input_sanitizer 0.1.9 → 0.4.0

data/lib/input_sanitizer/v2/payload_transform.rb

@@ -0,0 +1,42 @@
+require 'active_support/core_ext/hash/indifferent_access'
+
+class InputSanitizer::V2::PayloadTransform
+  attr_reader :original_payload, :context
+
+  def self.call(original_payload, context = {})
+    new(original_payload, context).call
+  end
+
+  def initialize(original_payload, context = {})
+    fail "#{self.class} is missing #transform method" unless respond_to?(:transform)
+    @original_payload, @context = original_payload, context
+  end
+
+  def call
+    transform
+    payload
+  end
+
+  private
+  def rename(from, to)
+    if has?(from)
+      data = payload.delete(from)
+      payload[to] = data
+    end
+  end
+
+  def merge_in(field, options = {})
+    if source = payload.delete(field)
+      source = options[:using].call(source) if options[:using]
+      payload.merge!(source)
+    end
+  end
+
+  def has?(key)
+    payload.has_key?(key)
+  end
+
+  def payload
+    @payload ||= original_payload.with_indifferent_access
+  end
+end

data/lib/input_sanitizer/v2/query_sanitizer.rb

@@ -0,0 +1,33 @@
+class InputSanitizer::V2::QuerySanitizer < InputSanitizer::V2::PayloadSanitizer
+  def self.converters
+    {
+      :integer => InputSanitizer::V2::Types::CoercingIntegerCheck.new,
+      :float => InputSanitizer::V2::Types::CoercingFloatCheck.new,
+      :string => InputSanitizer::V2::Types::StringCheck.new,
+      :boolean => InputSanitizer::V2::Types::CoercingBooleanCheck.new,
+      :datetime => InputSanitizer::V2::Types::DatetimeCheck.new,
+      :date => InputSanitizer::V2::Types::DatetimeCheck.new(:check_date => true),
+      :url => InputSanitizer::V2::Types::URLCheck.new,
+    }
+  end
+  initialize_types_dsl
+
+  def self.sort_by(allowed_values, options = {})
+    set_keys_to_converter([:sort_by, { :allow => allowed_values }.merge(options)], InputSanitizer::V2::Types::SortByCheck.new)
+  end
+
+  # allow underscore cache buster by default
+  string :_
+
+  private
+  def perform_clean
+    super
+    @errors.each do |error|
+      error.field = error.field[1..-1] if error.field.start_with?('/')
+    end
+  end
+
+  def sanitizer_type
+    :query
+  end
+end

data/lib/input_sanitizer/v2/types.rb

@@ -0,0 +1,213 @@
+require 'active_support/core_ext/object/blank'
+
+module InputSanitizer::V2::Types
+  class IntegerCheck
+    def call(value, options = {})
+      if value == nil && (options[:allow_nil] == false || options[:allow_blank] == false || options[:required] == true)
+        raise InputSanitizer::BlankValueError
+      elsif value == nil
+        value
+      else
+        Integer(value).tap do |integer|
+          raise InputSanitizer::TypeMismatchError.new(value, :integer) unless integer == value
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && integer < options[:minimum]
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && integer > options[:maximum]
+        end
+      end
+    rescue ArgumentError, TypeError
+      raise InputSanitizer::TypeMismatchError.new(value, :integer)
+    end
+  end
+
+  class CoercingIntegerCheck
+    def call(value, options = {})
+      if value == nil || value == 'null'
+        if options[:allow_nil] == false || options[:allow_blank] == false || options[:required] == true
+          raise InputSanitizer::BlankValueError
+        else
+          nil
+        end
+      else
+        Integer(value).tap do |integer|
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && integer < options[:minimum]
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && integer > options[:maximum]
+        end
+      end
+    rescue ArgumentError
+      raise InputSanitizer::TypeMismatchError.new(value, :integer)
+    end
+  end
+
+  class FloatCheck
+    def call(value, options = {})
+      if value == nil && (options[:allow_nil] == false || options[:allow_blank] == false || options[:required] == true)
+        raise InputSanitizer::BlankValueError
+      elsif value == nil
+        value
+      else
+        Float(value).tap do |float|
+          raise InputSanitizer::TypeMismatchError.new(value, :float) unless float == value
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && float < options[:minimum]
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && float > options[:maximum]
+        end
+      end
+    rescue ArgumentError, TypeError
+      raise InputSanitizer::TypeMismatchError.new(value, :float)
+    end
+  end
+
+  class CoercingFloatCheck
+    def call(value, options = {})
+      if value == nil || value == 'null'
+        if options[:allow_nil] == false || options[:allow_blank] == false || options[:required] == true
+          raise InputSanitizer::BlankValueError
+        else
+          nil
+        end
+      else
+        Float(value).tap do |float|
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && float < options[:minimum]
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && float > options[:maximum]
+        end
+      end
+    rescue ArgumentError
+      raise InputSanitizer::TypeMismatchError.new(value, :float)
+    end
+  end
+
+  class StringCheck
+    def call(value, options = {})
+      if options[:allow] && !options[:allow].include?(value)
+        raise InputSanitizer::ValueNotAllowedError.new(value)
+      elsif value.blank? && (options[:allow_blank] == false || options[:required] == true)
+        raise InputSanitizer::BlankValueError
+      elsif options[:regexp] && options[:regexp].match(value).nil?
+        raise InputSanitizer::RegexpMismatchError.new
+      elsif value == nil && options[:allow_nil] == false
+        raise InputSanitizer::BlankValueError
+      elsif value.blank?
+        value
+      else
+        value.to_s.tap do |string|
+          raise InputSanitizer::TypeMismatchError.new(value, :string) unless string == value
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && string.length < options[:minimum]
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && string.length > options[:maximum]
+        end
+      end
+    end
+  end
+
+  class BooleanCheck
+    def call(value, options = {})
+      if value == nil
+        raise InputSanitizer::BlankValueError
+      elsif [true, false].include?(value)
+        value
+      else
+        raise InputSanitizer::TypeMismatchError.new(value, :boolean)
+      end
+    end
+  end
+
+  class CoercingBooleanCheck
+    def call(value, options = {})
+      if [true, 'true'].include?(value)
+        true
+      elsif [false, 'false'].include?(value)
+        false
+      else
+        raise InputSanitizer::TypeMismatchError.new(value, :boolean)
+      end
+    end
+  end
+
+  class DatetimeCheck
+    def initialize(options = {})
+      @check_date = options && options[:check_date]
+      @klass = @check_date ? Date : DateTime
+    end
+
+    def call(value, options = {})
+      raise InputSanitizer::TypeMismatchError.new(value, @check_date ? :date : :datetime) unless value == nil || value.is_a?(String)
+
+      if value.blank? && (options[:allow_blank] == false || options[:required] == true)
+        raise InputSanitizer::BlankValueError
+      elsif value == nil && options[:allow_nil] == false
+        raise InputSanitizer::BlankValueError
+      elsif value.blank?
+        value
+      else
+        @klass.parse(value).tap do |datetime|
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && datetime < options[:minimum]
+          raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && datetime > options[:maximum]
+        end
+      end
+    rescue ArgumentError, TypeError
+      raise InputSanitizer::TypeMismatchError.new(value, @check_date ? :date : :datetime)
+    end
+  end
+
+  class URLCheck
+    def call(value, options = {})
+      if value.blank? && (options[:allow_blank] == false || options[:required] == true)
+        raise InputSanitizer::BlankValueError
+      elsif value == nil && options[:allow_nil] == false
+        raise InputSanitizer::BlankValueError
+      elsif value.blank?
+        value
+      else
+        unless /\A#{URI.regexp(%w(http https)).to_s}\z/.match(value)
+          raise InputSanitizer::TypeMismatchError.new(value, :url)
+        end
+        value
+      end
+    end
+  end
+
+  class SortByCheck
+    def call(value, options = {})
+      check_options!(options)
+
+      key, direction = split(value)
+      direction = 'asc' if direction.blank?
+
+      # special case when fallback takes care of separator sanitization e.g. custom fields
+      if options[:fallback] && !allowed_directions.include?(direction)
+        direction = 'asc'
+        key = value
+      end
+
+      unless valid?(key, direction, options)
+        raise InputSanitizer::ValueNotAllowedError.new(value)
+      end
+
+      [key, direction]
+    end
+
+  private
+    def valid?(key, direction, options)
+      allowed_keys = options[:allow]
+      fallback = options[:fallback]
+
+      allowed_directions.include?(direction) &&
+        ((allowed_keys && allowed_keys.include?(key)) ||
+          (fallback && fallback.call(key, direction, options)))
+    end
+
+    def split(value)
+      head, _, tail = value.to_s.rpartition(':')
+      head.empty? ? [tail, head] : [head, tail]
+    end
+
+    def check_options!(options)
+      fallback = options[:fallback]
+      if fallback && !fallback.respond_to?(:call)
+        raise ArgumentError, ":fallback option must respond to method :call (proc, lambda etc)"
+      end
+    end
+
+    def allowed_directions
+      ['asc', 'desc']
+    end
+  end
+end

data/lib/input_sanitizer/version.rb

@@ -1,3 +1,3 @@
 module InputSanitizer
-  VERSION = "0.1.9"
+  VERSION = "0.4.0"
 end

data/spec/extended_converters/comma_joined_integers_converter_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+require 'input_sanitizer/extended_converters/comma_joined_integers_converter'
+
+describe InputSanitizer::CommaJoinedIntegersConverter do
+  let(:converter) { described_class.new }
+
+  it "parses to array of ids" do
+    converter.call("1,2,3,5").should eq([1, 2, 3, 5])
+  end
+
+  it "converts to array if given an integer" do
+    converter.call(7).should eq([7])
+  end
+
+  it "raises on invalid character" do
+    lambda { converter.call(":") }.should raise_error(InputSanitizer::ConversionError)
+  end
+end

data/spec/extended_converters/comma_joined_strings_converter_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+require 'input_sanitizer/extended_converters/comma_joined_strings_converter'
+
+describe InputSanitizer::CommaJoinedStringsConverter do
+  let(:converter) { described_class.new }
+
+  it "parses to array of ids" do
+    converter.call("input,Sanitizer,ROCKS").should eq(["input", "Sanitizer", "ROCKS"])
+  end
+
+  it "allows underscores" do
+    converter.call("input_sanitizer,rocks").should eq(["input_sanitizer", "rocks"])
+  end
+
+  it "raises on invalid character" do
+    lambda { converter.call(":") }.should raise_error(InputSanitizer::ConversionError)
+  end
+end

data/spec/extended_converters/positive_integer_converter_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+require 'input_sanitizer/extended_converters/positive_integer_converter'
+
+describe InputSanitizer::PositiveIntegerConverter do
+  let(:converter) { described_class.new }
+
+  it "casts string to integer" do
+    converter.call("3").should == 3
+  end
+
+  it "raises error if integer less than zero" do
+    lambda { converter.call("-3") }.should raise_error(InputSanitizer::ConversionError)
+  end
+
+  it "raises error if integer equals zero" do
+    lambda { converter.call("0") }.should raise_error(InputSanitizer::ConversionError)
+  end
+end

data/spec/extended_converters/specific_values_converter_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'input_sanitizer/extended_converters/specific_values_converter'
+
+describe InputSanitizer::SpecificValuesConverter do
+  let(:converter) { described_class.new(values) }
+  let(:values) { [:a, :b] }
+
+  it "converts valid value to symbol" do
+    converter.call("b").should eq(:b)
+  end
+
+  it "raises on invalid value" do
+    lambda { converter.call("c") }.should raise_error(InputSanitizer::ConversionError)
+  end
+
+  it "raises on nil value" do
+    lambda { converter.call(nil) }.should raise_error(InputSanitizer::ConversionError)
+  end
+
+  context "when specific values are strings" do
+    let(:values) { ["a", "b"] }
+
+    it "keeps given value as string" do
+      converter.call("a").should eq("a")
+    end
+  end
+end

data/spec/restricted_hash_spec.rb

@@ -1,19 +1,49 @@
-require "spec_helper"
+require 'spec_helper'
 
 describe InputSanitizer::RestrictedHash do
-  let(:hash) { InputSanitizer::RestrictedHash.new([:a, :b]) }
-  subject { hash }
+  let(:hash) { InputSanitizer::RestrictedHash.new([:a]) }
 
-  it "does not allow bad keys" do
-    lambda{hash[:c]}.should raise_error(InputSanitizer::KeyNotAllowedError)
+  it 'does not allow bad keys' do
+    lambda{ hash[:b] }.should raise_error(InputSanitizer::KeyNotAllowedError)
   end
 
-  it "does allow correct keys" do
+  it 'does allow correct keys' do
     hash[:a].should be_nil
   end
 
-  it "returns value for correct key" do
+  it 'returns value for correct key' do
     hash[:a] = 'stuff'
     hash[:a].should == 'stuff'
   end
+
+  it 'allows to set value for a new key' do
+    hash[:b] = 'other stuff'
+    hash[:b].should == 'other stuff'
+    hash.key_allowed?(:b).should be_truthy
+  end
+
+  it 'adds new allowed keys after `transform_keys` is done' do
+    hash[:a] = 'stuff'
+    hash.transform_keys! { |key| key.to_s }
+    hash['a'].should == 'stuff'
+    hash.key_allowed?('a').should be_truthy
+  end
+
+  it 'removes previous allowed keys after `transform_keys` is done' do
+    hash[:a] = 'stuff'
+    hash.transform_keys! { |key| key.to_s }
+    lambda{ hash[:a] }.should raise_error(InputSanitizer::KeyNotAllowedError)
+  end
+
+  it 'updates allowed keys on merge!' do
+    merge_hash = { merged: '1' }
+    hash.merge!(merge_hash)
+    hash.key_allowed?(:merged).should be_truthy
+  end
+
+  it 'updates allowed keys on merge' do
+    merge_hash = { merged: '1' }
+    new_hash = hash.merge(some_key: merge_hash)
+    new_hash.key_allowed?(:some_key).should be_truthy
+  end
 end

data/spec/sanitizer_spec.rb

@@ -1,11 +1,22 @@
 require 'spec_helper'
 
+class NestedSanitizer < InputSanitizer::Sanitizer
+  integer :foo
+end
+
 class BasicSanitizer < InputSanitizer::Sanitizer
   string :x, :y, :z
+  integer :namespaced, :namespace => :value
+  integer :array, :collection => true
+  integer :namespaced_array, :collection => true, :namespace => :value
   integer :num
   date :birthday
   time :updated_at
   custom :cust1, :cust2, :converter => lambda { |v| v.reverse }
+  nested :stuff, :sanitizer => NestedSanitizer, :collection => true, :namespace => :nested
+  custom :custom3, :provide => :num, :converter => lambda { |v, num|
+    num == 1 ? v.reverse : v
+  }
 end
 
 class BrokenCustomSanitizer < InputSanitizer::Sanitizer
@@ -28,12 +39,17 @@ class RequiredCustom < BasicSanitizer
   custom :c1, :required => true, :converter => lambda { |v| v }
 end
 
+class DefaultParameters < BasicSanitizer
+  integer :funky_number, :default => 5
+  custom :fixed_stuff, :converter => lambda {|v| v }, :default => "default string"
+end
+
 describe InputSanitizer::Sanitizer do
   let(:sanitizer) { BasicSanitizer.new(@params) }
 
   describe ".clean" do
     it "returns cleaned data" do
-      clean_data = mock()
+      clean_data = double
       BasicSanitizer.any_instance.should_receive(:cleaned).and_return(clean_data)
       BasicSanitizer.clean({}).should be(clean_data)
     end
@@ -57,6 +73,12 @@ describe InputSanitizer::Sanitizer do
       cleaned.should_not have_key(:d)
     end
 
+    it "does not include ommited fields" do
+      @params = { "x" => 1, "z" => 3 }
+
+      cleaned.should_not have_key(:y)
+    end
+
     it "freezes cleaned hash" do
       @params = {}
 
@@ -83,6 +105,30 @@ describe InputSanitizer::Sanitizer do
       cleaned.should_not have_key(:d)
     end
 
+    it "preserves namespace" do
+      value = { :value => 5 }
+      @params = { :namespaced => value }
+
+      cleaned[:namespaced].should eq(value)
+    end
+
+    it "maps values for collection fields" do
+      numbers = [3, 5, 6]
+      @params = { :array => numbers }
+
+      cleaned[:array].should eq(numbers)
+    end
+
+    it "maps values for collection fields with namespace" do
+      numbers = [
+        { :value => 2 },
+        { :value => 5 }
+      ]
+      @params = { :namespaced_array => numbers }
+
+      cleaned[:namespaced_array].should eq(numbers)
+    end
+
     it "silently discards cast errors" do
       @params = {:num => "f"}
 
@@ -95,7 +141,7 @@ describe InputSanitizer::Sanitizer do
 
       cleaned.should have_key(:num)
       cleaned[:num].should == 23
-      cleaned[:is_nice].should be_false
+      cleaned[:is_nice].should eq(false)
     end
 
     it "overrides inherited fields" do
@@ -106,6 +152,32 @@ describe InputSanitizer::Sanitizer do
       cleaned[:is_nice].should == 42
     end
 
+    context "when sanitizer is initialized with default values" do
+      context "when paremeters are not overwriten" do
+        let(:sanitizer) { DefaultParameters.new({}) }
+
+        it "returns default value for non custom key" do
+          sanitizer.cleaned[:funky_number].should == 5
+        end
+
+        it "returns default value for custom key" do
+          sanitizer.cleaned[:fixed_stuff].should == "default string"
+        end
+      end
+
+      context "when parameters are overwriten" do
+        let(:sanitizer) { DefaultParameters.new({ :funky_number => 2, :fixed_stuff => "fixed" }) }
+
+        it "returns default value for non custom key" do
+          sanitizer.cleaned[:funky_number].should == 2
+        end
+
+        it "returns default value for custom key" do
+          sanitizer.cleaned[:fixed_stuff].should == "fixed"
+        end
+      end
+    end
+
   end
 
   describe ".custom" do
@@ -120,9 +192,53 @@ describe InputSanitizer::Sanitizer do
     end
 
     it "raises an error when converter is not defined" do
-      expect do
+      lambda do
         BrokenCustomSanitizer.custom(:x)
-      end.to raise_error
+      end.should raise_error
+    end
+
+    it "provides the converter with requested value" do
+      @params = { :custom3 => 'three', :num => 1 }
+      cleaned.should have_key(:custom3)
+      cleaned.should have_key(:num)
+      cleaned[:custom3].should eq('eerht')
+      cleaned[:num].should eq(1)
+    end
+  end
+
+  describe ".nested" do
+    let(:sanitizer) { BasicSanitizer.new(@params) }
+    let(:cleaned) { sanitizer.cleaned }
+
+    it "sanitizes nested values" do
+      nested = [
+        { :nested => { :foo => "5" } },
+        { :nested => { :foo => 8 } },
+      ]
+      @params = { :stuff => nested }
+
+      expected = [
+        { :nested => { :foo => 5 } },
+        { :nested => { :foo => 8 } },
+      ]
+      cleaned[:stuff].should eq(expected)
+    end
+
+    it "propagates errors" do
+      nested = [ { :nested => { :foo => "INVALID" } } ]
+      @params = { :stuff => nested }
+
+      sanitizer.should_not be_valid
+    end
+
+    it "returns an error when given a nil for a nested value" do
+      @params = { :stuff => nil }
+      sanitizer.should_not be_valid
+    end
+
+    it "returns an error when given a string for a nested value" do
+      @params = { :stuff => 'nope' }
+      sanitizer.should_not be_valid
     end
   end
 
@@ -131,43 +247,25 @@ describe InputSanitizer::Sanitizer do
 
     it "includes :integer type" do
       sanitizer.converters.should have_key(:integer)
-      sanitizer.converters[:integer].should be_a(InputSanitizer::IntegerConverter)
+      sanitizer.converters[:integer].should be_a(InputSanitizer::V1::IntegerConverter)
     end
 
     it "includes :string type" do
       sanitizer.converters.should have_key(:string)
-      sanitizer.converters[:string].should be_a(InputSanitizer::StringConverter)
+      sanitizer.converters[:string].should be_a(InputSanitizer::V1::StringConverter)
     end
 
     it "includes :date type" do
       sanitizer.converters.should have_key(:date)
-      sanitizer.converters[:date].should be_a(InputSanitizer::DateConverter)
+      sanitizer.converters[:date].should be_a(InputSanitizer::V1::DateConverter)
     end
 
     it "includes :boolean type" do
       sanitizer.converters.should have_key(:boolean)
-      sanitizer.converters[:boolean].should be_a(InputSanitizer::BooleanConverter)
+      sanitizer.converters[:boolean].should be_a(InputSanitizer::V1::BooleanConverter)
     end
   end
 
-  describe '.extract_options' do
-
-    it "extracts hash from array if is last" do
-      options = { :a => 1}
-      array = [1,2, options]
-      BasicSanitizer.extract_options(array).should == options
-      array.should == [1,2, options]
-    end
-
-    it "does not extract the last element if not a hash and returns default empty hash" do
-      array = [1,2]
-      BasicSanitizer.extract_options(array).should_not == 2
-      BasicSanitizer.extract_options(array).should == {}
-      array.should == [1,2]
-    end
-
-  end
-
   describe '.extract_options!' do
 
     it "extracts hash from array if is last" do
@@ -234,4 +332,9 @@ describe InputSanitizer::Sanitizer do
       error[:field].should == :c1
     end
   end
+
+  it "is valid when given extra params" do
+    @params = { :extra => 'test' }
+    sanitizer.should be_valid
+  end
 end