Merge pull request #42395 from chexology/fix-file-upload-in-action_mailbox-conductor

Permit attachments in inbound email conductor mail params

actionmailbox/CHANGELOG.md

@@ -1,3 +1,15 @@
+*   Add `attachments` to the list of permitted parameters for inbound emails conductor.
+
+    When using the conductor to test inbound emails with attachments, this prevents an
+    unpermitted parameter warning in default configurations, and prevents errors for
+    applications that set:
+
+    ```ruby
+    config.action_controller.action_on_unpermitted_parameters = :raise
+    ```
+
+    *David Jones*, *Dana Henke*
+
 *   Add ability to configure ActiveStorage service
     for storing email raw source.
 

actionmailbox/app/controllers/rails/conductor/action_mailbox/inbound_emails_controller.rb

@@ -20,14 +20,18 @@ module Rails
 
     private
       def new_mail
-        Mail.new(params.require(:mail).permit(:from, :to, :cc, :bcc, :x_original_to, :in_reply_to, :subject, :body).to_h).tap do |mail|
+        Mail.new(mail_params.except(:attachments).to_h).tap do |mail|
           mail[:bcc]&.include_in_headers = true
-          params[:mail][:attachments].to_a.each do |attachment|
+          mail_params[:attachments].to_a.each do |attachment|
             mail.add_file(filename: attachment.original_filename, content: attachment.read)
           end
         end
       end
 
+      def mail_params
+        params.require(:mail).permit(:from, :to, :cc, :bcc, :x_original_to, :in_reply_to, :subject, :body, attachments: [])
+      end
+
       def create_inbound_email(mail)
         ActionMailbox::InboundEmail.create_and_extract_message_id!(mail.to_s)
       end

actionmailbox/test/dummy/config/environments/test.rb

@@ -46,4 +46,7 @@ Rails.application.configure do
 
   # Annotate rendered view with file names
   # config.action_view.annotate_rendered_view_with_filenames = true
+
+  # Raise error if unpermitted parameters are sent
+  config.action_controller.action_on_unpermitted_parameters = :raise
 end