active_storage_validations 1.0.4 → 3.0.2

data/lib/active_storage_validations/attached_validator.rb

@@ -1,14 +1,31 @@
 # frozen_string_literal: true
 
+require_relative "shared/asv_active_storageable"
+require_relative "shared/asv_errorable"
+require_relative "shared/asv_symbolizable"
+
 module ActiveStorageValidations
   class AttachedValidator < ActiveModel::EachValidator # :nodoc:
-    def validate_each(record, attribute, _value)
-      return if record.send(attribute).attached?
+    include ASVActiveStorageable
+    include ASVErrorable
+    include ASVSymbolizable
+
+    ERROR_TYPES = %i[blank].freeze
 
-      errors_options = {}
-      errors_options[:message] = options[:message] if options[:message].present?
+    def check_validity!
+      %i[allow_nil allow_blank].each do |not_authorized_option|
+        if options.include?(not_authorized_option)
+          raise ArgumentError, "You cannot pass the :#{not_authorized_option} option to the #{self.class.to_sym} validator"
+        end
+      end
+    end
+
+    def validate_each(record, attribute, _value)
+      return if attachments_present?(record, attribute) &&
+                will_have_attachments_after_save?(record, attribute)
 
-      record.errors.add(attribute, :blank, **errors_options)
+      errors_options = initialize_error_options(options)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
     end
   end
 end

data/lib/active_storage_validations/base_comparison_validator.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require_relative "shared/asv_active_storageable"
+require_relative "shared/asv_errorable"
+require_relative "shared/asv_optionable"
+require_relative "shared/asv_symbolizable"
+
+module ActiveStorageValidations
+  class BaseComparisonValidator < ActiveModel::EachValidator # :nodoc:
+    include ASVActiveStorageable
+    include ASVErrorable
+    include ASVOptionable
+    include ASVSymbolizable
+
+    AVAILABLE_CHECKS = %i[
+      less_than
+      less_than_or_equal_to
+      greater_than
+      greater_than_or_equal_to
+      between
+      equal_to
+    ].freeze
+
+    def initialize(*args)
+      if self.class == BaseComparisonValidator
+        raise NotImplementedError, "BaseComparisonValidator is an abstract class and cannot be instantiated directly."
+      end
+      super
+    end
+
+    def check_validity!
+      unless AVAILABLE_CHECKS.one? { |argument| options.key?(argument) }
+        raise ArgumentError, "You must pass either :less_than(_or_equal_to), :greater_than(_or_equal_to), :between or :equal_to to the validator"
+      end
+    end
+
+    def validate_each(record, attribute, value)
+      raise NotImplementedError
+    end
+
+    private
+
+    def is_valid?(value, flat_options)
+      return false if value < 0
+
+      if flat_options[:between].present?
+        flat_options[:between].include?(value)
+      elsif flat_options[:less_than].present?
+        value < flat_options[:less_than]
+      elsif flat_options[:less_than_or_equal_to].present?
+        value <= flat_options[:less_than_or_equal_to]
+      elsif flat_options[:greater_than].present?
+        value > flat_options[:greater_than]
+      elsif flat_options[:greater_than_or_equal_to].present?
+        value >= flat_options[:greater_than_or_equal_to]
+      elsif flat_options[:equal_to].present?
+        value == flat_options[:equal_to]
+      end
+    end
+
+    def populate_error_options(errors_options, flat_options)
+      errors_options[:min] = format_bound_value(min(flat_options))
+      errors_options[:exact] = format_bound_value(exact(flat_options))
+      errors_options[:max] = format_bound_value(max(flat_options))
+    end
+
+    def format_bound_value
+      raise NotImplementedError
+    end
+
+    def min(flat_options)
+      flat_options[:between]&.min || flat_options[:greater_than] || flat_options[:greater_than_or_equal_to]
+    end
+
+    def exact(flat_options)
+      flat_options[:equal_to]
+    end
+
+    def max(flat_options)
+      flat_options[:between]&.max || flat_options[:less_than] || flat_options[:less_than_or_equal_to]
+    end
+  end
+end

data/lib/active_storage_validations/content_type_validator.rb

@@ -1,57 +1,245 @@
 # frozen_string_literal: true
 
+require_relative "shared/asv_active_storageable"
+require_relative "shared/asv_analyzable"
+require_relative "shared/asv_attachable"
+require_relative "shared/asv_errorable"
+require_relative "shared/asv_optionable"
+require_relative "shared/asv_symbolizable"
+require_relative "analyzer/content_type_analyzer"
+
 module ActiveStorageValidations
   class ContentTypeValidator < ActiveModel::EachValidator # :nodoc:
-    include OptionProcUnfolding
+    include ASVActiveStorageable
+    include ASVAnalyzable
+    include ASVAttachable
+    include ASVErrorable
+    include ASVOptionable
+    include ASVSymbolizable
 
