activemodel 3.2.22.5 → 4.0.0.beta1

data/lib/active_model/validations/absence.rb

@@ -0,0 +1,31 @@
+module ActiveModel
+  module Validations
+    # == Active Model Absence Validator
+    class AbsenceValidator < EachValidator #:nodoc:
+      def validate_each(record, attr_name, value)
+        record.errors.add(attr_name, :present, options) if value.present?
+      end
+    end
+
+    module HelperMethods
+      # Validates that the specified attributes are blank (as defined by
+      # Object#blank?). Happens by default on save.
+      #
+      #   class Person < ActiveRecord::Base
+      #     validates_absence_of :first_name
+      #   end
+      #
+      # The first_name attribute must be in the object and it must be blank.
+      #
+      # Configuration options:
+      # * <tt>:message</tt> - A custom error message (default is: "must be blank").
+      #
+      # There is also a list of default options supported by every validator:
+      # +:if+, +:unless+, +:on+ and +:strict+.
+      # See <tt>ActiveModel::Validation#validates</tt> for more information
+      def validates_absence_of(*attr_names)
+        validates_with AbsenceValidator, _merge_attributes(attr_names)
+      end
+    end
+  end
+end

data/lib/active_model/validations/acceptance.rb

@@ -1,9 +1,9 @@
 module ActiveModel
-  # == Active Model Acceptance Validator
+
   module Validations
-    class AcceptanceValidator < EachValidator
+    class AcceptanceValidator < EachValidator # :nodoc:
       def initialize(options)
-        super(options.reverse_merge(:allow_nil => true, :accept => "1"))
+        super({ :allow_nil => true, :accept => "1" }.merge!(options))
       end
 
       def validate_each(record, attribute, value)
@@ -22,11 +22,11 @@ module ActiveModel
 
     module HelperMethods
       # Encapsulates the pattern of wanting to validate the acceptance of a
-      # terms of service check box (or similar agreement). Example:
+      # terms of service check box (or similar agreement).
       #
       #   class Person < ActiveRecord::Base
       #     validates_acceptance_of :terms_of_service
-      #     validates_acceptance_of :eula, :message => "must be abided"
+      #     validates_acceptance_of :eula, message: 'must be abided'
       #   end
       #
       # If the database column does not exist, the +terms_of_service+ attribute
@@ -36,29 +36,17 @@ module ActiveModel
       # Configuration options:
       # * <tt>:message</tt> - A custom error message (default is: "must be
       #   accepted").
-      # * <tt>:on</tt> - Specifies when this validation is active. Runs in all
-      #   validation contexts by default (+nil+), other options are <tt>:create</tt>
-      #   and <tt>:update</tt>.
       # * <tt>:allow_nil</tt> - Skip validation if attribute is +nil+ (default
-      #   is true).
+      #   is +true+).
       # * <tt>:accept</tt> - Specifies value that is considered accepted.
       #   The default value is a string "1", which makes it easy to relate to
       #   an HTML checkbox. This should be set to +true+ if you are validating
       #   a database column, since the attribute is typecast from "1" to +true+
       #   before validation.
-      # * <tt>:if</tt> - Specifies a method, proc or string to call to determine
-      #   if the validation should occur (e.g. <tt>:if => :allow_validation</tt>,
-      #   or <tt>:if => Proc.new { |user| user.signup_step > 2 }</tt>). The
-      #   method, proc or string should return or evaluate to a true or false
-      #   value.
-      # * <tt>:unless</tt> - Specifies a method, proc or string to call to
-      #   determine if the validation should not occur (for example,
-      #   <tt>:unless => :skip_validation</tt>, or
-      #   <tt>:unless => Proc.new { |user| user.signup_step <= 2 }</tt>).
-      #   The method, proc or string should return or evaluate to a true or
-      #   false value.
-      # * <tt>:strict</tt> - Specifies whether validation should be strict. 
-      #   See <tt>ActiveModel::Validation#validates!</tt> for more information.
+      #
+      # There is also a list of default options supported by every validator:
+      # +:if+, +:unless+, +:on+ and +:strict+.
+      # See <tt>ActiveModel::Validation#validates</tt> for more information
       def validates_acceptance_of(*attr_names)
         validates_with AcceptanceValidator, _merge_attributes(attr_names)
       end

data/lib/active_model/validations/callbacks.rb

@@ -1,47 +1,100 @@
-require 'active_support/callbacks'
-
 module ActiveModel
   module Validations
+    # == Active \Model Validation Callbacks
+    #
+    # Provides an interface for any class to have +before_validation+ and
+    # +after_validation+ callbacks.
+    #
+    # First, include ActiveModel::Validations::Callbacks from the class you are
+    # creating:
+    #
+    #   class MyModel
+    #     include ActiveModel::Validations::Callbacks
+    #
+    #     before_validation :do_stuff_before_validation
+    #     after_validation  :do_stuff_after_validation
+    #   end
+    #
+    # Like other <tt>before_*</tt> callbacks if +before_validation+ returns
+    # +false+ then <tt>valid?</tt> will not be called.
     module Callbacks
-      # == Active Model Validation callbacks
-      #
-      # Provides an interface for any class to have <tt>before_validation</tt> and
-      # <tt>after_validation</tt> callbacks.
-      #
-      # First, extend ActiveModel::Callbacks from the class you are creating:
-      #
-      #   class MyModel
-      #     include ActiveModel::Validations::Callbacks
-      #
-      #     before_validation :do_stuff_before_validation
-      #     after_validation  :do_stuff_after_validation
-      #   end
-      #
-      #   Like other before_* callbacks if <tt>before_validation</tt> returns false
-      #   then <tt>valid?</tt> will not be called.
       extend ActiveSupport::Concern
 
       included do
         include ActiveSupport::Callbacks
-        define_callbacks :validation, :terminator => "result == false", :scope => [:kind, :name]
+        define_callbacks :validation, :terminator => "result == false", :skip_after_callbacks_if_terminated => true, :scope => [:kind, :name]
       end
 
       module ClassMethods
+        # Defines a callback that will get called right before validation
+        # happens.
+        #
+        #   class Person
+        #     include ActiveModel::Validations
+        #     include ActiveModel::Validations::Callbacks
+        #
+        #     attr_accessor :name
+        #
+        #     validates_length_of :name, maximum: 6
+        #
+        #     before_validation :remove_whitespaces
+        #
+        #     private
+        #
+        #     def remove_whitespaces
+        #       name.strip!
+        #     end
+        #   end
+        #
+        #   person = Person.new
+        #   person.name = '  bob  '
+        #   person.valid? # => true
+        #   person.name   # => "bob"
         def before_validation(*args, &block)
           options = args.last
           if options.is_a?(Hash) && options[:on]
-            options[:if] = Array.wrap(options[:if])
-            options[:if].unshift("self.validation_context == :#{options[:on]}")
+            options[:if] = Array(options[:if])
+            options[:on] = Array(options[:on])
+            options[:if].unshift("#{options[:on]}.include? self.validation_context")
           end
           set_callback(:validation, :before, *args, &block)
         end
 
+        # Defines a callback that will get called right after validation
+        # happens.
+        #
+        #   class Person
+        #     include ActiveModel::Validations
+        #     include ActiveModel::Validations::Callbacks
+        #
+        #     attr_accessor :name, :status
+        #
+        #     validates_presence_of :name
+        #
+        #     after_validation :set_status
+        #
+        #     private
+        #
+        #     def set_status
+        #       self.status = errors.empty?
+        #     end
+        #   end
+        #
+        #   person = Person.new
+        #   person.name = ''
+        #   person.valid? # => false
+        #   person.status # => false
+        #   person.name = 'bob'
+        #   person.valid? # => true
+        #   person.status # => true
         def after_validation(*args, &block)
           options = args.extract_options!
           options[:prepend] = true
-          options[:if] = Array.wrap(options[:if])
-          options[:if] << "!halted"
-          options[:if].unshift("self.validation_context == :#{options[:on]}") if options[:on]
+          options[:if] = Array(options[:if])
+          if options[:on]
+            options[:on] = Array(options[:on])
+            options[:if].unshift("#{options[:on]}.include? self.validation_context")
+          end
           set_callback(:validation, :after, *(args << options), &block)
         end
       end
@@ -49,7 +102,7 @@ module ActiveModel
     protected
 
       # Overwrite run validations to include callbacks.
-      def run_validations!
+      def run_validations! #:nodoc:
         run_callbacks(:validation) { super }
       end
     end

data/lib/active_model/validations/clusivity.rb

@@ -0,0 +1,41 @@
+require 'active_support/core_ext/range'
+
+module ActiveModel
+  module Validations
+    module Clusivity #:nodoc:
+      ERROR_MESSAGE = "An object with the method #include? or a proc, lambda or symbol is required, " \
+                      "and must be supplied as the :in (or :within) option of the configuration hash"
+
+      def check_validity!
+        unless delimiter.respond_to?(:include?) || delimiter.respond_to?(:call) || delimiter.respond_to?(:to_sym)
+          raise ArgumentError, ERROR_MESSAGE
+        end
+      end
+
+    private
+
+      def include?(record, value)
+        exclusions = if delimiter.respond_to?(:call)
+                       delimiter.call(record)
+                     elsif delimiter.respond_to?(:to_sym)
+                       record.send(delimiter)
+                     else
+                       delimiter
+                     end
+
+        exclusions.send(inclusion_method(exclusions), value)
+      end
+
+      def delimiter
+        @delimiter ||= options[:in] || options[:within]
+      end
+
+      # In Ruby 1.9 <tt>Range#include?</tt> on non-numeric ranges checks all possible values in the
+      # range for equality, so it may be slow for large ranges. The new <tt>Range#cover?</tt>
+      # uses the previous logic of comparing a value with the range endpoints.
+      def inclusion_method(enumerable)
+        enumerable.is_a?(Range) ? :cover? : :include?
+      end
+    end
+  end
+end

data/lib/active_model/validations/confirmation.rb

@@ -1,10 +1,11 @@
 module ActiveModel
-  # == Active Model Confirmation Validator
+
   module Validations
-    class ConfirmationValidator < EachValidator
+    class ConfirmationValidator < EachValidator # :nodoc:
       def validate_each(record, attribute, value)
         if (confirmed = record.send("#{attribute}_confirmation")) && (value != confirmed)
-          record.errors.add(attribute, :confirmation, options)
+          human_attribute_name = record.class.human_attribute_name(attribute)
+          record.errors.add(:"#{attribute}_confirmation", :confirmation, options.merge(:attribute => human_attribute_name))
         end
       end
 
@@ -17,13 +18,13 @@ module ActiveModel
 
     module HelperMethods
       # Encapsulates the pattern of wanting to validate a password or email
-      # address field with a confirmation. For example:
+      # address field with a confirmation.
       #
       #   Model:
       #     class Person < ActiveRecord::Base
       #       validates_confirmation_of :user_name, :password
       #       validates_confirmation_of :email_address,
-      #                                 :message => "should match confirmation"
+      #                                 message: 'should match confirmation'
       #     end
       #
       #   View:
@@ -36,29 +37,18 @@ module ActiveModel
       # attribute.
       #
       # NOTE: This check is performed only if +password_confirmation+ is not
-      # +nil+, and by default only on save. To require confirmation, make sure
-      # to add a presence check for the confirmation attribute:
+      # +nil+. To require confirmation, make sure to add a presence check for
+      # the confirmation attribute:
       #
-      #   validates_presence_of :password_confirmation, :if => :password_changed?
+      #   validates_presence_of :password_confirmation, if: :password_changed?
       #
       # Configuration options:
       # * <tt>:message</tt> - A custom error message (default is: "doesn't match
       #   confirmation").
-      # * <tt>:on</tt> - Specifies when this validation is active. Runs in all
-      #   validation contexts by default (+nil+), other options are <tt>:create</tt>
-      #   and <tt>:update</tt>.
-      # * <tt>:if</tt> - Specifies a method, proc or string to call to determine
-      #   if the validation should occur (e.g. <tt>:if => :allow_validation</tt>,
-      #   or <tt>:if => Proc.new { |user| user.signup_step > 2 }</tt>). The
-      #   method, proc or string should return or evaluate to a true or false
-      #   value.
-      # * <tt>:unless</tt> - Specifies a method, proc or string to call to
-      #   determine if the validation should not occur (e.g.
-      #   <tt>:unless => :skip_validation</tt>, or
-      #   <tt>:unless => Proc.new { |user| user.signup_step <= 2 }</tt>). The
-      #   method, proc or string should return or evaluate to a true or false value.
-      # * <tt>:strict</tt> - Specifies whether validation should be strict. 
-      #   See <tt>ActiveModel::Validation#validates!</tt> for more information.
+      #
+      # There is also a list of default options supported by every validator:
+      # +:if+, +:unless+, +:on+ and +:strict+.
+      # See <tt>ActiveModel::Validation#validates</tt> for more information
       def validates_confirmation_of(*attr_names)
         validates_with ConfirmationValidator, _merge_attributes(attr_names)
       end

data/lib/active_model/validations/exclusion.rb

@@ -1,76 +1,47 @@
-require 'active_support/core_ext/range'
+require "active_model/validations/clusivity"
 
 module ActiveModel
-  # == Active Model Exclusion Validator
-  module Validations
-    class ExclusionValidator < EachValidator
-      ERROR_MESSAGE = "An object with the method #include? or a proc or lambda is required, " <<
-                      "and must be supplied as the :in (or :within) option of the configuration hash"
 
-      def check_validity!
-        unless [:include?, :call].any? { |method| delimiter.respond_to?(method) }
-          raise ArgumentError, ERROR_MESSAGE
-        end
-      end
+  module Validations
+    class ExclusionValidator < EachValidator # :nodoc:
+      include Clusivity
 
       def validate_each(record, attribute, value)
-        exclusions = delimiter.respond_to?(:call) ? delimiter.call(record) : delimiter
-        if exclusions.send(inclusion_method(exclusions), value)
+        if include?(record, value)
           record.errors.add(attribute, :exclusion, options.except(:in, :within).merge!(:value => value))
         end
       end
-
-    private
-
-      def delimiter
-        @delimiter ||= options[:in] || options[:within]
-      end
-
-      # In Ruby 1.9 <tt>Range#include?</tt> on non-numeric ranges checks all possible
-      # values in the range for equality, so it may be slow for large ranges. The new
-      # <tt>Range#cover?</tt> uses the previous logic of comparing a value with the
-      # range endpoints.
-      def inclusion_method(enumerable)
-        enumerable.is_a?(Range) ? :cover? : :include?
-      end
     end
 
     module HelperMethods
-      # Validates that the value of the specified attribute is not in a particular
-      # enumerable object.
+      # Validates that the value of the specified attribute is not in a
+      # particular enumerable object.
       #
       #   class Person < ActiveRecord::Base
-      #     validates_exclusion_of :username, :in => %w( admin superuser ), :message => "You don't belong here"
-      #     validates_exclusion_of :age, :in => 30..60, :message => "This site is only for under 30 and over 60"
-      #     validates_exclusion_of :format, :in => %w( mov avi ), :message => "extension %{value} is not allowed"
-      #     validates_exclusion_of :password, :in => lambda { |p| [p.username, p.first_name] },
-      #                            :message => "should not be the same as your username or first name"
+      #     validates_exclusion_of :username, in: %w( admin superuser ), message: "You don't belong here"
+      #     validates_exclusion_of :age, in: 30..60, message: 'This site is only for under 30 and over 60'
+      #     validates_exclusion_of :format, in: %w( mov avi ), message: "extension %{value} is not allowed"
+      #     validates_exclusion_of :password, in: ->(person) { [person.username, person.first_name] },
+      #                            message: 'should not be the same as your username or first name'
+      #     validates_exclusion_of :karma, in: :reserved_karmas
       #   end
       #
       # Configuration options:
-      # * <tt>:in</tt> - An enumerable object of items that the value shouldn't be
-      #   part of. This can be supplied as a proc or lambda which returns an enumerable.
-      #   If the enumerable is a range the test is performed with <tt>Range#cover?</tt>
-      #   (backported in Active Support for 1.8), otherwise with <tt>include?</tt>.
+      # * <tt>:in</tt> - An enumerable object of items that the value shouldn't
+      #   be part of. This can be supplied as a proc, lambda or symbol which returns an
+      #   enumerable. If the enumerable is a range the test is performed with
       # * <tt>:within</tt> - A synonym(or alias) for <tt>:in</tt>
-      # * <tt>:message</tt> - Specifies a custom error message (default is: "is reserved").
-      # * <tt>:allow_nil</tt> - If set to true, skips this validation if the attribute
-      #   is +nil+ (default is +false+).
+      #   <tt>Range#cover?</tt>, otherwise with <tt>include?</tt>.
+      # * <tt>:message</tt> - Specifies a custom error message (default is: "is
+      #   reserved").
+      # * <tt>:allow_nil</tt> - If set to true, skips this validation if the
+      #   attribute is +nil+ (default is +false+).
       # * <tt>:allow_blank</tt> - If set to true, skips this validation if the
-      #   attribute is blank (default is +false+).
-      # * <tt>:on</tt> - Specifies when this validation is active. Runs in all
-      #   validation contexts by default (+nil+), other options are <tt>:create</tt>
-      #   and <tt>:update</tt>.
-      # * <tt>:if</tt> - Specifies a method, proc or string to call to determine if the
-      #   validation should occur (e.g. <tt>:if => :allow_validation</tt>, or
-      #   <tt>:if => Proc.new { |user| user.signup_step > 2 }</tt>). The method, proc
-      #   or string should return or evaluate to a true or false value.
-      # * <tt>:unless</tt> - Specifies a method, proc or string to call to determine if
-      #   the validation should not occur (e.g. <tt>:unless => :skip_validation</tt>,
-      #   or <tt>:unless => Proc.new { |user| user.signup_step <= 2 }</tt>). The method,
-      #   proc or string should return or evaluate to a true or false value.
-      # * <tt>:strict</tt> - Specifies whether validation should be strict.
-      #   See <tt>ActiveModel::Validation#validates!</tt> for more information.
+      #   attribute is blank(default is +false+).
+      #
+      # There is also a list of default options supported by every validator:
+      # +:if+, +:unless+, +:on+ and +:strict+.
+      # See <tt>ActiveModel::Validation#validates</tt> for more information
       def validates_exclusion_of(*attr_names)
         validates_with ExclusionValidator, _merge_attributes(attr_names)
       end

data/lib/active_model/validations/format.rb

@@ -1,7 +1,7 @@
 module ActiveModel
-  # == Active Model Format Validator
+
   module Validations
-    class FormatValidator < EachValidator
+    class FormatValidator < EachValidator # :nodoc:
       def validate_each(record, attribute, value)
         if options[:with]
           regexp = option_call(record, :with)
@@ -32,28 +32,38 @@ module ActiveModel
         record.errors.add(attribute, :invalid, options.except(name).merge!(:value => value))
       end
 
+      def regexp_using_multiline_anchors?(regexp)
+        regexp.source.start_with?("^") ||
+          (regexp.source.end_with?("$") && !regexp.source.end_with?("\\$"))
+      end
+
       def check_options_validity(options, name)
         option = options[name]
         if option && !option.is_a?(Regexp) && !option.respond_to?(:call)
           raise ArgumentError, "A regular expression or a proc or lambda must be supplied as :#{name}"
+        elsif option && option.is_a?(Regexp) &&
+              regexp_using_multiline_anchors?(option) && options[:multiline] != true
+          raise ArgumentError, "The provided regular expression is using multiline anchors (^ or $), " \
+          "which may present a security risk. Did you mean to use \\A and \\z, or forgot to add the " \
+          ":multiline => true option?"
         end
       end
     end
 
     module HelperMethods
-      # Validates whether the value of the specified attribute is of the correct form,
-      # going by the regular expression provided. You can require that the attribute
-      # matches the regular expression:
+      # Validates whether the value of the specified attribute is of the correct
+      # form, going by the regular expression provided.You can require that the
+      # attribute matches the regular expression:
       #
       #   class Person < ActiveRecord::Base
-      #     validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :on => :create
+      #     validates_format_of :email, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, on: :create
       #   end
       #
-      # Alternatively, you can require that the specified attribute does _not_ match
-      # the regular expression:
+      # Alternatively, you can require that the specified attribute does _not_
+      # match the regular expression:
       #
       #   class Person < ActiveRecord::Base
-      #     validates_format_of :email, :without => /NOSPAM/
+      #     validates_format_of :email, without: /NOSPAM/
       #   end
       #
       # You can also provide a proc or lambda which will determine the regular
@@ -62,41 +72,41 @@ module ActiveModel
       #   class Person < ActiveRecord::Base
       #     # Admin can have number as a first letter in their screen name
       #     validates_format_of :screen_name,
-      #                         :with => lambda{ |person| person.admin? ? /\A[a-z0-9][a-z0-9_\-]*\Z/i : /\A[a-z][a-z0-9_\-]*\Z/i }
+      #                         with: ->(person) { person.admin? ? /\A[a-z0-9][a-z0-9_\-]*\z/i : /\A[a-z][a-z0-9_\-]*\z/i }
       #   end
       #
-      # Note: use <tt>\A</tt> and <tt>\Z</tt> to match the start and end of the string,
-      # <tt>^</tt> and <tt>$</tt> match the start/end of a line.
+      # Note: use <tt>\A</tt> and <tt>\Z</tt> to match the start and end of the
+      # string, <tt>^</tt> and <tt>$</tt> match the start/end of a line.
       #
-      # You must pass either <tt>:with</tt> or <tt>:without</tt> as an option. In
-      # addition, both must be a regular expression or a proc or lambda, or else an
-      # exception will be raised.
+      # Due to frequent misuse of <tt>^</tt> and <tt>$</tt>, you need to pass
+      # the <tt>multiline: true</tt> option in case you use any of these two
+      # anchors in the provided regular expression. In most cases, you should be
+      # using <tt>\A</tt> and <tt>\z</tt>.
+      #
+      # You must pass either <tt>:with</tt> or <tt>:without</tt> as an option.
+      # In addition, both must be a regular expression or a proc or lambda, or
+      # else an exception will be raised.
       #
       # Configuration options:
       # * <tt>:message</tt> - A custom error message (default is: "is invalid").
-      # * <tt>:allow_nil</tt> - If set to true, skips this validation if the attribute
-      #   is +nil+ (default is +false+).
+      # * <tt>:allow_nil</tt> - If set to true, skips this validation if the
+      #   attribute is +nil+ (default is +false+).
       # * <tt>:allow_blank</tt> - If set to true, skips this validation if the
       #   attribute is blank (default is +false+).
       # * <tt>:with</tt> - Regular expression that if the attribute matches will
-      #   result in a successful validation. This can be provided as a proc or lambda
-      #   returning regular expression which will be called at runtime.
-      # * <tt>:without</tt> - Regular expression that if the attribute does not match
-      #   will result in a successful validation. This can be provided as a proc or
+      #   result in a successful validation. This can be provided as a proc or
       #   lambda returning regular expression which will be called at runtime.
-      # * <tt>:on</tt> - Specifies when this validation is active. Runs in all
-      #   validation contexts by default (+nil+), other options are <tt>:create</tt>
-      #   and <tt>:update</tt>.
-      # * <tt>:if</tt> - Specifies a method, proc or string to call to determine if the
-      #   validation should occur (e.g. <tt>:if => :allow_validation</tt>, or
-      #   <tt>:if => Proc.new { |user| user.signup_step > 2 }</tt>). The method, proc
-      #   or string should return or evaluate to a true or false value.
-      # * <tt>:unless</tt> - Specifies a method, proc or string to call to determine if
-      #   the validation should not occur (e.g. <tt>:unless => :skip_validation</tt>,
-      #   or <tt>:unless => Proc.new { |user| user.signup_step <= 2 }</tt>). The method,
-      #   proc or string should return or evaluate to a true or false value.
-      # * <tt>:strict</tt> - Specifies whether validation should be strict. 
-      #   See <tt>ActiveModel::Validation#validates!</tt> for more information.
+      # * <tt>:without</tt> - Regular expression that if the attribute does not
+      #   match will result in a successful validation. This can be provided as
+      #   a proc or lambda returning regular expression which will be called at
+      #   runtime.
+      # * <tt>:multiline</tt> - Set to true if your regular expression contains
+      #   anchors that match the beginning or end of lines as opposed to the
+      #   beginning or end of the string. These anchors are <tt>^</tt> and <tt>$</tt>.
+      #
+      # There is also a list of default options supported by every validator:
+      # +:if+, +:unless+, +:on+ and +:strict+.
+      # See <tt>ActiveModel::Validation#validates</tt> for more information
       def validates_format_of(*attr_names)
         validates_with FormatValidator, _merge_attributes(attr_names)
       end