coercive 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d1b6a873b4a86ca962a22d60630a4de5355b278b529fccbd2615a794a7a94448
-  data.tar.gz: 62f47d1f35c9d931935138872dace70a7c39d3eb090529f1f2886448dca2e4ad
+  metadata.gz: 867918b9a3ee09bdfc89a10e802032e229fdf4ab250f80727a68197f8144d615
+  data.tar.gz: 9d1dcfcc05db65d1669049c87f36bf9a252fe91ce68b9298a7578ce630aeae50
 SHA512:
-  metadata.gz: d2d5f401306d119e14a761aa1937f6c5777f69458d9db1367d35bd2a02fcea8a2d41876db4331a0086af8ec49db00b3f892d3c76dbcbacd6d297edc836cfb3db
-  data.tar.gz: e5e4ffc4e9e7874807a2b3af33fb3f846752acce0e9748d06c79247e54f7120ffb38ac5a764c33a629ee05009c62154864f41f975a7fa19985f77b96caa5d53e
+  metadata.gz: 2dc34142c2553b747290451db7ca631dd12b31e9e7488502e4a54b3fc1cf372a7dd498c951498f8c3b86d519172bb879fb7f650e97448260dd8fad2c5c5c8662
+  data.tar.gz: 513cb240285c58fbf784d3a61fae066bf7c768836cdc06281357b92f8c7a62ad72ea2c0114f3ba6645da29b4ed01fbabff616f10db91f93b8194c587d2f9c623

data/README.md

@@ -1,10 +1,20 @@
-# coercive
+# Coercive
+
+# Install
+
+```
+$ gem install coercive
+```
+
+# Usage
 
 `Coercive` is a Ruby library to validate and coerce user input.
 
 Define your coercion modules like this:
 
 ```ruby
+require "coercive"
+
 module CoerceFoo
   extend Coercive
 
@@ -184,7 +194,7 @@ CoerceFoo.call("foo" => [BasicObject.new])
 
 ### `hash`
 
-`hash` coercion let's you manipulate the key and values, similarly to how `array` does
+`hash` coercion let's you manipulate the key and values, similarly to how `array` does.
 
