ruby-on-rails-4strong-parameters

Trying to get a POST to return 400 bad request


I have a create method that builds a new model through an association and I was expecting it to return a 400 response with some text if no params were in the POST request. However, I get an error.

This is in Rails 4.0.2

controller methods:

  def create
    @cast_profile = current_user.build_cast_profile(cast_profile_params)
    if @cast_profile.save
      redirect_to cast_profile_path
    else
      render :edit
    end
  end

  def cast_profile_params
    params.require(:cast_profile).permit(:name, :email, :public)
  end

If I pass the params its all fine but I'm trying to test the bad request scenario. Here's the error:

ActionController::ParameterMissing: param not found: cast_profile

I could rescue it explicitly but I thought strong parameters was supposed to do that automatically.


Solution

  • The behaviour is as follows:

    Handling of Unpermitted Keys

    By default parameter keys that are not explicitly permitted will be logged in the development and test environment. In other environments these parameters will simply be filtered out and ignored.

    Additionally, this behaviour can be changed by changing the config.action_controller.action_on_unpermitted_parameters property in your environment files. If set to :log the unpermitted attributes will be logged, if set to :raise an exception will be raised.

    (source)

    I would suggest rescuing from this exception with 400 status (Bad Request):

    rescue_from ActionController::ParameterMissing do
      render :nothing => true, :status => :bad_request
    end