Merge remote-tracking branch 'origin/hotfix/0.19.0.3' into rails-3-develop

author: Gareth Rees <gareth@mysociety.org> 2014-09-15 12:19:41 +0100
committer: Gareth Rees <gareth@mysociety.org> 2014-09-15 12:19:41 +0100
commit: 6c9e18c77efcb718dc4bcc4ef9dfc4b5bd64991d (patch)
tree: d44f278f34e9da736167c2a9078dcab8400e73a1 /spec/controllers
parent: 8462ec5ebf07af5daffbb624db4ce4e745fd3a40 (diff)
parent: 9eda544f43ea1df1d824674c22275a88daa8dedb (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index 6ecdf1ad4..e4854fe6b 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -327,6 +327,16 @@ describe UserController, "when signing up" do
         deliveries[0].body.should match(/when\s+you\s+already\s+have\s+an/)
     end
 
+    it 'accepts only whitelisted parameters' do
+      post :signup, { :user_signup => { :email => 'silly@localhost',
+                                        :name => 'New Person',
+                                        :password => 'sillypassword',
+                                        :password_confirmation => 'sillypassword',
+                                        :admin_level => 'super' } }
+
+      expect(assigns(:user_signup).admin_level).to eq('none')
+    end
+
     # TODO: need to do bob@localhost signup and check that sends different email
 end
author	Gareth Rees <gareth@mysociety.org>	2014-09-15 12:19:41 +0100
committer	Gareth Rees <gareth@mysociety.org>	2014-09-15 12:19:41 +0100
commit	6c9e18c77efcb718dc4bcc4ef9dfc4b5bd64991d (patch)
tree	d44f278f34e9da736167c2a9078dcab8400e73a1 /spec/controllers
parent	8462ec5ebf07af5daffbb624db4ce4e745fd3a40 (diff)
parent	9eda544f43ea1df1d824674c22275a88daa8dedb (diff)