active_storage_validations 1.3.0 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09b483aef23513aaf10b56c6df6046078bf14e93fcfdebe2e82f2db862b85514'
-  data.tar.gz: d040c36c24fc1fb2b4d1a2e6bb92bde86521cedfda4b4e96436a10b364499f63
+  metadata.gz: 435de3a42881b172293cf50bc3edb1e5462f4a0f8346543f14936502abe7a041
+  data.tar.gz: 6dc253e3b1dcf5ac55ae13bcd4fe9d9cabe39cdf49e0de25cc0f091bfb5c3d1b
 SHA512:
-  metadata.gz: eb6df31c0374b1bfa804281f0effbaa0443ff6a812abd4a46e1ac4293a881e691fd5c61cd4c2622b027085acb3d10c14255f04cac3bab01f13f133d2f26c60af
-  data.tar.gz: b5553a4a7a2f08542c8e6f9dd928b0cc78a09eb846f73346dcdec1b3826bb4a5f04ac200c21e6e2f0f58f6dcc173f226a04e7a2c85d7c15a24b5b827bfb04dcb
+  metadata.gz: bfd15f884cda85c47ad25c1d7e2ca8423f6d6a9e3e4aadeb415492c3a9830a00b10c611ed0eb0a5866bd12e1c2b61aaa69cfccf3952447c3cd716c07e51780c5
+  data.tar.gz: 91ab2c226d9657f52f6cc5f289fb8697608954d59d34400042e0521b7e60657e5ac5f256b268eef16fd1ffcd83169f61345ba3e7c9e925d1384d427f10a00bad

data/README.md

@@ -91,9 +91,10 @@ Marcel::MimeType.extend "application/ino", extensions: %w(ino), parents: "text/p
 ```
 
 **Content type spoofing protection**
+
 File content type spoofing happens when an ill-intentioned user uploads a file which hides its true content type by faking its extension and its declared content type value. For example, a user may try to upload a `.exe` file (application/x-msdownload content type) dissimulated as a `.jpg` file (image/jpeg content type).
 
-By default, the gem does not prevent content type spoofing (prevent it by default is a breaking change that will be implemented in v2). The spoofing protection relies on both the linux `file` command and `Marcel` gem.
+By default, the gem does not prevent content type spoofing (prevent it by default is a breaking change that will be implemented in v2). The spoofing protection relies on both the linux `file` command and `Marcel` gem. Be careful, since it needs to load the whole file io to perform the analysis, it will use a lot of RAM for very large files. Therefore it could be a wise decision not to enable it in this case.
 
 Take note that the `file` analyzer will not find the exactly same content type as the ActiveStorage blob (its content type detection relies on a different logic using content+filename+extension). To handle this issue, we consider a close parent content type to be a match. For example, for an ActiveStorage blob which content type is `video/x-ms-wmv`, the `file` analyzer will probably detect a `video/x-ms-asf` content type, this will be considered as a valid match because these 2 content types are closely related. The correlation mapping is based on `Marcel::TYPE_PARENTS`.
 
@@ -202,7 +203,6 @@ en:
       aspect_ratio_not_portrait: "must be a portrait image"
       aspect_ratio_not_landscape: "must be a landscape image"
       aspect_ratio_is_not: "must have an aspect ratio of %{aspect_ratio}"
-      aspect_ratio_unknown: "has an unknown aspect ratio"
       image_not_processable: "is not a valid image"
 ```
 
@@ -436,22 +436,22 @@ Then you can use the matchers with the syntax specified in the RSpec section, ju
 
 To run tests in root folder of gem:
 
-* `BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test` to run for Rails 6.1.4
 * `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake test` to run for Rails 7.0
-* `BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test` to run for Rails 7.0
-* `BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle exec rake test` to run for Rails main branch
+* `BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test` to run for Rails 7.1
+* `BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle exec rake test` to run for Rails 7.2
+* `BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle exec rake test` to run for Rails 8.0
 
 Snippet to run in console:
 
 ```bash
-BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle
-BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle
-BUNDLE_GEMFILE=gemfiles/rails_6_1_4.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle
+BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle
 BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake test
 BUNDLE_GEMFILE=gemfiles/rails_7_1.gemfile bundle exec rake test
-BUNDLE_GEMFILE=gemfiles/rails_next.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_7_2.gemfile bundle exec rake test
+BUNDLE_GEMFILE=gemfiles/rails_8_0.gemfile bundle exec rake test
 ```
 
 Tips:

data/config/locales/da.yml

@@ -29,5 +29,4 @@ da:
       aspect_ratio_not_portrait: "skal være et portrætbillede"
       aspect_ratio_not_landscape: "skal være et landskabsbillede"
       aspect_ratio_is_not: "skal have et størrelsesforhold på %{aspect_ratio}"
-      aspect_ratio_unknown: "har et ukendt størrelsesforhold"
       image_not_processable: "er ikke et gyldigt billede"

data/config/locales/de.yml

@@ -29,5 +29,4 @@ de:
       aspect_ratio_not_portrait: "muss Hochformat sein"
       aspect_ratio_not_landscape: "muss Querformat sein"
       aspect_ratio_is_not: "muss ein Bildseitenverhältnis von %{aspect_ratio} haben"
-      aspect_ratio_unknown: "hat ein unbekanntes Bildseitenverhältnis"
       image_not_processable: "ist kein gültiges Bild"

data/config/locales/en.yml

@@ -29,5 +29,4 @@ en:
       aspect_ratio_not_portrait: "must be a portrait image"
       aspect_ratio_not_landscape: "must be a landscape image"
       aspect_ratio_is_not: "must have an aspect ratio of %{aspect_ratio}"
-      aspect_ratio_unknown: "has an unknown aspect ratio"
       image_not_processable: "is not a valid image"

data/config/locales/es.yml

@@ -29,5 +29,4 @@ es:
       aspect_ratio_not_portrait: "debe ser una imagen vertical"
       aspect_ratio_not_landscape: "debe ser una imagen apaisada"
       aspect_ratio_is_not: "debe tener una relación de aspecto de %{aspect_ratio}"
-      aspect_ratio_unknown: "tiene una relación de aspecto desconocida"
       image_not_processable: "no es una imagen válida"

data/config/locales/fr.yml

@@ -29,5 +29,4 @@ fr:
       aspect_ratio_not_portrait: "doit être une image en format portrait"
       aspect_ratio_not_landscape: "doit être une image en format paysage"
       aspect_ratio_is_not: "doit avoir un rapport hauteur / largeur de %{aspect_ratio}"
-      aspect_ratio_unknown: "a un rapport d'aspect inconnu"
       image_not_processable: "n'est pas une image valide"

data/config/locales/it.yml

@@ -29,5 +29,4 @@ it:
       aspect_ratio_not_portrait: "l’orientamento dell’immagine deve essere verticale"
       aspect_ratio_not_landscape: "l’orientamento dell’immagine deve essere orizzontale"
       aspect_ratio_is_not: "deve avere un rapporto altezza / larghezza di %{aspect_ratio}"
-      aspect_ratio_unknown: "ha un rapporto altezza / larghezza sconosciuto"
       image_not_processable: "non è un'immagine valida"

data/config/locales/ja.yml

@@ -29,5 +29,4 @@ ja:
       aspect_ratio_not_portrait: "は縦長にしてください"
       aspect_ratio_not_landscape: "は横長にしてください"
       aspect_ratio_is_not: "のアスペクト比は %{aspect_ratio} にしてください"
-      aspect_ratio_unknown: "のアスペクト比を取得できませんでした"
       image_not_processable: "は不正な画像です"

data/config/locales/nl.yml

@@ -29,5 +29,4 @@ nl:
       aspect_ratio_not_portrait: "moet een staande afbeelding zijn"
       aspect_ratio_not_landscape: "moet een liggende afbeelding zijn"
       aspect_ratio_is_not: "moet een beeldverhouding hebben van %{aspect_ratio}"
-      aspect_ratio_unknown: "heeft een onbekende beeldverhouding"
       image_not_processable: "is geen geldige afbeelding"

data/config/locales/pl.yml

@@ -29,5 +29,4 @@ pl:
       aspect_ratio_not_portrait: "musi mieć proporcje portretu"
       aspect_ratio_not_landscape: "musi mieć proporcje pejzażu"
       aspect_ratio_is_not: "musi mieć proporcje %{aspect_ratio}"
-      aspect_ratio_unknown: "ma nieokreślone proporcje"
       image_not_processable: "nie jest prawidłowym obrazem"

data/config/locales/pt-BR.yml

@@ -29,5 +29,4 @@ pt-BR:
       aspect_ratio_not_portrait: "não está no formato retrato"
       aspect_ratio_not_landscape: "não está no formato paisagem"
       aspect_ratio_is_not: "não contém uma proporção de %{aspect_ratio}"
-      aspect_ratio_unknown: "não tem uma proporção definida"
       image_not_processable: "não é uma imagem válida"

data/config/locales/ru.yml

@@ -29,5 +29,4 @@ ru:
       aspect_ratio_not_portrait: "должно быть портретное изображение"
       aspect_ratio_not_landscape: "должно быть пейзажное изображение"
       aspect_ratio_is_not: "должен иметь соотношение сторон %{aspect_ratio}"
-      aspect_ratio_unknown: "имеет неизвестное соотношение сторон"
       image_not_processable: "не является допустимым изображением"

data/config/locales/sv.yml

@@ -29,5 +29,4 @@ sv:
       aspect_ratio_not_portrait: "måste vara en porträttorienterad bild"
       aspect_ratio_not_landscape: "måste vara en landskapsorienterad bild"
       aspect_ratio_is_not: "måste ha en följande aspect ratio  %{aspect_ratio}"
-      aspect_ratio_unknown: "har en okänd aspect ratio"
       image_not_processable: "är inte en giltig bild"

data/config/locales/tr.yml

@@ -29,5 +29,4 @@ tr:
       aspect_ratio_not_portrait: "dikey bir imaj olmalı"
       aspect_ratio_not_landscape: "yatay bir imaj olmalı"
       aspect_ratio_is_not: "%{aspect_ratio} en boy oranına sahip olmalı"
-      aspect_ratio_unknown: "bilinmeyen en boy oranı"
       image_not_processable: "geçerli bir imaj değil"

data/config/locales/uk.yml

@@ -29,5 +29,4 @@ uk:
       aspect_ratio_not_portrait: "мусить бути портретне зображення"
       aspect_ratio_not_landscape: "мусить бути пейзажне зображення"
       aspect_ratio_is_not: "мусить мати співвідношення сторін %{aspect_ratio}"
-      aspect_ratio_unknown: "має невідоме співвідношення сторін"
       image_not_processable: "не є допустимим зображенням"

data/config/locales/vi.yml

@@ -29,5 +29,4 @@ vi:
       aspect_ratio_not_portrait: "phải là ảnh đứng"
       aspect_ratio_not_landscape: "phải là ảnh ngang"
       aspect_ratio_is_not: "phải có tỉ lệ ảnh %{aspect_ratio}"
-      aspect_ratio_unknown: "tỉ lệ ảnh không xác định"
       image_not_processable: "không phải là ảnh"

data/config/locales/zh-CN.yml

@@ -29,5 +29,4 @@ zh-CN:
       aspect_ratio_not_portrait: "必须是竖屏图片"
       aspect_ratio_not_landscape: "必须是横屏图片"
       aspect_ratio_is_not: "纵横比必须是 %{aspect_ratio}"
-      aspect_ratio_unknown: "未知的纵横比"
       image_not_processable: "不是有效的图像"

data/lib/active_storage_validations/aspect_ratio_validator.rb

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
 
 require_relative 'concerns/active_storageable.rb'
+require_relative 'concerns/attachable.rb'
 require_relative 'concerns/errorable.rb'
-require_relative 'concerns/metadatable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class AspectRatioValidator < ActiveModel::EachValidator # :nodoc
     include ActiveStorageable
+    include Attachable
     include Errorable
-    include Metadatable
-    include OptionProcUnfolding
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[with].freeze
@@ -22,7 +23,6 @@ module ActiveStorageValidations
       aspect_ratio_not_portrait
       aspect_ratio_not_landscape
       aspect_ratio_is_not
-      aspect_ratio_unknown
     ].freeze
     PRECISION = 3.freeze
 
@@ -40,48 +40,63 @@ module ActiveStorageValidations
     private
 
     def is_valid?(record, attribute, attachable, metadata)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
-      errors_options = initialize_error_options(options, attachable)
-
-      if metadata[:width].to_i <= 0 || metadata[:height].to_i <= 0
-        errors_options[:aspect_ratio] = flat_options[:with]
+      flat_options = set_flat_options(record)
 
-        add_error(record, attribute, :image_metadata_missing, **errors_options)
-        return false
-      end
+      return if image_metadata_missing?(record, attribute, attachable, flat_options, metadata)
 
       case flat_options[:with]
-      when :square
-        return true if metadata[:width] == metadata[:height]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_square, **errors_options)
-
-      when :portrait
-        return true if metadata[:height] > metadata[:width]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_portrait, **errors_options)
-
-      when :landscape
-        return true if metadata[:width] > metadata[:height]
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_not_landscape, **errors_options)
-
-      when ASPECT_RATIO_REGEX
-        flat_options[:with] =~ ASPECT_RATIO_REGEX
-        x = $1.to_i
-        y = $2.to_i
-
-        return true if x > 0 && y > 0 && (x.to_f / y).round(PRECISION) == (metadata[:width].to_f / metadata[:height]).round(PRECISION)
-
-        errors_options[:aspect_ratio] = "#{x}:#{y}"
-        add_error(record, attribute, :aspect_ratio_is_not, **errors_options)
-      else
-        errors_options[:aspect_ratio] = flat_options[:with]
-        add_error(record, attribute, :aspect_ratio_unknown, **errors_options)
-        return false
+      when :square then validate_square_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when :portrait then validate_portrait_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when :landscape then validate_landscape_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      when ASPECT_RATIO_REGEX then validate_regex_aspect_ratio(record, attribute, attachable, flat_options, metadata)
       end
     end
 
+    def image_metadata_missing?(record, attribute, attachable, flat_options, metadata)
+      return false if metadata[:width].to_i > 0 && metadata[:height].to_i > 0
+
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :image_metadata_missing, **errors_options)
+      true
+    end
+
+    def validate_square_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] == metadata[:height]
+
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_square, **errors_options)
+    end
+
+    def validate_portrait_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] < metadata[:height]
+
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_portrait, **errors_options)
+    end
+
+    def validate_landscape_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      return if metadata[:width] > metadata[:height]
+
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = flat_options[:with]
+      add_error(record, attribute, :aspect_ratio_not_landscape, **errors_options)
+    end
+
+    def validate_regex_aspect_ratio(record, attribute, attachable, flat_options, metadata)
+      flat_options[:with] =~ ASPECT_RATIO_REGEX
+      x = $1.to_i
+      y = $2.to_i
+
+      return if x > 0 && y > 0 && (x.to_f / y).round(PRECISION) == (metadata[:width].to_f / metadata[:height]).round(PRECISION)
+
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:aspect_ratio] = "#{x}:#{y}"
+      add_error(record, attribute, :aspect_ratio_is_not, **errors_options)
+    end
+
     def ensure_at_least_one_validator_option
       unless AVAILABLE_CHECKS.any? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass :with to the validator'

