Commit 0e331206 authored by Robert Speicher's avatar Robert Speicher

Add BlocksJsonSerialization model concern and include it in User

parent 4d9f353a
# Overrides `as_json` and `to_json` to raise an exception when called in order
# to prevent accidentally exposing attributes
#
# Not that that would ever happen... but just in case.
module BlocksJsonSerialization
extend ActiveSupport::Concern
def to_json
raise SecurityError,
"JSON serialization has been disabled on #{self.class.name}"
end
alias_method :as_json, :to_json
end
...@@ -18,6 +18,7 @@ class User < ActiveRecord::Base ...@@ -18,6 +18,7 @@ class User < ActiveRecord::Base
include CreatedAtFilterable include CreatedAtFilterable
include IgnorableColumn include IgnorableColumn
include BulkMemberAccessLoad include BulkMemberAccessLoad
include BlocksJsonSerialization
prepend EE::GeoAwareAvatar prepend EE::GeoAwareAvatar
prepend EE::User prepend EE::User
......
require 'rails_helper'
describe BlocksJsonSerialization do
DummyModel = Class.new do
include BlocksJsonSerialization
end
it 'blocks as_json' do
expect { DummyModel.new.to_json }
.to raise_error(SecurityError, "JSON serialization has been disabled on DummyModel")
end
it 'blocks to_json' do
expect { DummyModel.new.to_json }
.to raise_error(SecurityError, "JSON serialization has been disabled on DummyModel")
end
end
...@@ -12,6 +12,7 @@ describe User do ...@@ -12,6 +12,7 @@ describe User do
it { is_expected.to include_module(Referable) } it { is_expected.to include_module(Referable) }
it { is_expected.to include_module(Sortable) } it { is_expected.to include_module(Sortable) }
it { is_expected.to include_module(TokenAuthenticatable) } it { is_expected.to include_module(TokenAuthenticatable) }
it { is_expected.to include_module(BlocksJsonSerialization) }
end end
describe 'delegations' do describe 'delegations' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment