file_validators 2.0.2 → 3.0.0.beta2

data/lib/file_validators/validators/file_content_type_validator.rb

@@ -1,25 +1,33 @@
-require 'file_validators/utils/content_type_detector'
-require 'file_validators/utils/media_type_spoof_detector'
+# frozen_string_literal: true
 
 module ActiveModel
   module Validations
-
     class FileContentTypeValidator < ActiveModel::EachValidator
-      CHECKS = [:allow, :exclude].freeze
+      CHECKS = %i[allow exclude].freeze
+      SUPPORTED_MODES = { relaxed: :mime_types, strict: :file }.freeze
 
       def self.helper_method_name
         :validates_file_content_type
       end
 
       def validate_each(record, attribute, value)
-        value = JSON.parse(value) if value.is_a?(String) && value.present?
-        unless value.blank?
-          mode = option_value(record, :mode)
-          content_type = get_content_type(value, mode)
-          allowed_types = option_content_types(record, :allow)
-          forbidden_types = option_content_types(record, :exclude)
-
-          validate_media_type(record, attribute, content_type, get_file_name(value)) if mode == :strict
+        begin
+          values = parse_values(value)
+        rescue JSON::ParserError
+          record.errors.add attribute, :invalid
+          return
+        end
+
+        return if values.empty?
+
+        mode = option_value(record, :mode)
+        tool = option_value(record, :tool) || SUPPORTED_MODES[mode]
+
+        allowed_types = option_content_types(record, :allow)
+        forbidden_types = option_content_types(record, :exclude)
+
+        values.each do |val|
+          content_type = get_content_type(val, tool)
           validate_whitelist(record, attribute, content_type, allowed_types)
           validate_blacklist(record, attribute, content_type, forbidden_types)
         end
@@ -39,30 +47,17 @@ module ActiveModel
 
       private
 
-      def get_file_path(value)
-        if value.try(:path)
-          value.path
-        else
-          raise ArgumentError, 'value must return a file path in order to validate file content type'
-        end
-      end
+      def parse_values(value)
+        return [] unless value.present?
 
-      def get_file_name(value)
-        if value.try(:original_filename)
-          value.original_filename
-        else
-          File.basename(get_file_path(value))
-        end
+        value = JSON.parse(value) if value.is_a?(String)
+
+        Array.wrap(value).reject(&:blank?)
       end
 
-      def get_content_type(value, mode)
-        case mode
-        when :strict
-          file_path = get_file_path(value)
-          FileValidators::Utils::ContentTypeDetector.new(file_path).detect
-        when :relaxed
-          file_name = get_file_name(value)
-          MIME::Types.type_for(file_name).first
+      def get_content_type(value, tool)
+        if tool.present?
+          FileValidators::MimeTypeAnalyzer.new(tool).call(value)
         else
           value = OpenStruct.new(value) if value.is_a?(Hash)
           value.content_type
@@ -77,14 +72,8 @@ module ActiveModel
         options[key].is_a?(Proc) ? options[key].call(record) : options[key]
       end
 
-      def validate_media_type(record, attribute, content_type, file_name)
-        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
-          record.errors.add attribute, :spoofed_file_media_type
-        end
-      end
-
       def validate_whitelist(record, attribute, content_type, allowed_types)
-        if allowed_types.present? and allowed_types.none? { |type| type === content_type }
+        if allowed_types.present? && allowed_types.none? { |type| type === content_type }
           mark_invalid record, attribute, :allowed_file_content_types, allowed_types
         end
       end
@@ -96,7 +85,10 @@ module ActiveModel
       end
 
       def mark_invalid(record, attribute, error, option_types)
-        record.errors.add attribute, error, options.merge(types: option_types.join(', '))
+        error_options = options.merge(types: option_types.join(', '))
+        unless record.errors.added?(attribute, error, error_options)
+          record.errors.add attribute, error, error_options
+        end
       end
     end
 
@@ -119,6 +111,10 @@ module ActiveModel
       #   :relaxed validates the content type based on the file name using
       #   the mime-types gem. It's only for sanity check.
       #   If mode is not set then it uses form supplied content type.
+      # * +tool+: :file, :fastimage, :filemagic, :mimemagic, :marcel, :mime_types, :mini_mime
+      #   You can choose a different built-in MIME type analyzer
+      #   By default supplied content type is used to determine the MIME type
+      #   This option have precedence over mode option
       # * +if+: A lambda or name of an instance method. Validation will only
       #   be run is this lambda or method returns true.
       # * +unless+: Same as +if+ but validates if lambda or method returns false.
@@ -126,6 +122,5 @@ module ActiveModel
         validates_with FileContentTypeValidator, _merge_attributes(attr_names)
       end
     end
-
   end
 end

data/lib/file_validators/validators/file_size_validator.rb

@@ -1,6 +1,7 @@
+# frozen_string_literal: true
+
 module ActiveModel
   module Validations
-
     class FileSizeValidator < ActiveModel::EachValidator
       CHECKS = { in: :===,
                  less_than: :<,
@@ -13,24 +14,25 @@ module ActiveModel
       end
 
       def validate_each(record, attribute, value)
-        value = JSON.parse(value) if value.is_a?(String) && value.present?
-        unless value.blank?
-          options.slice(*CHECKS.keys).each do |option, option_value|
-            value = OpenStruct.new(value) if value.is_a?(Hash)
-            option_value = option_value.call(record) if option_value.is_a?(Proc)
-            unless valid_size?(value.size, option, option_value)
-              record.errors.add(attribute,
-                                "file_size_is_#{option}".to_sym,
-                                filtered_options(value).merge!(detect_error_options(option_value)))
-            end
-          end
+        begin
+          values = parse_values(value)
+        rescue JSON::ParserError
+          record.errors.add attribute, :invalid
+          return
+        end
+
+        return if values.empty?
+
+        options.slice(*CHECKS.keys).each do |option, option_value|
+          check_errors(record, attribute, values, option, option_value)
         end
       end
 
       def check_validity!
         unless (CHECKS.keys & options.keys).present?
-          raise ArgumentError, 'You must at least pass in one of these options - :in, :less_than,
-                                :less_than_or_equal_to, :greater_than and :greater_than_or_equal_to'
+          raise ArgumentError, 'You must at least pass in one of these options' \
+                               ' - :in, :less_than, :less_than_or_equal_to,' \
+                               ' :greater_than and :greater_than_or_equal_to'
         end
 
         check_options(Numeric, options.slice(*(CHECKS.keys - [:in])))
@@ -39,6 +41,17 @@ module ActiveModel
 
       private
 
+      def parse_values(value)
+        return [] unless value.present?
+
+        value = JSON.parse(value) if value.is_a?(String)
+        return [] unless value.present?
+
+        value = OpenStruct.new(value) if value.is_a?(Hash)
+
+        Array.wrap(value).reject(&:blank?)
+      end
+
       def check_options(klass, options)
         options.each do |option, value|
           unless value.is_a?(klass) || value.is_a?(Proc)
@@ -47,7 +60,28 @@ module ActiveModel
         end
       end
 
+      def check_errors(record, attribute, values, option, option_value)
+        option_value = option_value.call(record) if option_value.is_a?(Proc)
+        has_invalid_size = values.any? { |v| !valid_size?(value_byte_size(v), option, option_value) }
+        if has_invalid_size
+          record.errors.add(
+            attribute,
+            "file_size_is_#{option}".to_sym,
+            filtered_options(values).merge!(detect_error_options(option_value))
+          )
+        end
+      end
+
+      def value_byte_size(value)
+        if value.respond_to?(:byte_size)
+          value.byte_size
+        else
+          value.size
+        end
+      end
+
       def valid_size?(size, option, option_value)
+        return false if size.nil?
         if option_value.is_a?(Range)
           option_value.send(CHECKS[option], size)
         else
@@ -63,7 +97,7 @@ module ActiveModel
 
       def detect_error_options(option_value)
         if option_value.is_a?(Range)
-          { min: human_size(option_value.min), max: human_size(option_value.max)  }
+          { min: human_size(option_value.min), max: human_size(option_value.max) }
         else
           { count: human_size(option_value) }
         end
@@ -73,12 +107,22 @@ module ActiveModel
         if defined?(ActiveSupport::NumberHelper) # Rails 4.0+
           ActiveSupport::NumberHelper.number_to_human_size(size)
         else
-          storage_units_format = I18n.translate(:'number.human.storage_units.format', :locale => options[:locale], :raise => true)
-          unit = I18n.translate(:'number.human.storage_units.units.byte', :locale => options[:locale], :count => size.to_i, :raise => true)
+          storage_units_format = I18n.translate(
+            :'number.human.storage_units.format',
+            locale: options[:locale],
+            raise: true
+          )
+
+          unit = I18n.translate(
+            :'number.human.storage_units.units.byte',
+            locale: options[:locale],
+            count: size.to_i,
+            raise: true
+          )
+
           storage_units_format.gsub(/%n/, size.to_i.to_s).gsub(/%u/, unit).html_safe
         end
       end
-
     end
 
     module HelperMethods
@@ -97,6 +141,5 @@ module ActiveModel
         validates_with FileSizeValidator, _merge_attributes(attr_names)
       end
     end
-
   end
 end

data/lib/file_validators/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module FileValidators
-  VERSION = '2.0.2'
+  VERSION = '3.0.0.beta2'
 end

data/spec/integration/combined_validators_integration_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 require 'rack/test/uploaded_file'
 
@@ -52,7 +54,7 @@ describe 'Combined File Validators integration with ActiveModel' do
     before :all do
       Person.class_eval do
         Person.reset_callbacks(:validate)
-        validates_file_size :avatar, { less_than: 20.kilobytes }
+        validates_file_size :avatar, less_than: 20.kilobytes
         validates_file_content_type :avatar, allow: 'image/jpeg'
       end
     end

data/spec/integration/file_content_type_validation_integration_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 require 'rack/test/uploaded_file'
 
@@ -69,7 +71,8 @@ describe 'File Content Type integration with ActiveModel' do
       before :all do
         Person.class_eval do
           Person.reset_callbacks(:validate)
-          validates :avatar, file_content_type: { allow: ['image/jpeg', 'text/plain'], mode: :strict }
+          validates :avatar, file_content_type: { allow: ['image/jpeg', 'text/plain'],
+                                                  mode: :strict }
         end
       end
 
@@ -97,7 +100,7 @@ describe 'File Content Type integration with ActiveModel' do
       before :all do
         Person.class_eval do
           Person.reset_callbacks(:validate)
-          validates :avatar, file_content_type: { allow: lambda { |record| ['image/jpeg', 'text/plain'] },
+          validates :avatar, file_content_type: { allow: ->(_record) { ['image/jpeg', 'text/plain'] },
                                                   mode: :strict }
         end
       end
@@ -177,7 +180,8 @@ describe 'File Content Type integration with ActiveModel' do
       before :all do
         Person.class_eval do
           Person.reset_callbacks(:validate)
-          validates :avatar, file_content_type: { exclude: ['image/jpeg', 'text/plain'], mode: :strict }
+          validates :avatar, file_content_type: { exclude: ['image/jpeg', 'text/plain'],
+                                                  mode: :strict }
         end
       end
 
@@ -205,7 +209,8 @@ describe 'File Content Type integration with ActiveModel' do
       before :all do
         Person.class_eval do
           Person.reset_callbacks(:validate)
-          validates :avatar, file_content_type: { exclude: lambda { |record| /^image\/.*/ }, mode: :strict }
+          validates :avatar, file_content_type: { exclude: ->(_record) { /^image\/.*/ },
+                                                  mode: :strict }
         end
       end
 
@@ -229,7 +234,8 @@ describe 'File Content Type integration with ActiveModel' do
     before :all do
       Person.class_eval do
         Person.reset_callbacks(:validate)
-        validates :avatar, file_content_type: { allow: /^image\/.*/, exclude: 'image/png', mode: :strict }
+        validates :avatar, file_content_type: { allow: /^image\/.*/, exclude: 'image/png',
+                                                mode: :strict }
       end
     end
 
@@ -246,6 +252,31 @@ describe 'File Content Type integration with ActiveModel' do
     end
   end
 
+  context ':tool option' do
+    before :all do
+      Person.class_eval do
+        Person.reset_callbacks(:validate)
+        validates :avatar, file_content_type: { allow: 'image/jpeg', tool: :marcel }
+      end
+    end
+
+    subject { Person.new }
+
+    context 'with valid file' do
+      it 'validates the file' do
+        subject.avatar = Rack::Test::UploadedFile.new(@cute_path, 'image/jpeg')
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'with spoofed file' do
+      it 'invalidates the file' do
+        subject.avatar = Rack::Test::UploadedFile.new(@spoofed_file_path, 'image/jpeg')
+        expect(subject).not_to be_valid
+      end
+    end
+  end
+
   context ':mode option' do
     context 'strict mode' do
       before :all do
@@ -334,24 +365,35 @@ describe 'File Content Type integration with ActiveModel' do
     subject { Person.new }
 
     context 'for invalid content type' do
-      before { subject.avatar = "{\"filename\":\"img140910_88338.GIF\",\"content_type\":\"image/gif\",\"size\":13150}" }
+      before do
+        subject.avatar = '{"filename":"img140910_88338.GIF","content_type":"image/gif","size":13150}'
+      end
+
       it { is_expected.not_to be_valid }
     end
 
     context 'for valid content type' do
-      before { subject.avatar = "{\"filename\":\"img140910_88338.jpg\",\"content_type\":\"image/jpeg\",\"size\":13150}" }
+      before do
+        subject.avatar = '{"filename":"img140910_88338.jpg","content_type":"image/jpeg","size":13150}'
+      end
+
       it { is_expected.to be_valid }
     end
 
     context 'empty json string' do
-      before { subject.avatar = "{}" }
+      before { subject.avatar = '{}' }
       it { is_expected.to be_valid }
     end
 
     context 'empty string' do
-      before { subject.avatar = "" }
+      before { subject.avatar = '' }
       it { is_expected.to be_valid }
     end
+
+    context 'invalid json string' do
+      before { subject.avatar = '{filename":"img140910_88338.jpg","content_type":"image/jpeg","size":13150}' }
+      it { is_expected.not_to be_valid }
+    end
   end
 
   context 'image data as hash' do
@@ -365,12 +407,26 @@ describe 'File Content Type integration with ActiveModel' do
     subject { Person.new }
 
     context 'for invalid content type' do
-      before { subject.avatar = { "filename" => "img140910_88338.GIF", "content_type" => "image/gif", "size" => 13150 } }
+      before do
+        subject.avatar = {
+          'filename' => 'img140910_88338.GIF',
+          'content_type' => 'image/gif',
+          'size' => 13_150
+        }
+      end
+
       it { is_expected.not_to be_valid }
     end
 
     context 'for valid content type' do
-      before { subject.avatar = { "filename" => "img140910_88338.jpg", "content_type" => "image/jpeg", "size" => 13150 } }
+      before do
+        subject.avatar = {
+          'filename' => 'img140910_88338.jpg',
+          'content_type' => 'image/jpeg',
+          'size' => 13_150
+        }
+      end
+
       it { is_expected.to be_valid }
     end
 
@@ -379,4 +435,54 @@ describe 'File Content Type integration with ActiveModel' do
       it { is_expected.to be_valid }
     end
   end
+
+  context 'image data as array' do
+    before :all do
+      Person.class_eval do
+        Person.reset_callbacks(:validate)
+        validates :avatar, file_content_type: { allow: 'image/jpeg' }
+      end
+    end
+
+    subject { Person.new }
+
+    context 'for one invalid content type' do
+      before do
+        subject.avatar = [
+          Rack::Test::UploadedFile.new(@sample_text_path, 'text/plain'),
+          Rack::Test::UploadedFile.new(@cute_path, 'image/jpeg')
+        ]
+      end
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'for two invalid content types' do
+      before do
+        subject.avatar = [
+          Rack::Test::UploadedFile.new(@sample_text_path, 'text/plain'),
+          Rack::Test::UploadedFile.new(@sample_text_path, 'text/plain')
+        ]
+      end
+
+      it 'is invalid and adds just one error' do
+        expect(subject).not_to be_valid
+        expect(subject.errors.count).to eq 1
+      end
+    end
+
+    context 'for valid content type' do
+      before do
+        subject.avatar = [
+          Rack::Test::UploadedFile.new(@cute_path, 'image/jpeg'),
+          Rack::Test::UploadedFile.new(@cute_path, 'image/jpeg')
+        ]
+      end
+      it { is_expected.to be_valid }
+    end
+
+    context 'empty array' do
+      before { subject.avatar = [] }
+      it { is_expected.to be_valid }
+    end
+  end
 end