RubyGems - coercive - Versions diffs - 1.0.0 - Mend

coercive 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d1b6a873b4a86ca962a22d60630a4de5355b278b529fccbd2615a794a7a94448
+  data.tar.gz: 62f47d1f35c9d931935138872dace70a7c39d3eb090529f1f2886448dca2e4ad
+SHA512:
+  metadata.gz: d2d5f401306d119e14a761aa1937f6c5777f69458d9db1367d35bd2a02fcea8a2d41876db4331a0086af8ec49db00b3f892d3c76dbcbacd6d297edc836cfb3db
+  data.tar.gz: e5e4ffc4e9e7874807a2b3af33fb3f846752acce0e9748d06c79247e54f7120ffb38ac5a764c33a629ee05009c62154864f41f975a7fa19985f77b96caa5d53e

data/LICENSE ADDED

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2020 Theorem
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,201 @@
+# coercive
+`Coercive` is a Ruby library to validate and coerce user input.
+Define your coercion modules like this:
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, string(min: 1, max: 10), required
+end
+```
+Pass in your user input and you'll get back validated and coerced attributes:
+```ruby
+attributes = CoerceFoo.call("foo" => "bar")
+attributes["foo"]
+# => "bar"
+CoerceFoo.call("foo" => "more than 10 chars long")
+# => Coercive::Error: {"foo"=>"too_long"}
+CoerceFoo.call("bar" => "foo is not here")
+# => Coercive::Error: {"foo"=>"not_present", "bar"=>"unknown"}
+```
+`Coercive`'s single entry-point is the `call` method that receives a `Hash`. It will compare each key-value pair against the definitions provided by the `attribute` method.
+The `attribute` functions takes three arguments:
+* The first one is the name of the attribute.
+* The second one is a coerce function. Coercive comes with many available, and you can always write your own.
+* The third one is a fetch function, used to look up the attribute in the input `Hash`.
+## Fetch functions
+As you saw in the example above, `required` is one of the three fetch functions available. Let's get into each of them and how they work.
+### `required`
+As the name says, `Coercive` will raise an error if the input lacks the attribute, and add the `"not_present"` error code.
+```ruby
+CoerceFoo.call("bar" => "foo is not here")
+# => Coercive::Error: {"foo"=>"not_present", "bar"=>"unknown"}
+```
+### `optional`
+The `optional` fetch function will grab an attribute from the input, but do nothing if it's not there. Let's look again at the example above:
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, string(min: 1, max: 10), required
+end
+CoerceFoo.call("bar" => "foo is not here")
+# => Coercive::Error: {"foo"=>"not_present", "bar"=>"unknown"}
+```
+The `"bar"` attribute raises an error because it's unexpected. `Coercive` is thorough when it comes to the input. To make this go away, we have to add `"bar"` as optional:
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, string(min: 1, max: 10), required
+  attribute :bar, any,                     optional
+end
+CoerceFoo.call("bar" => "foo is not here")
+# => Coercive::Error: {"foo"=>"not_present"}
+```
+### `implicit`
+The last fetch function `Coercive` has is a handy way to set a default value when an attribute is not present in the input.
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, string(min: 1, max: 10), implicit("default")
+  attribute :bar, any,                     optional
+end
+CoerceFoo.call("bar" => "any")
+# => {"foo"=>"default", "bar"=>"any"}
+```
+Keep in mind that your default must comply with the declared type and restrictions. In this case, `implicit("very long default value")` will raise an error because it's longer than 10 characters.
+## Coercion functions
+We already got a taste for the coercion functions with `string(min: 1, max:10)` and there are many more! but let's start there.
+### `string(min:, max:, pattern:)`
+The `string` coercion function will enforce a minimum and maximum character length, throwing `"too_short"` and `"too_long"` errors respectively if the input is not within the declared bounds.
+Additionally, you can also verify your String matches a regular expression with the `pattern:` option.
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, string(pattern: /\A\h+\z/), optional
+end
+CoerceFoo.call("foo" => "REDBEETS")
+# => Coercive::Error: {"foo"=>"not_valid"}
+CoerceFoo.call("foo" => "DEADBEEF")
+# => {"foo"=>"DEADBEEF"}
+```
+### `any`
+The `any` coercion function lets anything pass through. It's commonly used with the `optional` fetch function when an attribute may or many not be a part of the input.
+### `member`
+`member` will check that the value is one of the values of the given array.
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, member(["one", "two", "three"]), optional
+end
+CoerceFoo.call("foo" => 4)
+# => Coercive::Error: {"foo"=>"not_valid"}
+```
+### `float`
+`float` expects, well, a float value.
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, float, optional
+end
+CoerceFoo.call("foo" => "bar")
+# => Coercive::Error: {"foo"=>"not_valid"}
+CoerceFoo.call("foo" => "0.1")
+# => {"foo"=>0.1}
+CoerceFoo.call("foo" => "0.1e5")
+# => {"foo"=>10000.0}
+```
+### `array`
+The `array` coercion is interesting because it's where `Coercive` starts to shine, by letting you compose coercion functions together. Let's see:
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, array(string), optional
+end
+CoerceFoo.call("foo" => ["one", "two", "three"])
+# => {"foo"=>["one", "two", "three"]}
+CoerceFoo.call("foo" => [1, 2, 3])
+# => {"foo"=>["1", "2", "3"]}
+CoerceFoo.call("foo" => [nil, true])
+# => {"foo"=>["", "true"]}
+CoerceFoo.call("foo" => [BasicObject.new])
+# => Coercive::Error: {"foo"=>["not_valid"]}
+```
+### `hash`
+`hash` coercion let's you manipulate the key and values, similarly to how `array` does
+```ruby
+module CoerceFoo
+  extend Coercive
+  attribute :foo, hash(string(max: 3), float), optional
+end
+CoerceFoo.call("foo" => {"bar" => "0.1"})
+# => {"foo"=>{"bar"=>0.1}}
+CoerceFoo.call("foo" => {"barrrr" => "0.1"})
+# => Coercive::Error: {"foo"=>{"barrrr"=>"too_long"}}
+```

data/lib/coercive.rb ADDED

@@ -0,0 +1,289 @@
+require_relative "coercive/uri"
+# Public: The Coercive module implements a succinct DSL for declaring callable
+# modules that will validate and coerce input data to an expected format.
+module Coercive
+  # Public: An error raised when a coercion cannot produce a suitable result.
+  class Error < ArgumentError
+    # Public: The error or errors encountered in coercing the input.
+    attr_accessor :errors
+    def initialize(errors)
+      @errors = errors
+      super(errors.inspect)
+    end
+  end
+  # Public: Coercive the given input using the declared attribute coercions.
+  #
+  # input - input Hash with string keys that correspond to declared attributes.
+  #
+  # Returns a Hash with known attributes as string keys and coerced values.
+  # Raises a Coercive::Error if the given input is not a Hash, or if there are
+  # any unknown string keys in the Hash, or if the values for the known keys
+  # do not pass the inner coercions for the associated declared attributes.
+  def call(input)
+    fail Coercive::Error.new("not_valid") unless input.is_a?(Hash)
+    errors  = {}
+    # Fetch attributes from the input Hash into the fetched_attrs Hash.
+    #
+    # Each fetch function is responsible for fetching its associated attribute
+    # into the fetched_attrs Hash, or choosing not to fetch it, or choosing to
+    # raise a Coercive::Error.
+    #
+    # These fetch functions encapsulate the respective strategies for dealing
+    # with required, optional, or implicit attributes appropriately.
+    fetched_attrs = {}
+    attr_fetch_fns.each do |name, fetch_fn|
+      begin
+        fetch_fn.call(input, fetched_attrs)
+      rescue Coercive::Error => e
+        errors[name] = e.errors
+      end
+    end
+    # Check for unknown names in the input (not declared, and thus not fetched).
+    input.each_key do |name|
+      errors[name] = "unknown" unless fetched_attrs.key?(name)
+    end
+    # Coercive fetched attributes into the coerced_attrs Hash.
+    #
+    # Each coerce function will coerce the given input value for that attribute
+    # to an acceptable output value, or choose to raise a Coercive::Error.
+    coerced_attrs = {}
+    fetched_attrs.each do |name, value|
+      coerce_fn = attr_coerce_fns.fetch(name)
+      begin
+        coerced_attrs[name] = coerce_fn.call(value)
+      rescue Coercive::Error => e
+        errors[name] = e.errors
+      end
+    end
+    # Fail if fetching or coercion caused any errors.
+    fail Coercive::Error.new(errors) unless errors.empty?
+    coerced_attrs
+  end
+  private
+  # Private: Hash with String attribute names as keys and fetch function values.
+  #
+  # Each coerce function will be called with one argument: the input to coerce.
+  #
+  # The coerce function can use any logic to convert the given input value
+  # to an acceptable output value, or raise a Coercive::Error for failure.
+  #
+  # In practice, it is most common to use one of the builtin generator methods
+  # (for example, string, or array(string)), or to use a module that was
+  # declared using the Coercive DSL functions, though any custom coerce function
+  # may be created and used for other behaviour, provided that it conforms to
+  # the same interface.
+  def attr_coerce_fns
+    @attr_coerce_fns ||= {}
+  end
+  # Private: Hash with String attribute names as keys and fetch function values.
+  #
+  # Each fetch function will be called with two arguments:
+  # 1 - input Hash of input attributes with String keys.
+  # 2 - output Hash in which the fetched attribute should be stored (if at all).
+  #
+  # The fetch function can use any logic to determine whether the attribute is
+  # present, whether it should be stored, whether to use an implicit default
+  # value, or whether to raise a Coercive::Error to propagate failure upward.
+  #
+  # In practice, it is most common to use one of the builtin generator methods,
+  # (required, optional, or implicit) to create the fetch function, though
+  # any custom fetch function could also be used for other behaviour.
+  #
+  # The return value of the fetch function will be ignored.
+  def attr_fetch_fns
+    @attr_fetch_fns ||= {}
+  end
+  # Public DSL: Declare a named attribute with a coercion and fetcher mechanism.
+  #
+  # name               - a Symbol name for this attribute.
+  # coerce_fn          - a coerce function which may be any callable object
+  #                      that accepts a single argument as the input data and
+  #                      returns the coerced output (or raises a Coercive::Error).
+  #                      See documentation for the attr_coerce_fns method.
+  # fetch_fn_generator - a callable generator that returns a fetch function when
+  #                      given the String name of the attribute to be fetched.
+  #                      See documentation for the attr_fetch_fns method.
+  #
+  # Returns the given name.
+  def attribute(name, coerce_fn, fetch_fn_generator)
+    str_name = name.to_s
+    attr_coerce_fns[str_name] = coerce_fn
+    attr_fetch_fns[str_name]  = fetch_fn_generator.call(str_name)
+    name
+  end
+  # Public DSL: Return a coerce function that doesn't change or reject anything.
+  # Used when declaring an attribute. See documentation for attr_coerce_fns.
+  def any
+    ->(input) do
+      input
+    end
+  end
+  # Public DSL: Return a coerce function to validate that the input is a
+  # member of the given set. That is, the input must be equal to at least
+  # one member of the given set, or a Coercive::Error will be raised.
+  # Used when declaring an attribute. See documentation for attr_coerce_fns.
+  #
+  # set - the Array of objects to use as the set for checking membership.
+  def member(set)
+    ->(input) do
+      fail Coercive::Error.new("not_valid") unless set.include?(input)
+      input
+    end
+  end
+  # Public DSL: Return a coerce function to coerce input to a Float.
+  # Used when declaring an attribute. See documentation for attr_coerce_fns.
+  def float
+    ->(input) do
+      begin
+        Float(input)
+      rescue TypeError, ArgumentError
+        fail Coercive::Error.new("not_numeric")
+      end
+    end
+  end
+  # Public DSL: Return a coerce function to coerce input to a String.
+  # Used when declaring an attribute. See documentation for attr_coerce_fns.
+  #
+  # min     - if given, restrict the minimum size of the input String.
+  # max     - if given, restrict the maximum size of the input String.
+  # pattern - if given, enforce that the input String matches the pattern.
+  def string(min: nil, max: nil, pattern: nil)
+    ->(input) do
+      input = begin
+                String(input)
+              rescue TypeError
+                fail Coercive::Error.new("not_valid")
+              end
+      if min && min > 0
+        fail Coercive::Error.new("is_empty")  if input.empty?
+        fail Coercive::Error.new("too_short") if input.bytesize < min
+      end
+      if max && input.bytesize > max
+        fail Coercive::Error.new("too_long")
+      end
+      if pattern && !pattern.match(input)
+        fail Coercive::Error.new("not_valid")
+      end
+      input
+    end
+  end
+  # Public DSL: Return a coercion function to coerce input to an Array.
+  # Used when declaring an attribute. See documentation for attr_coerce_fns.
+  #
+  # inner_coerce_fn - the coerce function to use on each element of the Array.
