From e445039716c3397e0ef286257bb9bfffe93f2d67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@plataformatec.com.br>
Date: Thu, 31 Oct 2013 06:38:30 -0700
Subject: [PATCH] Merge pull request #2717 from
 memberful/2716-splat-sanitize-params

Splat the arguments to strong_parameters#permit, fixes #2716
---
 lib/devise/parameter_sanitizer.rb | 10 +++++++---
 test/parameter_sanitizer_test.rb  |  9 +++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb
index e45f8ad8..6e4bf074 100644
--- a/lib/devise/parameter_sanitizer.rb
+++ b/lib/devise/parameter_sanitizer.rb
@@ -47,19 +47,23 @@ module Devise
     end
 
     def sign_in
-      default_params.permit self.for(:sign_in)
+      permit self.for(:sign_in)
     end
 
     def sign_up
-      default_params.permit self.for(:sign_up)
+      permit self.for(:sign_up)
     end
 
     def account_update
-      default_params.permit self.for(:account_update)
+      permit self.for(:account_update)
     end
 
     private
 
+    def permit(keys)
+      default_params.permit(*Array(keys))
+    end
+
     # Change for(kind) to return the values in the @permitted
     # hash, allowing the developer to customize at runtime.
     def default_for(kind)
diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb
index 14b48629..cd48b382 100644
--- a/test/parameter_sanitizer_test.rb
+++ b/test/parameter_sanitizer_test.rb
@@ -68,5 +68,14 @@ if defined?(ActionController::StrongParameters)
         sanitizer.sanitize(:unknown)
       end
     end
+
+    test 'passes parameters to filter as arguments to sanitizer' do
+      params = {user: stub}
+      sanitizer = Devise::ParameterSanitizer.new(User, :user, params)
+
+      params[:user].expects(:permit).with(kind_of(Symbol), kind_of(Symbol), kind_of(Symbol))
+
+      sanitizer.sanitize(:sign_in)
+    end
   end
 end