From a14a5224e5f8e19a747176ef81f5b3a3d687570b Mon Sep 17 00:00:00 2001 From: Thor77 Date: Tue, 16 Apr 2019 13:18:50 +0200 Subject: [PATCH 1/3] Add spec for tournament-creation with invalid team --- spec/controllers/tournaments_controller_spec.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/spec/controllers/tournaments_controller_spec.rb b/spec/controllers/tournaments_controller_spec.rb index 772a5b3..88d6a6b 100644 --- a/spec/controllers/tournaments_controller_spec.rb +++ b/spec/controllers/tournaments_controller_spec.rb @@ -142,6 +142,13 @@ RSpec.describe TournamentsController, type: :controller do end.to change(Team, :count).by(data[:teams].count) end end + + context 'with invalid parameters' do + it 'renders an unprocessable entity response' do + put :create, params: { teams: [1, 2, 3] } + expect(response).to have_http_status(:unprocessable_entity) + end + end end end From 08d2ae59a5f5ecc446f5df3d6153800ab9ad3daf Mon Sep 17 00:00:00 2001 From: Thor77 Date: Tue, 16 Apr 2019 13:22:16 +0200 Subject: [PATCH 2/3] Check teams array before calling create method --- app/controllers/tournaments_controller.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/controllers/tournaments_controller.rb b/app/controllers/tournaments_controller.rb index 94e98c0..55143ab 100644 --- a/app/controllers/tournaments_controller.rb +++ b/app/controllers/tournaments_controller.rb @@ -4,6 +4,7 @@ class TournamentsController < ApplicationController before_action :set_tournament, only: %i[show update destroy] before_action :authenticate_user!, only: %i[create update destroy] before_action -> { require_owner! @tournament.owner }, only: %i[update destroy] + before_action :validate_create_params, only: %i[create] rescue_from ActiveRecord::RecordNotFound, with: :render_not_found_error # GET /tournaments @@ -71,4 +72,11 @@ class TournamentsController < ApplicationController def tournament_params params.slice(:name, :description, :public, :teams).permit! end + + def validate_create_params + teams = params['teams'] + return if teams.is_a?(Array) && teams.reject { |t| t.is_a? ActionController::Parameters }.count.zero? + + render json: { error: 'Invalid teams array' }, status: :unprocessable_entity + end end From 157844b4ae21d6d99c9d7adc755c359aa149d7b7 Mon Sep 17 00:00:00 2001 From: Thor77 Date: Tue, 16 Apr 2019 13:22:31 +0200 Subject: [PATCH 3/3] Catch missing parameter exceptions to render error --- app/controllers/application_controller.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7834c60..e4ae47d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,10 @@ class ApplicationController < ActionController::API before_action :configure_permitted_parameters, if: :devise_controller? + rescue_from ActionController::ParameterMissing do |e| + render json: { error: e.message }, status: :bad_request + end + protected def configure_permitted_parameters