grape 3.2.1 → 3.3.0

data/lib/grape/validations/validations_spec.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+module Grape
+  module Validations
+    # Frozen value object holding everything {ParamsScope#validates} needs to
+    # know about a single +requires+/+optional+ declaration. Built once from
+    # the raw validations hash supplied by the DSL; the raw hash is never
+    # mutated.
+    #
+    # Splits the raw entries into three logical buckets:
+    #
+    # * Spec-consumed keys (type/types/coerce*, presence/message,
+    #   default/fail_fast, doc keys) — exposed via named accessors and never
+    #   handed to validator dispatch.
+    # * Shared opts (allow_blank, fail_fast) — read by every validator at
+    #   construction time via {#shared_opts}.
+    # * Validator entries (everything else, e.g. +regexp+, +length+, +values+,
+    #   +allow_blank+, custom validators) — exposed via {#validator_entries}
+    #   for the dispatch loop.
+    #
+    # Same key can land in more than one bucket (e.g. +allow_blank+ is both a
+    # shared opt and a validator entry; +length+ is both a doc source and a
+    # validator entry).
+    class ValidationsSpec
+      # Keys consumed by the spec itself; must NOT be dispatched as validators
+      # by the caller. Documentation-only keys are filtered through a separate
+      # set so that dual-purpose keys (length, default, values, except_values)
+      # aren't accidentally swallowed.
+      SPEC_CONSUMED_KEYS = %i[
+        type types coerce coerce_with coerce_message
+        presence message
+        fail_fast
+        desc description documentation
+      ].freeze
+
+      attr_reader :raw, :coerce_type, :coerce_method, :coerce_message, :presence_options, :values, :except_values, :default, :allow_blank, :fail_fast, :shared_opts, :validator_entries
+
+      def self.from(validations)
+        new(validations)
+      end
+
+      def initialize(raw)
+        raise ArgumentError, ':type may not be supplied with :types' if raw.key?(:type) && raw.key?(:types)
+
+        @raw = raw
+        @coerce_type, @coerce_message, @coerce_method = parse_coerce(raw)
+        @values = resolve_value(raw[:values])
+        @except_values = resolve_value(raw[:except_values])
+        @default = raw[:default]
+        @presence_options = raw[:presence]
+        @allow_blank = resolve_value(raw[:allow_blank])
+        @fail_fast = raw[:fail_fast] || false
+
+        @coerce_type = guess_coerce_type(@coerce_type, @values, @except_values)
+        @shared_opts = { allow_blank: @allow_blank, fail_fast: @fail_fast }.freeze
+        @validator_entries = build_validator_entries(raw)
+
+        validate!
+
+        freeze
+      end
+
+      def required?
+        !@presence_options.nil? && @presence_options != false
+      end
+
+      def coerce_options
+        CoerceOptions.new(type: @coerce_type, coerce_method: @coerce_method, message: @coerce_message)
+      end
+
+      private
+
+      # Cross-field consistency checks on the parsed declaration. Run at
+      # construction so an incoherent spec (e.g. a +default+ outside +values+,
+      # or +values+ whose elements don't match +type+) can never exist —
+      # callers no longer have to remember to invoke these separately.
+      def validate!
+        check_incompatible_option_values(@default, @values, @except_values)
+        validate_value_coercion(@coerce_type, @values, @except_values)
+      end
+
+      def check_incompatible_option_values(default, values, except_values)
+        return if default.nil? || default.is_a?(Proc)
+
+        raise Grape::Exceptions::IncompatibleOptionValues.new(:default, default, :values, values) if values && !values.is_a?(Proc) && Array(default).any? { |def_val| !values.include?(def_val) }
+
+        return unless except_values && !except_values.is_a?(Proc) && Array(default).any? { |def_val| except_values.include?(def_val) }
+
+        raise Grape::Exceptions::IncompatibleOptionValues.new(:default, default, :except, except_values)
+      end
+
+      def validate_value_coercion(coerce_type, *values_list)
+        return unless coerce_type
+
+        coerce_type = coerce_type.first if coerce_type.is_a?(Enumerable)
+        values_list.each do |values|
+          next if !values || values.is_a?(Proc)
+
+          value_types = values.is_a?(Range) ? [values.begin, values.end].compact : values
+          value_types = value_types.map { |type| Grape::API::Boolean.build(type) } if coerce_type == Grape::API::Boolean
+          raise Grape::Exceptions::IncompatibleOptionValues.new(:type, coerce_type, :values, values) unless value_types.all?(coerce_type)
+        end
+      end
+
+      def build_validator_entries(raw)
+        raw.reject do |k, _|
+          SPEC_CONSUMED_KEYS.include?(k) || ParamsScope::RESERVED_DOCUMENTATION_KEYWORDS.include?(k)
+        end.freeze
+      end
+
+      def parse_coerce(raw)
+        if raw.key?(:type)
+          coerce, coerce_message = extract_value_and_message(raw[:type])
+          coerce_with = raw[:coerce_with]
+          return [Types::VariantCollectionCoercer.new(coerce, coerce_with), coerce_message, nil] if Types.multiple?(coerce)
+        elsif raw.key?(:types)
+          coerce, coerce_message = extract_value_and_message(raw[:types])
+          coerce_with = raw[:coerce_with]
+        else
+          coerce = raw[:coerce]
+          coerce_message = raw[:coerce_message]
+          coerce_with = raw[:coerce_with]
+        end
+
+        [coerce, coerce_message, coerce_with]
+      end
+
+      def extract_value_and_message(opt)
+        return [opt, nil] unless opt.is_a?(Hash)
+
+        [opt[:value], opt[:message]]
+      end
+
+      def resolve_value(opt)
+        opt.is_a?(Hash) ? opt[:value] : opt
+      end
+
+      def guess_coerce_type(coerce_type, *values_list)
+        return coerce_type unless coerce_type == Array
+
+        values_list.each do |values|
+          next if !values || values.is_a?(Proc)
+          return values.first.class if values.is_a?(Range) || !values.empty?
+        end
+        coerce_type
+      end
+    end
+  end
+end

data/lib/grape/validations/validators/all_or_none_of_validator.rb

@@ -9,7 +9,7 @@ module Grape
         def validate_params!(params)
           known_keys = all_keys
           keys = keys_in_common(params, known_keys)
-          return if keys.empty? || keys.length == @attrs.length
+          return if keys.empty? || keys.length == attrs.length
 
           validation_error!(known_keys)
         end

data/lib/grape/validations/validators/at_least_one_of_validator.rb

@@ -8,7 +8,7 @@ module Grape
 
         def validate_params!(params)
           known_keys = all_keys
-          return if hash_like?(params) && known_keys.intersect?(params.keys.map { |attr| @scope.full_name(attr) })
+          return if hash_like?(params) && known_keys.intersect?(params.keys.map { |attr| scope.full_name(attr) })
 
           validation_error!(known_keys)
         end

data/lib/grape/validations/validators/base.rb

@@ -12,10 +12,20 @@ module Grape
       # from them are frozen by construction. Lazy ivar assignment
       # (e.g. +memoize+, <tt>||=</tt>) will raise +FrozenError+ at request time.
       class Base
+        extend Forwardable
         include Grape::Util::Translation
 
         attr_reader :attrs
 
+        # +allow_blank+ / +fail_fast+ are read straight off the internal
+        # {Grape::Validations::SharedOptions} value object; no per-validator
+        # ivars. The object is built from the +opts+ Hash in #initialize, so
+        # the public 5th-argument contract stays a plain Hash.
+        def_delegators :@opts, :allow_blank, :fail_fast
+
+        alias fail_fast? fail_fast
+        alias allow_blank? allow_blank
+
         class << self
           # Declares the default I18n message key used by +validation_error!+.
           # Subclasses that only need a single fixed error message can declare it
@@ -52,15 +62,17 @@ module Grape
         # @param options [Object] implementation-dependent Validator options; deep-frozen on assignment
         # @param required [Boolean] attribute(s) are required or optional
         # @param scope [ParamsScope] parent scope for this Validator
-        # @param opts [Hash] additional validation options
+        # @param opts [Hash] shared validator options; only +:allow_blank+ and
+        #   +:fail_fast+ are consulted (other keys ignored, as before)
         def initialize(attrs, options, required, scope, opts)
           @attrs = Array(attrs).freeze
           @options = Grape::Util::DeepFreeze.deep_freeze(options)
           @option = @options # TODO: remove in next major release
           @required = required
           @scope = scope
-          @fail_fast, @allow_blank = opts.values_at(:fail_fast, :allow_blank)
+          @opts = SharedOptions.new(**opts.slice(:allow_blank, :fail_fast))
           @exception_message = message(self.class.default_message_key) if self.class.default_message_key
+          @iterator = iterator_class.new(@attrs, @scope).freeze
         end
 
         # Validates a given request.
@@ -69,15 +81,11 @@ module Grape
         # @raise [Grape::Exceptions::Validation] if validation failed
         # @return [void]
         def validate(request)
-          return unless @scope.should_validate?(request.params)
+          return unless scope.should_validate?(request.params)
 
           validate!(request.params)
         end
 
-        def fail_fast?
-          @fail_fast
-        end
-
         # Validates a given parameter hash.
         # @note Override #validate_param! for per-parameter validation,
         #   or #validate if you need access to the entire request.
@@ -85,21 +93,20 @@ module Grape
         # @raise [Grape::Exceptions::Validation] if validation failed
         # @return [void]
         def validate!(params)
-          attributes = SingleAttributeIterator.new(@attrs, @scope, params)
           # we collect errors inside array because
           # there may be more than one error per field
-          array_errors = []
+          array_errors = nil
 
-          attributes.each do |val, attr_name, empty_val|
-            next if !@scope.required? && empty_val
-            next unless @scope.meets_dependency?(val, params)
+          @iterator.each(params) do |val, attr_name, empty_val|
+            next if !scope.required? && empty_val
+            next unless scope.meets_dependency?(val, params)
 
-            validate_param!(attr_name, val) if @required || (hash_like?(val) && val.key?(attr_name))
+            validate_param!(attr_name, val) if required? || (hash_like?(val) && val.key?(attr_name))
           rescue Grape::Exceptions::Validation => e
-            array_errors << e
+            (array_errors ||= []) << e
           end
 
-          raise Grape::Exceptions::ValidationArrayErrors.new(array_errors) if array_errors.any?
+          raise Grape::Exceptions::ValidationArrayErrors.new(array_errors) if array_errors
         end
 
         protected
@@ -115,8 +122,18 @@ module Grape
 
         private
 
-        def validation_error!(attr_name_or_params, message = @exception_message)
-          params = attr_name_or_params.is_a?(Array) ? attr_name_or_params : @scope.full_name(attr_name_or_params)
+        attr_reader :options, :scope, :required, :exception_message
+
+        alias required? required
+
+        # The AttributesIterator subclass used to walk this validator's
+        # attributes. Built once in #initialize and reused across requests.
+        def iterator_class
+          SingleAttributeIterator
+        end
+
+        def validation_error!(attr_name_or_params, message = exception_message)
+          params = attr_name_or_params.is_a?(Array) ? attr_name_or_params : scope.full_name(attr_name_or_params)
           raise Grape::Exceptions::Validation.new(params:, message:)
         end
 
@@ -124,8 +141,8 @@ module Grape
           obj.respond_to?(:key?)
         end
 
-        def options_key?(key, options = nil)
-          current_options = options || @options
+        def options_key?(key, given_options = nil)
+          current_options = given_options || options
           hash_like?(current_options) && current_options.key?(key) && !current_options[key].nil?
         end
 
@@ -137,18 +154,18 @@ module Grape
         #   @exception_message = message(:presence)             # symbol key or custom message
         #   @exception_message = message { build_hash_message } # computed fallback
         def message(default_key = nil)
-          key = options_key?(:message) ? @options[:message] : default_key
+          key = options_key?(:message) ? options[:message] : default_key
           return key unless key.nil?
 
           yield if block_given?
         end
 
         def option_value
-          options_key?(:value) ? @options[:value] : @options
+          options_key?(:value) ? options[:value] : options
         end
 
         def scrub(value)
-          return value unless value.respond_to?(:valid_encoding?) && !value.valid_encoding?
+          return value if !value.respond_to?(:valid_encoding?) || value.valid_encoding?
 
           value.scrub
         end

data/lib/grape/validations/validators/coerce_validator.rb

@@ -9,13 +9,15 @@ module Grape
         def initialize(attrs, options, required, scope, opts)
           super
 
-          raw_type = @options[:type]
+          @exception_message = options.message if options.message
+
+          raw_type = options.type
           type = hash_like?(raw_type) ? raw_type[:value] : raw_type
           @converter =
             if type.is_a?(Grape::Validations::Types::VariantCollectionCoercer)
               type
             else
-              Types.build_coercer(type, method: @options[:method])
+              Types.build_coercer(type, method: options.coerce_method)
             end
         end
 
@@ -24,7 +26,7 @@ module Grape
 
           new_value = coerce_value(params[attr_name])
 
-          validation_error!(attr_name, new_value.message || @exception_message) if new_value.is_a?(Types::InvalidValue)
+          validation_error!(attr_name, new_value.message || exception_message) if new_value.is_a?(Types::InvalidValue)
 
           # Don't assign a value if it is identical. It fixes a problem with Hashie::Mash
           # which looses wrappers for hashes and arrays after reassigning values

data/lib/grape/validations/validators/default_validator.rb

@@ -8,19 +8,18 @@ module Grape
           super
           # !important, lazy call at runtime
           @default_call =
-            if @options.is_a?(Proc)
-              @options.arity.zero? ? proc { @options.call } : @options
-            elsif @options.duplicable?
-              proc { @options.dup }
+            if options.is_a?(Proc)
+              options.arity.zero? ? proc { options.call } : options
+            elsif options.duplicable?
+              proc { options.dup }
             else
-              proc { @options }
+              proc { options }
             end
         end
 
         def validate!(params)
-          attrs = SingleAttributeIterator.new(@attrs, @scope, params)
-          attrs.each do |resource_params, attr_name|
-            next unless @scope.meets_dependency?(resource_params, params)
+          @iterator.each(params) do |resource_params, attr_name|
+            next unless scope.meets_dependency?(resource_params, params)
 
             resource_params[attr_name] = @default_call.call(resource_params) if hash_like?(resource_params) && resource_params[attr_name].nil?
           end

data/lib/grape/validations/validators/except_values_validator.rb

@@ -9,11 +9,12 @@ module Grape
         def initialize(attrs, options, required, scope, opts)
           super
           except = option_value
-          raise ArgumentError, 'except_values Proc must have arity of zero (use values: with a one-arity predicate for per-element checks)' if except.is_a?(Proc) && !except.arity.zero?
+          except_proc = except.is_a?(Proc)
+          raise ArgumentError, 'except_values Proc must have arity of zero (use values: with a one-arity predicate for per-element checks)' if except_proc && !except.arity.zero?
 
           # Zero-arity procs (e.g. -> { User.pluck(:role) }) must be called per-request,
           # not at definition time, so they are wrapped in a lambda to defer execution.
-          @excepts_call = except.is_a?(Proc) ? except : -> { except }
+          @excepts_call = except_proc ? except : -> { except }
         end
 
         def validate_param!(attr_name, params)

data/lib/grape/validations/validators/length_validator.rb

@@ -7,7 +7,7 @@ module Grape
         def initialize(attrs, options, required, scope, opts)
           super
 
-          @min, @max, @is = @options.values_at(:min, :max, :is)
+          @min, @max, @is = options.values_at(:min, :max, :is)
           validate_boundary!(:min, @min)
           validate_boundary!(:max, @max)
           raise ArgumentError, "min #{@min} cannot be greater than max #{@max}" if @min && @max && @min > @max

data/lib/grape/validations/validators/multiple_params_base.rb

@@ -5,28 +5,31 @@ module Grape
     module Validators
       class MultipleParamsBase < Base
         def validate!(params)
-          attributes = MultipleAttributesIterator.new(@attrs, @scope, params)
-          array_errors = []
+          array_errors = nil
 
-          attributes.each do |resource_params|
+          @iterator.each(params) do |resource_params|
             validate_params!(resource_params)
           rescue Grape::Exceptions::Validation => e
-            array_errors << e
+            (array_errors ||= []) << e
           end
 
-          raise Grape::Exceptions::ValidationArrayErrors.new(array_errors) if array_errors.any?
+          raise Grape::Exceptions::ValidationArrayErrors.new(array_errors) if array_errors
         end
 
         private
 
+        def iterator_class
+          MultipleAttributesIterator
+        end
+
         def keys_in_common(resource_params, known_keys = all_keys)
           return [] unless hash_like?(resource_params)
 
-          known_keys & resource_params.keys.map! { |attr| @scope.full_name(attr) }
+          known_keys & resource_params.keys.map! { |attr| scope.full_name(attr) }
         end
 
         def all_keys
-          @attrs.map { |attr| @scope.full_name(attr) }
+          attrs.map { |attr| scope.full_name(attr) }
         end
       end
     end

