From 9de278872143a863666845a595b2dba885f9a092 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Sat, 21 Dec 2024 13:22:26 -0800 Subject: [PATCH] Convert `params.permit` to `params.expect` Use params[:id] for params in path --- app/controllers/api/v1/api_keys_controller.rb | 2 +- app/controllers/api/v1/deletions_controller.rb | 2 +- .../api/v1/github_secret_scanning_controller.rb | 2 +- app/controllers/api/v1/hook_relay_controller.rb | 2 +- .../api/v1/oidc/api_key_roles_controller.rb | 4 ++-- app/controllers/api/v1/oidc/id_tokens_controller.rb | 2 +- app/controllers/api/v1/oidc/providers_controller.rb | 2 +- .../v1/oidc/rubygem_trusted_publishers_controller.rb | 4 ++-- app/controllers/api/v1/owners_controller.rb | 2 +- app/controllers/api/v1/rubygems_controller.rb | 2 +- app/controllers/api/v1/searches_controller.rb | 2 +- .../api/v1/timeframe_versions_controller.rb | 2 +- app/controllers/api_keys_controller.rb | 12 ++++++------ app/controllers/concerns/jwt_validation.rb | 2 +- app/controllers/concerns/latest_version.rb | 2 +- app/controllers/concerns/webauthn_verifiable.rb | 2 +- app/controllers/email_confirmations_controller.rb | 4 ++-- app/controllers/multifactor_auths_controller.rb | 2 +- app/controllers/notifiers_controller.rb | 2 +- app/controllers/oauth_controller.rb | 2 +- app/controllers/oidc/api_key_roles_controller.rb | 4 ++-- .../oidc/concerns/trusted_publisher_creation.rb | 2 +- app/controllers/oidc/id_tokens_controller.rb | 2 +- .../oidc/pending_trusted_publishers_controller.rb | 2 +- app/controllers/oidc/providers_controller.rb | 2 +- .../oidc/rubygem_trusted_publishers_controller.rb | 2 +- app/controllers/organizations_controller.rb | 4 ++-- app/controllers/owners_controller.rb | 4 ++-- app/controllers/ownership_requests_controller.rb | 2 +- app/controllers/pages_controller.rb | 2 +- app/controllers/passwords_controller.rb | 2 +- app/controllers/profiles_controller.rb | 4 ++-- app/controllers/sendgrid_events_controller.rb | 2 +- app/controllers/sessions_controller.rb | 6 +++--- app/controllers/users_controller.rb | 2 +- app/controllers/versions_controller.rb | 2 +- app/controllers/webauthn_credentials_controller.rb | 4 ++-- app/controllers/webauthn_verifications_controller.rb | 2 +- 38 files changed, 53 insertions(+), 53 deletions(-) diff --git a/app/controllers/api/v1/api_keys_controller.rb b/app/controllers/api/v1/api_keys_controller.rb index a89511f998f..217be38bf46 100644 --- a/app/controllers/api/v1/api_keys_controller.rb +++ b/app/controllers/api/v1/api_keys_controller.rb @@ -86,7 +86,7 @@ def otp end def key_param - params.permit(:api_key).require(:api_key) + params.expect(:api_key) end def api_key_create_params diff --git a/app/controllers/api/v1/deletions_controller.rb b/app/controllers/api/v1/deletions_controller.rb index bb06d5acae3..1bdf0d7a0cf 100644 --- a/app/controllers/api/v1/deletions_controller.rb +++ b/app/controllers/api/v1/deletions_controller.rb @@ -36,7 +36,7 @@ def validate_gem_and_version render_forbidden response_with_mfa_warning("You do not have permission to delete this gem.") else begin - version = params.permit(:version).require(:version) + version = params.expect(:version) platform = params.permit(:platform).fetch(:platform, nil) @version = @rubygem.find_version!(number: version, platform: platform) rescue ActiveRecord::RecordNotFound diff --git a/app/controllers/api/v1/github_secret_scanning_controller.rb b/app/controllers/api/v1/github_secret_scanning_controller.rb index bdbd1186165..3200e0dcffb 100644 --- a/app/controllers/api/v1/github_secret_scanning_controller.rb +++ b/app/controllers/api/v1/github_secret_scanning_controller.rb @@ -24,7 +24,7 @@ def revoke return render plain: "Can't fetch public key from GitHub", status: :unauthorized if key.empty_public_key? return render plain: "Invalid GitHub Signature", status: :unauthorized unless key.valid_github_signature?