 ```ruby
 module CoerceFoo
@@ -199,3 +209,7 @@ CoerceFoo.call("foo" => {"bar" => "0.1"})
 CoerceFoo.call("foo" => {"barrrr" => "0.1"})
 # => Coercive::Error: {"foo"=>{"barrrr"=>"too_long"}}
 ```
+
+### `uri`
+
+The `uri` coercion validates 

data/coercive.gemspec

@@ -0,0 +1,12 @@
+Gem::Specification.new do |s|
+  s.name = "coercive"
+  s.version = "1.0.1"
+  s.summary = "Coercive is a library to validate and coerce user input"
+  s.description = s.summary
+  s.authors = ["Joe McIlvain", "Lucas Tolchinsky"]
+  s.email = ["joe.eli.mac@gmail.com", "tonchis@protonmail.com"]
+  s.homepage = "https://github.com/Theorem/coercive"
+  s.license = "MIT"
+
+  s.files = `git ls-files`.split("\n")
+end

data/lib/coercive/uri.rb

@@ -1,16 +1,12 @@
 require "ipaddr"
 require "uri"
 
-module Coercion
+module Coercive
   module URI
-    # Setting this `true` allows outbound connections to private IP addresses,
-    # bypassing the security check that the IP address is public. This is designed
-    # to be used in devlopment so that the tests can connect to local services.
-    #
-    # This SHOULD NOT be set in PRODUCTION.
-    ALLOW_PRIVATE_IP_CONNECTIONS =
-      ENV.fetch("ALLOW_PRIVATE_IP_CONNECTIONS", "").downcase == "true"
-
+    # The IP ranges below are considered private and by default not permitted by the `uri`
+    # coercion function. To allow connecting to local services (in development, for example)
+    # users can set the `allow_private_ip` option, which ignores if the URI resolves to a public
+    # address or not.
     PRIVATE_IP_RANGES = [
       IPAddr.new("0.0.0.0/8"),       # Broadcasting to the current network. RFC 1700.
       IPAddr.new("10.0.0.0/8"),      # Local private network. RFC 1918.
@@ -38,26 +34,27 @@ module Coercion
     # require_user     - set true to make the URI user a required element
     # require_password - set true to make the URI password a required element
     def self.coerce_fn(string_coerce_fn, schema_fn: nil, require_path: false,
-            require_port: false, require_user: false, require_password: false)
+            require_port: false, require_user: false, require_password: false,
+            allow_private_ip: false)
       ->(input) do
         uri = begin
           ::URI.parse(string_coerce_fn.call(input))
         rescue ::URI::InvalidURIError
-          fail Coercion::Error.new("not_valid")
+          fail Coercive::Error.new("not_valid")
         end
 
-        fail Coercion::Error.new("no_host") unless uri.host
-        fail Coercion::Error.new("not_resolvable") unless resolvable_public_ip?(uri) || ALLOW_PRIVATE_IP_CONNECTIONS
-        fail Coercion::Error.new("no_path") if require_path && uri.path.empty?
-        fail Coercion::Error.new("no_port") if require_port && !uri.port
-        fail Coercion::Error.new("no_user") if require_user && !uri.user
-        fail Coercion::Error.new("no_password") if require_password && !uri.password
+        fail Coercive::Error.new("no_host") unless uri.host
+        fail Coercive::Error.new("not_resolvable") unless allow_private_ip || resolvable_public_ip?(uri)
+        fail Coercive::Error.new("no_path") if require_path && uri.path.empty?
+        fail Coercive::Error.new("no_port") if require_port && !uri.port
+        fail Coercive::Error.new("no_user") if require_user && !uri.user
+        fail Coercive::Error.new("no_password") if require_password && !uri.password
 
         if schema_fn
           begin
             schema_fn.call(uri.scheme)
-          rescue Coercion::Error
-            fail Coercion::Error.new("unsupported_schema")
+          rescue Coercive::Error
+            fail Coercive::Error.new("unsupported_schema")
           end
         end
 

data/test/coercive.rb

@@ -113,7 +113,7 @@ describe "Coercive" do
       fixnum     = 2
       rational   = 2 ** -2
       bignum     = 2 ** 64
-      bigdecimal = BigDecimal.new("0.1")
+      bigdecimal = BigDecimal("0.1")
 
       [fixnum, rational, bignum, bigdecimal].each do |value|
         attributes = { "foo" => value }

data/test/uri.rb

@@ -11,7 +11,7 @@ describe "Coercive::URI" do
     assert_equal errors, e.errors
   end
 
-  setup do
+  before do
     @coercion = Module.new do
       extend Coercive
 
@@ -39,10 +39,14 @@ describe "Coercive::URI" do
       attribute :require_password,
         uri(string(min: 1, max: 255), require_password: true),
         optional
+
+      attribute :allow_private_ip,
+        uri(string(min: 1, max: 255), allow_private_ip: true),
+        optional
     end
   end
 
-  test "coerces a valid string to a URI" do
+  it "coerces a valid string to a URI" do
     attributes = {
       "any" => "http://user:pass@www.example.com:1234/path"
     }
@@ -50,7 +54,7 @@ describe "Coercive::URI" do
     assert_equal attributes, @coercion.call(attributes)
   end
 
-  test "errors if input is an invalid URI" do
+  it "errors if input is an invalid URI" do
     attributes = { "any" => "%" }
 
     expected_errors = { "any" => "not_valid" }
@@ -58,7 +62,7 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors if the input is longer than the declared maximum size" do
+  it "errors if the input is longer than the declared maximum size" do
     attributes = {
       "min"   => "http://foo.com",
       "max"   => "http://long.url.com",
@@ -70,7 +74,7 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors if the input is shorter than the declared minimum size" do
+  it "errors if the input is shorter than the declared minimum size" do
     attributes = {
       "min"   => "http://a.com",
       "max"   => "http://bar.com",
@@ -82,14 +86,14 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors if the URI is an empty string" do
+  it "errors if the URI is an empty string" do
     attributes      = { "schema" => "" }
     expected_errors = { "schema" => "is_empty" }
 
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors if no host" do
+  it "errors if no host" do
     attributes = { "any" => "http://" }
 
     expected_errors = { "any" => "no_host" }
@@ -97,7 +101,7 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors if schema is not supported" do
+  it "errors if schema is not supported" do
     attributes = { "schema" => "foo://example.com" }
 
     expected_errors = { "schema" => "unsupported_schema" }
@@ -105,7 +109,7 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors if required elements are not provided" do
+  it "errors if required elements are not provided" do
     attributes = {
       "require_path"     => "foo://example.com",
       "require_port"     => "foo://example.com",
@@ -130,7 +134,7 @@ describe "Coercive::URI" do
     first = first.ipv6? ? "[#{first}]" : first.to_s
     last  = last.ipv6?  ? "[#{last}]"  : last.to_s
 
-    test "errors when the URI host is an IP in the range #{first}..#{last}" do
+    it "errors when the URI host is an IP in the range #{first}..#{last}" do
       attributes_first = { "schema" => "http://#{first}/path" }
       attributes_last  = { "schema" => "http://#{last}/path" }
       expected_errors  = { "schema" => "not_resolvable" }
@@ -138,9 +142,17 @@ describe "Coercive::URI" do
       assert_coercion_error(expected_errors) { @coercion.call(attributes_first) }
       assert_coercion_error(expected_errors) { @coercion.call(attributes_last) }
     end
+
+    it "allows overriding private IP address checks" do
+      attributes_first = { "allow_private_ip" => "http://#{first}/path" }
+      attributes_last  = { "allow_private_ip" => "http://#{last}/path" }
+
+      assert_equal attributes_first, @coercion.call(attributes_first)
+      assert_equal attributes_last,  @coercion.call(attributes_last)
+    end
   end
 
-  test "errors when the URI host is not resolvable" do
+  it "errors when the URI host is not resolvable" do
     attributes = {
       "schema" => "http://bogus-host-that-cant-possibly-exist-here/path"
     }
@@ -150,7 +162,7 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors when the URI host resolves to an IP in a private range" do
+  it "errors when the URI host resolves to an IP in a private range" do
     attributes = { "schema" => "http://localhost/path" }
 
     expected_errors = { "schema" => "not_resolvable" }
@@ -158,32 +170,32 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "allows a URI host to be IP that isn't in a private range" do
+  it "allows a URI host to be IP that isn't in a private range" do
     attributes = { "schema" => "http://8.8.8.8/path" }
 
     assert_equal attributes, @coercion.call(attributes)
   end
 
-  test "allows a URI host that resolves to an IP not in a private range" do
+  it "allows a URI host that resolves to an IP not in a private range" do
     attributes = { "schema" => "http://www.example.com/path" }
 
     assert_equal attributes, @coercion.call(attributes)
   end
 
-  test "allows a URI with no explicit path component" do
+  it "allows a URI with no explicit path component" do
     attributes = { "schema" => "http://www.example.com" }
 
     assert_equal attributes, @coercion.call(attributes)
   end
 
-  test "errors for a string that does not pass URI.parse" do
+  it "errors for a string that does not pass URI.parse" do
     attributes = { "schema" => "\\" }
     expected_errors = { "schema" => "not_valid" }
 
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  test "errors for a URL that passes URI.parse, but is ill-formed" do
+  it "errors for a URL that passes URI.parse, but is ill-formed" do
     attributes = { "schema" => "http:example.com/path" }
 
     begin

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: coercive
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Joe McIlvain
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-04 00:00:00.000000000 Z
+date: 2020-08-05 00:00:00.000000000 Z
 dependencies: []
 description: Coercive is a library to validate and coerce user input
 email:
@@ -21,6 +21,7 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
+- coercive.gemspec
 - lib/coercive.rb
 - lib/coercive/uri.rb
 - test/coercive.rb