rails 5: a few more strong params tweaks

Change-Id: Ic47369323ac1c71f4af40f800c997413a9f5218b
Reviewed-on: https://gerrit.instructure.com/104464
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>

app/models/account.rb

@@ -223,7 +223,7 @@ class Account < ActiveRecord::Base
   add_setting :lock_all_announcements, default: false, boolean: true, inheritable: true
 
   def settings=(hash)
-    if hash.is_a?(Hash)
+    if hash.is_a?(Hash) || hash.is_a?(ActionController::Parameters)
       hash.each do |key, val|
         if account_settings_options && account_settings_options[key.to_sym]
           opts = account_settings_options[key.to_sym]
@@ -231,7 +231,7 @@ class Account < ActiveRecord::Base
             settings.delete key.to_sym
           elsif opts[:hash]
             new_hash = {}
-            if val.is_a?(Hash)
+            if val.is_a?(Hash) || val.is_a?(ActionController::Parameters)
               val.each do |inner_key, inner_val|
                 inner_key = inner_key.to_sym
                 if opts[:values].include?(inner_key)

lib/canvas/plugins/validators/address_book_validator.rb

@@ -20,7 +20,7 @@ module Canvas::Plugins::Validators::AddressBookValidator
   def self.validate(settings, plugin_setting)
     strategy = settings[:strategy]
     if AddressBook::STRATEGIES.has_key?(strategy)
-      settings
+      settings.to_hash.with_indifferent_access
     else
       plugin_setting.errors.add(:base, I18n.t('Invalid address book strategy.'))
       false

lib/canvas/plugins/validators/app_center_validator.rb

@@ -30,7 +30,7 @@ module Canvas::Plugins::Validators::AppCenterValidator
           plugin_setting.errors.add(:base, I18n.t('canvas.plugins.errors.invalid_url', 'Invalid URL'))
           false
         else
-          settings.slice(:base_url, :token, :apps_index_endpoint, :app_reviews_endpoint)
+          settings.permit(:base_url, :token, :apps_index_endpoint, :app_reviews_endpoint).to_h.with_indifferent_access
         end
       end
     end

lib/canvas/plugins/validators/big_blue_button_validator.rb

@@ -26,7 +26,7 @@ module Canvas::Plugins::Validators::BigBlueButtonValidator
         plugin_setting.errors.add(:base, I18n.t('canvas.plugins.errors.all_fields_required', 'All fields are required'))
         false
       else
-        settings.slice!(*expected_settings)
+        settings = settings.permit(*expected_settings).to_h.with_indifferent_access
         settings[:recording_enabled] = Canvas::Plugin.value_to_boolean(settings[:recording_enabled])
         settings
       end

lib/canvas/plugins/validators/diigo_validator.rb

@@ -30,9 +30,9 @@ module Canvas::Plugins::Validators::DiigoValidator
           plugin_setting.errors.add(:base, res)
           false
         else
-          settings.slice(:api_key)
+          settings.permit(:api_key).to_h.with_indifferent_access
         end
       end
     end
   end
-end
+end

lib/canvas/plugins/validators/etherpad_validator.rb

@@ -25,8 +25,8 @@ module Canvas::Plugins::Validators::EtherpadValidator
         plugin_setting.errors.add(:base, I18n.t('canvas.plugins.errors.all_fields_required', 'All fields are required'))
         false
       else
-        settings.slice(:domain, :name)
-        settings[:domain] = settings[:domain].sub(/https?:/, '').gsub(/(^\/+)|(\/)+$/,'')
+        settings = settings.permit(:domain, :name).to_h.with_indifferent_access
+        settings[:domain] = settings[:domain]&.sub(/https?:/, '')&.gsub(/(^\/+)|(\/)+$/,'')
         settings[:name] ||= "EtherPad"
         settings
       end

lib/canvas/plugins/validators/google_drive_validator.rb

@@ -42,7 +42,7 @@ module Canvas::Plugins::Validators::GoogleDriveValidator
           :client_secret_json => ""
          }
       else
-         to_return = settings
+         to_return = settings.to_hash.with_indifferent_access
       end
       to_return
     end

lib/canvas/plugins/validators/kaltura_validator.rb

@@ -44,10 +44,10 @@ module Canvas::Plugins::Validators::KalturaValidator
       settings[:do_analytics] = Canvas::Plugin.value_to_boolean(settings[:do_analytics])
       settings[:hide_rte_button] = Canvas::Plugin.value_to_boolean(settings[:hide_rte_button])
       settings[:js_uploader] = Canvas::Plugin.value_to_boolean(settings[:js_uploader])
-      settings.slice(:domain, :resource_domain, :rtmp_domain, :partner_id,
+      settings.permit(:domain, :resource_domain, :rtmp_domain, :partner_id,
                      :subpartner_id, :secret_key, :user_secret_key,
                      :player_ui_conf, :kcw_ui_conf, :upload_ui_conf, :cache_play_list_seconds,
-                     :kaltura_sis, :do_analytics, :hide_rte_button, :js_uploader)
+                     :kaltura_sis, :do_analytics, :hide_rte_button, :js_uploader).to_h.with_indifferent_access
     end
   end
 end

