WIP: Use stricter more idiomatic params parsing

floehopper · floehopper · commit 75fab8e2a253 · 2025-05-21T17:38:00.000+01:00
The original version was copied from `Api::ProjectsController#base_params`, but that seems to be an abberation introduced [1] for no obviously discernable reason. [1]: #86
diff --git a/app/controllers/api/public_projects_controller.rb b/app/controllers/api/public_projects_controller.rb
@@ -18,7 +18,7 @@ def create
     private
 
     def project_params
-      params.fetch(:project, {}).permit(:identifier, :locale, :project_type, :name)
+      params.require(:project).permit(:identifier, :locale, :project_type, :name)
     end
   end
 end
diff --git a/app/models/public_project.rb b/app/models/public_project.rb
@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class PublicProject # rubocop:disable Lint/EmptyClass
+end
diff --git a/spec/features/public_project/creating_a_public_project_spec.rb b/spec/features/public_project/creating_a_public_project_spec.rb
@@ -39,8 +39,13 @@
     )
   end
 
-  it 'responds 422 Unprocessable Entity when params are invalid' do
+  it 'responds 400 Bad Request when params are malformed' do
     post('/api/public_projects', headers:, params: { project: {} })
+    expect(response).to have_http_status(:bad_request)
+  end
+
+  it 'responds 422 Unprocessable Entity when params are invalid' do
+    post('/api/public_projects', headers:, params: { project: { identifier: 'not-empty' } })
     expect(response).to have_http_status(:unprocessable_entity)
   end
 
diff --git a/spec/requests/public_projects/create_spec.rb b/spec/requests/public_projects/create_spec.rb
@@ -5,6 +5,7 @@
 RSpec.describe 'Create public project requests' do
   let(:project) { create(:project) }
   let(:creator) { build(:user) }
+  let(:params) { { project: { identifier: 'not-blank' } } }
 
   context 'when auth is correct' do
     let(:headers) { { Authorization: UserProfileMock::TOKEN } }
@@ -19,7 +20,7 @@
       end
 
       it 'returns success' do
-        post('/api/public_projects', headers:)
+        post('/api/public_projects', headers:, params:)
 
         expect(response).to have_http_status(:created)
       end
@@ -35,7 +36,7 @@
       end
 
       it 'returns error' do
-        post('/api/public_projects', headers:)
+        post('/api/public_projects', headers:, params:)
 
         expect(response).to have_http_status(:unprocessable_entity)
       end
@@ -44,7 +45,7 @@
 
   context 'when no token is given' do
     it 'returns unauthorized' do
-      post('/api/public_projects')
+      post('/api/public_projects', params:)
 
       expect(response).to have_http_status(:unauthorized)
     end

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +# frozen_string_literal: true
++
 +class PublicProject # rubocop:disable Lint/EmptyClass
 +end