(signature, request.body.read.chomp) - tokens = params.permit(_json: %i[token type url]).require(:_json).index_by { |t| hashed_key(t.require(:token)) } + tokens = params.expect(_json: %i[token type url]).index_by { |t| hashed_key(t.require(:token)) } api_keys = ApiKey.where(hashed_key: tokens.keys).index_by(&:hashed_key) resp = tokens.map do |hashed_key, t| api_key = api_keys[hashed_key] diff --git a/app/controllers/api/v1/hook_relay_controller.rb b/app/controllers/api/v1/hook_relay_controller.rb index 07699d29b1e..7d0c729924a 100644 --- a/app/controllers/api/v1/hook_relay_controller.rb +++ b/app/controllers/api/v1/hook_relay_controller.rb @@ -22,7 +22,7 @@ def hook_relay_report_params end def authenticate_hook_relay_report - account_id, hook_id = params.permit(%i[account_id hook_id]).require(%i[account_id hook_id]) + account_id, hook_id = params.expect(%i[account_id hook_id]) ActiveSupport::SecureCompareRotator.new(ENV.fetch("HOOK_RELAY_ACCOUNT_ID", "")).secure_compare!(account_id) ActiveSupport::SecureCompareRotator.new(ENV.fetch("HOOK_RELAY_HOOK_ID", "")).secure_compare!(hook_id) diff --git a/app/controllers/api/v1/oidc/api_key_roles_controller.rb b/app/controllers/api/v1/oidc/api_key_roles_controller.rb index 07a5a20e084..1d402d2fdcd 100644 --- a/app/controllers/api/v1/oidc/api_key_roles_controller.rb +++ b/app/controllers/api/v1/oidc/api_key_roles_controller.rb @@ -26,7 +26,7 @@ def index end def show - render json: @api_key.user.oidc_api_key_roles.find_by!(token: params.permit(:token).require(:token)) + render json: @api_key.user.oidc_api_key_roles.find_by!(token: params.expect(:token)) end def assume_role @@ -60,7 +60,7 @@ def assume_role private def set_api_key_role - @api_key_role = OIDC::ApiKeyRole.active.find_by!(token: params.permit(:token).require(:token)) + @api_key_role = OIDC::ApiKeyRole.active.find_by!(token: params.expect(:token)) @provider = @api_key_role.provider end diff --git a/app/controllers/api/v1/oidc/id_tokens_controller.rb b/app/controllers/api/v1/oidc/id_tokens_controller.rb index 065a9ff8cb7..68b0cd3aa34 100644 --- a/app/controllers/api/v1/oidc/id_tokens_controller.rb +++ b/app/controllers/api/v1/oidc/id_tokens_controller.rb @@ -7,6 +7,6 @@ def index end def show - render json: @api_key.user.oidc_id_tokens.find(params.permit(:id).require(:id)) + render json: @api_key.user.oidc_id_tokens.find(params[:id]) end end diff --git a/app/controllers/api/v1/oidc/providers_controller.rb b/app/controllers/api/v1/oidc/providers_controller.rb index aeef5c29e5b..8f43f786290 100644 --- a/app/controllers/api/v1/oidc/providers_controller.rb +++ b/app/controllers/api/v1/oidc/providers_controller.rb @@ -7,6 +7,6 @@ def index end def show - render json: OIDC::Provider.find(params.permit(:id).require(:id)) + render json: OIDC::Provider.find(params[:id]) end end diff --git a/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb b/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb index e600e3c4ab9..a47018edf05 100644 --- a/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb +++ b/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb @@ -39,11 +39,11 @@ def find_rubygem end def find_rubygem_trusted_publisher - @rubygem_trusted_publisher = @rubygem.oidc_rubygem_trusted_publishers.find(params.permit(:id).require(:id)) + @rubygem_trusted_publisher = @rubygem.oidc_rubygem_trusted_publishers.find(params[:id]) end def set_trusted_publisher_type - trusted_publisher_type = params.permit(:trusted_publisher_type).require(:trusted_publisher_type) + trusted_publisher_type = params.expect(:trusted_publisher_type) @trusted_publisher_type = OIDC::TrustedPublisher.all.find { |type| type.polymorphic_name == trusted_publisher_type } diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb index ec4e6ed3f1c..9a357adb2b6 100644 --- a/app/controllers/api/v1/owners_controller.rb +++ b/app/controllers/api/v1/owners_controller.rb @@ -77,7 +77,7 @@ def render_not_found end def email_param - params.permit(:email).require(:email) + params.expect(:email) end def ownership_params diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb index 2d759f98de7..9bb8efb7de5 100644 --- a/app/controllers/api/v1/rubygems_controller.rb +++ b/app/controllers/api/v1/rubygems_controller.rb @@ -36,7 +36,7 @@ def create gem_body = attestations = nil if %w[multipart/form-data multipart/mixed].include?(request.media_type) - gem_body = params.permit(:gem).require(:gem) + gem_body = params.expect(:gem) return render_bad_request("gem is not a file upload") unless gem_body.is_a?(ActionDispatch::Http::UploadedFile) return render_bad_request("missing attestations") unless (attestations = params[:attestations]).is_a?(String) attestations = ActiveSupport::JSON.decode(attestations) diff --git a/app/controllers/api/v1/searches_controller.rb b/app/controllers/api/v1/searches_controller.rb index 4ea23590431..a29bcc8c19d 100644 --- a/app/controllers/api/v1/searches_controller.rb +++ b/app/controllers/api/v1/searches_controller.rb @@ -29,6 +29,6 @@ def search_not_available_error(error) end def query_params - params.permit(:query).require(:query) + params.expect(:query) end end diff --git a/app/controllers/api/v1/timeframe_versions_controller.rb b/app/controllers/api/v1/timeframe_versions_controller.rb index 31007ea9a31..000de4078dd 100644 --- a/app/controllers/api/v1/timeframe_versions_controller.rb +++ b/app/controllers/api/v1/timeframe_versions_controller.rb @@ -24,7 +24,7 @@ def ensure_valid_timerange end def from_time - @from_time ||= Time.iso8601(params.permit(:from).require(:from)) + @from_time ||= Time.iso8601(params.expect(:from)) rescue ArgumentError raise InvalidTimeframeParameterError, "the from parameter must be iso8601 formatted" end diff --git a/app/controllers/api_keys_controller.rb b/app/controllers/api_keys_controller.rb index 65663f0cff9..68968da4370 100644 --- a/app/controllers/api_keys_controller.rb +++ b/app/controllers/api_keys_controller.rb @@ -18,7 +18,7 @@ def new end def edit - @api_key = current_user.api_keys.find(params.permit(:id).require(:id)) + @api_key = current_user.api_keys.find(params[:id]) return unless @api_key.soft_deleted? flash[:error] = t(".invalid_key") @@ -48,7 +48,7 @@ def create end def update - @api_key = current_user.api_keys.find(params.permit(:id).require(:id)) + @api_key = current_user.api_keys.find(params[:id]) @api_key.assign_attributes(api_key_update_params(@api_key)) if @api_key.errors.present? @@ -65,7 +65,7 @@ def update end def destroy - api_key = current_user.api_keys.find(params.permit(:id).require(:id)) + api_key = current_user.api_keys.find(params[:id]) if api_key.expire! flash[:notice] = t(".success", name: api_key.name) @@ -93,19 +93,19 @@ def verify_session_redirect_path when "create" new_profile_api_key_path when "update" - edit_profile_api_key_path(params.permit(:id).require(:id)) + edit_profile_api_key_path(params[:id]) else super end end def