forme 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 581902a62cc974ce05fecf52a4b7debd41b5d89f5ba151c1c03a2f0589f15e7e
-  data.tar.gz: 5252e5dca95690ddf46341e443954058644f41c67e2109d7692a6dfb8c3b3ee8
+  metadata.gz: ee6b65bc378fc1ea557f3280b5782527735c561e58344e20920a1e728ce4592f
+  data.tar.gz: 4e2b963f58361fb962034c1727f122f22414c7bfcac8f80a969dfa216187ebc3
 SHA512:
-  metadata.gz: 39c198d2db64a06eacf30e1ed2e5af10bce818fe45f81c17ab8fcd4db7b1693afb3c2e82d013615105dd71907e96eead22104340068b04361492b853fe03da65
-  data.tar.gz: 33bfcf058c9ffc34f9581f3aa78e924b6764b034c56495ebaebd241eb07f5984e4330ddbab3f3a934cc77e66412e01c07decbf81bee07bb10c5d829eb00dff6f
+  metadata.gz: e40c6db1223714f80e6d603dcd25c48b3baa6ecc89126738f495b9ffc68b84412697b1874c248d8c87c94916b6be6325f47604be17da9c8be390fcced572a1ab
+  data.tar.gz: 5a5ed453fee72ac73348c5fed4083404758d2dbe979d0ca28fb72a50c125e167804e9e55b5ca1491f3e79bc860991e98f5926b35be82e47240763ed7a47a7ef9

data/CHANGELOG

@@ -1,3 +1,7 @@
+=== 1.11.0 (2020-01-03)
+
+* Add Roda forme_set plugin, using HMACed form metadata to automatically handle submitted form parameters (jeremyevans)
+
 === 1.10.0 (2019-05-13)
 
 * Make readonly formatter ignore hidden inputs (jeremyevans)

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2011-2018 Jeremy Evans
+Copyright (c) 2011-2019 Jeremy Evans
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to

data/README.rdoc

@@ -589,7 +589,7 @@ As you can see, you basically need to recreate the conditionals used when creati
 the form, so that that the processing of the form submission handles only the
 inputs that were displayed on the form.
 
-=== forme_set plugin
+=== forme_set Sequel plugin
 
 The forme_set plugin is designed to make handling form submissions easier.  What it does
 is record the form fields that are used on the object, and then it uses those fields
@@ -686,6 +686,166 @@ internally).  forme_parse returns a hash with the following keys:
 It is possible to use forme_set for the values it can handle, and set other fields manually
 using set_fields.
 
+=== forme_set Roda plugin
+
+The forme_set Roda plugin builds on the forme_set Sequel plugin and is designed to make
+handling form submissions even easier. This plugin uses a hidden form input to store which
+fields were used to build the form, as well as some other metadata.  It uses another hidden
+form input with an HMAC, so that on submission, if the HMAC matches, you can be sure that an
+attacker didn't add extra fields.
+
+There are a couple advantages to this plugin over using just the Sequel forme_set plugin.
+One is that you do not need to record the form fields when processing the submission of a
+form, since the information you need is included in the form submission. Another is that
+calling the forme_set method is simpler, since it can determine the necessary parameters.
+
+While you need code like this when using just the Sequel forme_set plugin:
+
+  album = Album[1]
+  Forme.form(album, :action=>'/foo') do |f|
+    f.input :name
+    f.input :copies_sold if album.released?
+  end
+  album.forme_set(params['album'])
+
+when you also use the Roda forme_set plugin, you can simplify it to:
+
+  album = Album[1]
+  forme_set(album)
+
+==== Validations
+
+The Roda forme_set plugin supports and uses the same validations as the Sequel forme_set
+plugin.  However, the Roda plugin is more accurate because it uses the options that were
+present on the form when it was originally built, instead of the options that would be
+present on the form when the form was submitted.  However, note that that can be a
+negative if you are dynamically adding values to both the database and the form between
+when the form was built and when it was submitted.
+
+==== Usage
+
+Because the Roda forme_set plugin includes the metadata needed to process the form in form
+submissions, you don't need to rearrange code to use it, or rerender templates.
+You can do:
+
+  album = Album[1]
+  forme_set(album)
+
+And the method will update the +album+ object using the appropriate form values. 
+
+Note that using the Roda forme_set plugin requires you set a secret for the HMAC.  It
+is important that you keep this value secret, because if an attacker has access to this,
+they would be able to set arbitrary attributes for model objects.  In your Roda class,
+you can load the plugin via:
+
+  plugin :forme_set, :secret => ENV["APP_FORME_HMAC_SECRET"]
+
+By default, invalid form submissions will raise an exception.  If you want to change
+that behavior (i.e. to display a nice error page), pass a block when loading the plugin:
+
+  plugin :forme_set do |error_type, obj|
+    # ...
+  end
+
+The block arguments will be a symbol for the type of error (:missing_data, :missing_hmac,
+:hmac_mismatch, :csrf_mismatch, or :missing_namespace) and the object passed to +forme_set+.
+This block should raise or halt.  If it does not, the default behavior of raising an
+exception will be taken.
+
+=== Form Versions
+
+The Roda forme_set plugin supports form versions.  This allows you to gracefully handle
+changes to forms, processing submissions of the form generated before the change (if
+possible) as well as the processing submissions of the form generated after the change.
+
+For example, maybe you have an existing form with just an input for the name:
+
+  form(album) do |f|
+    f.input(:name)
+  end
+
+Then later, you want to add an input for the number of copies sold:
+
+  form(album) do |f|
+    f.input(:name)
+    f.input(:copies_sold)
+  end
+
+Using the Roda forme_set plugin, submissions of the old form would only set the
+name field, it wouldn't set the copies_sold field, since when the form was created,
+only the name field was used.
+
+You can handle this case be versioning the form when making changes to it:
+
+  form(album, {}, :form_version=>1) do |f|
+    f.input(:name)
+    f.input(:copies_sold)
+  end
+
+When you are processing the form submission with forme_set, you pass a block, which
+will be yielded the version for the form (nil if no version was set):
+
+  forme_set(album) do |version|
+    if version == nil
+      album.copies_sold = 0
+    end
+  end
+
+The block is also yielded the object passed for forme_set, useful if you don't keep
+a reference to it:
+
+  album = forme_set(Album.new) do |version, obj|
+    if version == nil
+      obj.copies_sold = 0
+    end
+  end
+
+You only need to support old versions of the form for as long as their could be
+active sessions that could use the old versions of the form.  As long you as
+are expiring sessions to prevent session fixation, you can remove the version
+handling after the expiration period has passed since the change to the form
+was made.
+
+Note that this issue with handling changes to forms is not specific to the Roda
+forme_set plugin, it affects pretty much all form submissions.  The Roda forme_set
+plugin just makes this issue easier to handle.
+
+==== Caveats
+
+The Roda forme_set plugin has basically the same caveats as Sequel forme_set plugin.
+Additionally, it has a couple other restrictions that the Sequel forme_set plugin
+does not have.
+
+First, the Roda forme_set plugin only handles a single object in forms,
+which must be provided when creating the form.  It does not handle multiple
+objects in the same form, and ignores any fields set for an object different
+from the one passed when creating the form.  You can use the Sequel forme_set
+plugin to handle form submissions involving multiple objects, or for the
+objects that were not passed when creating the form.
+
+Second, the Roda forme_set plugin does not handle cases where the field values
+are placed outside the forms default namespace.  The Sequel forme_set plugin
+can handle those issues, as long as all values are in the same namespace, since
+the Sequel forme_set plugin requires you pass in the specific hash to use (the
+Roda forme_set plugin use the form's namespace information and the submitted
+parameters to determine the hash to use).
+
+In cases where the Roda forme_set does not handle things correctly, you can use
+forme_parse, which will return metadata in the same format as the Sequel plugin
+forme_parse method, with the addition of a :form_version key in the hash for the
+form version.
+
+It is possible to use the Roda forme_set plugin for the submissions it can handle, the
+Sequel forme_set plugin for the submissions it can handle, and set other fields manually
+using the Sequel set_fields methods.
+
+Note that when using the Roda forme_set plugin with an existing form, you should first
+enable the Roda plugin without actually using the Roda forme_set method.  Do not
+start using the Roda forme_set method until all currently valid sessions were
+established after the Roda forme_set plugin was enabled.  Otherwise, sessions that
+access the form before the Roda forme_set plugin was enabled will not work if they
+submit the form after the Roda forme_set plugin is enabled.
+
 == Other Sequel Plugins
 
 In addition to the Sequel plugins mentioned above, Forme also ships with additional Sequel
@@ -695,9 +855,9 @@ forme_i18n :: Handles translations for labels using i18n.
 
 = Roda Support
 
-Forme ships with two Roda plugins, forme and forme_route_csrf.  For new code, it is
-recommended to use forme_route_csrf, as that uses Roda's route_csrf plugin, which
-supports more secure request-specific CSRF tokens.  In both cases, usage in ERB
+Forme ships with three Roda plugins: forme_set (discussed above), forme, and forme_route_csrf.
+For new code, it is recommended to use forme_route_csrf, as that uses Roda's route_csrf
+plugin, which supports more secure request-specific CSRF tokens.  In both cases, usage in ERB
 templates is the same:
 
   <% form(@obj, :action=>'/foo') do |f| %>

data/lib/forme/version.rb

@@ -6,7 +6,7 @@ module Forme
   MAJOR = 1
 
   # The minor version of Forme, updated for new feature releases of Forme.
-  MINOR = 10
+  MINOR = 11
 
   # The patch version of Forme, updated only for bug fixes from the last
   # feature release.

data/lib/roda/plugins/forme_route_csrf.rb

@@ -45,12 +45,26 @@ class Roda
               csrf_token
             end
 
+            options[:csrf] = [csrf_field, token]
             options[:hidden_tags] ||= []
             options[:hidden_tags] += [{csrf_field=>token}]
           end
 
           options[:output] = @_out_buf if block
-          ::Forme::ERB::Form.form(obj, attr, opts, &block)
+          _forme_form_options(options)
+          _forme_form_class.form(obj, attr, opts, &block)
+        end
+
+        private
+
+        # The class to use for forms
+        def _forme_form_class
+          ::Forme::ERB::Form
+        end
+
+        # The options to use for forms.  Any changes should mutate this hash to set options.
+        def _forme_form_options(options)
+          options
         end
       end
     end

data/lib/roda/plugins/forme_set.rb

@@ -0,0 +1,214 @@
+# frozen-string-literal: true
+
+require 'rack/utils'
+require 'forme/erb_form'
+
+class Roda
+  module RodaPlugins
+    module FormeSet
+      # Require the forme_route_csrf plugin.
+      def self.load_dependencies(app, _ = nil)
+        app.plugin :forme_route_csrf 
+      end
+
+      # Set the HMAC secret.
+      def self.configure(app, opts = OPTS, &block)
+        app.opts[:forme_set_hmac_secret] = opts[:secret] || app.opts[:forme_set_hmac_secret]
+
+        if block
+          app.send(:define_method, :_forme_set_handle_error, &block)
+          app.send(:private, :_forme_set_handle_error)
+        end
+      end
+
+      # Error class raised for invalid form submissions.
+      class Error < StandardError
+      end
+
+      # Map of error types to error messages
+      ERROR_MESSAGES = {
+        :missing_data=>"_forme_set_data parameter not submitted",
+        :missing_hmac=>"_forme_set_data_hmac parameter not submitted",
+        :hmac_mismatch=>"_forme_set_data_hmac does not match _forme_set_data",
+        :csrf_mismatch=>"_forme_set_data CSRF token does not match submitted CSRF token",
+        :missing_namespace=>"no content in expected namespace"
+      }.freeze
+
+      # Forme::Form subclass that adds hidden fields with metadata that can be used
+      # to automatically process form submissions.
+      class Form < ::Forme::ERB::Form
+        def initialize(obj, opts=nil)
+          super
+          @forme_namespaces = @opts[:namespace]
+        end
+
+        # Try adding hidden fields to all forms
+        def form(*)
+          if block_given?
+            super do |f|
+              yield f
+              hmac_hidden_fields
+            end
+          else
+            t = super
+            if tags = hmac_hidden_fields
+              tags.each{|tag| t << tag}
+            end
+            t
+          end
+        end
+
+        private
+
+        # Add hidden fields with metadata, if the form has an object associated that
+        # supports the forme_inputs method, and it includes inputs.
+        def hmac_hidden_fields
+          if (obj = @opts[:obj]) && obj.respond_to?(:forme_inputs) && (forme_inputs = obj.forme_inputs)
+            columns = []
+            valid_values = {}
+
+            forme_inputs.each do |field, input|
+              next unless col = obj.send(:forme_column_for_input, input)
+              col = col.to_s
+              columns << col
+
+              next unless validation = obj.send(:forme_validation_for_input, field, input)
+              validation[0] = validation[0].to_s
+              has_nil = false
+              validation[1] = validation[1].map do |v|
+                has_nil ||= v.nil?
+                v.to_s
+              end
+              validation[1] << nil if has_nil
+              valid_values[col] = validation
+            end
+
+            return if columns.empty?
+
+            data = {}
+            data['columns'] = columns
+            data['namespaces'] = @forme_namespaces
+            data['csrf'] = @opts[:csrf]
+            data['valid_values'] = valid_values unless valid_values.empty?
+            data['form_version'] = @opts[:form_version] if @opts[:form_version]
+
+            data = data.to_json
+            tags = []
+            tags << tag(:input, :type=>:hidden, :name=>:_forme_set_data, :value=>data)
+            tags << tag(:input, :type=>:hidden, :name=>:_forme_set_data_hmac, :value=>OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA512.new, @opts[:roda].class.opts[:forme_set_hmac_secret], data))
+            tags.each{|tag| emit(tag)}
+            tags
+          end
+        end
+      end
+
+      module InstanceMethods
+        # Return hash based on submitted parameters, with :values key
+        # being submitted values for the object, and :validations key
+        # being a hash of validation metadata for the object.
+        def forme_parse(obj)
+          h = _forme_parse(obj)
+          
+          params = h.delete(:params)
+          columns = h.delete(:columns)
+          h[:validations] ||= {}
+
+          values = h[:values] = {}
+          columns.each do |col|
+            values[col.to_sym] = params[col]
+          end
+
+          h
+        end
+
+        # Set fields on the object based on submitted parameters, as
+        # well as validations for associated object values.
+        def forme_set(obj)
+          h = _forme_parse(obj)
+
+          obj.set_fields(h[:params], h[:columns])
+
+          if h[:validations]
+            obj.forme_validations.merge!(h[:validations])
+          end
+
+          if block_given?
+            yield h[:form_version], obj
+          end
+
+          obj
+        end
+
+        private
+
+        # Raise error with message based on type
+        def _forme_set_handle_error(type, _obj)
+        end
+
+        # Raise error with message based on type
+        def _forme_parse_error(type, obj)
+          _forme_set_handle_error(type, obj)
+          raise Error, ERROR_MESSAGES[type]
+        end
+
+        # Use form class that adds hidden fields for metadata.
+        def _forme_form_class
+          Form
+        end
+
+        # Include a reference to the current scope to the form.  This reference is needed
+        # to correctly construct the HMAC.
+        def _forme_form_options(options)
+          options.merge!(:roda=>self)
+        end
+
+        # Internals of forme_parse_hmac and forme_set_hmac.
+        def _forme_parse(obj)
+          params = request.params
+          return _forme_parse_error(:missing_data, obj) unless data = params['_forme_set_data']
+          return _forme_parse_error(:missing_hmac, obj) unless hmac = params['_forme_set_data_hmac']
+
+          data = data.to_s
+          hmac = hmac.to_s
+          actual = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA512.new, self.class.opts[:forme_set_hmac_secret], data)
+          unless Rack::Utils.secure_compare(hmac.ljust(64), actual) && hmac.length == actual.length
+            return _forme_parse_error(:hmac_mismatch, obj)
+          end
+
+          data = JSON.parse(data)
+          csrf_field, hmac_csrf_value = data['csrf']
+          if csrf_field
+            csrf_value = params[csrf_field].to_s
+            hmac_csrf_value = hmac_csrf_value.to_s
+            unless Rack::Utils.secure_compare(csrf_value.ljust(hmac_csrf_value.length), hmac_csrf_value) && csrf_value.length == hmac_csrf_value.length
+              return _forme_parse_error(:csrf_mismatch, obj)
+            end
+          end
+
+          namespaces = data['namespaces']
+          namespaces.each do |key|
+            return _forme_parse_error(:missing_namespace, obj) unless params = params[key]
+          end
+
+          if valid_values = data['valid_values']
+            validations = {}
+            valid_values.each do |col, (type, values)|
+              value = params[col]
+              valid = if type == "subset"
+                !value || (value - values).empty?
+              else # type == "include"
+                values.include?(value)
+              end
+
+              validations[col.to_sym] = [:valid, valid]
+            end
+          end
+
+          {:params=>params, :columns=>data["columns"], :validations=>validations, :form_version=>data['form_version']}
+        end
+      end
+    end
+
+    register_plugin(:forme_set, FormeSet)
+  end
+end

data/lib/sequel/plugins/forme.rb

@@ -470,10 +470,10 @@ module Sequel # :nodoc:
         include SequelForm
       end
 
-      module InstanceMethods
-        MUTEX = Mutex.new
-        FORM_CLASSES = {::Forme::Form=>Form}
+      MUTEX = Mutex.new
+      FORM_CLASSES = {::Forme::Form=>Form}
 
+      module InstanceMethods
         # Configure the +form+ with support for <tt>Sequel::Model</tt>
         # specific code, such as support for nested attributes.
         def forme_config(form)

data/lib/sequel/plugins/forme_set.rb

@@ -3,7 +3,7 @@
 module Sequel # :nodoc:
   module Plugins # :nodoc:
     # The forme_set plugin makes the model instance keep track of which form
-    # inputs have been added for it. It adds a forme_set method to handle
+    # inputs have been added for it. It adds a <tt>forme_set(params['model_name'])</tt> method to handle
     # the intake of submitted data from the form.  For more complete control,
     # it also adds a forme_parse method that returns a hash of information that can be
     # used to modify and validate the object.
@@ -47,34 +47,11 @@ module Sequel # :nodoc:
           validations = hash[:validations] = {}
 
           forme_inputs.each do |field, input|
-            opts = input.opts
-            next if SKIP_FORMATTERS.include?(opts.fetch(:formatter){input.form_opts[:formatter]})
-
-            if attr = opts[:attr]
-              name = attr[:name] || attr['name']
-            end
-            name ||= opts[:name] || opts[:key] || next
-
-            # Pull out last component of the name if there is one
-            column = (name =~ /\[([^\[\]]+)\]\z/ ? $1 : name)
-            column = column.to_s.sub(/\[\]\z/, '').to_sym
-
+            next unless column = forme_column_for_input(input)
             hash_values[column] = params[column] || params[column.to_s]
 
-            next unless ref = model.association_reflection(field)
-            next unless options = opts[:options]
-
-            values = if opts[:text_method]
-              value_method = opts[:value_method] || opts[:text_method]
-              options.map(&value_method)
-            else
-              options.map{|obj| obj.is_a?(Array) ? obj.last : obj}
-            end
-
-            if ref[:type] == :many_to_one && !opts[:required]
-              values << nil
-            end
-            validations[column] = [ref[:type] != :many_to_one ? :subset : :include, values]
+            next unless validation = forme_validation_for_input(field, input)
+            validations[column] = validation
           end
 
           hash
@@ -88,6 +65,7 @@ module Sequel # :nodoc:
           unless hash[:validations].empty?
             forme_validations.merge!(hash[:validations])
           end
+          nil
         end
 
         # Check associated values to ensure they match one of options in the form.
@@ -105,6 +83,8 @@ module Sequel # :nodoc:
                 !value || (value - values).empty?
               when :include
                 values.include?(value)
+              when :valid
+                values
               else
                 raise Forme::Error, "invalid type used in forme_validations"
               end
@@ -115,6 +95,46 @@ module Sequel # :nodoc:
             end
           end
         end
+
+        private
+
+        # Return the model column name to use for the given form input.
+        def forme_column_for_input(input)
+          opts = input.opts
+          return if SKIP_FORMATTERS.include?(opts.fetch(:formatter){input.form_opts[:formatter]})
+
+          if attr = opts[:attr]
+            name = attr[:name] || attr['name']
+          end
+          return unless name ||= opts[:name] || opts[:key]
+
+          # Pull out last component of the name if there is one
+          column = name.to_s.chomp('[]')
+          if column =~ /\[([^\[\]]+)\]\z/
+            $1
+          else
+            column
+          end.to_sym
+        end
+
+        # Return the validation metadata to use for the given field name and form input.
+        def forme_validation_for_input(field, input)
+          return unless ref = model.association_reflection(field)
+          opts = input.opts
+          return unless options = opts[:options]
+
+          values = if opts[:text_method]
+            value_method = opts[:value_method] || opts[:text_method]
+            options.map(&value_method)
+          else
+            options.map{|obj| obj.is_a?(Array) ? obj.last : obj}
+          end
+
+          if ref[:type] == :many_to_one && !opts[:required]
+            values << nil
+          end
+          [ref[:type] != :many_to_one ? :subset : :include, values]
+        end
       end
     end
   end

data/spec/rails_integration_spec.rb

@@ -20,6 +20,7 @@ class FormeRails < Rails::Application
     end
   end
   config.active_support.deprecation = :stderr
+  config.middleware.delete(ActionDispatch::HostAuthorization) if defined?(ActionDispatch::HostAuthorization)
   config.middleware.delete(ActionDispatch::ShowExceptions)
   config.middleware.delete(Rack::Lock)
   config.secret_key_base = 'foo'*15

data/spec/roda_integration_spec.rb

@@ -122,6 +122,354 @@ else
       sin_get('/csrf/0').wont_include '<input name="_csrf" type="hidden" value="'
     end
   end
+
+  describe "Forme Roda ERB Sequel integration with roda forme_set plugin and route_csrf plugin with #{plugin_opts}" do
+    before do
+      @app = Class.new(FormeRodaTest)
+      @app.plugin :route_csrf, plugin_opts
+      @app.plugin(:forme_set, :secret=>'1'*64)
+
+      @ab = Album.new
+    end
+
+    def forme_parse(*args, &block)
+      _forme_set(:forme_parse, *args, &block)
+    end
+
+    def forme_set(*args, &block)
+      _forme_set(:forme_set, *args, &block)
+    end
+
+    def forme_call(params)
+      @app.call('REQUEST_METHOD'=>'POST', 'rack.input'=>StringIO.new, :params=>params)
+    end
+
+    def _forme_set(meth, obj, orig_hash, *form_args, &block)
+      hash = {}
+      forme_set_block = orig_hash.delete(:forme_set_block)
+      orig_hash.each{|k,v| hash[k.to_s] = v}
+      album = @ab
+      ret, form, data, hmac = nil
+      
+      @app.route do |r|
+        r.get do
+          form(*env[:args], &env[:block]).to_s
+        end
+        r.post do
+          r.params.replace(env[:params])
+          ret = send(meth, album, &forme_set_block)
+          nil
+        end
+      end
+      body = @app.call('REQUEST_METHOD'=>'GET', :args=>[album, *form_args], :block=>block)[2].join
+      body =~ %r|<input name="_csrf" type="hidden" value="([^"]+)"/>.*<input name="_forme_set_data" type="hidden" value="([^"]+)"/><input name="_forme_set_data_hmac" type="hidden" value="([^"]+)"/>|n
+      csrf = $1
+      data = $2
+      hmac = $3
+      data.gsub!("&quot;", '"') if data
+      h = {"album"=>hash,  "_forme_set_data"=>data, "_forme_set_data_hmac"=>hmac, "_csrf"=>csrf}
+      if data && hmac
+        forme_call(h)
+      end
+      meth == :forme_parse ? ret : h
+    end
+
+    it "#forme_set should include HMAC values if form includes inputs for obj" do
+      h = forme_set(@ab, :name=>'Foo')
+      proc{forme_call(h)}.must_raise Roda::RodaPlugins::FormeSet::Error
+      @ab.name.must_be_nil
+      @ab.copies_sold.must_be_nil
+
+      h = forme_set(@ab, :name=>'Foo'){|f| f.input(:name)}
+      hmac = h.delete("_forme_set_data_hmac")
+      proc{forme_call(h)}.must_raise Roda::RodaPlugins::FormeSet::Error
+      proc{forme_call(h.merge("_forme_set_data_hmac"=>hmac+'1'))}.must_raise Roda::RodaPlugins::FormeSet::Error
+      data = h["_forme_set_data"]
+      data.sub!(/"csrf":\["_csrf","./, "\"csrf\":[\"_csrf\",\"|")
+      hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA512.new, '1'*64, data)
+      proc{forme_call(h.merge("_forme_set_data_hmac"=>hmac))}.must_raise Roda::RodaPlugins::FormeSet::Error
+      @ab.name.must_equal 'Foo'
+      @ab.copies_sold.must_be_nil
+
+      forme_set(@ab, :copies_sold=>100){|f| f.input(:name)}
+      @ab.name.must_be_nil
+      @ab.copies_sold.must_be_nil
+    end
+
+    it "#forme_set should handle custom form namespaces" do
+      forme_set(@ab, {"album"=>{"name"=>'Foo', 'copies_sold'=>'100'}}, {}, :namespace=>'album'){|f| f.input(:name); f.input(:copies_sold)}
+      @ab.name.must_equal 'Foo'
+      @ab.copies_sold.must_equal 100
+
+      proc{forme_set(@ab, {"a"=>{"name"=>'Foo'}}, {}, :namespace=>'album'){|f| f.input(:name); f.input(:copies_sold)}}.must_raise Roda::RodaPlugins::FormeSet::Error
+    end
+
+    it "#forme_set should call plugin block if there is an error with the form submission hmac not matching data" do
+      @app.plugin :forme_set do |error_type, _|
+        request.on{error_type.to_s}
+      end
+
+      h = forme_set(@ab, :name=>'Foo')
+      forme_call(h)[2].must_equal ['missing_data']
+
+      h = forme_set(@ab, :name=>'Foo'){|f| f.input(:name)}
+      hmac = h.delete("_forme_set_data_hmac")
+      forme_call(h)[2].must_equal ['missing_hmac']
+
+      forme_call(h.merge("_forme_set_data_hmac"=>hmac+'1'))[2].must_equal ['hmac_mismatch']
+
+      data = h["_forme_set_data"]
+      data.sub!(/"csrf":\["_csrf","./, "\"csrf\":[\"_csrf\",\"|")
+      hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA512.new, '1'*64, data)
+      forme_call(h.merge("_forme_set_data_hmac"=>hmac))[2].must_equal ['csrf_mismatch']
+
+      h = forme_set(@ab, :name=>'Foo')
+      h.delete('album')
+      forme_call(h)[2].must_equal ['missing_namespace']
+    end
+
+    it "#forme_set should raise if plugin block does not raise or throw" do
+      @app.plugin :forme_set do |_, obj|
+        obj
+      end
+      h = forme_set(@ab, :name=>'Foo'){|f| f.input(:name)}
+      h.delete("_forme_set_data_hmac")
+      proc{forme_call(h)}.must_raise Roda::RodaPlugins::FormeSet::Error
+    end
+
+    it "#forme_set should only set values in the form" do
+      forme_set(@ab, :name=>'Foo')
+      @ab.name.must_be_nil
+
+      forme_set(@ab, :name=>'Foo'){|f| f.input(:name)}
+      @ab.name.must_equal 'Foo'
+
+      forme_set(@ab, 'copies_sold'=>'1'){|f| f.input(:name)}
+      @ab.name.must_be_nil
+      @ab.copies_sold.must_be_nil
+
+      forme_set(@ab, 'name'=>'Bar', 'copies_sold'=>'1'){|f| f.input(:name); f.input(:copies_sold)}
+      @ab.name.must_equal 'Bar'
+      @ab.copies_sold.must_equal 1
+    end
+
+    it "#forme_set should handle form_versions" do
+      h = forme_set(@ab, {:name=>'Foo'}){|f| f.input(:name)}
+      @ab.name.must_equal 'Foo'
+
+      obj = nil
+      version = nil
+      name = nil
+      forme_set_block = proc do |v, o|
+        obj = o
+        name = o.name
+        version = v
+      end
+      h2 = forme_set(@ab, {:name=>'Foo', :forme_set_block=>forme_set_block}, {}, :form_version=>1){|f| f.input(:name)}
+      obj.must_be_same_as @ab
+      name.must_equal 'Foo'
+      version.must_equal 1
+
+      forme_call(h)
+      obj.must_be_same_as @ab
+      version.must_be_nil
+
+      h3 = forme_set(@ab, {:name=>'Bar', :forme_set_block=>forme_set_block}, {}, :form_version=>2){|f| f.input(:name)}
+      obj.must_be_same_as @ab
+      name.must_equal 'Bar'
+      version.must_equal 2
+
+      h['album']['name'] = 'Baz'
+      forme_call(h)
+      obj.must_be_same_as @ab
+      name.must_equal 'Baz'
+      version.must_be_nil
+
+      forme_call(h2)
+      obj.must_be_same_as @ab
+      version.must_equal 1
+    end
+
+    it "#forme_set should work for forms without blocks" do
+      forme_set(@ab, {:name=>'Foo'}, {}, :inputs=>[:name])
+      @ab.name.must_equal 'Foo'
+    end
+
+    it "#forme_set should handle different ways to specify parameter names" do
+      [{:attr=>{:name=>'foo'}}, {:attr=>{'name'=>:foo}}, {:name=>'foo'}, {:name=>'bar[foo]'}, {:key=>:foo}].each do |opts|
+        forme_set(@ab, name=>'Foo'){|f| f.input(:name, opts)}
+        @ab.name.must_be_nil
+
+        forme_set(@ab, 'foo'=>'Foo'){|f| f.input(:name, opts)}
+        @ab.name.must_equal 'Foo'
+      end
+    end
+
+    it "#forme_set should ignore values where key is explicitly set to nil" do
+      forme_set(@ab, :name=>'Foo'){|f| f.input(:name, :key=>nil)}
+      @ab.forme_set(:name=>'Foo')
+      @ab.name.must_be_nil
+      @ab.forme_set(nil=>'Foo')
+      @ab.name.must_be_nil
+    end
+    
+    it "#forme_set should skip inputs with disabled/readonly formatter set on input" do
+      [:disabled, :readonly, ::Forme::Formatter::Disabled, ::Forme::Formatter::ReadOnly].each do |formatter|
+        forme_set(@ab, :name=>'Foo'){|f| f.input(:name, :formatter=>formatter)}
+        @ab.name.must_be_nil
+      end
+
+      forme_set(@ab, :name=>'Foo'){|f| f.input(:name, :formatter=>:default)}
+      @ab.name.must_equal 'Foo'
+    end
+    
+    it "#forme_set should skip inputs with disabled/readonly formatter set on Form" do
+      [:disabled, :readonly, ::Forme::Formatter::Disabled, ::Forme::Formatter::ReadOnly].each do |formatter|
+        forme_set(@ab, {:name=>'Foo'}, {}, :formatter=>:disabled){|f| f.input(:name)}
+        @ab.name.must_be_nil
+      end
+
+      forme_set(@ab, {:name=>'Foo'}, {}, :formatter=>:default){|f| f.input(:name)}
+      @ab.name.must_equal 'Foo'
+    end
+    
+    it "#forme_set should skip inputs with disabled/readonly formatter set using with_opts" do
+      [:disabled, :readonly, ::Forme::Formatter::Disabled, ::Forme::Formatter::ReadOnly].each do |formatter|
+        forme_set(@ab, :name=>'Foo'){|f| f.with_opts(:formatter=>formatter){f.input(:name)}}
+        @ab.name.must_be_nil
+      end
+
+      forme_set(@ab, :name=>'Foo'){|f| f.with_opts(:formatter=>:default){f.input(:name)}}
+      @ab.name.must_equal 'Foo'
+    end
+
+    it "#forme_set should prefer input formatter to with_opts formatter" do
+      forme_set(@ab, :name=>'Foo'){|f| f.with_opts(:formatter=>:default){f.input(:name, :formatter=>:readonly)}}
+      @ab.name.must_be_nil
+
+      forme_set(@ab, :name=>'Foo'){|f| f.with_opts(:formatter=>:readonly){f.input(:name, :formatter=>:default)}}
+      @ab.name.must_equal 'Foo'
+    end
+
+    it "#forme_set should prefer with_opts formatter to form formatter" do
+      forme_set(@ab, {:name=>'Foo'}, {}, :formatter=>:default){|f| f.with_opts(:formatter=>:readonly){f.input(:name)}}
+      @ab.name.must_be_nil
+
+      forme_set(@ab, {:name=>'Foo'}, {}, :formatter=>:readonly){|f| f.with_opts(:formatter=>:default){f.input(:name)}}
+      @ab.name.must_equal 'Foo'
+    end
+    
+    it "#forme_set should handle setting values for associated objects" do
+      forme_set(@ab, :artist_id=>'1')
+      @ab.artist_id.must_be_nil
+
+      forme_set(@ab, :artist_id=>'1'){|f| f.input(:artist)}
+      @ab.artist_id.must_equal 1
+
+      forme_set(@ab, 'tag_pks'=>%w'1 2'){|f| f.input(:artist)}
+      @ab.artist_id.must_be_nil
+      @ab.tag_pks.must_equal []
+
+      forme_set(@ab, 'artist_id'=>'1', 'tag_pks'=>%w'1 2'){|f| f.input(:artist); f.input(:tags)}
+      @ab.artist_id.must_equal 1
+      @ab.tag_pks.must_equal [1, 2]
+    end
+    
+    it "#forme_set should handle validations for filtered associations" do
+      [
+        [{:dataset=>proc{|ds| ds.exclude(:id=>1)}},
+         {:dataset=>proc{|ds| ds.exclude(:id=>1)}}],
+        [{:options=>Artist.exclude(:id=>1).select_order_map([:name, :id])},
+         {:options=>Tag.exclude(:id=>1).select_order_map(:id), :name=>'tag_pks[]'}],
+        [{:options=>Artist.exclude(:id=>1).all, :text_method=>:name, :value_method=>:id},
+         {:options=>Tag.exclude(:id=>1).all, :text_method=>:name, :value_method=>:id}],
+      ].each do |artist_opts, tag_opts|
+        @ab.forme_validations.clear
+        forme_set(@ab, 'artist_id'=>'1', 'tag_pks'=>%w'1 2'){|f| f.input(:artist, artist_opts); f.input(:tags, tag_opts)}
+        @ab.artist_id.must_equal 1
+        @ab.tag_pks.must_equal [1, 2]
+        @ab.valid?.must_equal false
+        @ab.errors[:artist_id].must_equal ['invalid value submitted']
+        @ab.errors[:tag_pks].must_equal ['invalid value submitted']
+
+        @ab.forme_validations.clear
+        forme_set(@ab, 'artist_id'=>'1', 'tag_pks'=>%w'2'){|f| f.input(:artist, artist_opts); f.input(:tags, tag_opts)}
+        @ab.forme_set('artist_id'=>'1', 'tag_pks'=>['2'])
+        @ab.artist_id.must_equal 1
+        @ab.tag_pks.must_equal [2]
+        @ab.valid?.must_equal false
+        @ab.errors[:artist_id].must_equal ['invalid value submitted']
+        @ab.errors[:tag_pks].must_be_nil
+
+        @ab.forme_validations.clear
+        forme_set(@ab, 'artist_id'=>'2', 'tag_pks'=>%w'2'){|f| f.input(:artist, artist_opts); f.input(:tags, tag_opts)}
+        @ab.valid?.must_equal true
+      end
+    end
+
+    it "#forme_set should not require associated values for many_to_one association with select boxes" do
+      forme_set(@ab, {}){|f| f.input(:artist)}
+      @ab.valid?.must_equal true
+
+      forme_set(@ab, {'artist_id'=>nil}){|f| f.input(:artist)}
+      @ab.valid?.must_equal true
+
+      forme_set(@ab, {'artist_id'=>''}){|f| f.input(:artist)}
+      @ab.valid?.must_equal true
+    end
+
+    it "#forme_set should not require associated values for many_to_one association with radio buttons" do
+      forme_set(@ab, {}){|f| f.input(:artist, :as=>:radio)}
+      @ab.valid?.must_equal true
+    end
+
+    it "#forme_set should require associated values for many_to_one association with select boxes when :required is used" do
+      forme_set(@ab, {}){|f| f.input(:artist, :required=>true)}
+      @ab.valid?.must_equal false
+      @ab.errors[:artist_id].must_equal ['invalid value submitted']
+    end
+
+    it "#forme_set should require associated values for many_to_one association with radio buttons when :required is used" do
+      forme_set(@ab, {}){|f| f.input(:artist, :as=>:radio, :required=>true)}
+      @ab.valid?.must_equal false
+      @ab.errors[:artist_id].must_equal ['invalid value submitted']
+    end
+
+    it "#forme_set should handle cases where currently associated values is nil" do
+      def @ab.tag_pks; nil; end
+      forme_set(@ab, :tag_pks=>['1']){|f| f.input(:tags)}
+      @ab.valid?.must_equal true
+    end
+
+    it "#forme_parse should return hash with values and validations" do
+      forme_parse(@ab, :name=>'Foo'){|f| f.input(:name)}.must_equal(:values=>{:name=>'Foo'}, :validations=>{}, :form_version=>nil)
+
+      hash = forme_parse(@ab, :name=>'Foo', 'artist_id'=>'1') do |f|
+        f.input(:name)
+        f.input(:artist, :dataset=>proc{|ds| ds.exclude(:id=>1)})
+      end
+      hash.must_equal(:values=>{:name=>'Foo', :artist_id=>'1'}, :validations=>{:artist_id=>[:valid, false]}, :form_version=>nil)
+
+      @ab.set(hash[:values])
+      @ab.valid?.must_equal true
+
+      @ab.forme_validations.merge!(hash[:validations])
+      @ab.valid?.must_equal false
+      @ab.errors[:artist_id].must_equal ['invalid value submitted']
+
+      @ab = Album.new
+      hash = forme_parse(@ab, {:name=>'Foo', 'artist_id'=>'1'}, {}, :form_version=>1) do |f|
+        f.input(:name)
+        f.input(:artist, :dataset=>proc{|ds| ds.exclude(:id=>2)})
+      end
+      hash.must_equal(:values=>{:name=>'Foo', :artist_id=>'1'}, :validations=>{:artist_id=>[:valid, true]}, :form_version=>1)
+      @ab.set(hash[:values])
+      @ab.valid?.must_equal true
+
+      @ab.forme_validations.merge!(hash[:validations])
+      @ab.valid?.must_equal true
+    end
+  end
 end
 end
 end

data/spec/sequel_set_plugin_spec.rb

@@ -26,7 +26,7 @@ describe "Sequel forme_set plugin" do
   end
   
   it "#forme_set should handle different ways to specify parameter names" do
-    [{:attr=>{:name=>'foo'}}, {:attr=>{'name'=>:foo}}, {:name=>'foo'}, {:name=>'bar[foo]'}, {:key=>:foo}].each do |opts|
+    [{:attr=>{:name=>'foo'}}, {:attr=>{'name'=>:foo}}, {:name=>'foo'}, {:name=>'foo[]'}, {:name=>'bar[foo][]'}, {:name=>'bar[foo]'}, {:key=>:foo}].each do |opts|
       @f.input(:name, opts)
 
       @ab.forme_set(:name=>'Foo')

data/spec/spec_helper.rb

@@ -15,4 +15,4 @@ require 'forme'
 require 'rubygems'
 ENV['MT_NO_PLUGINS'] = '1' # Work around stupid autoloading of plugins
 gem 'minitest'
-require 'minitest/autorun'
+require 'minitest/global_expectations/autorun'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forme
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-13 00:00:00.000000000 Z
+date: 2020-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 5.7.0
+- !ruby/object:Gem::Dependency
+  name: minitest-global_expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -67,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: erubis
+  name: erubi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -175,6 +189,7 @@ files:
 - lib/forme/version.rb
 - lib/roda/plugins/forme.rb
 - lib/roda/plugins/forme_route_csrf.rb
+- lib/roda/plugins/forme_set.rb
 - lib/sequel/plugins/forme.rb
 - lib/sequel/plugins/forme_i18n.rb
 - lib/sequel/plugins/forme_set.rb
@@ -197,7 +212,12 @@ files:
 homepage: http://github.com/jeremyevans/forme
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/jeremyevans/forme/issues
+  changelog_uri: http://forme.jeremyevans.net/files/CHANGELOG.html
+  documentation_uri: http://forme.jeremyevans.net
+  mailing_list_uri: https://groups.google.com/forum/#!forum/ruby-forme
+  source_code_uri: https://github.com/jeremyevans/forme
 post_install_message: 
 rdoc_options:
 - "--quiet"
@@ -220,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: HTML forms library