Whitelist user controller signup params0.12.0.6 hotfix/0.12.0.6

author: Louise Crow <louise.crow@gmail.com> 2014-09-09 18:48:55 +0100
committer: Louise Crow <louise.crow@gmail.com> 2014-09-09 20:19:15 +0100
commit: ba0a52a98a916cb006fd18465c8e32aeeff2debe (patch)
tree: 05b755721e7312e920d81de49f16151feebb4bf8 /spec/controllers/user_controller_spec.rb
parent: 9389a3fe34457d63e2e34772bb0b244bbd4469b1 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index b09594b9c..fb6f81a78 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -287,6 +287,17 @@ describe UserController, "when signing up" do
         deliveries[0].body.should match(/when\s+you\s+already\s+have\s+an/)
     end
 
+    it 'accepts only whitelisted parameters' do
+      post :signup, { :user_signup => { :email => 'silly@localhost',
+                                        :name => 'New Person',
+                                        :password => 'sillypassword',
+                                        :password_confirmation => 'sillypassword',
+                                        :admin_level => 'super' } }
+
+      expect(assigns(:user_signup).admin_level).to eq('none')
+    end
+
+
     # XXX need to do bob@localhost signup and check that sends different email
 end
author	Louise Crow <louise.crow@gmail.com>	2014-09-09 18:48:55 +0100
committer	Louise Crow <louise.crow@gmail.com>	2014-09-09 20:19:15 +0100
commit	ba0a52a98a916cb006fd18465c8e32aeeff2debe (patch)
tree	05b755721e7312e920d81de49f16151feebb4bf8 /spec/controllers/user_controller_spec.rb
parent	9389a3fe34457d63e2e34772bb0b244bbd4469b1 (diff)