api_key_create_params - ApiKeysHelper.api_key_params(params.permit(api_key: [:name, *ApiKey::API_SCOPES, :mfa, :rubygem_id, :expires_at]).require(:api_key)) + ApiKeysHelper.api_key_params(params.expect(api_key: [:name, *ApiKey::API_SCOPES, :mfa, :rubygem_id, :expires_at])) end def api_key_update_params(existing_api_key = nil) ApiKeysHelper.api_key_params( - params.permit(api_key: [*ApiKey::API_SCOPES, :mfa, :rubygem_id, { scopes: [ApiKey::API_SCOPES] }]).require(:api_key), existing_api_key + params.expect(api_key: [*ApiKey::API_SCOPES, :mfa, :rubygem_id, { scopes: [ApiKey::API_SCOPES] }]), existing_api_key ) end end diff --git a/app/controllers/concerns/jwt_validation.rb b/app/controllers/concerns/jwt_validation.rb index aeac079fb8b..f405e3533ca 100644 --- a/app/controllers/concerns/jwt_validation.rb +++ b/app/controllers/concerns/jwt_validation.rb @@ -21,7 +21,7 @@ def jwt_key_or_secret end def decode_jwt - @jwt = JSON::JWT.decode_compact_serialized(params.permit(:jwt).require(:jwt), jwt_key_or_secret) + @jwt = JSON::JWT.decode_compact_serialized(params.expect(:jwt), jwt_key_or_secret) rescue JSON::JWT::InvalidFormat, JSON::ParserError, ArgumentError => e # invalid base64 raises ArgumentError render_bad_request(e) diff --git a/app/controllers/concerns/latest_version.rb b/app/controllers/concerns/latest_version.rb index 3b1b580312e..9d65d3b1c67 100644 --- a/app/controllers/concerns/latest_version.rb +++ b/app/controllers/concerns/latest_version.rb @@ -7,7 +7,7 @@ def latest_version end def latest_version_by_slug - @latest_version = @rubygem.find_version_by_slug!(params.permit(:version_id).require(:version_id)) + @latest_version = @rubygem.find_version_by_slug!(params.expect(:version_id)) end end end diff --git a/app/controllers/concerns/webauthn_verifiable.rb b/app/controllers/concerns/webauthn_verifiable.rb index b4c8f7eee70..e6f128350a2 100644 --- a/app/controllers/concerns/webauthn_verifiable.rb +++ b/app/controllers/concerns/webauthn_verifiable.rb @@ -64,7 +64,7 @@ def challenge end def credential_params - params.permit(credentials: PERMITTED_CREDENTIALS).require(:credentials) + params.expect(credentials: PERMITTED_CREDENTIALS) end PERMITTED_CREDENTIALS = [ diff --git a/app/controllers/email_confirmations_controller.rb b/app/controllers/email_confirmations_controller.rb index fb07affec1c..c1494d04cd8 100644 --- a/app/controllers/email_confirmations_controller.rb +++ b/app/controllers/email_confirmations_controller.rb @@ -72,11 +72,11 @@ def confirm_email end def email_params - params.permit(email_confirmation: :email).require(:email_confirmation).require(:email) + params.expect(email_confirmation: :email).require(:email) end def token_params - params.permit(:token).require(:token) + params.expect(:token) end def login_failure(message) diff --git a/app/controllers/multifactor_auths_controller.rb b/app/controllers/multifactor_auths_controller.rb index ccc4fe14113..917d2d748ad 100644 --- a/app/controllers/multifactor_auths_controller.rb +++ b/app/controllers/multifactor_auths_controller.rb @@ -42,7 +42,7 @@ def recovery private def level_param - params.permit(:level).require(:level) + params.expect(:level) end def issuer diff --git a/app/controllers/notifiers_controller.rb b/app/controllers/notifiers_controller.rb index 99ee54e0eb6..0d7b5ca6318 100644 --- a/app/controllers/notifiers_controller.rb +++ b/app/controllers/notifiers_controller.rb @@ -25,7 +25,7 @@ def update private def notifier_params - params.permit(ownerships: %i[push owner ownership_request]).require(:ownerships) + params.expect(ownerships: %i[push owner ownership_request]) end