Permit attachments in mailbox conductor params

Prior to this commit, when adding attachments to an inbound email through the conductor, the log would warn of an unpermitted parameter with the message: > Unpermitted parameter: :attachments. Context: { } Also, if an application had the setting: config.action_controller.action_on_unpermitted_parameters = :raise it would raise an error, because the attachments are not a permitted parameter. This commit also sets `action_on_unpermitted_parameters` to `:raise` for the action mailbox test suite, so that tests are run in most restrictive setting available, to prevent future unpermitted parameters from being passed by conductor actions. Co-authored-by: Dana Henke <danapalazzo1@gmail.com>
2021-06-04 12:05:47 -04:00 · 2021-06-04 12:05:47 -04:00 · c6c53a02a5
parent 56d8ff8372
commit c6c53a02a5
3 changed files with 21 additions and 2 deletions
--- a/actionmailbox/CHANGELOG.md
+++ b/actionmailbox/CHANGELOG.md
@ -1,3 +1,15 @@
+*   Add `attachments` to the list of permitted parameters for inbound emails conductor.
+
+    When using the conductor to test inbound emails with attachments, this prevents an
+    unpermitted parameter warning in default configurations, and prevents errors for
+    applications that set:
+
+    ```ruby
+    config.action_controller.action_on_unpermitted_parameters = :raise
+    ```
+
+    *David Jones*, *Dana Henke*
+
 *   Add ability to configure ActiveStorage service
    for storing email raw source.

--- a/actionmailbox/app/controllers/rails/conductor/action_mailbox/inbound_emails_controller.rb
+++ b/actionmailbox/app/controllers/rails/conductor/action_mailbox/inbound_emails_controller.rb
@ -20,14 +20,18 @@ module Rails

    private
      def new_mail
-        Mail.new(params.require(:mail).permit(:from, :to, :cc, :bcc, :x_original_to, :in_reply_to, :subject, :body).to_h).tap do |mail|
+        Mail.new(mail_params.except(:attachments).to_h).tap do |mail|
          mail[:bcc]&.include_in_headers = true
-          params[:mail][:attachments].to_a.each do |attachment|
+          mail_params[:attachments].to_a.each do |attachment|
            mail.add_file(filename: attachment.original_filename, content: attachment.read)
          end
        end
      end

+      def mail_params
+        params.require(:mail).permit(:from, :to, :cc, :bcc, :x_original_to, :in_reply_to, :subject, :body, attachments: [])
+      end
+
      def create_inbound_email(mail)
        ActionMailbox::InboundEmail.create_and_extract_message_id!(mail.to_s)
      end
--- a/actionmailbox/test/dummy/config/environments/test.rb
+++ b/actionmailbox/test/dummy/config/environments/test.rb
@ -46,4 +46,7 @@ Rails.application.configure do

  # Annotate rendered view with file names
  # config.action_view.annotate_rendered_view_with_filenames = true
+
+  # Raise error if unpermitted parameters are sent
+  config.action_controller.action_on_unpermitted_parameters = :raise
 end