From 93f3c724aea4efe874054b2f546fff91f0bf731b Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Mon, 27 Jan 2025 11:32:06 -0500
Subject: [PATCH] Use `expect` in remaining controller locations (#33748)

---
 .../concerns/challengable_concern.rb          |  2 +-
 .../filters/statuses_controller.rb            |  2 +-
 app/controllers/relationships_controller.rb   |  2 +-
 .../settings/preferences/base_controller.rb   |  2 +-
 spec/requests/auth/challenges_spec.rb         |  9 +++++++++
 spec/requests/filters/statuses_spec.rb        | 19 +++++++++++++++++++
 spec/requests/relationships_spec.rb           | 16 ++++++++++++++++
 .../settings/preferences/appearance_spec.rb   | 16 ++++++++++++++++
 .../settings/preferences/appearance_spec.rb   |  9 ++++++++-
 9 files changed, 72 insertions(+), 5 deletions(-)
 create mode 100644 spec/requests/filters/statuses_spec.rb
 create mode 100644 spec/requests/relationships_spec.rb
 create mode 100644 spec/requests/settings/preferences/appearance_spec.rb

diff --git a/app/controllers/concerns/challengable_concern.rb b/app/controllers/concerns/challengable_concern.rb
index c8d1a0bef7..7fbc469bdf 100644
--- a/app/controllers/concerns/challengable_concern.rb
+++ b/app/controllers/concerns/challengable_concern.rb
@@ -58,6 +58,6 @@ module ChallengableConcern
   end
 
   def challenge_params
-    params.require(:form_challenge).permit(:current_password, :return_to)
+    params.expect(form_challenge: [:current_password, :return_to])
   end
 end
diff --git a/app/controllers/filters/statuses_controller.rb b/app/controllers/filters/statuses_controller.rb
index 7ada13f680..ca5205d042 100644
--- a/app/controllers/filters/statuses_controller.rb
+++ b/app/controllers/filters/statuses_controller.rb
@@ -34,7 +34,7 @@ class Filters::StatusesController < ApplicationController
   end
 
   def status_filter_batch_action_params
-    params.require(:form_status_filter_batch_action).permit(status_filter_ids: [])
+    params.expect(form_status_filter_batch_action: [status_filter_ids: []])
   end
 
   def action_from_button
diff --git a/app/controllers/relationships_controller.rb b/app/controllers/relationships_controller.rb
index d351afcfb7..43105d70c8 100644
--- a/app/controllers/relationships_controller.rb
+++ b/app/controllers/relationships_controller.rb
@@ -36,7 +36,7 @@ class RelationshipsController < ApplicationController
   end
 
   def form_account_batch_params
-    params.require(:form_account_batch).permit(:action, account_ids: [])
+    params.expect(form_account_batch: [:action, account_ids: []])
   end
 
   def following_relationship?
diff --git a/app/controllers/settings/preferences/base_controller.rb b/app/controllers/settings/preferences/base_controller.rb
index c1f8b49898..d6d42b0340 100644
--- a/app/controllers/settings/preferences/base_controller.rb
+++ b/app/controllers/settings/preferences/base_controller.rb
@@ -19,6 +19,6 @@ class Settings::Preferences::BaseController < Settings::BaseController
   end
 
   def user_params
-    params.require(:user).permit(:locale, :time_zone, chosen_languages: [], settings_attributes: UserSettings.keys)
+    params.expect(user: [:locale, :time_zone, chosen_languages: [], settings_attributes: UserSettings.keys])
   end
 end
diff --git a/spec/requests/auth/challenges_spec.rb b/spec/requests/auth/challenges_spec.rb
index 628bfe499b..8769216657 100644
--- a/spec/requests/auth/challenges_spec.rb
+++ b/spec/requests/auth/challenges_spec.rb
@@ -33,5 +33,14 @@ RSpec.describe 'Auth Challenges' do
           .to be_nil
       end
     end
+
+    context 'with invalid params' do
+      it 'gracefully handles invalid nested params' do
+        post auth_challenge_path(form_challenge: 'invalid')
+
+        expect(response)
+          .to have_http_status(400)
+      end
+    end
   end
 end
diff --git a/spec/requests/filters/statuses_spec.rb b/spec/requests/filters/statuses_spec.rb
new file mode 100644
index 0000000000..aa1d049da7
--- /dev/null
+++ b/spec/requests/filters/statuses_spec.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Filters Statuses' do
+  describe 'POST /filters/:filter_id/statuses/batch' do
+    before { sign_in(user) }
+
+    let(:filter) { Fabricate :custom_filter, account: user.account }
+    let(:user) { Fabricate :user }
+
+    it 'gracefully handles invalid nested params' do
+      post batch_filter_statuses_path(filter.id, form_status_filter_batch_action: 'invalid')
+
+      expect(response)
+        .to redirect_to(edit_filter_path(filter))
+    end
+  end
+end
diff --git a/spec/requests/relationships_spec.rb b/spec/requests/relationships_spec.rb
new file mode 100644
index 0000000000..ee6b321c46
--- /dev/null
+++ b/spec/requests/relationships_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Relationships' do
+  describe 'PUT /relationships' do
+    before { sign_in Fabricate(:user) }
+
+    it 'gracefully handles invalid nested params' do
+      put relationships_path(form_account_batch: 'invalid')
+
+      expect(response)
+        .to redirect_to(relationships_path)
+    end
+  end
+end
diff --git a/spec/requests/settings/preferences/appearance_spec.rb b/spec/requests/settings/preferences/appearance_spec.rb
new file mode 100644
index 0000000000..cfdc4dafc9
--- /dev/null
+++ b/spec/requests/settings/preferences/appearance_spec.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Settings Preferences Appearance' do
+  describe 'PUT /settings/preferences/appearance' do
+    before { sign_in Fabricate(:user) }
+
+    it 'gracefully handles invalid nested params' do
+      put settings_preferences_appearance_path(user: 'invalid')
+
+      expect(response)
+        .to have_http_status(400)
+    end
+  end
+end
diff --git a/spec/system/settings/preferences/appearance_spec.rb b/spec/system/settings/preferences/appearance_spec.rb
index 0b6f1e4b15..32085e2af0 100644
--- a/spec/system/settings/preferences/appearance_spec.rb
+++ b/spec/system/settings/preferences/appearance_spec.rb
@@ -17,10 +17,13 @@ RSpec.describe 'Settings preferences appearance page' do
     check confirm_reblog_field
     uncheck confirm_delete_field
 
+    check advanced_layout_field
+
     expect { save_changes }
       .to change { user.reload.settings.theme }.to('contrast')
       .and change { user.reload.settings['web.reblog_modal'] }.to(true)
-      .and(change { user.reload.settings['web.delete_modal'] }.to(false))
+      .and change { user.reload.settings['web.delete_modal'] }.to(false)
+      .and(change { user.reload.settings['web.advanced_layout'] }.to(true))
     expect(page)
       .to have_title(I18n.t('settings.appearance'))
   end
@@ -40,4 +43,8 @@ RSpec.describe 'Settings preferences appearance page' do
   def theme_selection_field
     I18n.t('simple_form.labels.defaults.setting_theme')
   end
+
+  def advanced_layout_field
+    I18n.t('simple_form.labels.defaults.setting_advanced_layout')
+  end
 end