def notifier_options(param) diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb index 525e4db919e..f5e1afc8e07 100644 --- a/app/controllers/oauth_controller.rb +++ b/app/controllers/oauth_controller.rb @@ -18,7 +18,7 @@ def create end def failure - render_forbidden params.permit(:message).require(:message) + render_forbidden params.expect(:message) end def development_log_in_as diff --git a/app/controllers/oidc/api_key_roles_controller.rb b/app/controllers/oidc/api_key_roles_controller.rb index 77c1facd77a..23db726b37b 100644 --- a/app/controllers/oidc/api_key_roles_controller.rb +++ b/app/controllers/oidc/api_key_roles_controller.rb @@ -103,7 +103,7 @@ def verify_session_redirect_path def find_api_key_role @api_key_role = current_user.oidc_api_key_roles .includes(:provider) - .find_by!(token: params.permit(:token).require(:token)) + .find_by!(token: params.expect(:token)) end def redirect_for_deleted @@ -125,7 +125,7 @@ def redirect_for_deleted ].freeze def api_key_role_params - params.permit(oidc_api_key_role: PERMITTED_API_KEY_ROLE_PARAMS).require(:oidc_api_key_role) + params.expect(oidc_api_key_role: PERMITTED_API_KEY_ROLE_PARAMS) end def add_default_params(rubygem, statement, condition) diff --git a/app/controllers/oidc/concerns/trusted_publisher_creation.rb b/app/controllers/oidc/concerns/trusted_publisher_creation.rb index 480c4e5c9f8..6cb93682a3d 100644 --- a/app/controllers/oidc/concerns/trusted_publisher_creation.rb +++ b/app/controllers/oidc/concerns/trusted_publisher_creation.rb @@ -11,7 +11,7 @@ module OIDC::Concerns::TrustedPublisherCreation end def set_trusted_publisher_type - trusted_publisher_type = params.permit(create_params_key => :trusted_publisher_type).require(create_params_key).require(:trusted_publisher_type) + trusted_publisher_type = params.expect(create_params_key => :trusted_publisher_type).require(:trusted_publisher_type) @trusted_publisher_type = OIDC::TrustedPublisher.all.find { |type| type.polymorphic_name == trusted_publisher_type } diff --git a/app/controllers/oidc/id_tokens_controller.rb b/app/controllers/oidc/id_tokens_controller.rb index 6cf65e586f1..6846bcdab3b 100644 --- a/app/controllers/oidc/id_tokens_controller.rb +++ b/app/controllers/oidc/id_tokens_controller.rb @@ -23,6 +23,6 @@ def show private def find_id_token - @id_token = current_user.oidc_id_tokens.find(params.permit(:id).require(:id)) + @id_token = current_user.oidc_id_tokens.find(params[:id]) end end diff --git a/app/controllers/oidc/pending_trusted_publishers_controller.rb b/app/controllers/oidc/pending_trusted_publishers_controller.rb index 170fa485448..13f70681f6b 100644 --- a/app/controllers/oidc/pending_trusted_publishers_controller.rb +++ b/app/controllers/oidc/pending_trusted_publishers_controller.rb @@ -60,6 +60,6 @@ def create_params def create_params_key = :oidc_pending_trusted_publisher def find_pending_trusted_publisher - @pending_trusted_publisher = authorize current_user.oidc_pending_trusted_publishers.find(params.permit(:id).require(:id)) + @pending_trusted_publisher = authorize current_user.oidc_pending_trusted_publishers.find(params[:id]) end end diff --git a/app/controllers/oidc/providers_controller.rb b/app/controllers/oidc/providers_controller.rb index 5bd58d3c759..e9a08f79483 100644 --- a/app/controllers/oidc/providers_controller.rb +++ b/app/controllers/oidc/providers_controller.rb @@ -19,6 +19,6 @@ def show private def find_provider - @provider = OIDC::Provider.find(params.permit(:id).require(:id)) + @provider = OIDC::Provider.find(params[:id]) end end diff --git a/app/controllers/oidc/rubygem_trusted_publishers_controller.rb