So is it not possible to do a controller spec with raw data?
Not that I know of. In the controller the raw data is assumed to have
been parsed already.
You could also simply set the parameter value to an integer in your test
and then call your controller action:
params["token"] =
Sorry, I just realized you did this as a request spec, not as a controller
spec! That's what I was missing here, thanks!
So is it not possible to do a controller spec with raw data?
On Friday, February 8, 2013 4:01:43 PM UTC-5, lawrence.pit wrote:
>
> Hi Daniel,
>
>
>describe "Example", :ty
Hi Lawrence, thanks for the response. Unfortunately, when I try that, I get:
NoMethodError: undefined method `symbolize_keys' for
> "{\"api_token\":0}":String
> /Users/daniel/.rvm/gems/ruby-1.9.3-327/gems/actionpack-3.2.11/lib/action_controller/test_case.rb:150:in
>
> `assign_parameters'
> /Use
Hi Daniel,
describe "Example", :type => :request do
# curl -k -i -X POST -d '{"api_token":0}'
https://api.example.local/reset_password
# See
https://groups.google.com/d/topic/rubyonrails-security/ZOdH5GH5jCU/discussion
it "should not be exploitable by using an integer token val
I apologize if this message was sent more than once, I tried to post
through the Google Groups page but it didn't seem to work.
In order to ensure that my application is not vulnerable to this exploit, I
am trying to create a controller test in RSpec to cover it. In order to do
so, I need to be ab
