From b2c5a9a5ec69ac8b27e7fa7ab8fef96f292f1485 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= <karlerik@kreative.ee>
Date: Thu, 17 Sep 2020 15:55:37 +0300
Subject: [PATCH] Verify param integrity for bounces

---
 app/controllers/api/v1/bounces_controller.rb | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/v1/bounces_controller.rb b/app/controllers/api/v1/bounces_controller.rb
index cff8c3efe..40a3c1c91 100644
--- a/app/controllers/api/v1/bounces_controller.rb
+++ b/app/controllers/api/v1/bounces_controller.rb
@@ -1,11 +1,20 @@
 module Api
   module V1
     class BouncesController < BaseController
-      before_action :authenticate
-
+      # POST api/v1/bounces/
       def create
-        bounced_mail_address = BouncedMailAddress.record(json)
-        bounced_mail_address ? render(head: :ok) : render(head: :failed)
+        BouncedMailAddress.record(bounce_params)
+        head(:ok)
+      rescue ActionController::ParameterMissing
+        head(:bad_request)
+      end
+
+      def bounce_params
+        params.require(:data).require(:bounce).require(:bouncedRecipients).each do |r|
+          r.require(:emailAddress)
+        end
+
+        params.require(:data)
       end
     end
   end