active_storage_validations 1.3.0 → 1.3.4

data/lib/active_storage_validations/content_type_validator.rb

@@ -1,16 +1,19 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
-require_relative 'content_type_spoof_detector.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_errorable'
+require_relative 'shared/asv_optionable'
+require_relative 'shared/asv_symbolizable'
+require_relative 'content_type_spoof_detector'
 
 module ActiveStorageValidations
   class ContentTypeValidator < ActiveModel::EachValidator # :nodoc:
-    include ActiveStorageable
-    include OptionProcUnfolding
-    include Errorable
-    include Symbolizable
+    include ASVActiveStorageable
+    include ASVAttachable
+    include ASVErrorable
+    include ASVOptionable
+    include ASVSymbolizable
 
     AVAILABLE_CHECKS = %i[with in].freeze
     ERROR_TYPES = %i[
@@ -26,18 +29,20 @@ module ActiveStorageValidations
     def validate_each(record, attribute, _value)
       return if no_attachments?(record, attribute)
 
-      types = authorized_types(record)
-      return if types.empty?
+      @authorized_content_types = authorized_content_types_from_options(record)
+      return if @authorized_content_types.empty?
 
-      attached_files(record, attribute).each do |file|
-        is_valid?(record, attribute, file, types)
+      attachables_from_changes(record, attribute).each do |attachable|
+        set_attachable_cached_values(attachable)
+        is_valid?(record, attribute, attachable)
       end
     end
 
     private
 
-    def authorized_types(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+    def authorized_content_types_from_options(record)
+      flat_options = set_flat_options(record)
+
       (Array.wrap(flat_options[:with]) + Array.wrap(flat_options[:in])).compact.map do |type|
         case type
         when String, Symbol then Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
@@ -46,47 +51,58 @@ module ActiveStorageValidations
       end
     end
 
-    def types_to_human_format(types)
-      types
-        .map { |type| type.is_a?(Regexp) ? type.source : type.to_s.split('/').last.upcase }
-        .join(', ')
-    end
-
-    def content_type(file)
-      # We remove potential mime type parameters
-      file.blob.present? && file.blob.content_type.downcase.split(/[;,\s]/, 2).first
+    def set_attachable_cached_values(attachable)
+      @attachable_content_type = attachable_content_type(attachable)
+      @attachable_filename = attachable_filename(attachable).to_s
     end
 
-    def is_valid?(record, attribute, file, types)
-      file_type_in_authorized_types?(record, attribute, file, types) &&
-        not_spoofing_content_type?(record, attribute, file)
+    # Check if the provided content_type is authorized and not spoofed against
+    # the file io.
+    def is_valid?(record, attribute, attachable)
+      authorized_content_type?(record, attribute, attachable) &&
+        not_spoofing_content_type?(record, attribute, attachable)
     end
 
-    def file_type_in_authorized_types?(record, attribute, file, types)
-      file_type = content_type(file)
-      file_type_is_authorized = types.any? do |type|
-        case type
-        when String then type == file_type
-        when Regexp then type.match?(file_type.to_s)
+    # Dead code that we keep here for some time, maybe we will find a solution
+    # to this check later? (November 2024)
+    #
+    # We do not perform any validations against the extension because it is an
+    # unreliable source of truth. For example, a `.csv` file could have its
+    # `text/csv` content_type changed to  `application/vnd.ms-excel` because
+    # it had been opened by Excel at some point, making the file extension vs
+    # file content_type check invalid.
+    # def extension_matches_content_type?(record, attribute, attachable)
+    #   return true if !@attachable_filename || !@attachable_content_type
+
+    #   extension = @attachable_filename.split('.').last
+    #   possible_extensions = Marcel::TYPE_EXTS[@attachable_content_type]
+    #   return true if possible_extensions && extension.downcase.in?(possible_extensions)
+
+    #   errors_options = initialize_and_populate_error_options(options, attachable)
+    #   add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+    #   false
+    # end
+
+    def authorized_content_type?(record, attribute, attachable)
+      attachable_content_type_is_authorized = @authorized_content_types.any? do |authorized_content_type|
+        case authorized_content_type
+        when String then authorized_content_type == marcel_attachable_content_type(attachable)
+        when Regexp then authorized_content_type.match?(marcel_attachable_content_type(attachable).to_s)
         end
       end
 
-      if file_type_is_authorized
-        true
-      else
-        errors_options = initialize_error_options(options, file)
-        errors_options[:authorized_types] = types_to_human_format(types)
-        errors_options[:content_type] = content_type(file)
-        add_error(record, attribute, ERROR_TYPES.first, **errors_options)
-        false
-      end
+      return true if attachable_content_type_is_authorized
+
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+      false
     end
 
-    def not_spoofing_content_type?(record, attribute, file)
+    def not_spoofing_content_type?(record, attribute, attachable)
       return true unless enable_spoofing_protection?
 
-      if ContentTypeSpoofDetector.new(record, attribute, file).spoofed?
-        errors_options = initialize_error_options(options, file)
+      if ContentTypeSpoofDetector.new(record, attribute, attachable).spoofed?
+        errors_options = initialize_error_options(options, attachable)
         add_error(record, attribute, ERROR_TYPES.second, **errors_options)
         false
       else
@@ -94,6 +110,37 @@ module ActiveStorageValidations
       end
     end
 
+    def marcel_attachable_content_type(attachable)
+      Marcel::MimeType.for(declared_type: @attachable_content_type, name: @attachable_filename)
+    end
+
+    def enable_spoofing_protection?
+      options[:spoofing_protection] == true
+    end
+
+    def initialize_and_populate_error_options(options, attachable)
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:content_type] = @attachable_content_type
+      errors_options[:human_content_type] = content_type_to_human_format(@attachable_content_type)
+      errors_options[:authorized_types] = content_type_to_human_format(@authorized_content_types)
+      errors_options
+    end
+
+    def content_type_to_human_format(content_type)
+      Array(content_type)
+        .map do |content_type|
+          case content_type
+          when String, Symbol
+            content_type.to_s.match?(/\//) ? Marcel::TYPE_EXTS[content_type.to_s]&.first&.upcase : content_type.upcase
+          when Regexp
+            content_type.source
+          end
+        end
+        .flatten
+        .compact
+        .join(', ')
+    end
+
     def ensure_exactly_one_validator_option
       unless AVAILABLE_CHECKS.one? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass either :with or :in to the validator'
@@ -104,28 +151,39 @@ module ActiveStorageValidations
       return true if options[:with]&.is_a?(Proc) || options[:in]&.is_a?(Proc)
 
       ([options[:with]] || options[:in]).each do |content_type|
-        raise ArgumentError, invalid_content_type_message(content_type) if invalid_content_type?(content_type)
+        raise ArgumentError, invalid_content_type_option_message(content_type) if invalid_option?(content_type)
       end
     end
 
-    def invalid_content_type_message(content_type)
-      <<~ERROR_MESSAGE
-        You must pass valid content types to the validator
-        '#{content_type}' is not found in Marcel::EXTENSIONS mimes
-      ERROR_MESSAGE
+    def invalid_content_type_option_message(content_type)
+      if content_type.to_s.match?(/\//)
+        <<~ERROR_MESSAGE
+          You must pass valid content types to the validator
+          '#{content_type}' is not found in Marcel::TYPE_EXTS
+        ERROR_MESSAGE
+      else
+        <<~ERROR_MESSAGE
+          You must pass valid content types extensions to the validator
+          '#{content_type}' is not found in Marcel::EXTENSIONS
+        ERROR_MESSAGE
+      end
     end
 
-    def invalid_content_type?(content_type)
+    def invalid_option?(content_type)
       case content_type
       when String, Symbol
-        Marcel::MimeType.for(declared_type: content_type.to_s, extension: content_type.to_s) == 'application/octet-stream'
+        content_type.to_s.match?(/\//) ? invalid_content_type?(content_type) : invalid_extension?(content_type)
       when Regexp
         false # We always validate regexes
       end
     end
 
-    def enable_spoofing_protection?
-      options[:spoofing_protection] == true
+    def invalid_content_type?(content_type)
+      Marcel::TYPE_EXTS[content_type.to_s] == nil
+    end
+
+    def invalid_extension?(content_type)
+      Marcel::MimeType.for(extension: content_type.to_s) == 'application/octet-stream'
     end
   end
 end

data/lib/active_storage_validations/dimension_validator.rb

@@ -1,17 +1,18 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/metadatable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_errorable'
+require_relative 'shared/asv_optionable'
+require_relative 'shared/asv_symbolizable'
 
 module ActiveStorageValidations
   class DimensionValidator < ActiveModel::EachValidator # :nodoc
-    include ActiveStorageable
-    include Errorable
-    include OptionProcUnfolding
-    include Metadatable
-    include Symbolizable
+    include ASVActiveStorageable
+    include ASVAttachable
+    include ASVErrorable
+    include ASVOptionable
+    include ASVSymbolizable
 
     AVAILABLE_CHECKS = %i[width height min max].freeze
     ERROR_TYPES = %i[
@@ -122,7 +123,7 @@ module ActiveStorageValidations
     end
 
     def process_options(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+      flat_options = set_flat_options(record)
 
       [:width, :height].each do |length|
         if flat_options[length] and flat_options[length].is_a?(Hash)

data/lib/active_storage_validations/limit_validator.rb

@@ -1,15 +1,16 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/errorable.rb'
-require_relative 'concerns/symbolizable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_errorable'
+require_relative 'shared/asv_optionable'
+require_relative 'shared/asv_symbolizable'
 
 module ActiveStorageValidations
   class LimitValidator < ActiveModel::EachValidator # :nodoc:
-    include ActiveStorageable
-    include OptionProcUnfolding
-    include Errorable
-    include Symbolizable
+    include ASVActiveStorageable
+    include ASVErrorable
+    include ASVOptionable
+    include ASVSymbolizable
 
     AVAILABLE_CHECKS = %i[max min].freeze
     ERROR_TYPES = %i[
@@ -23,7 +24,7 @@ module ActiveStorageValidations
 
     def validate_each(record, attribute, _value)
       files = attached_files(record, attribute).reject(&:blank?)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+      flat_options = set_flat_options(record)
 
       return if files_count_valid?(files.count, flat_options)
 

data/lib/active_storage_validations/marcel_extensor.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Marcel::MimeType.extend "application/x-rar-compressed", parents: %(application/x-rar)
 Marcel::MimeType.extend "audio/x-hx-aac-adts", parents: %(audio/x-aac)
 Marcel::MimeType.extend "audio/x-m4a", parents: %(audio/mp4)

data/lib/active_storage_validations/matchers/aspect_ratio_validator_matcher.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/allow_blankable.rb'
-require_relative 'concerns/attachable.rb'
-require_relative 'concerns/contextable.rb'
-require_relative 'concerns/messageable.rb'
-require_relative 'concerns/rspecable.rb'
-require_relative 'concerns/validatable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_allow_blankable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_contextable'
+require_relative 'shared/asv_messageable'
+require_relative 'shared/asv_rspecable'
+require_relative 'shared/asv_validatable'
 
 module ActiveStorageValidations
   module Matchers
@@ -15,13 +15,13 @@ module ActiveStorageValidations
     end
 
     class AspectRatioValidatorMatcher
-      include ActiveStorageable
-      include AllowBlankable
-      include Attachable
-      include Contextable
-      include Messageable
-      include Rspecable
-      include Validatable
+      include ASVActiveStorageable
+      include ASVAllowBlankable
+      include ASVAttachable
+      include ASVContextable
+      include ASVMessageable
+      include ASVRspecable
+      include ASVValidatable
 
       def initialize(attribute_name)
         initialize_allow_blankable

data/lib/active_storage_validations/matchers/attached_validator_matcher.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/attachable.rb'
-require_relative 'concerns/contextable.rb'
-require_relative 'concerns/messageable.rb'
-require_relative 'concerns/rspecable.rb'
-require_relative 'concerns/validatable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_contextable'
+require_relative 'shared/asv_messageable'
+require_relative 'shared/asv_rspecable'
+require_relative 'shared/asv_validatable'
 
 module ActiveStorageValidations
   module Matchers
@@ -14,12 +14,12 @@ module ActiveStorageValidations
     end
 
     class AttachedValidatorMatcher
-      include ActiveStorageable
-      include Attachable
-      include Contextable
-      include Messageable
-      include Rspecable
-      include Validatable
+      include ASVActiveStorageable
+      include ASVAttachable
+      include ASVContextable
+      include ASVMessageable
+      include ASVRspecable
+      include ASVValidatable
 
       def initialize(attribute_name)
         initialize_contextable

data/lib/active_storage_validations/matchers/base_size_validator_matcher.rb

@@ -3,26 +3,26 @@
 # Big thank you to the paperclip validation matchers:
 # https://github.com/thoughtbot/paperclip/blob/v6.1.0/lib/paperclip/matchers/validate_attachment_size_matcher.rb
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/allow_blankable.rb'
-require_relative 'concerns/attachable.rb'
-require_relative 'concerns/contextable.rb'
-require_relative 'concerns/messageable.rb'
-require_relative 'concerns/rspecable.rb'
-require_relative 'concerns/validatable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_allow_blankable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_contextable'
+require_relative 'shared/asv_messageable'
+require_relative 'shared/asv_rspecable'
+require_relative 'shared/asv_validatable'
 
 module ActiveStorageValidations
   module Matchers
     class BaseSizeValidatorMatcher
       # BaseSizeValidatorMatcher is an abstract class and shouldn't be instantiated directly.
 
-      include ActiveStorageable
-      include AllowBlankable
-      include Attachable
-      include Contextable
-      include Messageable
-      include Rspecable
-      include Validatable
+      include ASVActiveStorageable
+      include ASVAllowBlankable
+      include ASVAttachable
+      include ASVContextable
+      include ASVMessageable
+      include ASVRspecable
+      include ASVValidatable
 
       def initialize(attribute_name)
         initialize_allow_blankable

data/lib/active_storage_validations/matchers/content_type_validator_matcher.rb

@@ -3,13 +3,13 @@
 # Big thank you to the paperclip validation matchers:
 # https://github.com/thoughtbot/paperclip/blob/v6.1.0/lib/paperclip/matchers/validate_attachment_content_type_matcher.rb
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/allow_blankable.rb'
-require_relative 'concerns/attachable.rb'
-require_relative 'concerns/contextable.rb'
-require_relative 'concerns/messageable.rb'
-require_relative 'concerns/rspecable.rb'
-require_relative 'concerns/validatable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_allow_blankable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_contextable'
+require_relative 'shared/asv_messageable'
+require_relative 'shared/asv_rspecable'
+require_relative 'shared/asv_validatable'
 
 module ActiveStorageValidations
   module Matchers
@@ -18,13 +18,13 @@ module ActiveStorageValidations
     end
 
     class ContentTypeValidatorMatcher
-      include ActiveStorageable
-      include AllowBlankable
-      include Attachable
-      include Contextable
-      include Messageable
-      include Rspecable
-      include Validatable
+      include ASVActiveStorageable
+      include ASVAllowBlankable
+      include ASVAttachable
+      include ASVContextable
+      include ASVMessageable
+      include ASVRspecable
+      include ASVValidatable
 
       def initialize(attribute_name)
         initialize_allow_blankable
@@ -32,7 +32,7 @@ module ActiveStorageValidations
         initialize_messageable
         initialize_rspecable
         @attribute_name = attribute_name
-        @allowed_types = @rejected_types = []
+        @allowed_content_types = @rejected_content_types = []
       end
 
       def description
@@ -45,13 +45,13 @@ module ActiveStorageValidations
         message.join("\n")
       end
 
-      def allowing(*types)
-        @allowed_types = types.flatten
+      def allowing(*content_types)
+        @allowed_content_types = content_types.flatten
         self
       end
 
-      def rejecting(*types)
-        @rejected_types = types.flatten
+      def rejecting(*content_types)
+        @rejected_content_types = content_types.flatten
         self
       end
 
@@ -62,21 +62,21 @@ module ActiveStorageValidations
           is_context_valid? &&
           is_allowing_blank? &&
           is_custom_message_valid? &&
-          all_allowed_types_allowed? &&
-          all_rejected_types_rejected?
+          all_allowed_content_types_allowed? &&
+          all_rejected_content_types_rejected?
       end
 
       protected
 
       def build_failure_message(message)
-        if @allowed_types_not_allowed.present?
-          message << "  the following content type#{'s' if @allowed_types.count > 1} should be allowed: :#{@allowed_types.join(", :")}"
-          message << "  but #{pluralize(@allowed_types_not_allowed)} rejected"
+        if @allowed_content_types_not_allowed.present?
+          message << "  the following content type#{'s' if @allowed_content_types.count > 1} should be allowed: :#{@allowed_content_types.join(", :")}"
+          message << "  but #{pluralize(@allowed_content_types_not_allowed)} rejected"
         end
 
-        if @rejected_types_not_rejected.present?
-          message << "  the following content type#{'s' if @rejected_types.count > 1} should be rejected: :#{@rejected_types.join(", :")}"
-          message << "  but #{pluralize(@rejected_types_not_rejected)} accepted"
+        if @rejected_content_types_not_rejected.present?
+          message << "  the following content type#{'s' if @rejected_content_types.count > 1} should be rejected: :#{@rejected_content_types.join(", :")}"
+          message << "  but #{pluralize(@rejected_content_types_not_rejected)} accepted"
         end
       end
 
@@ -88,25 +88,25 @@ module ActiveStorageValidations
         end
       end
 
-      def all_allowed_types_allowed?
-        @allowed_types_not_allowed ||= @allowed_types.reject { |type| type_allowed?(type) }
-        @allowed_types_not_allowed.empty?
+      def all_allowed_content_types_allowed?
+        @allowed_content_types_not_allowed ||= @allowed_content_types.reject { |type| type_allowed?(type) }
+        @allowed_content_types_not_allowed.empty?
       end
 
-      def all_rejected_types_rejected?
-        @rejected_types_not_rejected ||= @rejected_types.select { |type| type_allowed?(type) }
-        @rejected_types_not_rejected.empty?
+      def all_rejected_content_types_rejected?
+        @rejected_content_types_not_rejected ||= @rejected_content_types.select { |type| type_allowed?(type) }
+        @rejected_content_types_not_rejected.empty?
       end
 
-      def type_allowed?(type)
-        attach_file_of_type(type)
+      def type_allowed?(content_type)
+        attach_file_with_content_type(content_type)
         validate
         detach_file
         is_valid?
       end
 
-      def attach_file_of_type(type)
-        @subject.public_send(@attribute_name).attach(attachment_for(type))
+      def attach_file_with_content_type(content_type)
+        @subject.public_send(@attribute_name).attach(attachment_for(content_type))
       end
 
       def is_custom_message_valid?
@@ -121,13 +121,13 @@ module ActiveStorageValidations
         @subject.public_send(@attribute_name).attach(attachment_for('fake/fake'))
       end
 
-      def attachment_for(type)
-        suffix = type.to_s.split('/').last
+      def attachment_for(content_type)
+        suffix = Marcel::TYPE_EXTS[content_type.to_s]&.first || 'fake'
 
         {
           io: Tempfile.new('.'),
           filename: "test.#{suffix}",
-          content_type: type
+          content_type: content_type
         }
       end
 

data/lib/active_storage_validations/matchers/dimension_validator_matcher.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require_relative 'concerns/active_storageable.rb'
-require_relative 'concerns/allow_blankable.rb'
-require_relative 'concerns/attachable'
-require_relative 'concerns/contextable.rb'
-require_relative 'concerns/messageable.rb'
-require_relative 'concerns/rspecable.rb'
-require_relative 'concerns/validatable.rb'
+require_relative 'shared/asv_active_storageable'
+require_relative 'shared/asv_allow_blankable'
+require_relative 'shared/asv_attachable'
+require_relative 'shared/asv_contextable'
+require_relative 'shared/asv_messageable'
+require_relative 'shared/asv_rspecable'
+require_relative 'shared/asv_validatable'
 
 module ActiveStorageValidations
   module Matchers
@@ -15,13 +15,13 @@ module ActiveStorageValidations
     end
 
     class DimensionValidatorMatcher
-      include ActiveStorageable
-      include AllowBlankable
-      include Attachable
-      include Contextable
-      include Messageable
-      include Rspecable
-      include Validatable
+      include ASVActiveStorageable
+      include ASVAllowBlankable
+      include ASVAttachable
+      include ASVContextable
+      include ASVMessageable
+      include ASVRspecable
+      include ASVValidatable
 
       def initialize(attribute_name)
         initialize_allow_blankable