+  def array(inner_coerce_fn)
+    ->(input) do
+      output = []
+      errors = []
+      Array(input).each do |value|
+        begin
+          output << inner_coerce_fn.call(value)
+          errors << nil # pad the errors array with a nil element so that any
+                        # errors that follow will be in the right position
+        rescue Coercive::Error => e
+          errors << e.errors
+        end
+      end
+      fail Coercive::Error.new(errors) if errors.any?
+      output
+    end
+  end
+  # Public DSL: Return a coercion function to coerce input to a Hash.
+  # Used when declaring an attribute. See documentation for attr_coerce_fns.
+  #
+  # key_coerce_fn - the coerce function to use on each key of the Hash.
+  # val_coerce_fn - the coerce function to use on each value of the Hash.
+  def hash(key_coerce_fn, val_coerce_fn)
+    ->(input) do
+      fail Coercive::Error.new("not_valid") unless input.is_a?(Hash)
+      output = {}
+      errors = {}
+      input.each do |key, value|
+        begin
+          key         = key_coerce_fn.call(key)
+          output[key] = val_coerce_fn.call(value)
+        rescue Coercive::Error => e
+          errors[key] = e.errors
+        end
+      end
+      fail Coercive::Error.new(errors) if errors.any?
+      output
+    end
+  end
+  # Public DSL: See Coercive::URI.coerce_fn
+  def uri(*args)
+    Coercive::URI.coerce_fn(*args)
+  end
+  # Public DSL: Return a generator function for a "required" fetch function.
+  # Used when declaring an attribute. See documentation for attr_fetch_fns.
+  #
+  # The fetcher will store the present attribute or raise a Coercive::Error.
+  def required
+    ->(name) do
+      ->(input, fetched) do
+        fail Coercive::Error.new("not_present") unless input.key?(name)
+        fetched[name] = input[name]
+      end
+    end
+  end
+  # Public DSL: Return a generator function for a "optional" fetch function.
+  # Used when declaring an attribute. See documentation for attr_fetch_fns.
+  #
+  # The fetcher will store the attribute if it is present.
+  def optional
+    ->(name) do
+      ->(input, fetched) do
+        fetched[name] = input[name] if input.key?(name)
+      end
+    end
+  end
+  # Public DSL: Return a generator function for an "implicit" fetch function.
+  # Used when declaring an attribute. See documentation for attr_fetch_fns.
+  #
+  # The fetcher will store either the present attribute or the given default.
+  #
+  # default - the implicit value to use if the attribute is not present.
+  def implicit(default)
+    ->(name) do
+      ->(attrs, fetched) do
+        fetched[name] = attrs.key?(name) ? attrs[name] : default
+      end
+    end
+  end
+end

data/lib/coercive/uri.rb ADDED

@@ -0,0 +1,103 @@
+require "ipaddr"
+require "uri"
+module Coercion
+  module URI
+    # Setting this `true` allows outbound connections to private IP addresses,
+    # bypassing the security check that the IP address is public. This is designed
+    # to be used in devlopment so that the tests can connect to local services.
+    #
+    # This SHOULD NOT be set in PRODUCTION.
+    ALLOW_PRIVATE_IP_CONNECTIONS =
+      ENV.fetch("ALLOW_PRIVATE_IP_CONNECTIONS", "").downcase == "true"
+    PRIVATE_IP_RANGES = [
+      IPAddr.new("0.0.0.0/8"),       # Broadcasting to the current network. RFC 1700.
+      IPAddr.new("10.0.0.0/8"),      # Local private network. RFC 1918.
+      IPAddr.new("127.0.0.0/8"),     # Loopback addresses to the localhost. RFC 990.
+      IPAddr.new("169.254.0.0/16"),  # link-local addresses between two hosts on a single link. RFC 3927.
+      IPAddr.new("172.16.0.0/12"),   # Local private network. RFC 1918.
+      IPAddr.new("192.168.0.0/16"),  # Local private network. RFC 1918.
+      IPAddr.new("198.18.0.0/15"),   # Testing of inter-network communications between two separate subnets. RFC 2544.
+      IPAddr.new("198.51.100.0/24"), # Assigned as "TEST-NET-2" in RFC 5737.
+      IPAddr.new("203.0.113.0/24"),  # Assigned as "TEST-NET-3" in RFC 5737.
+      IPAddr.new("240.0.0.0/4"),     # Reserved for future use, as specified by RFC 6890
+      IPAddr.new("::1/128"),         # Loopback addresses to the localhost. RFC 5156.
+      IPAddr.new("2001:20::/28"),    # Non-routed IPv6 addresses used for Cryptographic Hash Identifiers. RFC 7343.
+      IPAddr.new("fc00::/7"),        # Unique Local Addresses (ULAs). RFC 1918.
+      IPAddr.new("fe80::/10"),       # link-local addresses between two hosts on a single link. RFC 3927.
+    ].freeze
+    # Public DSL: Return a coercion function to coerce input to a URI.
+    # Used when declaring an attribute. See documentation for attr_coerce_fns.
+    #
+    # string_coerce_fn - the string coerce function used to coerce the URI
+    # schema_fn        - the optional function used to coerce the schema
+    # require_path     - set true to make the URI path a required element
+    # require_port     - set true to make the URI port a required element
+    # require_user     - set true to make the URI user a required element
+    # require_password - set true to make the URI password a required element
+    def self.coerce_fn(string_coerce_fn, schema_fn: nil, require_path: false,
+            require_port: false, require_user: false, require_password: false)
+      ->(input) do
+        uri = begin
+          ::URI.parse(string_coerce_fn.call(input))
+        rescue ::URI::InvalidURIError
+          fail Coercion::Error.new("not_valid")
+        end
+        fail Coercion::Error.new("no_host") unless uri.host
+        fail Coercion::Error.new("not_resolvable") unless resolvable_public_ip?(uri) || ALLOW_PRIVATE_IP_CONNECTIONS
+        fail Coercion::Error.new("no_path") if require_path && uri.path.empty?
+        fail Coercion::Error.new("no_port") if require_port && !uri.port
+        fail Coercion::Error.new("no_user") if require_user && !uri.user
+        fail Coercion::Error.new("no_password") if require_password && !uri.password
+        if schema_fn
+          begin
+            schema_fn.call(uri.scheme)
+          rescue Coercion::Error
+            fail Coercion::Error.new("unsupported_schema")
+          end
+        end
+        uri.to_s
+      end
+    end
+    # Internal: Return true if the given URI is resolvable to a non-private IP.
+    #
+    # uri - the URI to check.
+    def self.resolvable_public_ip?(uri)
+      begin
+        _, _, _, *resolved_addresses = Socket.gethostbyname(uri.host)
+      rescue SocketError
+        return false
+      end
+      resolved_addresses.none? do |bytes|
+        ip = ip_from_bytes(bytes)
+        ip.nil? || PRIVATE_IP_RANGES.any? { |range| range.include?(ip) }
+      end
+    end
+    # Internal: Return an IPAddr built from the given address bytes.
+    #
+    # bytes - the binary-encoded String returned by Socket.gethostbyname.
+    def self.ip_from_bytes(bytes)
+      octets = bytes.unpack("C*")
+      string =
+        if octets.length == 4 # IPv4
+          octets.join(".")
+        else # IPv6
+          octets.map { |i| "%02x" % i }.each_slice(2).map(&:join).join(":")
+        end
+      IPAddr.new(string)
+    rescue IPAddr::InvalidAddressError
+      nil
+    end
+  end
+end

data/test/coercive.rb ADDED

@@ -0,0 +1,336 @@
+require_relative "../lib/coercive"
+require "minitest/autorun"
+require "bigdecimal"
+describe "Coercive" do
+  def assert_coercion_error(errors)
+    yield
+    assert false, "should have raised a Coercive::Error"
+  rescue Coercive::Error => e
+    assert_equal errors, e.errors
+  end
+  describe "required" do
+    it "errors when the attribute isn't present" do
+      coercion = Module.new do
+        extend Coercive
+        attribute :foo, any, required
+        attribute :bar, any, required
+        attribute :baz, any, required
+      end
+      expected_errors = { "foo" => "not_present", "baz" => "not_present" }
+      assert_coercion_error(expected_errors) { coercion.call("bar" => "red") }
+    end
+  end
+  describe "implicit" do
+    it "uses a default value when the attribute isn't present" do
+      coercion = Module.new do
+        extend Coercive
+        attribute :foo, any, implicit("black")
+        attribute :bar, any, implicit("grey")
+        attribute :baz, any, implicit("blue")
+      end
+      expected = { "foo" => "black", "bar" => "red", "baz" => "blue" }
+      assert_equal expected, coercion.call("bar" => "red")
+    end
+  end
+  describe "optional" do
+    it "omits the attribute in the output when not present in the input" do
+      coercion = Module.new do
+        extend Coercive
+        attribute :foo, any, optional
+        attribute :bar, any, optional
+        attribute :baz, any, optional
+      end
+      expected = { "bar" => "red" }
+      assert_equal expected, coercion.call("bar" => "red")
+    end
+  end
+  describe "any" do
