active_storage_validations 1.2.0 → 1.3.0

data/lib/active_storage_validations/content_type_validator.rb

@@ -1,16 +1,22 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
 require_relative 'concerns/symbolizable.rb'
+require_relative 'content_type_spoof_detector.rb'
 
 module ActiveStorageValidations
   class ContentTypeValidator < ActiveModel::EachValidator # :nodoc:
+    include ActiveStorageable
     include OptionProcUnfolding
     include Errorable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[with in].freeze
-    ERROR_TYPES = %i[content_type_invalid].freeze
+    ERROR_TYPES = %i[
+      content_type_invalid
+      spoofed_content_type
+    ].freeze
 
     def check_validity!
       ensure_exactly_one_validator_option
@@ -18,31 +24,24 @@ module ActiveStorageValidations
     end
 
     def validate_each(record, attribute, _value)
-      return true unless record.send(attribute).attached?
+      return if no_attachments?(record, attribute)
 
       types = authorized_types(record)
-      return true if types.empty?
+      return if types.empty?
 
-      files = Array.wrap(record.send(attribute))
-
-      files.each do |file|
-        next if is_valid?(file, types)
-
-        errors_options = initialize_error_options(options, file)
-        errors_options[:authorized_types] = types_to_human_format(types)
-        errors_options[:content_type] = content_type(file)
-        add_error(record, attribute, ERROR_TYPES.first, **errors_options)
-        break
+      attached_files(record, attribute).each do |file|
+        is_valid?(record, attribute, file, types)
       end
     end
 
+    private
+
     def authorized_types(record)
       flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
       (Array.wrap(flat_options[:with]) + Array.wrap(flat_options[:in])).compact.map do |type|
-        if type.is_a?(Regexp)
-          type
-        else
-          Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
+        case type
+        when String, Symbol then Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
+        when Regexp then type
         end
       end
     end
@@ -54,13 +53,44 @@ module ActiveStorageValidations
     end
 
     def content_type(file)
-      file.blob.present? && file.blob.content_type
+      # We remove potential mime type parameters
+      file.blob.present? && file.blob.content_type.downcase.split(/[;,\s]/, 2).first
+    end
+
+    def is_valid?(record, attribute, file, types)
+      file_type_in_authorized_types?(record, attribute, file, types) &&
+        not_spoofing_content_type?(record, attribute, file)
     end
 
-    def is_valid?(file, types)
+    def file_type_in_authorized_types?(record, attribute, file, types)
       file_type = content_type(file)
-      types.any? do |type|
-        type == file_type || (type.is_a?(Regexp) && type.match?(file_type.to_s))
+      file_type_is_authorized = types.any? do |type|
+        case type
+        when String then type == file_type
+        when Regexp then type.match?(file_type.to_s)
+        end
+      end
+
+      if file_type_is_authorized
+        true
+      else
+        errors_options = initialize_error_options(options, file)
+        errors_options[:authorized_types] = types_to_human_format(types)
+        errors_options[:content_type] = content_type(file)
+        add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+        false
+      end
+    end
+
+    def not_spoofing_content_type?(record, attribute, file)
+      return true unless enable_spoofing_protection?
+
+      if ContentTypeSpoofDetector.new(record, attribute, file).spoofed?
+        errors_options = initialize_error_options(options, file)
+        add_error(record, attribute, ERROR_TYPES.second, **errors_options)
+        false
+      else
+        true
       end
     end
 
@@ -81,7 +111,7 @@ module ActiveStorageValidations
     def invalid_content_type_message(content_type)
       <<~ERROR_MESSAGE
         You must pass valid content types to the validator
-        '#{content_type}' is not find in Marcel::EXTENSIONS mimes
+        '#{content_type}' is not found in Marcel::EXTENSIONS mimes
       ERROR_MESSAGE
     end
 
@@ -93,5 +123,9 @@ module ActiveStorageValidations
         false # We always validate regexes
       end
     end
+
+    def enable_spoofing_protection?
+      options[:spoofing_protection] == true
+    end
   end
 end

data/lib/active_storage_validations/dimension_validator.rb

@@ -1,13 +1,16 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/metadatable.rb'
 require_relative 'concerns/symbolizable.rb'
-require_relative 'metadata.rb'
 
 module ActiveStorageValidations
   class DimensionValidator < ActiveModel::EachValidator # :nodoc
-    include OptionProcUnfolding
+    include ActiveStorageable
     include Errorable
+    include OptionProcUnfolding
+    include Metadatable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[width height min max].freeze
@@ -25,65 +28,19 @@ module ActiveStorageValidations
       dimension_height_equal_to
     ].freeze
 
-    def process_options(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
-
-      [:width, :height].each do |length|
-        if flat_options[length] and flat_options[length].is_a?(Hash)
-          if (range = flat_options[length][:in])
-            raise ArgumentError, ":in must be a Range" unless range.is_a?(Range)
-            flat_options[length][:min], flat_options[length][:max] = range.min, range.max
-          end
-        end
-      end
-      [:min, :max].each do |dim|
-        if (range = flat_options[dim])
-          raise ArgumentError, ":#{dim} must be a Range (width..height)" unless range.is_a?(Range)
-          flat_options[:width] = { dim => range.first }
-          flat_options[:height] = { dim => range.last }
-        end
-      end
-
-      flat_options
-    end
-
     def check_validity!
       unless AVAILABLE_CHECKS.any? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass either :width, :height, :min or :max to the validator'
       end
     end
 
+    def validate_each(record, attribute, _value)
+      return if no_attachments?(record, attribute)
 
-    if Rails.gem_version >= Gem::Version.new('6.0.0')
-      def validate_each(record, attribute, _value)
-        return true unless record.send(attribute).attached?
-
-        changes = record.attachment_changes[attribute.to_s]
-        return true if changes.blank?
-
-        files = Array.wrap(changes.is_a?(ActiveStorage::Attached::Changes::CreateMany) ? changes.attachables : changes.attachable)
-        files.each do |file|
-          metadata = Metadata.new(file).metadata
-          next if is_valid?(record, attribute, file, metadata)
-          break
-        end
-      end
-    else
-      # Rails 5
-      def validate_each(record, attribute, _value)
-        return true unless record.send(attribute).attached?
-
-        files = Array.wrap(record.send(attribute))
-        files.each do |file|
-          # Analyze file first if not analyzed to get all required metadata.
-          file.analyze; file.reload unless file.analyzed?
-          metadata = file.metadata rescue {}
-          next if is_valid?(record, attribute, file, metadata)
-          break
-        end
-      end
+      validate_changed_files_from_metadata(record, attribute)
     end
 
+    private
 
     def is_valid?(record, attribute, file, metadata)
       flat_options = process_options(record)
@@ -163,5 +120,27 @@ module ActiveStorageValidations
 
       true # valid file
     end
+
+    def process_options(record)
+      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+
+      [:width, :height].each do |length|
+        if flat_options[length] and flat_options[length].is_a?(Hash)
+          if (range = flat_options[length][:in])
+            raise ArgumentError, ":in must be a Range" unless range.is_a?(Range)
+            flat_options[length][:min], flat_options[length][:max] = range.min, range.max
+          end
+        end
+      end
+      [:min, :max].each do |dim|
+        if (range = flat_options[dim])
+          raise ArgumentError, ":#{dim} must be a Range (width..height)" unless range.is_a?(Range)
+          flat_options[:width] = { dim => range.first }
+          flat_options[:height] = { dim => range.last }
+        end
+      end
+
+      flat_options
+    end
   end
 end

data/lib/active_storage_validations/limit_validator.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class LimitValidator < ActiveModel::EachValidator # :nodoc:
+    include ActiveStorageable
     include OptionProcUnfolding
     include Errorable
     include Symbolizable
@@ -19,11 +21,11 @@ module ActiveStorageValidations
       ensure_arguments_validity
     end
 
-    def validate_each(record, attribute, _)
-      files = Array.wrap(record.send(attribute)).reject { |file| file.blank? }.compact.uniq
+    def validate_each(record, attribute, _value)
+      files = attached_files(record, attribute).reject(&:blank?)
       flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
 
-      return true if files_count_valid?(files.count, flat_options)
+      return if files_count_valid?(files.count, flat_options)
 
       errors_options = initialize_error_options(options)
       errors_options[:min] = flat_options[:min]

data/lib/active_storage_validations/marcel_extensor.rb

@@ -0,0 +1,5 @@
+Marcel::MimeType.extend "application/x-rar-compressed", parents: %(application/x-rar)
+Marcel::MimeType.extend "audio/x-hx-aac-adts", parents: %(audio/x-aac)
+Marcel::MimeType.extend "audio/x-m4a", parents: %(audio/mp4)
+Marcel::MimeType.extend "text/xml", parents: %(application/xml) # alias
+Marcel::MimeType.extend "video/theora", parents: %(video/ogg)

data/lib/active_storage_validations/matchers/concerns/attachable.rb

@@ -8,6 +8,27 @@ module ActiveStorageValidations
         @subject.public_send(@attribute_name)
       end
 
+      def attach_files(count)
+        return unless count.positive?
+
+        file_array = Array.new(count, dummy_file)
+
+        @subject.public_send(@attribute_name).attach(file_array)
+      end
+
+      def detach_file
+        @subject.attachment_changes.delete(@attribute_name.to_s)
+      end
+      alias :detach_files :detach_file
+
+      def file_attached?
+        @subject.public_send(@attribute_name).attached?
+      end
+
+      def dummy_blob
+        ActiveStorage::Blob.create_and_upload!(**dummy_file)
+      end
+
       def dummy_file
         {
           io: io,
@@ -18,8 +39,8 @@ module ActiveStorageValidations
 
       def processable_image
         {
-          io: File.open(Rails.root.join('public', 'image_1920x1080.png')),
-          filename: 'image_1920x1080_file.png',
+          io: StringIO.new(image_data),
+          filename: 'processable_image.png',
           content_type: 'image/png'
         }
       end
@@ -27,7 +48,7 @@ module ActiveStorageValidations
       def not_processable_image
         {
           io: Tempfile.new('.'),
-          filename: 'processable.txt',
+          filename: 'not_processable_image.txt',
           content_type: 'text/plain'
         }
       end
@@ -36,12 +57,9 @@ module ActiveStorageValidations
         @io ||= Tempfile.new('Hello world!')
       end
 
-      def detach_file
-        @subject.attachment_changes.delete(@attribute_name.to_s)
-      end
-
-      def file_attached?
-        @subject.public_send(@attribute_name).attached?
+      def image_data
+        # Binary data for a 1x1 transparent PNG image
+        "\x89PNG\r\n\x1A\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00\x00\x01\x08\x06\x00\x00\x00\x1F\x15\xC4\x89\x00\x00\x00\nIDATx\x9Cc\x00\x01\x00\x00\x05\x00\x01\r\n\x2D\xB4\x00\x00\x00\x00IEND\xAE\x42\x60\x82"
       end
     end
   end

data/lib/active_storage_validations/matchers/concerns/messageable.rb

@@ -18,7 +18,7 @@ module ActiveStorageValidations
 
       def has_an_error_message_which_is_custom_message?
         validator_errors_for_attribute.one? do |error|
-          error[:error] == @custom_message
+          error[:custom_message] == @custom_message
         end
       end
     end

data/lib/active_storage_validations/matchers/content_type_validator_matcher.rb

@@ -130,6 +130,13 @@ module ActiveStorageValidations
           content_type: type
         }
       end
+
+      # Due to the way we build test attachments in #attachment_for
+      # (ie spoofed file basically), we need to ignore the error related to
+      # content type spoofing in our matcher to pass the tests
+      def validator_errors_for_attribute
+        super.reject { |hash| hash[:error] == :spoofed_content_type }
+      end
     end
   end
 end

data/lib/active_storage_validations/matchers/limit_validator_matcher.rb

@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+require_relative 'concerns/active_storageable'
+require_relative 'concerns/allow_blankable'
+require_relative 'concerns/attachable'
+require_relative 'concerns/contextable'
+require_relative 'concerns/messageable'
+require_relative 'concerns/rspecable'
+require_relative 'concerns/validatable'
+
+module ActiveStorageValidations
+  module Matchers
+    def validate_limits_of(name)
+      LimitValidatorMatcher.new(name)
+    end
+
+    class LimitValidatorMatcher
+      include ActiveStorageable
+      include AllowBlankable
+      include Attachable
+      include Contextable
+      include Messageable
+      include Rspecable
+      include Validatable
+
+      def initialize(attribute_name)
+        initialize_allow_blankable
+        initialize_contextable
+        initialize_messageable
+        initialize_rspecable
+        @attribute_name = attribute_name
+        @min = @max = nil
+      end
+
+      def description
+        "validate the limit files of :#{@attribute_name}"
+      end
+
+      def failure_message
+        message = ["is expected to validate limit file of :#{@attribute_name}"]
+        build_failure_message(message)
+        message.join("\n")
+      end
+
+      def min(count)
+        @min = count
+        self
+      end
+
+      def max(count)
+        @max = count
+        self
+      end
+
+      def matches?(subject)
+        @subject = subject.is_a?(Class) ? subject.new : subject
+
+        is_a_valid_active_storage_attribute? &&
+          is_context_valid? &&
+          is_custom_message_valid? &&
+          file_count_not_smaller_than_min? &&
+          file_count_equal_min? &&
+          file_count_larger_than_min? &&
+          file_count_smaller_than_max? &&
+          file_count_equal_max? &&
+          file_count_not_larger_than_max?
+      end
+
+        private
+
+      def build_failure_message(message)
+        return unless @failure_message_artefacts.present?
+
+        message << "  but there seem to have issues with the matcher methods you used, since:"
+        @failure_message_artefacts.each do |error_case|
+          message << "  validation failed when provided with #{error_case[:count]} file(s)"
+        end
+        message << "  whereas it should have passed"
+      end
+
+      def file_count_not_smaller_than_min?
+        @min.nil? || @min.zero? || !passes_validation_with_limits(@min - 1)
+      end
+
+      def file_count_equal_min?
+        @min.nil? || @min.zero? || passes_validation_with_limits(@min)
+      end
+
+      def file_count_larger_than_min?
+        @min.nil? || @min.zero? || @min == @max || passes_validation_with_limits(@min + 1)
+      end
+
+      def file_count_smaller_than_max?
+        @max.nil? || @min == @max || passes_validation_with_limits(@max - 1)
+      end
+
+      def file_count_equal_max?
+        @max.nil? || passes_validation_with_limits(@max)
+      end
+
+      def file_count_not_larger_than_max?
+        @max.nil? || !passes_validation_with_limits(@max + 1)
+      end
+
+      def passes_validation_with_limits(count)
+        attach_files(count)
+        validate
+        detach_files
+        is_valid? || add_failure_message_artefact(count)
+      end
+
+      def is_custom_message_valid?
+        return true if !@custom_message || (@min&.zero? && @max.nil?)
+
+        @min.nil? ? attach_files(@max + 1) : attach_files(@min - 1)
+        validate
+        detach_files
+        has_an_error_message_which_is_custom_message?
+      end
+
+      def add_failure_message_artefact(count)
+        @failure_message_artefacts << { count: count }
+        false
+      end
+    end
+  end
+end

data/lib/active_storage_validations/matchers/total_size_validator_matcher.rb

@@ -22,19 +22,10 @@ module ActiveStorageValidations
       protected
 
       def attach_file
-        # We attach blobs instead of io for has_many_attached relation
+        # has_many_attached relation
         @subject.public_send(@attribute_name).attach([dummy_blob])
         @subject.public_send(@attribute_name)
       end
-
-      def dummy_blob
-        ActiveStorage::Blob.create_and_upload!(
-          io: io,
-          filename: 'test.png',
-          content_type: 'image/png',
-          service_name: 'test'
-        )
-      end
     end
   end
 end

data/lib/active_storage_validations/matchers.rb

@@ -3,6 +3,7 @@
 require 'active_storage_validations/matchers/aspect_ratio_validator_matcher'
 require 'active_storage_validations/matchers/attached_validator_matcher'
 require 'active_storage_validations/matchers/processable_image_validator_matcher'
+require 'active_storage_validations/matchers/limit_validator_matcher'
 require 'active_storage_validations/matchers/content_type_validator_matcher'
 require 'active_storage_validations/matchers/dimension_validator_matcher'
 require 'active_storage_validations/matchers/size_validator_matcher'
@@ -25,21 +26,9 @@ module ActiveStorageValidations
     end
 
