From 8fd2c08472afc3846ba28f97994a57143bc76eaf Mon Sep 17 00:00:00 2001 From: Markus Koller Date: Thu, 20 Jun 2019 19:13:02 +0200 Subject: [PATCH] Make checks for continue_params more robust The check for continue_params&.key?(:to) in Projects::ImportsController caused an exception in redirect_to if this key contained a nil value. Since url_for won't add any params for an empty hash, we can just return that in continue_params if params[:continue] isn't present, and simplify the code in the controllers to check for the values we actually want to use. --- app/controllers/concerns/continue_params.rb | 2 +- app/controllers/projects/forks_controller.rb | 18 +++++++----------- app/controllers/projects/imports_controller.rb | 8 ++------ app/controllers/projects/jobs_controller.rb | 2 +- .../concerns/continue_params_spec.rb | 8 ++++++++ 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/app/controllers/concerns/continue_params.rb b/app/controllers/concerns/continue_params.rb index 54c0510497f..d5830f6648c 100644 --- a/app/controllers/concerns/continue_params.rb +++ b/app/controllers/concerns/continue_params.rb @@ -6,7 +6,7 @@ module ContinueParams def continue_params continue_params = params[:continue] - return unless continue_params + return {} unless continue_params continue_params = continue_params.permit(:to, :notice, :notice_now) continue_params[:to] = safe_redirect_path(continue_params[:to]) diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb index 7a1700a206a..ac1c4bc7fd3 100644 --- a/app/controllers/projects/forks_controller.rb +++ b/app/controllers/projects/forks_controller.rb @@ -46,18 +46,14 @@ class Projects::ForksController < Projects::ApplicationController @forked_project ||= ::Projects::ForkService.new(project, current_user, namespace: namespace).execute - if @forked_project.saved? && @forked_project.forked? - if @forked_project.import_in_progress? - redirect_to project_import_path(@forked_project, continue: continue_params) - else - if continue_params - redirect_to continue_params[:to], notice: continue_params[:notice] - else - redirect_to project_path(@forked_project), notice: "The project '#{@forked_project.name}' was successfully forked." - end - end - else + if !@forked_project.saved? || !@forked_project.forked? render :error + elsif @forked_project.import_in_progress? + redirect_to project_import_path(@forked_project, continue: continue_params) + elsif continue_params[:to] + redirect_to continue_params[:to], notice: continue_params[:notice] + else + redirect_to project_path(@forked_project), notice: "The project '#{@forked_project.name}' was successfully forked." end end # rubocop: enable CodeReuse/ActiveRecord diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb index afbf9fd7720..da32ab9e2e0 100644 --- a/app/controllers/projects/imports_controller.rb +++ b/app/controllers/projects/imports_controller.rb @@ -23,7 +23,7 @@ class Projects::ImportsController < Projects::ApplicationController def show if @project.import_finished? - if continue_params&.key?(:to) + if continue_params[:to] redirect_to continue_params[:to], notice: continue_params[:notice] else redirect_to project_path(@project), notice: finished_notice @@ -31,11 +31,7 @@ class Projects::ImportsController < Projects::ApplicationController elsif @project.import_failed? redirect_to new_project_import_path(@project) else - if continue_params && continue_params[:notice_now] - flash.now[:notice] = continue_params[:notice_now] - end - - # Render + flash.now[:notice] = continue_params[:notice_now] end end diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb index d7c0039b234..02ff6e872c9 100644 --- a/app/controllers/projects/jobs_controller.rb +++ b/app/controllers/projects/jobs_controller.rb @@ -103,7 +103,7 @@ class Projects::JobsController < Projects::ApplicationController @build.cancel - if continue_params + if continue_params[:to] redirect_to continue_params[:to] else redirect_to builds_project_pipeline_path(@project, @build.pipeline.id) diff --git a/spec/controllers/concerns/continue_params_spec.rb b/spec/controllers/concerns/continue_params_spec.rb index 5e47f5e9f28..b4b62cbe1e3 100644 --- a/spec/controllers/concerns/continue_params_spec.rb +++ b/spec/controllers/concerns/continue_params_spec.rb @@ -18,6 +18,14 @@ describe ContinueParams do ActionController::Parameters.new(continue: params) end + it 'returns an empty hash if params are not present' do + allow(controller).to receive(:params) do + ActionController::Parameters.new + end + + expect(controller.continue_params).to eq({}) + end + it 'cleans up any params that are not allowed' do allow(controller).to receive(:params) do strong_continue_params(to: '/hello',