Rails: manipulate URL query param keys before request hits controller

Question

I need to pass some params in the url from a 3rd-party service into User#new.

Due to strong parameters the controller is expecting params in the form user[name], user[email]. However, this 3rd-party service is blocking the use of square brackets in a param key.

What's the easiest Rails-y way to work around this? Perhaps in the Rails router? I'd like to take email=abc@example.com and convert it to user[email]=abc@example.com before the request gets rejected by the controller.

Thoughts?

Thanks!

http://pivotallabs.com/sanitizing-post-params-with-custom-rack-middleware/ — Brad Werth, Mar 20 '15 at 20:03
I think it would be more Rails-y to do it in the controller—plainer to future developers what is going on. — evanbikes, Mar 20 '15 at 20:05

evanbikes · Accepted Answer · 2015-03-20T21:03:38.623

0

I think just some simple, manual solution would be the best.

def user_params
  permitted_params = [:name, :email, :first_name, :last_name]
  params[:user].reverse_merge!(params.keep_if { |k,v| k.to_sym.in? permitted_params })
  params.require(:user).permit(*permitted_params)
end

If params[:user] is nil, you can either do this: params[:user] ||= {} somewhere before the merge.

Or this: params[:user] = (params[:user] || {}).reverse_merge(params.keep_if { |k,v| k.to_sym.in? permitted_params }

edited Mar 20 '15 at 21:03

answered Mar 20 '15 at 20:20

evanbikes

4,131
1
22
17

I like this idea but I'm getting `undefined method 'reverse_merge!' for nil:NilClass`. Tried putting `params[:user] ||= {}` but that didn't work either… still noodling… – Meltemi Mar 20 '15 at 21:01
FYI - adding `params[:user] ||= {}` a line before the reverse merge still throws: `param is missing or the value is empty: user`. looking at the aftermath the params gains user hash and then I think the `keep_if` wipes it out. will try adding `:user` to permitted_params – Meltemi Mar 20 '15 at 21:07

Rails: manipulate URL query param keys before request hits controller

1 Answers1