+    it "accepts any input" do
+      coercion = Module.new do
+        extend Coercive
+        attribute :foo, any, required
+      end
+      [true, nil, "red", 88, [1, 2, 3]].each do |value|
+        expected = { "foo" => value }
+        assert_equal expected, coercion.call("foo" => value)
+      end
+    end
+  end
+  describe "member" do
+    before do
+      @coercion = Module.new do
+        extend Coercive
+        attribute :foo, member([nil, "red", "black"]), required
+      end
+    end
+    it "accepts any input in the set" do
+      [nil, "red", "black"].each do |value|
+        expected = { "foo" => value }
+        assert_equal expected, @coercion.call("foo" => value)
+      end
+    end
+    it "errors on any other input in the set" do
+      [true, "blue", 88, [1, 2, 3]].each do |bad|
+        expected_errors = { "foo" => "not_valid" }
+        assert_coercion_error(expected_errors) { @coercion.call("foo" => bad) }
+      end
+    end
+  end
+  describe "float" do
+    before do
+      @coercion = Module.new do
+        extend Coercive
+        attribute :foo, float, required
+      end
+    end
+    it "coerces the input value to a float" do
+      fixnum     = 2
+      rational   = 2 ** -2
+      bignum     = 2 ** 64
+      bigdecimal = BigDecimal.new("0.1")
+      [fixnum, rational, bignum, bigdecimal].each do |value|
+        attributes = { "foo" => value }
+        expected = { "foo" => Float(value) }
+        assert_equal expected, @coercion.call(attributes)
+        assert_equal Float,    @coercion.call(attributes)["foo"].class
+      end
+    end
+    it "errors when the input value can't be coerced to a float" do
+      [true, nil, "red", [1, 2, 3]].each do |bad|
+        expected_errors = { "foo" => "not_numeric" }
+        assert_coercion_error(expected_errors) { @coercion.call("foo" => bad) }
+      end
+    end
+  end
+  describe "string" do
+    before do
+      @coercion = Module.new do
+        extend Coercive
+        attribute :foo,   string,                     optional
+        attribute :bar,   string,                     optional
+        attribute :baz,   string,                     optional
+        attribute :min,   string(min: 4),             optional
+        attribute :max,   string(max: 6),             optional
+        attribute :sized, string(min: 4, max: 6),     optional
+        attribute :hex_a, string(pattern: /\A\h+\z/), optional
+        attribute :hex_b, string(pattern: /\A\h+\z/), optional
+      end
+    end
+    it "coerces the input value to a string" do
+      attributes = { "foo" => false, "bar" => 88, "baz" => "string" }
+      expected = { "foo" => "false", "bar" => "88", "baz" => "string" }
+      assert_equal expected, @coercion.call(attributes)
+    end
+    it "errors if the input is longer than the declared maximum size" do
+      attributes = {
+        "min" => "this will be okay",
+        "max" => "this is too long",
+        "sized" => "this also",
+      }
+      expected_errors = { "max" => "too_long", "sized" => "too_long" }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+    it "errors if the input is shorter than the declared minimum size" do
+      attributes = {
+        "min"   => "???",
+        "max"   => "???",
+        "sized" => "???",
+      }
+      expected_errors = { "min" => "too_short", "sized" => "too_short" }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+    it "errors if the input does not match the declared pattern" do
+      attributes = { "hex_a" => "DEADBEEF", "hex_b" => "REDBEETS" }
+      expected_errors = { "hex_b" => "not_valid" }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+    it "checks size of the input after coercing to a string" do
+      attributes = { "max" => 1234567, "min" => 89 }
+      expected_errors = { "max" => "too_long", "min" => "too_short" }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+  end
+  describe "array" do
+    before do
+      @coercion = Module.new do
+        extend Coercive
+        attribute :strings, array(string), required
+      end
+    end
+    it "coerces a array attribute input value to an array" do
+      attributes = { "strings" => "foo" }
+      expected = { "strings" => ["foo"] }
+      assert_equal expected, @coercion.call(attributes)
+    end
+    it "coerces a array attribute input's elements with the inner coercion" do
+      attributes = { "strings" => ["", 88, true] }
+      expected = { "strings" => ["", "88", "true"] }
+      assert_equal expected, @coercion.call(attributes)
+    end
+    it "collects errors from an array attribute input's elements" do
+      bad        = BasicObject.new
+      attributes = { "strings" => ["ok", bad, "ok"] }
+      expected_errors = { "strings" => [nil, "not_valid", nil] }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+  end
+  describe "hash" do
+    before do
+      @coercion = Module.new do
+        extend Coercive
+        attribute :strings, hash(string(max: 6), string), required
+      end
+    end
+    it "errors when a hash attribute input value isn't a hash" do
+      [nil, true, "foo", []].each do |invalid|
+        attributes = { "strings" => invalid }
+        expected_errors = { "strings" => "not_valid" }
+        assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+      end
+    end
+    it "coerces a hash attribute keys and values with the inner coercions" do
+      attributes = { "strings" => { false => nil } }
+      expected = { "strings" => { "false" => "" } }
+      assert_equal expected, @coercion.call(attributes)
+    end
+    it "collects errors from a hash attribute input's keys and values" do
+      bad        = BasicObject.new
+      attributes = { "strings" => { "foo" => bad, "food_truck" => "ok" } }
+      expected_errors = {
+        "strings" => { "foo" => "not_valid", "food_truck" => "too_long" }
+      }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+  end
+  describe "with various declared attributes" do
+    before do
+      @coercion = Module.new do
+        extend Coercive
+        attribute :req_hash,
+          hash(string(max: 6), string),
+          required
+        attribute :opt_string,
+          string(min: 4, max: 6),
+          optional
+        attribute :imp_array,
+          array(string),
+          implicit(["default"])
+      end
+      @valid_attributes = {
+        "req_hash"   => { "one" => "red", "two" => "blue" },
+        "opt_string" => "apple",
+        "imp_array"  => ["foo", "bar", "baz"],
+      }
+    end
+    it "returns valid attributes without changing them" do
+      assert_equal @valid_attributes, @coercion.call(@valid_attributes)
+    end
+    it "errors when given an undeclared attribute" do
+      attributes = @valid_attributes.merge("bogus" => true)
+      expected_errors = { "bogus" => "unknown" }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+    it "collects errors from all fetchers and coercions before reporting" do
+      attributes = {
+        "bogus"      => "bogus",
+        "opt_string" => "bar",
+        "imp_array"  => ["ok", BasicObject.new, "ok"],
+      }
+      expected_errors = {
+        "bogus"      => "unknown",
+        "req_hash"   => "not_present",
+        "opt_string" => "too_short",
+        "imp_array"  => [nil, "not_valid", nil],
+      }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+    end
+    it "errors if given input that is not a Hash" do
+      assert_coercion_error("not_valid") { @coercion.call(nil) }
+      assert_coercion_error("not_valid") { @coercion.call(88) }
+      assert_coercion_error("not_valid") { @coercion.call([]) }
+    end
+  end
+end

data/test/uri.rb ADDED

@@ -0,0 +1,196 @@
+require "minitest/autorun"
+require_relative "../lib/coercive"
+require_relative "../lib/coercive/uri"
+describe "Coercive::URI" do
+  def assert_coercion_error(errors)
+    yield
+    assert false, "should have raised a Coercive::Error"
+  rescue Coercive::Error => e
+    assert_equal errors, e.errors
+  end
+  setup do
+    @coercion = Module.new do
+      extend Coercive
+      attribute :any,   uri(string),                   optional
+      attribute :min,   uri(string(min: 13)),          optional
+      attribute :max,   uri(string(max: 17)),          optional
+      attribute :sized, uri(string(min: 13, max: 17)), optional
+      attribute :schema,
+        uri(string(min: 1, max: 255), schema_fn: member(%w{http})),
+        optional
+      attribute :require_path,
+        uri(string(min: 1, max: 255), require_path: true),
+        optional
+      attribute :require_port,
+        uri(string(min: 1, max: 255), require_port: true),
+        optional
+      attribute :require_user,
+        uri(string(min: 1, max: 255), require_user: true),
+        optional
+      attribute :require_password,
+        uri(string(min: 1, max: 255), require_password: true),
+        optional
+    end
+  end
+  test "coerces a valid string to a URI" do
+    attributes = {
+      "any" => "http://user:pass@www.example.com:1234/path"
+    }
+    assert_equal attributes, @coercion.call(attributes)
+  end
+  test "errors if input is an invalid URI" do
+    attributes = { "any" => "%" }
+    expected_errors = { "any" => "not_valid" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors if the input is longer than the declared maximum size" do
+    attributes = {
+      "min"   => "http://foo.com",
+      "max"   => "http://long.url.com",
+      "sized" => "http://way.too.long.com",
+    }
+    expected_errors = { "max" => "too_long", "sized" => "too_long" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors if the input is shorter than the declared minimum size" do
+    attributes = {
+      "min"   => "http://a.com",
+      "max"   => "http://bar.com",
+      "sized" => "http://c.com"
+    }
+    expected_errors = { "min" => "too_short", "sized" => "too_short" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors if the URI is an empty string" do
+    attributes      = { "schema" => "" }
+    expected_errors = { "schema" => "is_empty" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors if no host" do
+    attributes = { "any" => "http://" }
+    expected_errors = { "any" => "no_host" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors if schema is not supported" do
+    attributes = { "schema" => "foo://example.com" }
+    expected_errors = { "schema" => "unsupported_schema" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors if required elements are not provided" do
+    attributes = {
+      "require_path"     => "foo://example.com",
+      "require_port"     => "foo://example.com",
+      "require_user"     => "foo://example.com",
+      "require_password" => "foo://example.com",
+    }
+    expected_errors = {
+      "require_path"     => "no_path",
+      "require_port"     => "no_port",
+      "require_user"     => "no_user",
+      "require_password" => "no_password",
+    }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  Coercive::URI::PRIVATE_IP_RANGES.each do |range|
+    range = range.to_range
+    first = range.first
+    last  = range.last
+    first = first.ipv6? ? "[#{first}]" : first.to_s
+    last  = last.ipv6?  ? "[#{last}]"  : last.to_s
+    test "errors when the URI host is an IP in the range #{first}..#{last}" do
+      attributes_first = { "schema" => "http://#{first}/path" }
+      attributes_last  = { "schema" => "http://#{last}/path" }
+      expected_errors  = { "schema" => "not_resolvable" }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes_first) }
+      assert_coercion_error(expected_errors) { @coercion.call(attributes_last) }
+    end
+  end
+  test "errors when the URI host is not resolvable" do
+    attributes = {
+      "schema" => "http://bogus-host-that-cant-possibly-exist-here/path"
+    }
+    expected_errors = { "schema" => "not_resolvable" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors when the URI host resolves to an IP in a private range" do
+    attributes = { "schema" => "http://localhost/path" }
+    expected_errors = { "schema" => "not_resolvable" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "allows a URI host to be IP that isn't in a private range" do
+    attributes = { "schema" => "http://8.8.8.8/path" }
+    assert_equal attributes, @coercion.call(attributes)
+  end
+  test "allows a URI host that resolves to an IP not in a private range" do
+    attributes = { "schema" => "http://www.example.com/path" }
+    assert_equal attributes, @coercion.call(attributes)
+  end
+  test "allows a URI with no explicit path component" do
+    attributes = { "schema" => "http://www.example.com" }
+    assert_equal attributes, @coercion.call(attributes)
+  end
+  test "errors for a string that does not pass URI.parse" do
+    attributes = { "schema" => "\\" }
+    expected_errors = { "schema" => "not_valid" }
+    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
+  end
+  test "errors for a URL that passes URI.parse, but is ill-formed" do
+    attributes = { "schema" => "http:example.com/path" }
+    begin
+      @coercion.call(attributes)
+      assert false, "should have raised a Coercive::Error"
+    rescue Coercive::Error => e
+      assert !e.errors["schema"].empty?, "should have a schema error"
+    end
+  end
+end

metadata ADDED

@@ -0,0 +1,51 @@
+--- !ruby/object:Gem::Specification
+name: coercive
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Joe McIlvain
+- Lucas Tolchinsky
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-08-04 00:00:00.000000000 Z
+dependencies: []
+description: Coercive is a library to validate and coerce user input
+email:
+- joe.eli.mac@gmail.com
+- tonchis@protonmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/coercive.rb
+- lib/coercive/uri.rb
+- test/coercive.rb
+- test/uri.rb
+homepage: https://github.com/Theorem/coercive
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: Coercive is a library to validate and coerce user input
+test_files: []