     def self.mock_metadata(attachment, width, height)
-      if Rails.gem_version >= Gem::Version.new('6.0.0')
-        # Mock the Metadata class for rails 6
-        mock = OpenStruct.new(metadata: { width: width, height: height })
-        stub_method(ActiveStorageValidations::Metadata, :new, mock) do
-          yield
-        end
-      else
-        # Stub the metadata analysis for rails 5
-        stub_method(attachment, :analyze, true) do
-          stub_method(attachment, :analyzed?, true) do
-            stub_method(attachment, :metadata, { width: width, height: height }) do
-              yield
-            end
-          end
-        end
+      mock = Struct.new(:metadata).new({ width: width, height: height })
+      stub_method(ActiveStorageValidations::Metadata, :new, mock) do
+        yield
       end
     end
   end

data/lib/active_storage_validations/metadata.rb

@@ -1,5 +1,11 @@
+# frozen_string_literal: true
+
+require_relative 'concerns/loggable'
+
 module ActiveStorageValidations
   class Metadata
+    include Loggable
+
     class InvalidImageError < StandardError; end
 
     attr_reader :file
@@ -62,11 +68,7 @@ module ActiveStorageValidations
       if is_string || file.is_a?(ActiveStorage::Blob)
         blob =
           if is_string
-            if Rails.gem_version < Gem::Version.new('6.1.0')
-              ActiveStorage::Blob.find_signed(file)
-            else
-              ActiveStorage::Blob.find_signed!(file)
-            end
+            ActiveStorage::Blob.find_signed!(file)
           else
             file
           end
@@ -174,10 +176,5 @@ module ActiveStorageValidations
         raise "Something wrong with params."
       end
     end
-
-    def logger
-      Rails.logger
-    end
-
   end
 end

data/lib/active_storage_validations/processable_image_validator.rb

@@ -1,49 +1,34 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/metadatable.rb'
 require_relative 'concerns/symbolizable.rb'
-require_relative 'metadata.rb'
 
 module ActiveStorageValidations
   class ProcessableImageValidator < ActiveModel::EachValidator # :nodoc
-    include OptionProcUnfolding
+    include ActiveStorageable
     include Errorable
+    include Metadatable
     include Symbolizable
 
     ERROR_TYPES = %i[
       image_not_processable
     ].freeze
 
-    if Rails.gem_version >= Gem::Version.new('6.0.0')
-      def validate_each(record, attribute, _value)
-        return true unless record.send(attribute).attached?
-
-        changes = record.attachment_changes[attribute.to_s]
-        return true if changes.blank?
-
-        files = Array.wrap(changes.is_a?(ActiveStorage::Attached::Changes::CreateMany) ? changes.attachables : changes.attachable)
-
-        files.each do |file|
-          if !Metadata.new(file).valid?
-            errors_options = initialize_error_options(options, file)
-            add_error(record, attribute, ERROR_TYPES.first , **errors_options) unless Metadata.new(file).valid?
-          end
-        end
-      end
-    else
-      # Rails 5
-      def validate_each(record, attribute, _value)
-        return true unless record.send(attribute).attached?
-
-        files = Array.wrap(record.send(attribute))
-
-        files.each do |file|
-          if !Metadata.new(file).valid?
-            errors_options = initialize_error_options(options, file)
-            add_error(record, attribute, ERROR_TYPES.first , **errors_options) unless Metadata.new(file).valid?
-          end
-        end
-      end
+    def validate_each(record, attribute, _value)
+      return if no_attachments?(record, attribute)
+
+      validate_changed_files_from_metadata(record, attribute)
+    end
+
+    private
+
+    def is_valid?(record, attribute, attachable, metadata)
+      return if !metadata.empty?
+
+      errors_options = initialize_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first , **errors_options)
     end
   end
 end

data/lib/active_storage_validations/size_validator.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
 require_relative 'base_size_validator.rb'
 
 module ActiveStorageValidations
@@ -15,12 +13,11 @@ module ActiveStorageValidations
     ].freeze
 
     def validate_each(record, attribute, _value)
-      return true unless record.send(attribute).attached?
+      return if no_attachments?(record, attribute)
 
-      files = Array.wrap(record.send(attribute))
       flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
 
-      files.each do |file|
+      attached_files(record, attribute).each do |file|
         next if is_valid?(file.blob.byte_size, flat_options)
 
         errors_options = initialize_error_options(options, file)
@@ -31,7 +28,6 @@ module ActiveStorageValidations
         error_type = "file_size_not_#{keys.first}".to_sym
 
         add_error(record, attribute, error_type, **errors_options)
-        break
       end
     end
   end