diff options
| author | Louise Crow <louise.crow@gmail.com> | 2014-09-09 18:48:55 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-09-09 18:48:55 +0100 |
| commit | 04ccf9987b4a83495999c99f7a67c38b2fab67f4 (patch) | |
| tree | 7f6f4d9483b73d693a4ca4741e76288573408677 /spec/controllers/user_controller_spec.rb | |
| parent | ae29addfe3b4cd5ba6d6b04301f9d403c76089d8 (diff) | |
Whitelist user controller signup params0.18.0.14hotfix/0.18.0.14
Diffstat (limited to 'spec/controllers/user_controller_spec.rb')
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index cf361d898..e9510ec0d 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -327,6 +327,17 @@ describe UserController, "when signing up" do deliveries[0].body.should match(/when\s+you\s+already\s+have\s+an/) end + it 'accepts only whitelisted parameters' do + post :signup, { :user_signup => { :email => 'silly@localhost', + :name => 'New Person', + :password => 'sillypassword', + :password_confirmation => 'sillypassword', + :admin_level => 'super' } } + + expect(assigns(:user_signup).admin_level).to eq('none') + end + + # XXX need to do bob@localhost signup and check that sends different email end |