From 2d7cddd7d9482ff52974c4fbdfb23b2ec5a66089 Mon Sep 17 00:00:00 2001
From: Tim Pease <tim.pease@gmail.com>
Date: Thu, 20 Sep 2018 17:38:20 -0600
Subject: [PATCH] Permissive JSON PRC params

Reworking how the JSON RPC params are being handled. They are not more
permissive, but the request params are still strongly enforced.
---
 lib/chatops/controller.rb | 32 ++++++--------------------------
 1 file changed, 6 insertions(+), 26 deletions(-)

diff --git a/lib/chatops/controller.rb b/lib/chatops/controller.rb
index 4c31a27..4ae5bb7 100644
--- a/lib/chatops/controller.rb
+++ b/lib/chatops/controller.rb
@@ -55,43 +55,23 @@ module Chatops
         params[key] = value
       end
 
-      permitted_params = %i[
-        action
-        chatop
-        controller
-        mention_slug
-        method
-        room_id
-        user
-      ]
+      @jsonrpc_params = params.delete(:params) if params.has_key? :params
 
-      chatop_name = if params[:chatop].present?
-          params[:chatop].to_sym
-        elsif params[:action].present?
-          params[:action].to_sym
-        else
-          nil
-        end
+      self.params = params.permit(:action, :chatop, :controller, :id, :mention_slug, :method, :room_id, :user)
+    end
 
-      if chatop = self.class.chatops[chatop_name]
-        permitted_params << { params: chatop[:params] }
-      end
-
-      self.params = params.permit(*permitted_params)
+    def jsonrpc_params
+      @jsonrpc_params ||= ActionController::Parameters.new
     end
 
     def json_body
       hash = {}
       if request.content_type =~ %r/\Aapplication\/json\Z/i
-        hash = GitHub::JSON.parse(request.raw_post) || {}
+        hash = ActiveSupport::JSON.decode(request.raw_post) || {}
       end
       hash.with_indifferent_access
     end
 
-    def jsonrpc_params
-      params["params"] || {}
-    end
-
     # `options` supports any of the optional fields documented
     # in the [protocol](../../docs/protocol-description.md).
     def jsonrpc_success(message, options: {})