Trying to get a POST to return 400 bad request

About

Asked 28/12, 2013 at 3:21 Answered 28/12, 2013 at 3:28

Solved ruby-on-rails-4 strong-parameters

I have a create method that builds a new model through an association and I was expecting it to return a 400 response with some text if no params were in the POST request. However, I get an error.

This is in Rails 4.0.2

controller methods:

  def create
    @cast_profile = current_user.build_cast_profile(cast_profile_params)
    if @cast_profile.save
      redirect_to cast_profile_path
    else
      render :edit
    end
  end

  def cast_profile_params
    params.require(:cast_profile).permit(:name, :email, :public)
  end

If I pass the params its all fine but I'm trying to test the bad request scenario. Here's the error:

ActionController::ParameterMissing: param not found: cast_profile

I could rescue it explicitly but I thought strong parameters was supposed to do that automatically.

Atheist answered 28/12, 2013 at 3:21 Comment(0)

The behaviour is as follows:

Handling of Unpermitted Keys

By default parameter keys that are not explicitly permitted will be logged in the development and test environment. In other environments these parameters will simply be filtered out and ignored.

Additionally, this behaviour can be changed by changing the config.action_controller.action_on_unpermitted_parameters property in your environment files. If set to :log the unpermitted attributes will be logged, if set to :raise an exception will be raised.

(source)

I would suggest rescuing from this exception with 400 status (Bad Request):

rescue_from ActionController::ParameterMissing do
  render :nothing => true, :status => :bad_request
end

Gardie answered 28/12, 2013 at 3:28 Comment(7)

I'm not having an issue with the handling of unpermitted keys. I'm having an issue with required keys. Further up in the doc you linked it says… – Atheist 28/12, 2013 at 15:4

In addition, parameters can be marked as required and flow through a predefined raise/rescue flow to end up as a 400 Bad Request with no effort. – Atheist 28/12, 2013 at 15:5

I'd like to know what was meant by "no effort". I was under the impression that the 400 response would be automatic without explicitly rescuing. – Atheist 28/12, 2013 at 15:6

Right, my mistake. Seems like there is no such option built-in. – Gardie 28/12, 2013 at 15:8

It looks like everything was working as intended. In the browser (development) I got an error page with a 400 response. It's just the testing env that seems weird. The exception is thrown as expected but, either rails doesn't catch it like it does in dev or minitest gets the error another way and errors the whole test without letting it proceed to the response. So, this seems like a testing issue. I'm still confused though if you have any advice about the testing. In the end I explicitly rescued to make testing possible and to return a 422 since that seemed more correct. – Atheist 28/12, 2013 at 16:20

This issue seems to be still open. – Polymorphous 9/12, 2015 at 18:46

Instead of hard-coding the 400, you can use :bad_request. guides.rubyonrails.org/… – Brahear 13/11, 2017 at 19:50

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags