input_sanitizer 0.1.9 → 0.4.0

data/spec/spec_helper.rb

@@ -1,7 +1,22 @@
 require 'bundler'
 Bundler.setup(:test)
 
-require 'simplecov'
-SimpleCov.start unless ENV['CI'] == 'true'
+skip_coverage = ENV['CI']
+
+unless skip_coverage
+  require 'simplecov'
+  SimpleCov.start
+end
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :should
+  end
+
+  config.mock_with :rspec do |c|
+    c.syntax = :should
+  end
+end
 
 require 'input_sanitizer'
+require 'pry'

data/spec/v1/default_converters_spec.rb

@@ -0,0 +1,141 @@
+require 'spec_helper'
+
+describe InputSanitizer::V1::IntegerConverter do
+  let(:converter) { InputSanitizer::V1::IntegerConverter.new }
+
+  it "casts string to integer" do
+    converter.call("42").should == 42
+  end
+
+  it "casts integer to integer" do
+    converter.call(42).should == 42
+  end
+
+  it "raises error if cannot cast" do
+    lambda { converter.call("f") }.should raise_error(InputSanitizer::ConversionError)
+  end
+end
+
+describe InputSanitizer::V1::DateConverter do
+  let(:converter) { InputSanitizer::V1::DateConverter.new }
+
+  it "casts dates in iso format" do
+    converter.call("2012-05-15").should == Date.new(2012, 5, 15)
+  end
+
+  it "raises error if cannot cast" do
+    lambda { converter.call("2012-02-30") }.should raise_error(InputSanitizer::ConversionError)
+  end
+end
+
+describe InputSanitizer::V1::BooleanConverter do
+  let(:converter) { InputSanitizer::V1::BooleanConverter.new }
+
+  it "casts 'true' to true" do
+    converter.call('true').should eq(true)
+  end
+
+  it "casts true to true" do
+    converter.call(true).should eq(true)
+  end
+
+  it "casts '1' to true" do
+    converter.call('1').should eq(true)
+  end
+
+  it "casts 'yes' to true" do
+    converter.call('yes').should eq(true)
+  end
+
+  it "casts 'false' to false" do
+    converter.call('false').should eq(false)
+  end
+
+  it "casts false to false" do
+    converter.call(false).should eq(false)
+  end
+
+  it "casts '0' to false" do
+    converter.call('0').should eq(false)
+  end
+
+  it "casts 'no' to false" do
+    converter.call('no').should eq(false)
+  end
+
+  it "raises error if cannot cast" do
+    lambda { converter.call("notboolean") }.should raise_error(InputSanitizer::ConversionError)
+  end
+end
+
+describe InputSanitizer::V1::TimeConverter do
+  let(:converter) { InputSanitizer::V1::TimeConverter.new }
+
+  it "raises if timezone part given" do
+    lambda { converter.call("2012-05-15 13:42:54 +01:00") }.should raise_error(InputSanitizer::ConversionError)
+  end
+
+  it "casts date time in iso format" do
+    t = Time.utc(2012, 5, 15, 13, 42, 54)
+    converter.call("2012-05-15 13:42:54").should == t
+    converter.call("2012-05-15T13:42:54").should == t
+    converter.call("20120515134254").should == t
+  end
+
+  it "works with miliseconds" do
+    t = Time.utc(2012, 5, 15, 13, 42, 54)
+    converter.call("2012-05-15 13:42:54.000").should == t
+    converter.call("2012-05-15T13:42:54.000").should == t
+    converter.call("20120515134254000").should == t
+  end
+
+  it "works with Z at the end" do
+    t = Time.utc(2012, 5, 15, 13, 42, 54)
+    converter.call("2012-05-15 13:42:54.000Z").should == t
+    converter.call("2012-05-15T13:42:54.000Z").should == t
+   converter.call("2012-05-15T13:42:54Z").should == t
+    converter.call("20120515134254000Z").should == t
+  end
+
+  it "does not require time part" do
+    converter.call("2012-05-15 13:42").should == Time.utc(2012, 5, 15, 13, 42)
+    converter.call("2012-05-15 13").should == Time.utc(2012, 5, 15, 13)
+    converter.call("2012-05-15").should == Time.utc(2012, 5, 15)
+  end
+
+  it "raises error if can format is wrong" do
+    lambda { converter.call("2/10/2031 13:44:22") }.should raise_error(InputSanitizer::ConversionError)
+  end
+
+  it "raises error if date is wrong" do
+    lambda { converter.call("2012-02-32") }.should raise_error(InputSanitizer::ConversionError)
+  end
+
+  it "allows the instance of Time" do
+    t = Time.now
+    converter.call(t).should == t.utc
+  end
+
+  it "raises error if value is of invalid type" do
+    lambda { converter.call({}) }.should raise_error(InputSanitizer::ConversionError)
+  end
+end
+
+describe InputSanitizer::V1::AllowNil do
+  it "passes blanks" do
+    lambda { |_| 1 }.extend(InputSanitizer::V1::AllowNil).call("").should be_nil
+  end
+
+  it "passes things the extended sanitizer passes" do
+    lambda { |_| :something }.extend(InputSanitizer::V1::AllowNil).call(:stuff).
+      should eq(:something)
+  end
+
+  it "raises error if the extended sanitizer raises error" do
+    action = lambda do
+      lambda { |_| raise "Some error" }.extend(InputSanitizer::V1::AllowNil).call(:stuff)
+    end
+
+    action.should raise_error
+  end
+end

data/spec/v2/converters_spec.rb

@@ -0,0 +1,174 @@
+require 'spec_helper'
+
+# OPTIONS
+# :allow_nil (default true)
+# :allow_blank (default true)
+# :require (default false, requires given key in params, and additionally sets :allow_nil and :allow_blank to false)
+
+#           | allow_nil | allow_blank
+# __________|___________|_____________
+# string    |    YES    |     YES
+# url       |    YES    |     YES
+# datetime  |    YES    |     YES
+# integer   |    YES    |     NO
+# boolean   |    NO     |     NO
+# ------------------------------------
+
+# [type, value, option] => valid? # if valid? == false then check for ValueMissing error
+
+test_cases = {
+  [InputSanitizer::V2::Types::StringCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::StringCheck, { :allow_nil => false }, ""] => true,
+  [InputSanitizer::V2::Types::StringCheck, { :allow_nil => false }, "zz"] => true,
+  [InputSanitizer::V2::Types::StringCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::StringCheck, { :allow_blank => false }, ""] => false,
+  [InputSanitizer::V2::Types::StringCheck, { :allow_blank => false }, "zz"] => true,
+  [InputSanitizer::V2::Types::StringCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::StringCheck, { :required => true }, ""] => false,
+  [InputSanitizer::V2::Types::StringCheck, { :required => true }, "zz"] => true,
+  [InputSanitizer::V2::Types::StringCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::StringCheck, { }, ""] => true,
+  [InputSanitizer::V2::Types::StringCheck, { }, "zz"] => true,
+  [InputSanitizer::V2::Types::IntegerCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::IntegerCheck, { :allow_nil => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::IntegerCheck, { :allow_nil => false }, 1] => true,
+  [InputSanitizer::V2::Types::IntegerCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::IntegerCheck, { :allow_blank => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::IntegerCheck, { :allow_blank => false }, 1] => true,
+  [InputSanitizer::V2::Types::IntegerCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::IntegerCheck, { :required => true }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::IntegerCheck, { :required => true }, 1] => true,
+  [InputSanitizer::V2::Types::IntegerCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::IntegerCheck, { }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::IntegerCheck, { }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_nil => false }, "null"] => false,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_nil => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_nil => false }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_blank => false }, "null"] => false,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_blank => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :allow_blank => false }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :required => true }, "null"] => false,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :required => true }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { :required => true }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { }, "null"] => true,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingIntegerCheck, { }, 1] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_nil => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_nil => false }, 1] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_nil => false }, 3.1415] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_blank => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_blank => false }, 1] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { :allow_blank => false }, 3.1415] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::FloatCheck, { :required => true }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::FloatCheck, { :required => true }, 1] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { :required => true }, 3.1415] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::FloatCheck, { }, 1] => true,
+  [InputSanitizer::V2::Types::FloatCheck, { }, 3.1415] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_nil => false }, "null"] => false,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_nil => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_nil => false }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_nil => false }, 3.1415] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_nil => false }, "3.1415"] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_blank => false }, "null"] => false,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_blank => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_blank => false }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_blank => false }, 3.1415] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :allow_blank => false }, "3.1415"] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :required => true }, "null"] => false,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :required => true }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :required => true }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :required => true }, 3.1415] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { :required => true }, "3.1415"] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { }, "null"] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { }, 1] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { }, 3.1415] => true,
+  [InputSanitizer::V2::Types::CoercingFloatCheck, { }, "3.1415"] => true,
+  [InputSanitizer::V2::Types::BooleanCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::BooleanCheck, { :allow_nil => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::BooleanCheck, { :allow_nil => false }, true] => true,
+  [InputSanitizer::V2::Types::BooleanCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::BooleanCheck, { :allow_blank => false }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::BooleanCheck, { :allow_blank => false }, true] => true,
+  [InputSanitizer::V2::Types::BooleanCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::BooleanCheck, { :required => true }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::BooleanCheck, { :required => true }, true] => true,
+  [InputSanitizer::V2::Types::BooleanCheck, { }, nil] => false,
+  [InputSanitizer::V2::Types::BooleanCheck, { }, ""] => :invalid_type,
+  [InputSanitizer::V2::Types::BooleanCheck, { }, true] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :allow_nil => false }, ""] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :allow_nil => false }, "2014-08-27T16:32:56Z"] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :allow_blank => false }, ""] => false,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :allow_blank => false }, "2014-08-27T16:32:56Z"] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :required => true }, ""] => false,
+  [InputSanitizer::V2::Types::DatetimeCheck, { :required => true }, "2014-08-27T16:32:56Z"] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { }, ""] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { }, "2014-08-27T16:32:56Z"] => true,
+  [InputSanitizer::V2::Types::DatetimeCheck, { }, 1234] => :invalid_type,
+  [InputSanitizer::V2::Types::DatetimeCheck, { }, []] => :invalid_type,
+  [InputSanitizer::V2::Types::DatetimeCheck, { }, {}] => :invalid_type,
+  [InputSanitizer::V2::Types::URLCheck, { :allow_nil => false }, nil] => false,
+  [InputSanitizer::V2::Types::URLCheck, { :allow_nil => false }, ""] => true,
+  [InputSanitizer::V2::Types::URLCheck, { :allow_nil => false }, "http://getbase.com"] => true,
+  [InputSanitizer::V2::Types::URLCheck, { :allow_blank => false }, nil] => false,
+  [InputSanitizer::V2::Types::URLCheck, { :allow_blank => false }, ""] => false,
+  [InputSanitizer::V2::Types::URLCheck, { :allow_blank => false }, "http://getbase.com"] => true,
+  [InputSanitizer::V2::Types::URLCheck, { :required => true }, nil] => false,
+  [InputSanitizer::V2::Types::URLCheck, { :required => true }, ""] => false,
+  [InputSanitizer::V2::Types::URLCheck, { :required => true }, "http://getbase.com"] => true,
+  [InputSanitizer::V2::Types::URLCheck, { }, nil] => true,
+  [InputSanitizer::V2::Types::URLCheck, { }, ""] => true,
+  [InputSanitizer::V2::Types::URLCheck, { }, "http://getbase.com"] => true,
+}
+
+describe 'type checks' do
+  test_cases.each do |(test_case, result)|
+    describe test_case[0] do
+      context "with options: #{test_case[1]}" do
+        show_value = case test_case[2]
+        when nil then 'nil'
+        when '' then "''"
+        else "'#{test_case[2]}'"
+        end
+
+        it "correctly handles value #{show_value}" do
+          case result
+          when true
+            lambda { test_case[0].new.call(test_case[2], test_case[1]) }.should_not raise_error
+          when false
+            lambda { test_case[0].new.call(test_case[2], test_case[1]) }.should raise_error(InputSanitizer::BlankValueError)
+          when :invalid_type
+            lambda { test_case[0].new.call(test_case[2], test_case[1]) }.should raise_error(InputSanitizer::TypeMismatchError)
+          end
+        end
+      end
+    end
+  end
+end
+
+# Generating test cases:
+
+# types = ['string', 'integer', 'boolean', 'datetime', 'url']
+# options = [:allow_nil_false, :allow_blank_false, :required_true, :no_params]
+# values = [nil, '', lambda { |type| { 'string' => 'zz', 'integer' => 1, 'boolean' => true, 'datetime' => '2014-08-27T16:32:56Z', 'url' => 'http://getbase.com' }[type] }]
+# test_cases = types.product(options).product(values).map(&:flatten).map! do |test_case|
+#   test_case[2] = test_case[2].call(test_case[0]) if test_case[2].is_a?(Proc); test_case
+# end
+# test_cases.each { |test_case| puts "#{test_case.inspect} => []," }; nil

data/spec/v2/payload_sanitizer_spec.rb

@@ -0,0 +1,460 @@
+require 'spec_helper'
+
+class AddressSanitizer < InputSanitizer::V2::PayloadSanitizer
+  string :city
+  string :zip
+end
+
+class TagSanitizer < InputSanitizer::V2::PayloadSanitizer
+  integer :id
+  string :name
+  nested :addresses, :sanitizer => AddressSanitizer, :collection => true
+end
+
+class TestedPayloadSanitizer < InputSanitizer::V2::PayloadSanitizer
+  integer :array, :collection => true
+  integer :array_nil, :collection => true, :allow_nil => true
+  string :status, :allow => ['current', 'past']
+  string :status_with_empty, :allow => ['', 'current', 'past']
+  string :regexp_string, :regexp => /^#?([a-f0-9]{6}|[a-f0-9]{3})$/
+  nested :address, :sanitizer => AddressSanitizer
+  nested :nullable_address, :sanitizer => AddressSanitizer, :allow_nil => true
+  nested :tags, :sanitizer => TagSanitizer, :collection => true
+
+  float :float_attribute, :minimum => 1, :maximum => 100
+  integer :integer_attribute, :minimum => 1, :maximum => 100
+  string :string_attribute
+  boolean :bool_attribute
+  datetime :datetime_attribute
+  date :date_attribute, :minimum => Date.new(-2015, 01, 01), :maximum => Date.new(2015, 12, 31)
+
+  url :website
+  string :limited_collection, :collection => { :minimum => 1, :maximum => 2 }, :minimum => 2, :maximum => 12
+  string :allow_collection, :collection => true, :allow => ['yes', 'no']
+end
+
+class BlankValuesPayloadSanitizer < InputSanitizer::V2::PayloadSanitizer
+  string :required_string, :required => true
+  datetime :non_nil_datetime, :allow_nil => false
+  url :non_blank_url, :allow_blank => false
+end
+
+class CustomConverterWithProvidedValue < InputSanitizer::V2::PayloadSanitizer
+  integer :from
+  custom :to, :provide => :from, :converter => lambda { |value, options|
+    InputSanitizer::V2::Types::IntegerCheck.new.call(value)
+    raise InputSanitizer::ValueError.new(value, options[:provided][:from], nil) if options[:provided][:from] > value
+    value
+  }
+end
+
+describe InputSanitizer::V2::PayloadSanitizer do
+  let(:sanitizer) { TestedPayloadSanitizer.new(@params) }
+  let(:cleaned) { sanitizer.cleaned }
+
+  describe "collections" do
+    it "is invalid if collection is not an array" do
+      @params = { :array => {} }
+      sanitizer.should_not be_valid
+    end
+
+    it "is valid if collection is an array" do
+      @params = { :array => [] }
+      sanitizer.should be_valid
+    end
+
+    it "is valid if collection is an nil and allow_nil is passed" do
+      @params = { :array_nil => nil }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid if there are too few elements" do
+      @params = { :limited_collection => [] }
+      sanitizer.should_not be_valid
+    end
+
+    it "is invalid if there are too many elements" do
+      @params = { :limited_collection => ['bear', 'bear', 'bear'] }
+      sanitizer.should_not be_valid
+    end
+
+    it "is valid when there are just enough elements" do
+      @params = { :limited_collection => ['goldilocks'] }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid when any of the elements are too long" do
+      @params = { :limited_collection => ['more_than_the_limit'] }
+      sanitizer.should_not be_valid
+    end
+
+    it "is invalid when any of the elements are too short" do
+      @params = { :limited_collection => ['a'] }
+      sanitizer.should_not be_valid
+    end
+
+    it "is invalid when given disallowed value in a collection" do
+      @params = { :allow_collection => ['yes', 'no', 'whoa'] }
+      sanitizer.should_not be_valid
+    end
+
+    it "is valid when given allowed values in a collection" do
+      @params = { :allow_collection => ['yes', 'no'] }
+      sanitizer.should be_valid
+    end
+  end
+
+  describe "allow option" do
+    it "is valid when given an allowed string" do
+      @params = { :status => 'past' }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid when given an empty string" do
+      @params = { :status => '' }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/status')
+    end
+
+    it "is valid when given an allowed empty string" do
+      @params = { :status_with_empty => '' }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid when given a disallowed string" do
+      @params = { :status => 'current bad string' }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/status')
+    end
+  end
+
+  describe "minimum and maximum options" do
+    it "is invalid if integer is lower than the minimum" do
+      @params = { :integer_attribute => 0 }
+      sanitizer.should_not be_valid
+    end
+
+    it "is invalid if integer is greater than the maximum" do
+      @params = { :integer_attribute => 101 }
+      sanitizer.should_not be_valid
+    end
+
+    it "is valid when integer is within given range" do
+      @params = { :limited_collection => ['goldilocks'] }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid if float is lower than the minimum" do
+      @params = { :float_attribute => 0.0 }
+      sanitizer.should_not be_valid
+    end
+
+    it "is invalid if float is greater than the maximum" do
+      @params = { :float_attribute => 101.0 }
+      sanitizer.should_not be_valid
+    end
+  end
+
+  describe "strict param checking" do
+    it "is invalid when given extra params" do
+      @params = { :extra => 'test', :extra2 => 1 }
+      sanitizer.should_not be_valid
+      sanitizer.errors.count.should eq(2)
+    end
+
+    it "is invalid when given extra params in a nested sanitizer" do
+      @params = { :address => { :extra => 0 }, :tags => [ { :extra2 => 1 } ] }
+      sanitizer.should_not be_valid
+      sanitizer.errors.map(&:field).should contain_exactly('/address/extra', '/tags/0/extra2')
+    end
+  end
+
+  describe "converters with provided values" do
+    let(:sanitizer) { CustomConverterWithProvidedValue.new(@params) }
+
+    it "is valid when converter passes check with provided value" do
+      @params = {from: 1, to: 3}
+      sanitizer.should be_valid
+    end
+
+    it "is invalid when converter does not pass check with provided value" do
+      @params = {from: 3, to: 1}
+      sanitizer.should_not be_valid
+    end
+  end
+
+  describe "strict type checking" do
+    it "is invalid when given string instead of integer" do
+      @params = { :integer_attribute => '1' }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/integer_attribute')
+    end
+
+    it "is valid when given an integer" do
+      @params = { :integer_attribute => 50 }
+      sanitizer.should be_valid
+      sanitizer[:integer_attribute].should eq(50)
+    end
+
+    it "is invalid when given a float" do
+      @params = { :integer_attribute => 50.99 }
+      sanitizer.should_not be_valid
+    end
+
+    it "is valid when given nil for an integer" do
+      @params = { :integer_attribute => nil }
+      sanitizer.should be_valid
+      sanitizer[:integer_attribute].should be_nil
+    end
+
+    it "is invalid when given string instead of float" do
+      @params = { :float_attribute => '1' }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/float_attribute')
+    end
+
+    it "is valid when given a float" do
+      @params = { :float_attribute => 50.0 }
+      sanitizer.should be_valid
+      sanitizer[:float_attribute].should eq(50.0)
+    end
+
+    it "is valid when given nil for a float" do
+      @params = { :float_attribute => nil }
+      sanitizer.should be_valid
+      sanitizer[:float_attribute].should be_nil
+    end
+
+    it "is valid when given string is matching regexp" do
+      @params = { :regexp_string => "#8bd635" }
+      sanitizer.should be_valid
+      sanitizer[:regexp_string].should eq('#8bd635')
+    end
+
+    it "is invalid when given string is not matching regexp" do
+      @params = { :regexp_string => "not a hex value" }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/regexp_string')
+    end
+
+    it "is invalid when given integer instead of string" do
+      @params = { :string_attribute => 0 }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/string_attribute')
+    end
+
+    it "is invalid when given float instead of string" do
+      @params = { :string_attribute => 3.1415 }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/string_attribute')
+    end
+
+    it "is valid when given a string" do
+      @params = { :string_attribute => '#@!#%#$@#ad' }
+      sanitizer.should be_valid
+      sanitizer[:string_attribute].should eq('#@!#%#$@#ad')
+    end
+
+    it "is invalid when given 'yes' as a bool" do
+      @params = { :bool_attribute => 'yes' }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/bool_attribute')
+    end
+
+    it "is valid when given true as a bool" do
+      @params = { :bool_attribute => true }
+      sanitizer.should be_valid
+    end
+
+    it "is valid when given false as a bool" do
+      @params = { :bool_attribute => false }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid when given an incorrect datetime" do
+      @params = { :datetime_attribute => "2014-08-2716:32:56Z" }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/datetime_attribute')
+    end
+
+    it "is valid when given a correct datetime" do
+      @params = { :datetime_attribute => "2014-08-27T16:32:56Z" }
+      sanitizer.should be_valid
+    end
+
+    it "is valid when given a 'forever' timestamp" do
+      @params = { :datetime_attribute => "9999-12-31T00:00:00Z" }
+      sanitizer.should be_valid
+    end
+
+    it "is invalid when given an incorrect date" do
+      @params = { :date_attribute => "invalid" }
+      sanitizer.should_not be_valid
+      sanitizer.errors[0].field.should eq('/date_attribute')
+    end
+
+    it "is valid when given a correct date" do
+      @params = { :date_attribute => "2015-08-27" }
+      sanitizer.should be_valid
+    end
+
+    it "is valid when given a correct negative date" do
+      @params = { :date_attribute => "-2014-08-27" }
+      sanitizer.should be_valid
+    end
+
+    it "is valid when given a correct URL" do
+      @params = { :website => "https://google.com" }
+      sanitizer.should be_valid
+      sanitizer[:website].should eq("https://google.com")
+    end
+
+    it "is invalid when given an invalid URL" do
+      @params = { :website => "ht:/google.com" }
+      sanitizer.should_not be_valid
+    end
+
+    it "is invalid when given an invalid URL that contains a valid URL" do
+      @params = { :website => "watwat http://google.com wat" }
+      sanitizer.should_not be_valid
+    end
+
+    describe "blank and required values" do
+      let(:sanitizer) { BlankValuesPayloadSanitizer.new(@params) }
+      let(:defaults) { { :required_string => 'zz' } }
+
+      it "is invalid if required string is missing" do
+        @params = {}
+        sanitizer.should_not be_valid
+        sanitizer.errors[0].should be_an_instance_of(InputSanitizer::ValueMissingError)
+        sanitizer.errors[0].field.should eq('/required_string')
+      end
+
+      it "is invalid if required string is nil" do
+        @params = { :required_string => nil }
+        sanitizer.should_not be_valid
+        sanitizer.errors[0].should be_an_instance_of(InputSanitizer::BlankValueError)
+        sanitizer.errors[0].field.should eq('/required_string')
+      end
+
+      it "is invalid if required string is blank" do
+        @params = { :required_string => ' ' }
+        sanitizer.should_not be_valid
+        sanitizer.errors[0].should be_an_instance_of(InputSanitizer::BlankValueError)
+        sanitizer.errors[0].field.should eq('/required_string')
+      end
+
+      it "is invalid if non-nil datetime is null" do
+        @params = defaults.merge({ :non_nil_datetime => nil })
+        sanitizer.should_not be_valid
+        sanitizer.errors[0].should be_an_instance_of(InputSanitizer::BlankValueError)
+        sanitizer.errors[0].field.should eq('/non_nil_datetime')
+      end
+
+      it "is valid if non-nil datetime is blank" do
+        @params = defaults.merge({ :non_nil_datetime => '' })
+        sanitizer.should be_valid
+      end
+
+      it "is invalid if non-blank url is nil" do
+        @params = defaults.merge({ :non_blank_url => nil })
+        sanitizer.should_not be_valid
+        sanitizer.errors[0].should be_an_instance_of(InputSanitizer::BlankValueError)
+        sanitizer.errors[0].field.should eq('/non_blank_url')
+      end
+
+      it "is invalid if non-blank url is blank" do
+        @params = defaults.merge({ :non_blank_url => '' })
+        sanitizer.should_not be_valid
+        sanitizer.errors[0].should be_an_instance_of(InputSanitizer::BlankValueError)
+        sanitizer.errors[0].field.should eq('/non_blank_url')
+      end
+    end
+
+    describe "nested checking" do
+      describe "simple array" do
+        it "returns JSON pointer for invalid fields" do
+          @params = { :array => [1, 'z', '3', 4] }
+          sanitizer.errors.length.should eq(2)
+          sanitizer.errors.map(&:field).should contain_exactly('/array/1', '/array/2')
+        end
+      end
+
+      describe "nested object" do
+        it "returns an error when given a nil for a nested value" do
+          @params = { :address => nil }
+          sanitizer.should_not be_valid
+        end
+
+        it "returns an error when given a string for a nested value" do
+          @params = { :address => 'nope' }
+          sanitizer.should_not be_valid
+        end
+
+        it "returns an error when given an array for a nested value" do
+          @params = { :address => ['a'] }
+          sanitizer.should_not be_valid
+        end
+
+        it "returns JSON pointer for invalid fields" do
+          @params = { :address => { :city => 0, :zip => 1 } }
+          sanitizer.errors.length.should eq(2)
+          sanitizer.errors.map(&:field).should contain_exactly('/address/city', '/address/zip')
+        end
+
+        it "allows nil with `allow_nil` flag" do
+          @params = { :nullable_address => nil }
+          sanitizer.should be_valid
+          sanitizer.cleaned.fetch(:nullable_address).should eq(nil)
+        end
+      end
+
+      describe "array of nested objects" do
+        it "returns an error when given a nil for a collection" do
+          @params = { :tags => nil }
+          sanitizer.should_not be_valid
+        end
+
+        it "returns an error when given a string for a collection" do
+          @params = { :tags => 'nope' }
+          sanitizer.should_not be_valid
+        end
+
+        it "returns an error when given a hash for a collection" do
+          @params = { :tags => { :a => 1 } }
+          sanitizer.should_not be_valid
+        end
+
+        it "returns JSON pointer for invalid fields" do
+          @params = { :tags => [ { :id => 'n', :name => 1 }, { :id => 10, :name => 2 } ] }
+          sanitizer.errors.length.should eq(3)
+          sanitizer.errors.map(&:field).should contain_exactly(
+            '/tags/0/id',
+            '/tags/0/name',
+            '/tags/1/name'
+          )
+        end
+      end
+
+      describe "array of nested objects that have array of nested objects" do
+        it "returns JSON pointer for invalid fields" do
+          @params = { :tags => [
+            { :id => 'n', :addresses => [ { :city => 0 }, { :city => 1 } ] },
+            { :name => 2, :addresses => [ { :city => 3 } ] },
+          ] }
+          sanitizer.errors.length.should eq(5)
+          sanitizer.errors.map(&:field).should contain_exactly(
+            '/tags/0/id',
+            '/tags/0/addresses/0/city',
+            '/tags/0/addresses/1/city',
+            '/tags/1/name',
+            '/tags/1/addresses/0/city'
+          )
+
+          ec = sanitizer.error_collection
+          ec.length.should eq(5)
+        end
+      end
+    end
+  end
+end