b/app/controllers/oidc/rubygem_trusted_publishers_controller.rb index 14ba48a3faf..33563955739 100644 --- a/app/controllers/oidc/rubygem_trusted_publishers_controller.rb +++ b/app/controllers/oidc/rubygem_trusted_publishers_controller.rb @@ -57,7 +57,7 @@ def find_rubygem end def find_rubygem_trusted_publisher - @rubygem_trusted_publisher = authorize @rubygem.oidc_rubygem_trusted_publishers.find(params.permit(:id).require(:id)) + @rubygem_trusted_publisher = authorize @rubygem.oidc_rubygem_trusted_publishers.find(params[:id]) end def gh_actions_trusted_publisher diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb index e573f9ca907..c8b61cab466 100644 --- a/app/controllers/organizations_controller.rb +++ b/app/controllers/organizations_controller.rb @@ -46,10 +46,10 @@ def update private def find_organization - @organization = Organization.find_by_handle!(params.permit(:id).require(:id)) + @organization = Organization.find_by_handle!(params[:id]) end def organization_params - params.permit(organization: [:name]).require(:organization) + params.expect(organization: [:name]) end end diff --git a/app/controllers/owners_controller.rb b/app/controllers/owners_controller.rb index 1c393af0dfa..a37300284e7 100644 --- a/app/controllers/owners_controller.rb +++ b/app/controllers/owners_controller.rb @@ -90,11 +90,11 @@ def find_ownership end def token_params - params.permit(:token).require(:token) + params.expect(:token) end def handle_params - params.permit(:handle).require(:handle) + params.expect(:handle) end def update_params diff --git a/app/controllers/ownership_requests_controller.rb b/app/controllers/ownership_requests_controller.rb index 48d8f887e05..6d641c2328b 100644 --- a/app/controllers/ownership_requests_controller.rb +++ b/app/controllers/ownership_requests_controller.rb @@ -26,7 +26,7 @@ def create def update @ownership_request = OwnershipRequest.find(params[:id]) - case params.permit(:status).require(:status) + case params.expect(:status) when "close" then close when "approve" then approve else redirect_try_again diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index c47d16291c4..822d0442e63 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -11,7 +11,7 @@ def show private def find_page - id = params.permit(:id).require(:id) + id = params[:id] raise ActionController::RoutingError, "Page not found" unless Gemcutter::PAGES.include?(id) @page = id end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 9a20498dcfd..a94af01a9ee 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -94,7 +94,7 @@ def delete_password_reset_session end def reset_params - params.permit(password_reset: %i[password reset_api_key reset_api_keys]).require(:password_reset) + params.expect(password_reset: %i[password reset_api_key reset_api_keys]) end def mfa_failure(message) diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index e2f466fba3d..0ddf1f9184c 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -61,7 +61,7 @@ def security_events private def params_user - params.permit(user: PERMITTED_PROFILE_PARAMS).require(:user).tap do |hash| + params.expect(user: PERMITTED_PROFILE_PARAMS).tap do |hash| hash.delete(:unconfirmed_email) if hash[:unconfirmed_email] == current_user.email end end @@ -69,7 +69,7 @@ def params_user PERMITTED_PROFILE_PARAMS = %i[handle twitter_username unconfirmed_email public_email full_name].freeze def verify_password - password = params.permit(user: :password).require(:user)[:password] + password = params.expect(user: :password)[:password] return if current_user.authenticated?