user }
let(:strike) { Fabricate :account_warning }
it 'gracefully handles invalid nested params' do
post disputes_strike_appeal_path(strike, appeal: 'invalid')
expect(response)
.to have_http_status(400)
end
end
end

24
spec/requests/filters_spec.rb
View File

@ -13,4 +13,28 @@ RSpec.describe 'Filters' do
end
end
end
describe 'POST /filters' do
before { sign_in Fabricate :user }
it 'gracefully handles invalid nested params' do
post filters_path(custom_filter: 'invalid')
expect(response)
.to have_http_status(400)
end
end
describe 'PUT /filters/:id' do
before { sign_in(filter.account.user) }
let(:filter) { Fabricate :custom_filter }
it 'gracefully handles invalid nested params' do
put filter_path(filter, custom_filter: 'invalid')
expect(response)
.to have_http_status(400)
end
end
end

9
spec/requests/invites_spec.rb
View File

@ -28,4 +28,13 @@ RSpec.describe 'Invites' do
end
end
end
describe 'POST /invites' do
it 'gracefully handles invalid nested params' do
post invites_path(invite: 'invalid')
expect(response)
.to have_http_status(400)
end
end
end

16
spec/requests/statuses_cleanup_spec.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Statuses Cleanup' do
describe 'PUT /statuses_cleanup' do
before { sign_in Fabricate(:user) }
it 'gracefully handles invalid nested params' do
put statuses_cleanup_path(account_statuses_cleanup_policy: 'invalid')
expect(response)
.to have_http_status(400)
end
end
end