data/lib/active_storage_validations/base_size_validator.rb

@@ -2,13 +2,14 @@
 
 require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class BaseSizeValidator < ActiveModel::EachValidator # :nodoc:
     include ActiveStorageable
     include Errorable
-    include OptionProcUnfolding
+    include Optionable
     include Symbolizable
 
     delegate :number_to_human_size, to: ActiveSupport::NumberHelper

data/lib/active_storage_validations/concerns/attachable.rb

@@ -0,0 +1,134 @@
+require_relative "../metadata"
+
+module ActiveStorageValidations
+  # ActiveStorageValidations::Attachable
+  #
+  # Validator methods for analyzing attachable.
+  #
+  # An attachable is a file representation such as ActiveStorage::Blob,
+  # ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile, Hash, String,
+  # File or Pathname
+  module Attachable
+    extend ActiveSupport::Concern
+
+    private
+
+    # Loop through the newly submitted attachables to validate them. Using
+    # attachables is the only way to get the attached file io that is necessary
+    # to perform file analyses.
+    def validate_changed_files_from_metadata(record, attribute)
+      attachables_from_changes(record, attribute).each do |attachable|
+        is_valid?(record, attribute, attachable, Metadata.new(attachable).metadata)
+      end
+    end
+
+    # Retrieve an array of newly submitted attachables. Some file could be passed
+    # several times, we just need to perform the analysis once on the file,
+    # therefore the use of #uniq.
+    def attachables_from_changes(record, attribute)
+      changes = record.attachment_changes[attribute.to_s]
+      return [] if changes.blank?
+
+      Array.wrap(
+        changes.is_a?(ActiveStorage::Attached::Changes::CreateMany) ? changes.attachables : changes.attachable
+      ).uniq
+    end
+
+    # Retrieve the full declared content_type from attachable.
+    def full_attachable_content_type(attachable)
+      case attachable
+      when ActiveStorage::Blob
+        attachable.content_type
+      when ActionDispatch::Http::UploadedFile
+        attachable.content_type
+      when Rack::Test::UploadedFile
+        attachable.content_type
+      when String
+        blob = ActiveStorage::Blob.find_signed!(attachable)
+        blob.content_type
+      when Hash
+        attachable[:content_type]
+      when File
+        supports_file_attachment? ? marcel_content_type_from_filename(attachable) : raise_rails_like_error(attachable)
+      when Pathname
+        supports_pathname_attachment? ? marcel_content_type_from_filename(attachable) : raise_rails_like_error(attachable)
+      else
+        raise_rails_like_error(attachable)
+      end
+    end
+
+    # Retrieve the declared content_type from attachable without potential mime
+    # type parameters (e.g. 'application/x-rar-compressed;version=5')
+    def attachable_content_type(attachable)
+      full_attachable_content_type(attachable) && full_attachable_content_type(attachable).downcase.split(/[;,\s]/, 2).first
+    end
+
+    # Retrieve the io from attachable.
+    def attachable_io(attachable)
+      case attachable
+      when ActiveStorage::Blob
+        attachable.download
+      when ActionDispatch::Http::UploadedFile
+        attachable.read
+      when Rack::Test::UploadedFile
+        attachable.read
+      when String
+        blob = ActiveStorage::Blob.find_signed!(attachable)
+        blob.download
+      when Hash
+        attachable[:io].read
+      when File
+        supports_file_attachment? ? attachable : raise_rails_like_error(attachable)
+      when Pathname
+        supports_pathname_attachment? ? attachable.read : raise_rails_like_error(attachable)
+      else
+        raise_rails_like_error(attachable)
+      end
+    end
+
+    # Retrieve the declared filename from attachable.
+    def attachable_filename(attachable)
+      case attachable
+      when ActiveStorage::Blob
+        attachable.filename
+      when ActionDispatch::Http::UploadedFile
+        attachable.original_filename
+      when Rack::Test::UploadedFile
+        attachable.original_filename
+      when String
+        blob = ActiveStorage::Blob.find_signed!(attachable)
+        blob.filename
+      when Hash
+        attachable[:filename]
+      when File
+        supports_file_attachment? ? File.basename(attachable) : raise_rails_like_error(attachable)
+      when Pathname
+        supports_pathname_attachment? ? File.basename(attachable) : raise_rails_like_error(attachable)
+      else
+        raise_rails_like_error(attachable)
+      end
+    end
+
+    # Raise the same Rails error for not-implemented file representations.
+    def raise_rails_like_error(attachable)
+      raise(
+        ArgumentError,
+        "Could not find or build blob: expected attachable, " \
+          "got #{attachable.inspect}"
+      )
+    end
+
+    # Check if the current Rails version supports File or Pathname attachment
+    #
+    # https://github.com/rails/rails/blob/7-1-stable/activestorage/CHANGELOG.md#rails-710rc1-september-27-2023
+    def supports_file_attachment?
+      Rails.gem_version >= Gem::Version.new('7.1.0.rc1')
+    end
+    alias :supports_pathname_attachment? :supports_file_attachment?
+
+    # Retrieve the content_type from the file name only
+    def marcel_content_type_from_filename(attachable)
+      Marcel::MimeType.for(name: attachable_filename(attachable).to_s)
+    end
+  end
+end

data/lib/active_storage_validations/concerns/errorable.rb

@@ -30,8 +30,9 @@ module ActiveStorageValidations
 
       case file
       when ActiveStorage::Attached, ActiveStorage::Attachment then file.blob&.filename&.to_s
+      when ActiveStorage::Blob then file.filename
       when Hash then file[:filename]
-      end
+      end.to_s
     end
   end
 end

data/lib/active_storage_validations/concerns/optionable.rb

@@ -0,0 +1,27 @@
+module ActiveStorageValidations
+  # ActiveStorageValidations::Optionable
+  #
+  # Helper method to flatten the validator options.
+  module Optionable
+    extend ActiveSupport::Concern
+
+    private
+
+    def set_flat_options(record)
+      flatten_options(record, self.options)
+    end
+
+    def flatten_options(record, options, available_checks = self.class::AVAILABLE_CHECKS)
+      case options
+      when Hash
+        options.merge(options) do |key, value|
+          available_checks&.exclude?(key) ? {} : flatten_options(record, value, nil)
+        end
+      when Array
+        options.map { |option| flatten_options(record, option, available_checks) }
+      else
+        options.is_a?(Proc) ? options.call(record) : options
+      end
+    end
+  end
+end

data/lib/active_storage_validations/content_type_spoof_detector.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/attachable'
 require_relative 'concerns/loggable'
 require 'open3'
 
@@ -7,12 +8,13 @@ module ActiveStorageValidations
   class ContentTypeSpoofDetector
     class FileCommandLineToolNotInstalledError < StandardError; end
 
+    include Attachable
     include Loggable
 
-    def initialize(record, attribute, file)
+    def initialize(record, attribute, attachable)
       @record = record
       @attribute = attribute
-      @file = file
+      @attachable = attachable
     end
 
     def spoofed?
@@ -27,60 +29,22 @@ module ActiveStorageValidations
     private
 
     def filename
-      @filename ||= @file.blob.present? && @file.blob.filename.to_s
+      @filename ||= attachable_filename(@attachable).to_s
     end
 
     def supplied_content_type
-      # We remove potential mime type parameters
-      @supplied_content_type ||= @file.blob.present? && @file.blob.content_type.downcase.split(/[;,\s]/, 2).first
+      @supplied_content_type ||= attachable_content_type(@attachable)
     end
 
     def io
-      @io ||= case @record.public_send(@attribute)
-              when ActiveStorage::Attached::One then get_io_from_one
-              when ActiveStorage::Attached::Many then get_io_from_many
-              end
-    end
-
-    def get_io_from_one
-      attachable = @record.attachment_changes[@attribute.to_s].attachable
-
-      case attachable
-      when ActionDispatch::Http::UploadedFile
-        attachable.read
-      when String
-        blob = ActiveStorage::Blob.find_signed!(attachable)
-        blob.download
-      when ActiveStorage::Blob
-        attachable.download
-      when Hash
-        attachable[:io].read
-      end
-    end
-
-    def get_io_from_many
-      attachables = @record.attachment_changes[@attribute.to_s].attachables
-
-      if attachables.all? { |attachable| attachable.is_a?(ActionDispatch::Http::UploadedFile) }
-        attachables.find do |uploaded_file|
-          checksum = ActiveStorage::Blob.new.send(:compute_checksum_in_chunks, uploaded_file)
-          checksum == @file.checksum
-        end.read
-      elsif attachables.all? { |attachable| attachable.is_a?(String) }
-        # It's only possible to pass one String as attachable (not an array of String)
-        blob = ActiveStorage::Blob.find_signed!(attachables.first)
-        blob.download
-      elsif attachables.all? { |attachable| attachable.is_a?(ActiveStorage::Blob) }
-        attachables.find { |blob| blob == @file.blob }.download
-      elsif attachables.all? { |attachable| attachable.is_a?(Hash) }
-        # It's only possible to pass one Hash as attachable (not an array of Hash)
-        attachables.first[:io].read
-      end
+      @io ||= attachable_io(@attachable)
     end
 
+    # Return the content_type found by Open3 analysis.
+    #
+    # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
+    # for analyzing content type solely based on the file io.
     def content_type_from_analyzer
-      # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
-      # for analyzing content type solely based on the file io
       @content_type_from_analyzer ||= open3_mime_type_for_io
     end
 

data/lib/active_storage_validations/content_type_validator.rb

@@ -1,15 +1,18 @@
 # frozen_string_literal: true
 
 require_relative 'concerns/active_storageable.rb'
+require_relative 'concerns/attachable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
 require_relative 'content_type_spoof_detector.rb'
 
 module ActiveStorageValidations
   class ContentTypeValidator < ActiveModel::EachValidator # :nodoc:
     include ActiveStorageable
-    include OptionProcUnfolding
+    include Attachable
     include Errorable
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[with in].freeze
@@ -26,18 +29,20 @@ module ActiveStorageValidations
     def validate_each(record, attribute, _value)
       return if no_attachments?(record, attribute)
 
-      types = authorized_types(record)
-      return if types.empty?
+      @authorized_content_types = authorized_content_types_from_options(record)
+      return if @authorized_content_types.empty?
 
-      attached_files(record, attribute).each do |file|
-        is_valid?(record, attribute, file, types)
+      attachables_from_changes(record, attribute).each do |attachable|
+        set_attachable_cached_values(attachable)
+        is_valid?(record, attribute, attachable)
       end
     end
 
     private
 
-    def authorized_types(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+    def authorized_content_types_from_options(record)
+      flat_options = set_flat_options(record)
+
       (Array.wrap(flat_options[:with]) + Array.wrap(flat_options[:in])).compact.map do |type|
         case type
         when String, Symbol then Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
@@ -46,47 +51,48 @@ module ActiveStorageValidations
       end
     end
 
-    def types_to_human_format(types)
-      types
-        .map { |type| type.is_a?(Regexp) ? type.source : type.to_s.split('/').last.upcase }
-        .join(', ')
+    def set_attachable_cached_values(attachable)
+      @attachable_content_type = attachable_content_type(attachable)
+      @attachable_filename = attachable_filename(attachable).to_s
     end
 
-    def content_type(file)
-      # We remove potential mime type parameters
-      file.blob.present? && file.blob.content_type.downcase.split(/[;,\s]/, 2).first
+    def is_valid?(record, attribute, attachable)
+      extension_matches_content_type?(record, attribute, attachable) &&
+        authorized_content_type?(record, attribute, attachable) &&
+        not_spoofing_content_type?(record, attribute, attachable)
     end
 
-    def is_valid?(record, attribute, file, types)
-      file_type_in_authorized_types?(record, attribute, file, types) &&
-        not_spoofing_content_type?(record, attribute, file)
+    def extension_matches_content_type?(record, attribute, attachable)
+      extension = @attachable_filename.split('.').second
+
+      possible_extensions = Marcel::TYPE_EXTS[@attachable_content_type]
+      return true if possible_extensions && extension.in?(possible_extensions)
+
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+      false
     end
 
-    def file_type_in_authorized_types?(record, attribute, file, types)
-      file_type = content_type(file)
-      file_type_is_authorized = types.any? do |type|
-        case type
-        when String then type == file_type
-        when Regexp then type.match?(file_type.to_s)
+    def authorized_content_type?(record, attribute, attachable)
+      attachable_content_type_is_authorized = @authorized_content_types.any? do |authorized_content_type|
+        case authorized_content_type
+        when String then authorized_content_type == marcel_attachable_content_type(attachable)
+        when Regexp then authorized_content_type.match?(marcel_attachable_content_type(attachable).to_s)
         end
       end
 
-      if file_type_is_authorized
-        true
-      else
-        errors_options = initialize_error_options(options, file)
-        errors_options[:authorized_types] = types_to_human_format(types)
-        errors_options[:content_type] = content_type(file)
-        add_error(record, attribute, ERROR_TYPES.first, **errors_options)
-        false
-      end
+      return true if attachable_content_type_is_authorized
+
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+      false
     end
 
-    def not_spoofing_content_type?(record, attribute, file)
+    def not_spoofing_content_type?(record, attribute, attachable)
       return true unless enable_spoofing_protection?
 
-      if ContentTypeSpoofDetector.new(record, attribute, file).spoofed?
-        errors_options = initialize_error_options(options, file)
+      if ContentTypeSpoofDetector.new(record, attribute, attachable).spoofed?
+        errors_options = initialize_error_options(options, attachable)
         add_error(record, attribute, ERROR_TYPES.second, **errors_options)
         false
       else
@@ -94,6 +100,29 @@ module ActiveStorageValidations
       end
     end
 
+    def marcel_attachable_content_type(attachable)
+      Marcel::MimeType.for(declared_type: @attachable_content_type, name: @attachable_filename)
+    end
+
+    def enable_spoofing_protection?
+      options[:spoofing_protection] == true
+    end
+
+    def initialize_and_populate_error_options(options, attachable)
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:content_type] = @attachable_content_type
+      errors_options[:authorized_types] = authorized_content_types_to_human_format
+      errors_options
+    end
+
+    def authorized_content_types_to_human_format
+      @authorized_content_types
+        .map do |authorized_content_type|
+          authorized_content_type.is_a?(Regexp) ? authorized_content_type.source : authorized_content_type.to_s.split('/').last.upcase
+        end
+        .join(', ')
+    end
+
     def ensure_exactly_one_validator_option
       unless AVAILABLE_CHECKS.one? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass either :with or :in to the validator'
@@ -104,28 +133,39 @@ module ActiveStorageValidations
       return true if options[:with]&.is_a?(Proc) || options[:in]&.is_a?(Proc)
 
       ([options[:with]] || options[:in]).each do |content_type|
-        raise ArgumentError, invalid_content_type_message(content_type) if invalid_content_type?(content_type)
+        raise ArgumentError, invalid_content_type_option_message(content_type) if invalid_option?(content_type)
       end
     end
 
