How to test strong params with Rspec?

后端 未结 4 1259
夕颜
夕颜 2021-02-13 15:40

What is the actual strategy to test strong params filtering in Rails controller with Rspec? (Except shoulda matchers) How to write failing test and then make it green?

相关标签:
4条回答
  • 2021-02-13 15:58

    Here is how I did it:

      describe 'Safe Params' do
    
       let(:mixed_params) {
         {
           blueprint_application_environment: {
             id: 1000,
             blueprint_id:   1,
             application_id: 2,
             environment_id: 3
           },
           format: :json
         }
       }
    
    context "when processing a Post request with a mix of permitted and unpermitted parameters" do
       before { post :create, mixed_params }
    
      it "a create will not set the value of the unpermitted parameter" do
         expect(JSON.parse(response.body)["id"]).not_to eq(1000)
       end
    
      it "a create will set the value of the permitted parameters" do
         expect(JSON.parse(response.body)["blueprint_id"]).to eq(1)
         expect(JSON.parse(response.body)["application_id"]).to eq(2)
         expect(JSON.parse(response.body)["environment_id"]).to eq(3)
       end
     end
    

    end

    Controller code:

      def create
        @blueprint_application_environment = BlueprintApplicationEnvironment.new(blueprint_application_environment_params)
        if @blueprint_application_environment.save
          render 'show.json.jbuilder'
        else
          render json: @blueprint_application_environment.errors, status: :unprocessable_entity
        end
      end
    
    def blueprint_application_environment_params
        params.require(:blueprint_application_environment).permit(:blueprint_id, :application_id, :environment_id)
    end
    
    0 讨论(0)
  • 2021-02-13 16:05

    I personally use shoulda-matcher from thoughtbot.

    With something like:

    it do
      should permit(:first_name, :last_name, :email, :password).
        for(:update, params: params)
    end
    
    0 讨论(0)
  • 2021-02-13 16:07

    Create 2 hashes with expected and all (with unsatisfied) parameters. Then pass all params to action and check that you object model receiving only expected params. It will not if you are not using strong parameter filters. Than add permissions to params and check test again.

    For example, this:

    # action
    def create
      User.create(params)
    end
    
    # spec
    it 'creates a user' do
      expect_any_instance_of(User).to receive(:create).
        with({name: 'Sideshow Bob'}.with_indifferent_access)
      post :create, user: 
        { first_name: 'Sideshow', last_name: 'Bob', name: 'Sideshow Bob' }
    end
    

    will pass all params to User and test will fail. And when you filter them:

    def user_params
      params.require(:user).permit(:name)
    end
    

    and change action with User.create(user_params), test will pass.

    0 讨论(0)
  • 2021-02-13 16:09

    as like you create or update object using strong parameters,it is also similar except one thing that normal you do like this:

    post :create, book_id: @book.id

    But in strong parameter you have to do like this:

    post :create, {book_id: @book.id, comment: {user_id: 101, book_id: @book.id, description: "worth to buy"}}

    you have to pass in nested parameters.

    0 讨论(0)
提交回复
热议问题