From 3b245031a4f07dfc5ef8c2363478759d9af7993c Mon Sep 17 00:00:00 2001 From: Ian Christian Myers Date: Wed, 5 Jun 2013 00:04:03 -0700 Subject: [PATCH] Implemented strong_parameters for Invite/InvitesController. The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown. --- app/controllers/invites_controller.rb | 2 +- app/models/invite.rb | 1 + spec/controllers/invites_controller_spec.rb | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index dbaf94e7fb2..1477f5734d4 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -29,7 +29,7 @@ class InvitesController < ApplicationController end def destroy - requires_parameter(:email) + params.require(:email) invite = Invite.where(invited_by_id: current_user.id, email: params[:email]).first raise Discourse::InvalidParameters.new(:email) if invite.blank? diff --git a/app/models/invite.rb b/app/models/invite.rb index 9a5acc73b0b..b065a9ba9ce 100644 --- a/app/models/invite.rb +++ b/app/models/invite.rb @@ -1,6 +1,7 @@ require_dependency 'trashable' class Invite < ActiveRecord::Base + include ActiveModel::ForbiddenAttributesProtection include Trashable belongs_to :user diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb index 473553cf2d8..29c3a3da2aa 100644 --- a/spec/controllers/invites_controller_spec.rb +++ b/spec/controllers/invites_controller_spec.rb @@ -17,7 +17,7 @@ describe InvitesController do it 'raises an error when the email is missing' do - lambda { delete :destroy }.should raise_error(Discourse::InvalidParameters) + lambda { delete :destroy }.should raise_error(ActionController::ParameterMissing) end it "raises an error when the email cannot be found" do