grape-security 0.8.0

data/spec/grape/validations/coerce_spec.rb

@@ -0,0 +1,208 @@
+# encoding: utf-8
+require 'spec_helper'
+
+describe Grape::Validations::CoerceValidator do
+  subject do
+    Class.new(Grape::API)
+  end
+
+  def app
+    subject
+  end
+
+  describe 'coerce' do
+
+    context "i18n" do
+
+      after :each do
+        I18n.locale = :en
+      end
+
+      it "i18n error on malformed input" do
+        I18n.load_path << File.expand_path('../zh-CN.yml', __FILE__)
+        I18n.reload!
+        I18n.locale = 'zh-CN'.to_sym
+        subject.params do
+          requires :age, type: Integer
+        end
+        subject.get '/single' do
+          'int works'
+        end
+
+        get '/single', age: '43a'
+        expect(last_response.status).to eq(400)
+        expect(last_response.body).to eq('年龄格式不正确')
+      end
+
+      it 'gives an english fallback error when default locale message is blank' do
+        I18n.locale = 'pt-BR'.to_sym
+        subject.params do
+          requires :age, type: Integer
+        end
+        subject.get '/single' do
+          'int works'
+        end
+
+        get '/single', age: '43a'
+        expect(last_response.status).to eq(400)
+        expect(last_response.body).to eq('age is invalid')
+      end
+
+    end
+
+    it 'error on malformed input' do
+      subject.params do
+        requires :int, type: Integer
+      end
+      subject.get '/single' do
+        'int works'
+      end
+
+      get '/single', int: '43a'
+      expect(last_response.status).to eq(400)
+      expect(last_response.body).to eq('int is invalid')
+
+      get '/single', int: '43'
+      expect(last_response.status).to eq(200)
+      expect(last_response.body).to eq('int works')
+    end
+
+    it 'error on malformed input (Array)' do
+      subject.params do
+        requires :ids, type: Array[Integer]
+      end
+      subject.get '/array' do
+        'array int works'
+      end
+
+      get 'array', ids: ['1', '2', 'az']
+      expect(last_response.status).to eq(400)
+      expect(last_response.body).to eq('ids is invalid')
+
+      get 'array', ids: ['1', '2', '890']
+      expect(last_response.status).to eq(200)
+      expect(last_response.body).to eq('array int works')
+    end
+
+    context 'complex objects' do
+      module CoerceValidatorSpec
+        class User
+          include Virtus.model
+          attribute :id, Integer
+          attribute :name, String
+        end
+      end
+
+      it 'error on malformed input for complex objects' do
+        subject.params do
+          requires :user, type: CoerceValidatorSpec::User
+        end
+        subject.get '/user' do
+          'complex works'
+        end
+
+        get '/user', user: "32"
+        expect(last_response.status).to eq(400)
+        expect(last_response.body).to eq('user is invalid')
+
+        get '/user', user: { id: 32, name: 'Bob' }
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('complex works')
+      end
+    end
+
+    context 'coerces' do
+      it 'Integer' do
+        subject.params do
+          requires :int, coerce: Integer
+        end
+        subject.get '/int' do
+          params[:int].class
+        end
+
+        get '/int', int: "45"
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('Integer')
+      end
+
+      it 'Array of Integers' do
+        subject.params do
+          requires :arry, coerce: Array[Integer]
+        end
+        subject.get '/array' do
+          params[:arry][0].class
+        end
+
+        get '/array', arry: ['1', '2', '3']
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('Integer')
+      end
+
+      it 'Array of Bools' do
+        subject.params do
+          requires :arry, coerce: Array[Virtus::Attribute::Boolean]
+        end
+        subject.get '/array' do
+          params[:arry][0].class
+        end
+
+        get 'array', arry: [1, 0]
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('TrueClass')
+      end
+
+      it 'Bool' do
+        subject.params do
+          requires :bool, coerce: Virtus::Attribute::Boolean
+        end
+        subject.get '/bool' do
+          params[:bool].class
+        end
+
+        get '/bool', bool: 1
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('TrueClass')
+
+        get '/bool', bool: 0
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('FalseClass')
+
+        get '/bool', bool: 'false'
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('FalseClass')
+
+        get '/bool', bool: 'true'
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('TrueClass')
+      end
+
+      it 'file' do
+        subject.params do
+          requires :file, coerce: Rack::Multipart::UploadedFile
+        end
+        subject.post '/upload' do
+          params[:file].filename
+        end
+
+        post '/upload', file: Rack::Test::UploadedFile.new(__FILE__)
+        expect(last_response.status).to eq(201)
+        expect(last_response.body).to eq(File.basename(__FILE__).to_s)
+      end
+
+      it 'Nests integers' do
+        subject.params do
+          requires :integers, type: Hash do
+            requires :int, coerce: Integer
+          end
+        end
+        subject.get '/int' do
+          params[:integers][:int].class
+        end
+
+        get '/int', integers: { int: "45" }
+        expect(last_response.status).to eq(200)
+        expect(last_response.body).to eq('Integer')
+      end
+    end
+  end
+end

