The assert_request plugin provides an easy way to make sure that your rails actions are only called with the method, protocol, and parameters that you expect.
This can save a considerable amount of error-checking code, uncover hidden bugs, and prevent security holes.
Here is a fairly complex assert_request declaration that illustrates some of its capabilities:
assert_request do |r|
r.method :post, :put
r.protocol :https
r.params.must_have :id
r.params.must_have :person do |person|
person.must_have :name
person.may_have :age, :height
end
r.params.must_have :fido do |fido|
fido.is_a Dog
end
r.params.may_have User do |user|
user.must_not_have :admin, :password
end
endInstall the plugin by running the following command in your rails application‘s directory:
ruby script/plugin install svn://rubyforge.org//var/svn/validaterequest/plugins/assert_requestThat‘s it. You‘re now ready to add calls to assert_request to your actions.
Please see the project home page for complete documentation: