Remove base validator contract

Now that our CSRF protection module pulls the _csrf_token directly from the raw params, we don’t need a vase validator, and can use dry-validation contracts directly
hanami · Sep 2, 2024 · e8f1388 · e8f1388
1 parent 65f0823
commit e8f1388
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 15 deletions.
diff --git a/lib/hanami/action/params.rb b/lib/hanami/action/params.rb
@@ -13,14 +13,6 @@ class Action
     #
     # @since 0.1.0
     class Params < BaseParams
-      # @since 2.2.0
-      # @api private
-      class Validator < Dry::Validation::Contract
-        params do
-          optional(:_csrf_token).filled(:string)
-        end
-      end
-
       # Params errors
       #
       # @since 1.1.0
@@ -120,7 +112,7 @@ def _nested_attribute(keys, key)
       # @api public
       # @since 0.7.0
       def self.params(&block)
-        @_validator = Class.new(Validator) { params(&block || -> {}) }.new
+        @_validator = Class.new(Dry::Validation::Contract) { params(&block || -> {}) }.new
       end
 
       # Defines validations for the params, using a dry-validation contract.
@@ -132,7 +124,7 @@ def self.params(&block)
       # @api public
       # @since 2.2.0
       def self.contract(&block)
-        @_validator = Class.new(Validator, &block).new
+        @_validator = Class.new(Dry::Validation::Contract, &block).new
       end
 
       class << self

diff --git a/spec/unit/hanami/action/params_spec.rb b/spec/unit/hanami/action/params_spec.rb
@@ -36,7 +36,6 @@
           expect(response[:params][:id]).to          eq(1)
           expect(response[:params][:unknown]).to     be(nil)
           expect(response[:params][:upload]).to      eq(upload)
-          expect(response[:params][:_csrf_token]).to eq("3")
 
           expect(response[:params].raw.fetch("id")).to          eq("1")
           expect(response[:params].raw.fetch("unknown")).to     eq("2")
@@ -96,9 +95,9 @@
             expect(response.body).to eq([%({:id=>23, :article=>{:tags=>[:cool]}})])
           end
 
-          it "doesn't filter _csrf_token" do
+          it "removes _csrf_token" do
             response = action.call(_csrf_token: "abc")
-            expect(response.body).to eq([%({:_csrf_token=>"abc"})])
+            expect(response.body).to eq([%({})])
           end
         end
 
@@ -108,9 +107,9 @@
             expect(response.body).to match(%({:id=>23}))
           end
 
-          it "doesn't filter _csrf_token" do
+          it "removes _csrf_token" do
             response = Rack::MockRequest.new(action).request("PATCH", "?id=1", params: {_csrf_token: "def", x: {foo: "bar"}})
-            expect(response.body).to match(%(:_csrf_token=>"def"))
+            expect(response.body).not_to match("_csrf_token")
             expect(response.body).to match(%(:id=>1))
           end
         end