Testing strong parameters

Question

I want to test my strong parameters in rails controllers. The best way I have found so far is the one described here: http://pivotallabs.com/rails-4-testing-strong-parameters/

Unfortunately this leads to "blacklist" testing: I can only test wether certain parameters are discarded. What I would like to do is "whitelist" testing: making sure that only certain parameters are permitted.

My idea was to figure out all attributes of the model, set them all to some value, and pass them to the class. Then I could test if only whitelisted parameters come through.

Unfortunately I haven't found a way to set all attributes without knowing them. Any help?

Thanks!

zishe · Answer 1 · 2014-05-31T01:47:45.953

1

Actually in with block in that article there will be only whitelisted elements. I mean:

User.should_receive(:create).
    with({name: 'Sideshow Bob'}.with_indifferent_access)

Hash {name: 'Sideshow Bob'} contains only white listed. So it exactly checks that only certain parameters are permitted.

BTW why someone need to test blacklist params, if they can be anything? All others is blacklisted.

edited May 31 '14 at 01:47

answered May 31 '14 at 01:20

zishe

10,665
12
64
103

score 1 · Answer 2 · answered May 31 '14 at 02:38

values = Model.new.attributes
values.each_key { |key| values[key] = 'abcdef' }
post :create, user: values

This will attempt to post with all of the potential attributes of a given model, from there you can verify that only the expected behavior happens.

Testing strong parameters

2 Answers2