roda 3.7.0 → 3.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d7fe20c8d9a31f311d69cac5c073690374859342d995f97183abeda25e84c2e8
-  data.tar.gz: d8b584c5768ef36fc60cd495d51285446c9cdd7e94a56668758b9c38253413a4
+  metadata.gz: f1f45dc2c17fe99add9644d7ee24bcc83e85f0c4ca5927b7d88b31ddac7c4d35
+  data.tar.gz: 654f4aaa9987343d9ff989bc4fc730d2c07d885b4ee57465be845c0876636340
 SHA512:
-  metadata.gz: 90e1c33010e0cd7d21fbf434c88bbad41dc069c746bb7eb58b1ae8b982f48320316eabf7f95d8af9376d76cc6d5d88fcb216c3859df5199f6a98bcf86830b5f3
-  data.tar.gz: 1a2d6dda37a5a49871af93894e5b32e553cdac5baa34d5c0a441481101bbc88353e3b8120deeaf7afcfeaae48c1c7cb48ea525a27c8db8e3d212e7945e75fb8d
+  metadata.gz: 9766752c2e4204821986db58bc086080f406770672670179a65bfe91766227f2637c195250d66d0f1b8ad021e6a3593b901a649cd51ab5484e7249cda057498c
+  data.tar.gz: e9ad5ba69df715e11e3ee9b258c2e4233631104cbdf972c2c8e0c6ace1bbf1fa5b6bca5cb88d2891e63fb64885ba17623a35760e6b60f49c4e56cebf43a17c1a

data/CHANGELOG

@@ -1,3 +1,9 @@
+= 3.8.0 (2018-05-17)
+
+* Accept convert_each! :keys option that is Proc or Method in typecast_params plugin (jeremyevans)
+
+* Make convert_each! in typecast_params plugin handle hashes with '0'..'N' keys without :keys option (jeremyevans)
+
 = 3.7.0 (2018-04-20)
 
 * Make response_request plugin work with error_handler and class_level_routing plugins (jeremyevans)

data/README.rdoc

@@ -840,18 +840,40 @@ that all Roda applications that deal with parameters use it or
 another tool to explicitly convert submitted parameters to the
 expected types.
 
-=== Security Related HTTP Headers
+=== Content Security Policy
+
+The Content-Security-Policy HTTP header can be used to instruct
+the browser on what types of content to allow and where content
+can be loaded from.  Roda ships with a +content_security_policy+
+plugin that allows for the easy configuration of the content
+security policy.  Here's an example of a fairly restrictive
+content security policy configuration:
+
+  class App < Roda
+    plugin :content_security_policy do |csp|
+      csp.default_src :none # deny everything by default
+      csp.style_src :self
+      csp.script_src :self
+      csp.connect_src :self
+      csp.img_src :self
+      csp.font_src :self
+      csp.form_action :self
+      csp.base_uri :none
+      csp.frame_ancestors :none
+      csp.block_all_mixed_content
+      csp.report_uri 'CSP_REPORT_URI'
+    end
+  end
+
+=== Other Security Related HTTP Headers
 
 You may want to look into setting the following HTTP headers, which
 can be done at the web server level, but can also be done at the
 application level using using the +default_headers+ plugin:
 
-Content-Security-Policy/X-Content-Security-Policy :: Defines policy for how javascript and other
-                                                     types of content can be used on the page.
-Frame-Options/X-Frame-Options :: Provides click-jacking protection by not allowing usage inside
-                                 a frame.
 Strict-Transport-Security :: Enforces SSL/TLS Connections to the application.
 X-Content-Type-Options :: Forces some browsers to respect a declared Content-Type header.
+X-Frame-Options :: Provides click-jacking protection by not allowing usage inside a frame.
 X-XSS-Protection :: Enables an XSS mitigation filter in some browsers.
 
 Example:
@@ -859,10 +881,9 @@ Example:
   class App < Roda
     plugin :default_headers,
       'Content-Type'=>'text/html',
-      'Content-Security-Policy'=>"default-src 'self'",
       'Strict-Transport-Security'=>'max-age=16070400;',
-      'X-Frame-Options'=>'deny',
       'X-Content-Type-Options'=>'nosniff',
+      'X-Frame-Options'=>'deny',
       'X-XSS-Protection'=>'1; mode=block'
   end
 
@@ -876,8 +897,6 @@ location on the file system that users can write files to).
 You can specify which directories are allowed using the +:allowed_paths+ render plugin
 option. If you really want to turn path checking off, you can do so via the
 <tt>check_paths: false</tt> render plugin option.
-not check paths, as it assumes that users and libraries that use this option will be checking
-such paths manually.
 
 == Code Reloading
 

data/doc/release_notes/3.8.0.txt

@@ -0,0 +1,27 @@
+= New Features
+
+* The convert_each! method in the typecast_params plugin now
+  accepts a Proc or Method value for the :keys option. The proc
+  or method is called with the current array or hash that
+  typecast params is operating on, and should return an
+  array of keys to use for the conversion.
+
+* The convert_each! method in the typecast_params plugin will
+  now automatically handle hashes with keys from '0'..'N',
+  without a :keys option being provided.
+  
+  This makes it possible to handle parameter names such as
+  foo[0][bar], foo[0][baz], foo[1][bar], and foo[1][baz], if you
+  want to avoid the issues related to rack's issues when parsing
+  array parameters.
+
+= Other Improvements
+
+* The Roda::RodaVersionNumber constant has been added for easier
+  version comparisons.  It is 30080 for version 3.8.0.
+
+= Backwards Compatibility
+
+* When an unsupported type is given as value of the :keys option
+  to the convert_each! method in the typecast_params plugin, a
+  ProgrammerError exception is now raised.

data/lib/roda/plugins/typecast_params.rb

@@ -162,7 +162,7 @@ class Roda
     #     tp.pos_int!('artist_id')
     #     tp.array!(:pos_int, 'album_ids')
     #     tp.convert!('sales') do |stp|
-    #       tp.pos_int!(['num_sold', 'num_shipped'])
+    #       stp.pos_int!(['num_sold', 'num_shipped'])
     #     end
     #     tp.convert!('members') do |mtp|
     #       mtp.convert_each! do |stp|
@@ -197,7 +197,7 @@ class Roda
     #     tp.pos_int!('artist_id')
     #     tp.array!(:pos_int, 'album_ids')
     #     tp.convert!('sales') do |stp|
-    #       tp.pos_int!(['num_sold', 'num_shipped'])
+    #       stp.pos_int!(['num_sold', 'num_shipped'])
     #     end
     #     tp.convert!('members') do |mtp|
     #       mtp.convert_each! do |stp|
@@ -295,7 +295,7 @@ class Roda
 
         # An array of all other errors that were raised with this error.  If the error
         # was not raised inside Params#convert! or Params#convert_each!, this will just be
-        # an array containing the current the receiver.
+        # an array containing the current receiver.
         # 
         # This allows you to use Params#convert! to process a form input, and if any
         # conversion errors occur inside the block, it can provide an array of all parameter
@@ -574,22 +574,43 @@ class Roda
           end
         end
 
-        # Runs convert! for each key specified by the :keys option.  If no :keys option is given and the object is an array,
-        # runs convert! for all entries in the array.
-        # Raises an Error if the current object is not an array and :keys option is not specified.
+        # Runs convert! for each key specified by the :keys option.  If :keys option is not given
+        # and the object is an array, runs convert! for all entries in the array.  If the :keys
+        # option is not given and the object is a Hash with string keys '0', '1', ..., 'N' (with
+        # no skipped keys), runs convert! for all entries in the hash.  If :keys option is a Proc
+        # or a Method, calls the proc/method with the current object, which should return an
+        # array of keys to use.
         # Passes any options given to #convert!.  Options:
         #
-        # :keys :: The keys to extract from the object
+        # :keys :: The keys to extract from the object. If a proc or method,
+        #          calls the value with the current object, which should return the array of keys
+        #          to use.
         def convert_each!(opts=OPTS, &block)
           np = !@capture
 
           _capture!(nil, opts) do
-            unless keys = opts[:keys]
-              unless @obj.is_a?(Array)
-                handle_error(nil, :invalid_type, "convert_each! called on non-array")
+            case keys = opts[:keys]
+            when nil
+              keys = (0...@obj.length)
+
+              valid = case @obj
+              when Array
+                true
+              when Hash
+                keys = keys.map(&:to_s)
+                keys.all?{|k| @obj.has_key?(k)}
+              end
+
+              unless valid
+                handle_error(nil, :invalid_type, "convert_each! called on object not an array or hash with keys '0'..'N'")
                 next 
               end
-              keys = (0...@obj.length)
+            when Array
+              # nothing to do
+            when Proc, Method
+              keys = keys.call(@obj)
+            else
+              raise ProgrammerError, "unsupported convert_each! :keys option: #{keys.inspect}"
             end
 
             keys.map do |i|

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 3
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 7
+  RodaMinorVersion = 8
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.
@@ -12,4 +12,7 @@ class Roda
 
   # The full version of Roda as a string.
   RodaVersion = "#{RodaMajorVersion}.#{RodaMinorVersion}.#{RodaPatchVersion}".freeze
+
+  # The full version of Roda as a number (3.7.0 => 30070)
+  RodaVersionNumber = RodaMajorVersion*10000 + RodaMinorVersion*10 + RodaPatchVersion
 end

data/spec/plugin/typecast_params_spec.rb

@@ -581,13 +581,27 @@ describe "typecast_params plugin" do
     end.must_equal [{'b'=>1, 'c'=>2}, {'b'=>3, 'c'=>4}]
   end
 