data/lib/grape/validations/validators/oneof_validator.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Grape
+  module Validations
+    module Validators
+      # Validates that a Hash parameter matches at least one of a set of
+      # variant schemas. Each variant is a list of pre-built validators
+      # captured by evaluating the variant's block in a {Grape::Validations::OneofCollector}-backed
+      # {ParamsScope}. At request time we try each variant in order against
+      # a deep-dup of the value; the first variant that produces no errors
+      # wins and its (possibly coerced) hash replaces the original.
+      class OneofValidator < Base
+        default_message_key :oneof
+
+        def initialize(attrs, options, required, scope, opts)
+          super
+          @variants = Array(options)
+        end
+
+        def validate_param!(attr_name, params)
+          value = params[attr_name]
+          return if value.nil? && !required?
+
+          winning_candidate = nil
+          @variants.each do |variant_validators|
+            candidate = value.deep_dup
+            if variant_matches?(variant_validators, candidate)
+              winning_candidate = candidate
+              break
+            end
+          end
+
+          return params[attr_name] = winning_candidate if winning_candidate
+
+          validation_error!(attr_name)
+        end
+
+        private
+
+        def variant_matches?(variant_validators, candidate)
+          variant_validators.each { |v| v.validate!(candidate) }
+          true
+        rescue Grape::Exceptions::Validation, Grape::Exceptions::ValidationArrayErrors
+          false
+        end
+      end
+    end
+  end
+end

data/lib/grape/validations/validators/values_validator.rb

@@ -28,7 +28,7 @@ module Grape
           val = scrub(params[attr_name])
 
           return if val.nil? && !required_for_root_scope?
-          return if val != false && val.blank? && @allow_blank
+          return if val != false && val.blank? && allow_blank?
           return if check_values?(val, attr_name)
 
           validation_error!(attr_name)
@@ -55,12 +55,12 @@ module Grape
         end
 
         def required_for_root_scope?
-          return false unless @required
+          return false unless required?
 
-          scope = @scope
-          scope = scope.parent while scope.lateral?
+          current_scope = scope
+          current_scope = current_scope.parent while current_scope.lateral?
 
-          scope.root?
+          current_scope.root?
         end
       end
     end

data/lib/grape/version.rb

@@ -2,5 +2,5 @@
 
 module Grape
   # The current version of Grape.
-  VERSION = '3.2.1'
+  VERSION = '3.3.0'
 end

data/lib/grape/xml.rb

@@ -1,7 +1,14 @@
 # frozen_string_literal: true
 
 module Grape
-  if defined?(::MultiXml)
+  # Since multi_xml 0.9.0 the canonical constant is MultiXML; MultiXml is a
+  # deprecated alias (removed in v1.0) that warns on use. Prefer MultiXML so
+  # Grape::Xml.parse doesn't trip the deprecation, falling back to the legacy
+  # constant and then ActiveSupport::XmlMini.
+  # https://github.com/sferik/multi_xml/blob/v0.9.1/CHANGELOG.md
+  if defined?(::MultiXML)
+    Xml = ::MultiXML
+  elsif defined?(::MultiXml)
     Xml = ::MultiXml
   else
     Xml = ::ActiveSupport::XmlMini

data/lib/grape.rb

@@ -2,21 +2,20 @@
 
 require 'logger'
 require 'active_support'
-require 'active_support/version'
 require 'active_support/isolated_execution_state'
 require 'active_support/core_ext/array/conversions' # to_xml
 require 'active_support/core_ext/array/wrap'
 require 'active_support/core_ext/hash/conversions' # to_xml
 require 'active_support/core_ext/hash/deep_merge'
 require 'active_support/core_ext/hash/deep_transform_values'
-require 'active_support/core_ext/hash/indifferent_access'
-require 'active_support/core_ext/hash/reverse_merge'
+require 'active_support/core_ext/hash/indifferent_access' # nested_under_indifferent_access, required by HashWithIndifferentAccess.new
+require 'active_support/hash_with_indifferent_access'
 require 'active_support/core_ext/module/delegation' # delegate_missing_to
 require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/object/deep_dup'
 require 'active_support/core_ext/object/duplicable'
+require 'active_support/core_ext/string/inflections' # demodulize, underscore
 require 'active_support/deprecation'
-require 'active_support/inflector'
 require 'active_support/ordered_options'
 require 'active_support/notifications'
 
@@ -27,8 +26,8 @@ require 'dry-types'
 require 'dry-configurable'
 require 'forwardable'
 require 'json'
-require 'mustermann/grape'
-require 'pathname'
+require 'mustermann'
+require 'mustermann/ast/pattern'
 require 'rack'
 require 'rack/auth/basic'
 require 'rack/builder'
@@ -52,6 +51,7 @@ module Grape
 
   setting :param_builder, default: :hash_with_indifferent_access
   setting :lint, default: false
+  setting :warn_on_helper_overrides, default: false
 
   HTTP_SUPPORTED_METHODS = [
     Rack::GET,