So is it not possible to do a controller spec with raw data?
Not that I know of. In the controller the raw data is assumed to have
been parsed already.
You could also simply set the parameter value to an integer in your test
and then call your controller action:
params["token"] =
Sorry, I just realized you did this as a request spec, not as a controller
spec! That's what I was missing here, thanks!
So is it not possible to do a controller spec with raw data?
On Friday, February 8, 2013 4:01:43 PM UTC-5, lawrence.pit wrote:
>
> Hi Daniel,
>
>
>describe "Example", :ty
Hi Lawrence, thanks for the response. Unfortunately, when I try that, I get:
NoMethodError: undefined method `symbolize_keys' for
> "{\"api_token\":0}":String
> /Users/daniel/.rvm/gems/ruby-1.9.3-327/gems/actionpack-3.2.11/lib/action_controller/test_case.rb:150:in
>
> `assign_parameters'
> /Use
Hi Daniel,
describe "Example", :type => :request do
# curl -k -i -X POST -d '{"api_token":0}'
https://api.example.local/reset_password
# See
https://groups.google.com/d/topic/rubyonrails-security/ZOdH5GH5jCU/discussion
it "should not be exploitable by using an integer token val