-  it "#convert_each! with :keys option should convert each named entry in a hash" do
+  it "#convert_each! without :keys option should convert each named entry in a hash when keys are '0'..'N'" do
+    tp = tp('a[0][b]=1&a[0][c]=2&a[1][b]=3&a[1][c]=4')
+    tp['a'].convert_each! do |tp0|
+      tp0.int(%w'b c')
+    end.must_equal [{'b'=>1, 'c'=>2}, {'b'=>3, 'c'=>4}]
+  end
+
+  it "#convert_each! with :keys option should convert each named entry in a hash when keys are '0'..'N'" do
     tp = tp('a[0][b]=1&a[0][c]=2&a[1][b]=3&a[1][c]=4')
     tp['a'].convert_each!(:keys=>%w'0 1') do |tp0|
       tp0.int(%w'b c')
     end.must_equal [{'b'=>1, 'c'=>2}, {'b'=>3, 'c'=>4}]
   end
 
+  it "#convert_each! with :keys option should convert each named entry in a hash" do
+    tp = tp('a[d][b]=1&a[d][c]=2&a[e][b]=3&a[e][c]=4')
+    tp['a'].convert_each!(:keys=>%w'd e') do |tp0|
+      tp0.int(%w'b c')
+    end.must_equal [{'b'=>1, 'c'=>2}, {'b'=>3, 'c'=>4}]
+  end
+
   it "#convert_each! with :keys option should store entries when called inside convert" do
     tp('a[0][b]=1&a[0][c]=2&a[1][b]=3&a[1][c]=4').convert! do |tp|
       tp['a'].convert_each!(:keys=>%w'0 1') do |tp0|
@@ -596,10 +610,33 @@ describe "typecast_params plugin" do
     end.must_equal("a"=>{"0"=>{'b'=>1, 'c'=>2}, "1"=>{'b'=>3, 'c'=>4}})
   end
 
-  it "#convert_each! should raise if obj is not an array" do
+  it "#convert_each! :keys option should accept a Proc" do
+    tp('a[0][b]=1&a[0][c]=2&a[1][b]=3&a[1][c]=4').convert! do |tp|
+      tp['a'].convert_each!(:keys=>proc{|obj| obj.keys}) do |tp0|
+        tp0.int(%w'b c')
+      end
+    end.must_equal("a"=>{"0"=>{'b'=>1, 'c'=>2}, "1"=>{'b'=>3, 'c'=>4}})
+  end
+
+  it "#convert_each! should raise if :keys option is given and not an Array/Proc/Method" do
+    tp = tp('a[0][b]=1&a[0][c]=2&a[2][b]=3&a[2][c]=4')
+    lambda{tp['a'].convert_each!(:keys=>Object.new){}}.must_raise Roda::RodaPlugins::TypecastParams::ProgrammerError
+  end
+
+  it "#convert_each! should raise if obj is a hash without '0' keys" do
     lambda{tp.convert_each!{}}.must_raise @tp_error
   end
 
+  it "#convert_each! should raise if obj is not a hash with '0' but not '0'..'N' keys" do
+    tp = tp('a[0][b]=1&a[0][c]=2&a[2][b]=3&a[2][c]=4')
+    lambda{tp['b'].convert_each!{}}.must_raise @tp_error
+  end
+
+  it "#convert_each! should raise if obj is a scalar" do
+    tp = tp('a[d][b]=1&a[d][c]=2&a[e][b]=3&a[e][c]=4')
+    lambda{tp['d']['b'].convert_each!{}}.must_raise @tp_error
+  end
+
   it "#convert_each! should raise if obj is a array of non-hashes" do
     lambda{tp['b'].convert_each!{}}.must_raise @tp_error
   end

data/spec/version_spec.rb

@@ -5,10 +5,10 @@ describe "Roda version constants" do
     Roda::RodaVersion.must_match(/\A\d+\.\d+\.\d+\z/)
   end
 
-  it "Roda*Version should be integers" do
+  it "Roda*Version and RodaVersionNumber should be integers" do
     Roda::RodaMajorVersion.must_be_kind_of(Integer)
     Roda::RodaMinorVersion.must_be_kind_of(Integer)
     Roda::RodaPatchVersion.must_be_kind_of(Integer)
+    Roda::RodaVersionNumber.must_be_kind_of(Integer)
   end
 end
-

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 3.7.0
+  version: 3.8.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-20 00:00:00.000000000 Z
+date: 2018-05-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -203,6 +203,7 @@ extra_rdoc_files:
 - doc/release_notes/3.4.0.txt
 - doc/release_notes/3.5.0.txt
 - doc/release_notes/3.6.0.txt
+- doc/release_notes/3.8.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -252,6 +253,7 @@ files:
 - doc/release_notes/3.5.0.txt
 - doc/release_notes/3.6.0.txt
 - doc/release_notes/3.7.0.txt
+- doc/release_notes/3.8.0.txt
 - lib/roda.rb
 - lib/roda/plugins/_symbol_regexp_matchers.rb
 - lib/roda/plugins/all_verbs.rb