From 8866b8e5eb00a3624810c25c1e3ebde846942270 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 28 Feb 2018 14:35:32 +0300 Subject: [PATCH] Fix error when params is not a hash --- lib/devise/parameter_sanitizer.rb | 14 +++++++++++++- test/parameter_sanitizer_test.rb | 28 ++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 91060c66..a2d721a1 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -135,7 +135,19 @@ module Devise end def default_params - @params.fetch(@resource_name, {}) + if hashable_resource_params? + @params.fetch(@resource_name) + else + empty_params + end + end + + def hashable_resource_params? + @params[@resource_name].respond_to?(:permit) + end + + def empty_params + ActionController::Parameters.new({}) end def permit_keys(parameters, keys) diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 4e89eb9e..c00cd58e 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -16,6 +16,34 @@ class ParameterSanitizerTest < ActiveSupport::TestCase assert_equal({ 'email' => 'jose' }, sanitized) end + test 'permits empty params when received not a hash' do + sanitizer = sanitizer({ 'user' => 'string' }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({}, sanitized) + end + + test 'does not rise error when received string instead of hash' do + sanitizer = sanitizer('user' => 'string') + assert_nothing_raised do + sanitizer.sanitize(:sign_in) + end + end + + test 'does not rise error when received nil instead of hash' do + sanitizer = sanitizer('user' => nil) + assert_nothing_raised do + sanitizer.sanitize(:sign_in) + end + end + + test 'permits empty params when received nil instead of hash' do + sanitizer = sanitizer({ 'user' => nil }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({}, sanitized) + end + test 'permits the default parameters for sign up' do sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' }) sanitized = sanitizer.sanitize(:sign_up)