data/spec/grape/validations/default_spec.rb

@@ -0,0 +1,123 @@
+require 'spec_helper'
+
+describe Grape::Validations::DefaultValidator do
+
+  module ValidationsSpec
+    module DefaultValidatorSpec
+      class API < Grape::API
+        default_format :json
+
+        params do
+          optional :id
+          optional :type, default: 'default-type'
+        end
+        get '/' do
+          { id: params[:id], type: params[:type] }
+        end
+
+        params do
+          optional :type1, default: 'default-type1'
+          optional :type2, default: 'default-type2'
+        end
+        get '/user' do
+          { type1: params[:type1], type2: params[:type2] }
+        end
+
+        params do
+          requires :id
+          optional :type1, default: 'default-type1'
+          optional :type2, default: 'default-type2'
+        end
+
+        get '/message' do
+          { id: params[:id], type1: params[:type1], type2: params[:type2] }
+        end
+
+        params do
+          optional :random, default: -> { Random.rand }
+          optional :not_random, default: Random.rand
+        end
+        get '/numbers' do
+          { random_number: params[:random], non_random_number: params[:non_random_number] }
+        end
+
+        params do
+          # NOTE: The :foo parameter could be made required with json body
+          # params, and then an empty hash would be valid. With query parameters
+          # it must be optional if it isn't provided at all, as otherwise
+          # the validaton for the Hash itself fails because there is no such
+          # thing as an empty hash.
+          optional :foo, type: Hash do
+            optional :bar, default: 'foo-bar'
+          end
+        end
+        get '/group' do
+          { foo_bar: params[:foo][:bar] }
+        end
+
+        params do
+          optional :array, type: Array do
+            requires :name
+            optional :with_default, default: 'default'
+          end
+        end
+        get '/array' do
+          { array: params[:array] }
+        end
+      end
+    end
+  end
+
+  def app
+    ValidationsSpec::DefaultValidatorSpec::API
+  end
+
+  it 'set default value for optional param' do
+    get("/")
+    expect(last_response.status).to eq(200)
+    expect(last_response.body).to eq({ id: nil, type: 'default-type' }.to_json)
+  end
+
+  it 'set default values for optional params' do
+    get("/user")
+    expect(last_response.status).to eq(200)
+    expect(last_response.body).to eq({ type1: 'default-type1', type2: 'default-type2' }.to_json)
+  end
+
+  it 'set default values for missing params in the request' do
+    get("/user?type2=value2")
+    expect(last_response.status).to eq(200)
+    expect(last_response.body).to eq({ type1: 'default-type1', type2: 'value2' }.to_json)
+  end
+
+  it 'set default values for optional params and allow to use required fields in the same time' do
+    get("/message?id=1")
+    expect(last_response.status).to eq(200)
+    expect(last_response.body).to eq({ id: '1', type1: 'default-type1', type2: 'default-type2' }.to_json)
+  end
+
+  it 'sets lambda based defaults at the time of call' do
+    get("/numbers")
+    expect(last_response.status).to eq(200)
+    before = JSON.parse(last_response.body)
+    get("/numbers")
+    expect(last_response.status).to eq(200)
+    after = JSON.parse(last_response.body)
+
+    expect(before['non_random_number']).to eq(after['non_random_number'])
+    expect(before['random_number']).not_to eq(after['random_number'])
+  end
+
+  it 'set default values for optional grouped params' do
+    get('/group')
+    expect(last_response.status).to eq(200)
+    expect(last_response.body).to eq({ foo_bar: 'foo-bar' }.to_json)
+  end
+
+  it 'sets default values for grouped arrays' do
+    get('/array?array[][name]=name&array[][name]=name2&array[][with_default]=bar2')
+    expect(last_response.status).to eq(200)
+    expect(last_response.body).to eq({ array: [{ name: "name", with_default: "default" }, { name: "name2", with_default: "bar2" }] }.to_json)
+  end
+
+end