     AVAILABLE_CHECKS = %i[with in].freeze
-    
-    def validate_each(record, attribute, _value)
-      return true unless record.send(attribute).attached?
+    ERROR_TYPES = %i[
+      content_type_invalid
+      content_type_spoofed
+    ].freeze
+    METADATA_KEYS = %i[content_type].freeze
 
-      types = authorized_types(record)
-      return true if types.empty?
-      
-      files = Array.wrap(record.send(attribute))
+    def check_validity!
+      ensure_exactly_one_validator_option
+      ensure_content_types_validity
+    end
 
-      errors_options = { authorized_types: types_to_human_format(types) }
-      errors_options[:message] = options[:message] if options[:message].present?
+    def validate_each(record, attribute, _value)
+      return if no_attachments?(record, attribute)
 
-      files.each do |file|
-        next if is_valid?(file, types)
+      @authorized_content_types = authorized_content_types_from_options(record)
+      return if @authorized_content_types.empty?
 
-        errors_options[:content_type] = content_type(file)
-        record.errors.add(attribute, :content_type_invalid, **errors_options)
-        break
+      attachables_and_blobs(record, attribute).each do |attachable, blob|
+        set_attachable_cached_values(blob)
+        is_valid?(record, attribute, attachable, blob)
       end
     end
 
-    def authorized_types(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+    private
+
+    def authorized_content_types_from_options(record)
+      flat_options = set_flat_options(record)
+
       (Array.wrap(flat_options[:with]) + Array.wrap(flat_options[:in])).compact.map do |type|
-        if type.is_a?(Regexp)
-          type
-        else
-          Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
+        case type
+        when String, Symbol then Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
+        when Regexp then type
+        end
+      end
+    end
+
+    def set_attachable_cached_values(blob)
+      @attachable_content_type = blob.content_type
+      @attachable_filename = blob.filename.to_s
+    end
+
+    # Check if the provided content_type is authorized and not spoofed against
+    # the file io.
+    def is_valid?(record, attribute, attachable, blob)
+      authorized_content_type?(record, attribute, attachable) &&
+        not_spoofing_content_type?(record, attribute, attachable, blob)
+    end
+
+    # Dead code that we keep here for some time, maybe we will find a solution
+    # to this check later? (November 2024)
+    #
+    # We do not perform any validations against the extension because it is an
+    # unreliable source of truth. For example, a `.csv` file could have its
+    # `text/csv` content_type changed to  `application/vnd.ms-excel` because
+    # it had been opened by Excel at some point, making the file extension vs
+    # file content_type check invalid.
+    # def extension_matches_content_type?(record, attribute, attachable)
+    #   return true if !@attachable_filename || !@attachable_content_type
+
+    #   extension = @attachable_filename.split('.').last
+    #   possible_extensions = Marcel::TYPE_EXTS[@attachable_content_type]
+    #   return true if possible_extensions && extension.downcase.in?(possible_extensions)
+
+    #   errors_options = initialize_and_populate_error_options(options, attachable)
+    #   add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+    #   false
+    # end
+
+    def authorized_content_type?(record, attribute, attachable)
+      attachable_content_type_is_authorized = @authorized_content_types.any? do |authorized_content_type|
+        case authorized_content_type
+        when String then authorized_content_type == marcel_attachable_content_type(attachable)
+        when Regexp then authorized_content_type.match?(marcel_attachable_content_type(attachable).to_s)
         end
       end
+
+      return true if attachable_content_type_is_authorized
+
+      add_content_type_invalid_error(record, attribute, attachable)
+    end
+
+    def marcel_attachable_content_type(attachable)
+      Marcel::MimeType.for(declared_type: @attachable_content_type, name: @attachable_filename)
+    end
+
+    def not_spoofing_content_type?(record, attribute, attachable, blob)
+      return true unless enable_spoofing_protection?
+
+      @detected_content_type = begin
+        metadata_for(blob, attachable, METADATA_KEYS)&.fetch(:content_type, nil)
+      rescue ActiveStorage::FileNotFoundError
+        add_attachment_missing_error(record, attribute, attachable)
+        return false
+      end
+
+      if attachable_content_type_vs_detected_content_type_mismatch?
+        add_content_type_spoofed_error(record, attribute, attachable, @detected_content_type)
+      else
+        true
+      end
+    end
+
+    def disable_spoofing_protection?
+      !enable_spoofing_protection?
     end
 