(password) redirect_to edit_profile_path, notice: t("profiles.request_denied") end diff --git a/app/controllers/sendgrid_events_controller.rb b/app/controllers/sendgrid_events_controller.rb index c81868badd7..5ed3c627d73 100644 --- a/app/controllers/sendgrid_events_controller.rb +++ b/app/controllers/sendgrid_events_controller.rb @@ -31,6 +31,6 @@ def create def events_params # SendGrid send a JSON array of 1+ events. Each event is a JSON object, see docs: # https://sendgrid.com/docs/for-developers/tracking-events/event/ - params.permit(_json: SENDGRID_EVENT_ATTRIBUTES).require(:_json) + params.expect(_json: SENDGRID_EVENT_ATTRIBUTES) end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 85a26427723..9a0f3de7fed 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -91,7 +91,7 @@ def verify_user end def verify_password_params - params.permit(verify_password: :password).require(:verify_password) + params.expect(verify_password: :password) end def do_login(two_factor_label:, two_factor_method:, authentication_method:) @@ -124,7 +124,7 @@ def mfa_failure(message) end def find_user - password = params.permit(session: :password).require(:session).fetch(:password, nil) + password = params.expect(session: :password).fetch(:password, nil) @user = User.authenticate(who, password) if password.is_a?(String) && who end @@ -136,7 +136,7 @@ def find_mfa_user end def who - who_param = params.permit(session: :who).require(:session).fetch(:who, nil) + who_param = params.expect(session: :who).fetch(:who, nil) who_param if who_param.is_a?(String) end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 243e4a6e231..510094d00a4 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -31,6 +31,6 @@ def create ].freeze def user_params - params.permit(user: PERMITTED_USER_PARAMS).require(:user) + params.expect(user: PERMITTED_USER_PARAMS) end end diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index a2ce84c89f1..9624140d33c 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -7,7 +7,7 @@ def index end def show - @latest_version = @rubygem.find_version_by_slug!(params.permit(:id).require(:id)) + @latest_version = @rubygem.find_version_by_slug!(params[:id]) @versions = @rubygem.public_versions_with_extra_version(@latest_version) @versioned_links = @rubygem.links(@latest_version) @adoption = @rubygem.ownership_call diff --git a/app/controllers/webauthn_credentials_controller.rb b/app/controllers/webauthn_credentials_controller.rb index cba1128454a..e7eb0273aa6 100644 --- a/app/controllers/webauthn_credentials_controller.rb +++ b/app/controllers/webauthn_credentials_controller.rb @@ -39,11 +39,11 @@ def destroy private def webauthn_credential_params - params.permit(webauthn_credential: :nickname).require(:webauthn_credential) + params.expect(webauthn_credential: :nickname) end def build_webauthn_credential - credential = WebAuthn::Credential.from_create(params.permit(credentials: {}).require(:credentials)) + credential = WebAuthn::Credential.from_create(params.expect(credentials: {})) credential.verify(session.dig(:webauthn_registration, "challenge").to_s) current_user.webauthn_credentials.build( diff --git a/app/controllers/webauthn_verifications_controller.rb b/app/controllers/webauthn_verifications_controller.rb index 14f93cbff9b..e101e7966f8 100644 --- a/app/controllers/webauthn_verifications_controller.rb +++ b/app/controllers/webauthn_verifications_controller.rb @@ -58,7 +58,7 @@ def check_show_verification_status end def webauthn_token_param - params.permit(:webauthn_token).require(:webauthn_token) + params.expect(:webauthn_token) end def render_expired