data/spec/grape/validations/exactly_one_of_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe Grape::Validations::ExactlyOneOfValidator do
+  describe '#validate!' do
+    let(:scope) do
+      Struct.new(:opts) do
+        def params(arg); end
+      end
+    end
+    let(:exactly_one_of_params) { [:beer, :wine, :grapefruit] }
+    let(:validator) { described_class.new(exactly_one_of_params, {}, false, scope.new) }
+
+    context 'when all restricted params are present' do
+      let(:params) { { beer: true, wine: true, grapefruit: true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+
+      context 'mixed with other params' do
+        let(:mixed_params) { params.merge!(other: true, andanother: true) }
+
+        it 'still raises a validation exception' do
+          expect {
+            validator.validate! mixed_params
+          }.to raise_error(Grape::Exceptions::Validation)
+        end
+      end
+    end
+
+    context 'when a subset of restricted params are present' do
+      let(:params) { { beer: true, grapefruit: true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+    end
+
+    context 'when params keys come as strings' do
+      let(:params) { { 'beer' => true, 'grapefruit' => true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+    end
+
+    context 'when none of the restricted params is selected' do
+      let(:params) { { somethingelse: true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+    end
+
+    context 'when exactly one of the restricted params is selected' do
+      let(:params) { { beer: true, somethingelse: true } }
+
+      it 'params' do
+        expect(validator.validate!(params)).to eql params
+      end
+    end
+  end
+end

data/spec/grape/validations/mutual_exclusion_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe Grape::Validations::MutualExclusionValidator do
+  describe '#validate!' do
+    let(:scope) do
+      Struct.new(:opts) do
+        def params(arg); end
+      end
+    end
+    let(:mutually_exclusive_params) { [:beer, :wine, :grapefruit] }
+    let(:validator) { described_class.new(mutually_exclusive_params, {}, false, scope.new) }
+
+    context 'when all mutually exclusive params are present' do
+      let(:params) { { beer: true, wine: true, grapefruit: true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+
+      context 'mixed with other params' do
+        let(:mixed_params) { params.merge!(other: true, andanother: true) }
+
+        it 'still raises a validation exception' do
+          expect {
+            validator.validate! mixed_params
+          }.to raise_error(Grape::Exceptions::Validation)
+        end
+      end
+    end
+
+    context 'when a subset of mutually exclusive params are present' do
+      let(:params) { { beer: true, grapefruit: true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+    end
+
+    context 'when params keys come as strings' do
+      let(:params) { { 'beer' => true, 'grapefruit' => true } }
+
+      it 'raises a validation exception' do
+        expect {
+          validator.validate! params
+        }.to raise_error(Grape::Exceptions::Validation)
+      end
+    end
+
+    context 'when no mutually exclusive params are present' do
+      let(:params) { { beer: true, somethingelse: true } }
+
+      it 'params' do
+        expect(validator.validate!(params)).to eql params
+      end
+    end
+  end
+end