lib/canvas/plugins/validators/linked_in_validator.rb

@@ -30,7 +30,7 @@ module Canvas::Plugins::Validators::LinkedInValidator
           plugin_setting.errors.add(:base, res)
           false
         else
-          settings.slice(:client_id, :client_secret)
+          settings.permit(:client_id, :client_secret).to_h.with_indifferent_access
         end
       end
     end

lib/canvas/plugins/validators/live_events_validator.rb

@@ -49,7 +49,7 @@ module Canvas::Plugins::Validators::LiveEventsValidator
 
       return false if err
 
-      settings = settings.slice(:kinesis_stream_name, :aws_access_key_id, :aws_secret_access_key, :aws_region, :aws_endpoint)
+      settings = settings.permit(:kinesis_stream_name, :aws_access_key_id, :aws_secret_access_key, :aws_region, :aws_endpoint).to_h.with_indifferent_access
       temp_settings = settings.dup
       temp_settings[:aws_secret_access_key_dec] = temp_settings.delete(:aws_secret_access_key)
       unless LiveEvents::Client.new(temp_settings).valid?

lib/canvas/plugins/validators/mathman_validator.rb

@@ -20,7 +20,7 @@ module Canvas::Plugins::Validators::MathmanValidator
   def self.validate(settings, plugin_setting)
     base_url = settings[:base_url]
     if base_url.match(URI.regexp)
-      settings
+      settings.to_hash.with_indifferent_access
     else
       plugin_setting.errors.add(:base, I18n.t('Must provide a valid url.'))
       false

lib/canvas/plugins/validators/panda_pub_validator.rb

@@ -30,7 +30,7 @@ module Canvas::Plugins::Validators::PandaPubValidator
           plugin_setting.errors.add(:base, I18n.t('canvas.plugins.errors.invalid_url', 'Invalid URL'))
           false
         else
-          settings.slice(:base_url, :application_id, :key_id, :key_secret)
+          settings.permit(:base_url, :application_id, :key_id, :key_secret).to_h.with_indifferent_access
         end
       end
     end

lib/canvas/plugins/validators/sessions_validator.rb

@@ -21,8 +21,8 @@ module Canvas::Plugins::Validators::SessionsValidator
     timeout = settings["session_timeout"].to_f.minutes
     if timeout < 20.minutes
       plugin_setting.errors.add(:base, I18n.t('canvas.plugins.errors.login_expiration_minimum', 'Session expiration must be 20 minutes or greater'))
-    else 
-      settings
+    else
+      settings.to_hash.with_indifferent_access
     end
   end
 end

lib/canvas/plugins/validators/ticketing_system_validator.rb

@@ -19,7 +19,7 @@
 module Canvas::Plugins::Validators::TicketingSystemValidator
   def self.validate(settings, plugin_setting)
     if Canvas::Plugin.find(settings[:type])
-      settings.slice(:type)
+      settings.permit(:type).to_h.with_indifferent_access
     else
       raise("could not find plugin for #{settings[:type]}")
     end

lib/canvas/plugins/validators/twitter_validator.rb

@@ -30,7 +30,7 @@ module Canvas::Plugins::Validators::TwitterValidator
           plugin_setting.errors.add(:base, res)
           false
         else
-          settings.slice(:consumer_key, :consumer_secret)
+          settings.permit(:consumer_key, :consumer_secret).to_h.with_indifferent_access
         end
       end
     end

lib/canvas/plugins/validators/wimba_validator.rb

@@ -25,7 +25,7 @@ module Canvas::Plugins::Validators::WimbaValidator
         plugin_setting.errors.add(:base, I18n.t('canvas.plugins.errors.all_fields_required', 'All fields are required'))
         false
       else
-        settings.slice(:domain, :user, :password, :timezone)
+        settings.permit(:domain, :user, :password, :timezone).to_h.with_indifferent_access
       end
     end
   end

lib/canvas/plugins/validators/yo_validator.rb

@@ -30,7 +30,7 @@ module Canvas::Plugins::Validators::YoValidator
         begin
           Hey.api_token = settings[:api_token]
           Hey::Subscriber.count
-          settings.slice(:api_token)
+          settings.permit(:api_token).to_h.with_indifferent_access
         rescue => e
           plugin_setting.errors.add(:base, e.message)
           false

spec/lib/canvas/plugins/validators/mathman_validator_spec.rb

@@ -37,10 +37,10 @@ describe Canvas::Plugins::Validators::MathmanValidator do
     end
 
     it 'should return provided settings when base_url is a valid url' do
-      expect(validator).to eq settings
+      expect(validator).to eq settings.with_indifferent_access
     end
 
-    context 'when base_rul is invalid' do
+    context 'when base_url is invalid' do
       let(:settings) do
         {
           base_url: 'wooper'