-    def types_to_human_format(types)
-      types
-        .map { |type| type.to_s.split('/').last.upcase }
-        .join(', ')
+    def enable_spoofing_protection?
+      options[:spoofing_protection] == true
     end
 
-    def content_type(file)
-      file.blob.present? && file.blob.content_type
+    def attachable_content_type_vs_detected_content_type_mismatch?
+      @attachable_content_type.present? &&
+        !attachable_content_type_intersects_detected_content_type?
     end
 
-    def is_valid?(file, types)
-      file_type = content_type(file)
-      types.any? do |type|
-        type == file_type || (type.is_a?(Regexp) && type.match?(file_type.to_s))
+    def attachable_content_type_intersects_detected_content_type?
+      # Ruby intersects? method is only available from 3.1
+      enlarged_content_type(content_type_without_parameters(@attachable_content_type)).any? do |item|
+        enlarged_content_type(content_type_without_parameters(@detected_content_type)).include?(item)
       end
     end
+
+    def enlarged_content_type(content_type)
+      [ content_type, *parent_content_types(content_type) ].compact.uniq
+    end
+
+    def parent_content_types(content_type)
+      Marcel::TYPE_PARENTS[content_type] || []
+    end
+
+    def add_content_type_invalid_error(record, attribute, attachable)
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+      false
+    end
+
+    def add_content_type_spoofed_error(record, attribute, attachable, detected_content_type)
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      errors_options[:detected_content_type] = @detected_content_type
+      errors_options[:detected_human_content_type] = content_type_to_human_format(@detected_content_type)
+      add_error(record, attribute, ERROR_TYPES.second, **errors_options)
+      false
+    end
+
+    def initialize_and_populate_error_options(options, attachable)
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:content_type] = @attachable_content_type
+      errors_options[:human_content_type] = content_type_to_human_format(@attachable_content_type)
+      errors_options[:authorized_human_content_types] = content_type_to_human_format(@authorized_content_types)
+      errors_options[:count] = @authorized_content_types.size
+      errors_options
+    end
+
+    def content_type_to_human_format(content_type)
+      Array(content_type)
+        .map do |content_type|
+          case content_type
+          when String, Symbol
+            content_type.to_s.match?(/\//) ? Marcel::TYPE_EXTS[content_type.to_s]&.first&.upcase : content_type.upcase
+          when Regexp
+            content_type.source
+          end
+        end
+        .flatten
+        .compact
+        .join(", ")
+    end
+
+    def ensure_exactly_one_validator_option
+      unless AVAILABLE_CHECKS.one? { |argument| options.key?(argument) }
+        raise ArgumentError, "You must pass either :with or :in to the validator"
+      end
+    end
+
+    def ensure_content_types_validity
+      return true if options[:with]&.is_a?(Proc) || options[:in]&.is_a?(Proc)
+
+      (Array(options[:with]) + Array(options[:in])).each do |content_type|
+        raise ArgumentError, invalid_content_type_option_message(content_type) if invalid_option?(content_type)
+      end
+    end
+
+    def invalid_content_type_option_message(content_type)
+      if content_type.to_s.match?(/\//)
+        <<~ERROR_MESSAGE
+          You must pass valid content types to the validator
+          '#{content_type}' is not found in Marcel content types (Marcel::TYPE_EXTS + Marcel::MAGIC)
+        ERROR_MESSAGE
+      else
+        <<~ERROR_MESSAGE
+          You must pass valid content types extensions to the validator
+          '#{content_type}' is not found in Marcel::EXTENSIONS
+        ERROR_MESSAGE
+      end
+    end
+
+    def invalid_option?(content_type)
+      case content_type
+      when String, Symbol
+        content_type.to_s.match?(/\//) ? invalid_content_type?(content_type) : invalid_extension?(content_type)
+      when Regexp
+        false # We always validate regexes
+      end
+    end
+
+    def invalid_content_type?(content_type)
+      if content_type == "image/jpg"
+        raise ArgumentError, "'image/jpg' is not a valid content type, you should use 'image/jpeg' instead"
+      end
+
+      all_available_marcel_content_types.exclude?(content_type.to_s)
+    end
+
+    def all_available_marcel_content_types
+      @all_available_marcel_content_types ||= Marcel::TYPE_EXTS
+        .keys
+        .push(*Marcel::MAGIC.map(&:first))
+        .tap(&:uniq!)
+    end
+
+    def invalid_extension?(content_type)
+      Marcel::MimeType.for(extension: content_type.to_s) == "application/octet-stream"
+    end
   end
 end