Make checks for continue_params more robust

The check for continue_params&.key?(:to) in Projects::ImportsController caused an exception in redirect_to if this key contained a nil value. Since url_for won't add any params for an empty hash, we can just return that in continue_params if params[:continue] isn't present, and simplify the code in the controllers to check for the values we actually want to use.
2019-06-20 19:13:02 +02:00 · 2019-06-20 19:13:02 +02:00 · 8fd2c08472
commit 8fd2c08472
parent e8aff8351e
5 changed files with 19 additions and 19 deletions
--- a/app/controllers/concerns/continue_params.rb
+++ b/app/controllers/concerns/continue_params.rb
@ -6,7 +6,7 @@ module ContinueParams

  def continue_params
    continue_params = params[:continue]
-    return unless continue_params
+    return {} unless continue_params

    continue_params = continue_params.permit(:to, :notice, :notice_now)
    continue_params[:to] = safe_redirect_path(continue_params[:to])
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@ -46,20 +46,16 @@ class Projects::ForksController < Projects::ApplicationController

    @forked_project ||= ::Projects::ForkService.new(project, current_user, namespace: namespace).execute

-    if @forked_project.saved? && @forked_project.forked?
-      if @forked_project.import_in_progress?
+    if !@forked_project.saved? || !@forked_project.forked?
+      render :error
+    elsif @forked_project.import_in_progress?
      redirect_to project_import_path(@forked_project, continue: continue_params)
-      else
-        if continue_params
+    elsif continue_params[:to]
      redirect_to continue_params[:to], notice: continue_params[:notice]
    else
      redirect_to project_path(@forked_project), notice: "The project '#{@forked_project.name}' was successfully forked."
    end
  end
-    else
-      render :error
-    end
-  end
  # rubocop: enable CodeReuse/ActiveRecord

  def whitelist_query_limiting
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@ -23,7 +23,7 @@ class Projects::ImportsController < Projects::ApplicationController

  def show
    if @project.import_finished?
-      if continue_params&.key?(:to)
+      if continue_params[:to]
        redirect_to continue_params[:to], notice: continue_params[:notice]
      else
        redirect_to project_path(@project), notice: finished_notice
@ -31,12 +31,8 @@ class Projects::ImportsController < Projects::ApplicationController
    elsif @project.import_failed?
      redirect_to new_project_import_path(@project)
    else
-      if continue_params && continue_params[:notice_now]
      flash.now[:notice] = continue_params[:notice_now]
    end
-
-      # Render
-    end
  end

  private
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@ -103,7 +103,7 @@ class Projects::JobsController < Projects::ApplicationController

    @build.cancel

-    if continue_params
+    if continue_params[:to]
      redirect_to continue_params[:to]
    else
      redirect_to builds_project_pipeline_path(@project, @build.pipeline.id)
--- a/spec/controllers/concerns/continue_params_spec.rb
+++ b/spec/controllers/concerns/continue_params_spec.rb
@ -18,6 +18,14 @@ describe ContinueParams do
    ActionController::Parameters.new(continue: params)
  end

+  it 'returns an empty hash if params are not present' do
+    allow(controller).to receive(:params) do
+      ActionController::Parameters.new
+    end
+
+    expect(controller.continue_params).to eq({})
+  end
+
  it 'cleans up any params that are not allowed' do
    allow(controller).to receive(:params) do
      strong_continue_params(to: '/hello',