-    def invalid_content_type_message(content_type)
-      <<~ERROR_MESSAGE
-        You must pass valid content types to the validator
-        '#{content_type}' is not found in Marcel::EXTENSIONS mimes
-      ERROR_MESSAGE
+    def invalid_content_type_option_message(content_type)
+      if content_type.to_s.match?(/\//)
+        <<~ERROR_MESSAGE
+          You must pass valid content types to the validator
+          '#{content_type}' is not found in Marcel::TYPE_EXTS
+        ERROR_MESSAGE
+      else
+        <<~ERROR_MESSAGE
+          You must pass valid content types extensions to the validator
+          '#{content_type}' is not found in Marcel::EXTENSIONS
+        ERROR_MESSAGE
+      end
     end
 
-    def invalid_content_type?(content_type)
+    def invalid_option?(content_type)
       case content_type
       when String, Symbol
-        Marcel::MimeType.for(declared_type: content_type.to_s, extension: content_type.to_s) == 'application/octet-stream'
+        content_type.to_s.match?(/\//) ? invalid_content_type?(content_type) : invalid_extension?(content_type)
       when Regexp
         false # We always validate regexes
       end
     end
 
-    def enable_spoofing_protection?
-      options[:spoofing_protection] == true
+    def invalid_content_type?(content_type)
+      Marcel::TYPE_EXTS[content_type.to_s] == nil
+    end
+
+    def invalid_extension?(content_type)
+      Marcel::MimeType.for(extension: content_type.to_s) == 'application/octet-stream'
     end
   end
 end

data/lib/active_storage_validations/dimension_validator.rb

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
 
 require_relative 'concerns/active_storageable.rb'
+require_relative 'concerns/attachable.rb'
 require_relative 'concerns/errorable.rb'
-require_relative 'concerns/metadatable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class DimensionValidator < ActiveModel::EachValidator # :nodoc
     include ActiveStorageable
+    include Attachable
     include Errorable
-    include OptionProcUnfolding
-    include Metadatable
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[width height min max].freeze
@@ -122,7 +123,7 @@ module ActiveStorageValidations
     end
 
     def process_options(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+      flat_options = set_flat_options(record)
 
       [:width, :height].each do |length|
         if flat_options[length] and flat_options[length].is_a?(Hash)

data/lib/active_storage_validations/limit_validator.rb

@@ -2,13 +2,14 @@
 
 require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class LimitValidator < ActiveModel::EachValidator # :nodoc:
     include ActiveStorageable
-    include OptionProcUnfolding
     include Errorable
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[max min].freeze
@@ -23,7 +24,7 @@ module ActiveStorageValidations
 
     def validate_each(record, attribute, _value)
       files = attached_files(record, attribute).reject(&:blank?)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+      flat_options = set_flat_options(record)
 
       return if files_count_valid?(files.count, flat_options)
 

data/lib/active_storage_validations/metadata.rb

@@ -8,13 +8,13 @@ module ActiveStorageValidations
 
     class InvalidImageError < StandardError; end
 
-    attr_reader :file
+    attr_reader :attachable
 
     DEFAULT_IMAGE_PROCESSOR = :mini_magick.freeze
 
-    def initialize(file)
+    def initialize(attachable)
       require_image_processor
-      @file = file
+      @attachable = attachable
     end
 
     def valid?
@@ -64,14 +64,9 @@ module ActiveStorageValidations
     end
 
     def read_image
-      is_string = file.is_a?(String)
-      if is_string || file.is_a?(ActiveStorage::Blob)
-        blob =
-          if is_string
-            ActiveStorage::Blob.find_signed!(file)
-          else
-            file
-          end
+      is_string = attachable.is_a?(String)
+      if is_string || attachable.is_a?(ActiveStorage::Blob)
+        blob = is_string ? ActiveStorage::Blob.find_signed!(attachable) : attachable
 
         tempfile = Tempfile.new(["ActiveStorage-#{blob.id}-", blob.filename.extension_with_delimiter])
         tempfile.binmode
@@ -107,9 +102,9 @@ module ActiveStorageValidations
         begin
           Vips::Image.new_from_file(path)
         rescue exception_class
-          # We handle cases where an error is raised when reading the file
+          # We handle cases where an error is raised when reading the attachable
           # because Vips can throw errors rather than returning false
-          # We stumble upon this issue while reading 0 byte size file
+          # We stumble upon this issue while reading 0 byte size attachable
           # https://github.com/janko/image_processing/issues/97
           false
         end
@@ -156,13 +151,13 @@ module ActiveStorageValidations
     end
 
     def read_file_path
-      case file
+      case attachable
       when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile
-        file.path
+        attachable.path
       when Hash
-        io = file.fetch(:io)
+        io = attachable.fetch(:io)
         if io.is_a?(StringIO)
-          tempfile = Tempfile.new([File.basename(file[:filename], '.*'), File.extname(file[:filename])])
+          tempfile = Tempfile.new([File.basename(attachable[:filename], '.*'), File.extname(attachable[:filename])])
           tempfile.binmode
           IO.copy_stream(io, tempfile)
           io.rewind
@@ -172,6 +167,10 @@ module ActiveStorageValidations
         else
           File.open(io).path
         end
+      when File
+        attachable.path
+      when Pathname
+        attachable.to_s
       else
         raise "Something wrong with params."
       end

data/lib/active_storage_validations/processable_image_validator.rb

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
 require_relative 'concerns/active_storageable.rb'
+require_relative 'concerns/attachable.rb'
 require_relative 'concerns/errorable.rb'
-require_relative 'concerns/metadatable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class ProcessableImageValidator < ActiveModel::EachValidator # :nodoc
     include ActiveStorageable
+    include Attachable
     include Errorable
-    include Metadatable
     include Symbolizable
 
     ERROR_TYPES = %i[

data/lib/active_storage_validations/size_validator.rb

@@ -15,7 +15,7 @@ module ActiveStorageValidations
     def validate_each(record, attribute, _value)
       return if no_attachments?(record, attribute)
 
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+      flat_options = set_flat_options(record)
 
       attached_files(record, attribute).each do |file|
         next if is_valid?(file.blob.byte_size, flat_options)

data/lib/active_storage_validations/total_size_validator.rb

@@ -18,7 +18,7 @@ module ActiveStorageValidations
       return if no_attachments?(record, attribute)
 
       total_file_size = attached_files(record, attribute).sum { |file| file.blob.byte_size }
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+      flat_options = set_flat_options(record)
 
       return if is_valid?(total_file_size, flat_options)
 

data/lib/active_storage_validations/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActiveStorageValidations
-  VERSION = '1.3.0'
+  VERSION = '1.3.1'
 end

data/lib/active_storage_validations.rb

@@ -5,7 +5,6 @@ require 'active_support/concern'
 
 require 'active_storage_validations/railtie'
 require 'active_storage_validations/engine'
-require 'active_storage_validations/option_proc_unfolding'
 require 'active_storage_validations/attached_validator'
 require 'active_storage_validations/content_type_validator'
 require 'active_storage_validations/limit_validator'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: active_storage_validations
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Igor Kasyanchuk
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-20 00:00:00.000000000 Z
+date: 2024-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activejob
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 6.1.4
+- !ruby/object:Gem::Dependency
+  name: marcel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: combustion
   requirement: !ruby/object:Gem::Requirement
@@ -81,47 +95,73 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: marcel
+  name: mini_magick
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 4.9.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 4.9.5
 - !ruby/object:Gem::Dependency
-  name: mini_magick
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: minitest-mock_expectations
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.9.5
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.9.5
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
-  name: minitest-focus
+  name: minitest-stub_any_instance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -223,9 +263,10 @@ files:
 - lib/active_storage_validations/attached_validator.rb
 - lib/active_storage_validations/base_size_validator.rb
 - lib/active_storage_validations/concerns/active_storageable.rb
+- lib/active_storage_validations/concerns/attachable.rb
 - lib/active_storage_validations/concerns/errorable.rb
 - lib/active_storage_validations/concerns/loggable.rb
-- lib/active_storage_validations/concerns/metadatable.rb
+- lib/active_storage_validations/concerns/optionable.rb
 - lib/active_storage_validations/concerns/symbolizable.rb
 - lib/active_storage_validations/content_type_spoof_detector.rb
 - lib/active_storage_validations/content_type_validator.rb
@@ -251,7 +292,6 @@ files:
 - lib/active_storage_validations/matchers/size_validator_matcher.rb
 - lib/active_storage_validations/matchers/total_size_validator_matcher.rb
 - lib/active_storage_validations/metadata.rb
-- lib/active_storage_validations/option_proc_unfolding.rb
 - lib/active_storage_validations/processable_image_validator.rb
 - lib/active_storage_validations/railtie.rb
 - lib/active_storage_validations/size_validator.rb
@@ -278,7 +318,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Validations for Active Storage

data/lib/active_storage_validations/concerns/metadatable.rb

@@ -1,31 +0,0 @@
-require_relative '../metadata'
-
-module ActiveStorageValidations
-  # ActiveStorageValidations::Metadatable
-  #
-  # Validator methods for analyzing the attachment metadata.
-  module Metadatable
-    extend ActiveSupport::Concern
-
-    private
-
-    # Loop through the newly submitted attachables to validate them
-    def validate_changed_files_from_metadata(record, attribute)
-      attachables_from_changes(record, attribute).each do |attachable|
-        is_valid?(record, attribute, attachable, Metadata.new(attachable).metadata)
-      end
-    end
-
-    # Retrieve an array of newly submitted attachables which are file
-    # representations such as ActiveStorage::Blob, ActionDispatch::Http::UploadedFile,
-    # Rack::Test::UploadedFile, Hash, String, File or Pathname
-    def attachables_from_changes(record, attribute)
-      changes = record.attachment_changes[attribute.to_s]
-      return [] if changes.blank?
-
-      Array.wrap(
-        changes.is_a?(ActiveStorage::Attached::Changes::CreateMany) ? changes.attachables : changes.attachable
-      )
-    end
-  end
-end

data/lib/active_storage_validations/option_proc_unfolding.rb

@@ -1,16 +0,0 @@
-module ActiveStorageValidations
-  module OptionProcUnfolding
-
-    def unfold_procs(record, object, only_keys)
-      case object
-      when Hash
-        object.merge(object) { |key, value| only_keys&.exclude?(key) ? {} : unfold_procs(record, value, nil) }
-      when Array
-        object.map { |o| unfold_procs(record, o, only_keys) }
-      else
-        object.is_a?(Proc) ? object.call(record) : object
-      end
-    end
-
-  end
-end