Use expect in remaining controller locations (mastodon#33748)

BakaAC · Jan 27, 2025 · 93f3c72 · 93f3c72
1 parent ea743d6
commit 93f3c72
Show file tree

Hide file tree

Showing 9 changed files with 72 additions and 5 deletions.
diff --git a/app/controllers/concerns/challengable_concern.rb b/app/controllers/concerns/challengable_concern.rb
@@ -58,6 +58,6 @@ def challenge_passed_recently?
   end
 
   def challenge_params
-    params.require(:form_challenge).permit(:current_password, :return_to)
+    params.expect(form_challenge: [:current_password, :return_to])
   end
 end
diff --git a/app/controllers/filters/statuses_controller.rb b/app/controllers/filters/statuses_controller.rb
@@ -34,7 +34,7 @@ def set_status_filters
   end
 
   def status_filter_batch_action_params
-    params.require(:form_status_filter_batch_action).permit(status_filter_ids: [])
+    params.expect(form_status_filter_batch_action: [status_filter_ids: []])
   end
 
   def action_from_button

diff --git a/app/controllers/relationships_controller.rb b/app/controllers/relationships_controller.rb
@@ -36,7 +36,7 @@ def set_relationships
   end
 
   def form_account_batch_params
-    params.require(:form_account_batch).permit(:action, account_ids: [])
+    params.expect(form_account_batch: [:action, account_ids: []])
   end
 
   def following_relationship?

diff --git a/app/controllers/settings/preferences/base_controller.rb b/app/controllers/settings/preferences/base_controller.rb
@@ -19,6 +19,6 @@ def after_update_redirect_path
   end
 
   def user_params
-    params.require(:user).permit(:locale, :time_zone, chosen_languages: [], settings_attributes: UserSettings.keys)
+    params.expect(user: [:locale, :time_zone, chosen_languages: [], settings_attributes: UserSettings.keys])
   end
 end
diff --git a/spec/requests/auth/challenges_spec.rb b/spec/requests/auth/challenges_spec.rb
@@ -33,5 +33,14 @@
           .to be_nil
       end
     end
+
+    context 'with invalid params' do
+      it 'gracefully handles invalid nested params' do
+        post auth_challenge_path(form_challenge: 'invalid')
+
+        expect(response)
+          .to have_http_status(400)
+      end
+    end
   end
 end
diff --git a/spec/requests/filters/statuses_spec.rb b/spec/requests/filters/statuses_spec.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Filters Statuses' do
+  describe 'POST /filters/:filter_id/statuses/batch' do
+    before { sign_in(user) }
+
+    let(:filter) { Fabricate :custom_filter, account: user.account }
+    let(:user) { Fabricate :user }
+
+    it 'gracefully handles invalid nested params' do
+      post batch_filter_statuses_path(filter.id, form_status_filter_batch_action: 'invalid')
+
+      expect(response)
+        .to redirect_to(edit_filter_path(filter))
+    end
+  end
+end
diff --git a/spec/requests/relationships_spec.rb b/spec/requests/relationships_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Relationships' do
+  describe 'PUT /relationships' do
+    before { sign_in Fabricate(:user) }
+
+    it 'gracefully handles invalid nested params' do
+      put relationships_path(form_account_batch: 'invalid')
+
+      expect(response)
+        .to redirect_to(relationships_path)
+    end
+  end
+end
diff --git a/spec/requests/settings/preferences/appearance_spec.rb b/spec/requests/settings/preferences/appearance_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Settings Preferences Appearance' do
+  describe 'PUT /settings/preferences/appearance' do
+    before { sign_in Fabricate(:user) }
+
+    it 'gracefully handles invalid nested params' do
+      put settings_preferences_appearance_path(user: 'invalid')
+
+      expect(response)
+        .to have_http_status(400)
+    end
+  end
+end
diff --git a/spec/system/settings/preferences/appearance_spec.rb b/spec/system/settings/preferences/appearance_spec.rb
@@ -17,10 +17,13 @@
     check confirm_reblog_field
     uncheck confirm_delete_field
 
+    check advanced_layout_field
+
     expect { save_changes }
       .to change { user.reload.settings.theme }.to('contrast')
       .and change { user.reload.settings['web.reblog_modal'] }.to(true)
-      .and(change { user.reload.settings['web.delete_modal'] }.to(false))
+      .and change { user.reload.settings['web.delete_modal'] }.to(false)
+      .and(change { user.reload.settings['web.advanced_layout'] }.to(true))
     expect(page)
       .to have_title(I18n.t('settings.appearance'))
   end
@@ -40,4 +43,8 @@ def confirm_reblog_field
   def theme_selection_field
     I18n.t('simple_form.labels.defaults.setting_theme')
   end
+
+  def advanced_layout_field
+    I18n.t('simple_form.labels.defaults.setting_advanced_layout')
+  end
 end