The assert_request plugin provides an easy way to make sure that your rails actions are only called with the method, protocol, and parameters that you expect.
This can save a considerable amount of error-checking code, uncover hidden bugs, and prevent security holes.
Here is a fairly complex assert_request declaration that illustrates some of its capabilities:
assert_request do |r| r.method :post, :put r.protocol :https r.params.must_have :id r.params.must_have :person do |person| person.must_have :name person.may_have :age, :height end r.params.must_have :fido do |fido| fido.is_a Dog end r.params.may_have User do |user| user.must_not_have :admin, :password end endInstall the plugin by running the following command in your rails application‘s directory:
ruby script/plugin install svn://rubyforge.org//var/svn/validaterequest/plugins/assert_requestThat‘s it. You‘re now ready to add calls to assert_request to your actions.
Please see the project home page for complete documentation: