simple_form 4.0.1 → 5.1.0

data/lib/generators/simple_form/templates/config/initializers/simple_form_foundation.rb

@@ -2,7 +2,7 @@
 #
 # Uncomment this and change the path if necessary to include your own
 # components.
-# See https://github.com/plataformatec/simple_form#custom-components to know
+# See https://github.com/heartcombo/simple_form#custom-components to know
 # more about custom components.
 # Dir[Rails.root.join('lib/components/**/*.rb')].each { |f| require f }
 #

data/lib/simple_form.rb

@@ -35,7 +35,18 @@ to
 
     def %{name}(wrapper_options)
 
-See https://github.com/plataformatec/simple_form/pull/997 for more information.
+See https://github.com/heartcombo/simple_form/pull/997 for more information.
+  WARN
+
+  FILE_METHODS_DEPRECATION_WARN = <<-WARN
+[SIMPLE_FORM] SimpleForm.file_methods is deprecated and has no effect.
+
+Since version 5, Simple Form now supports automatically discover of file inputs for the following Gems: activestorage, carrierwave, paperclip, refile and shrine.
+If you are using a custom method that is not from one of the supported Gems, please change your forms to pass the input type explicitly:
+
+    <%= form.input :avatar, as: :file %>
+
+See http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676 for more information.
   WARN
 
   @@configured = false
@@ -120,10 +131,6 @@ See https://github.com/plataformatec/simple_form/pull/997 for more information.
   mattr_accessor :browser_validations
   @@browser_validations = true
 
-  # Collection of methods to detect if a file type was given.
-  mattr_accessor :file_methods
-  @@file_methods = %i[mounted_as file? public_filename attached?]
-
   # Custom mappings for input types. This should be a hash containing a regexp
   # to match as key, and the input type that will be used when the field name
   # matches the regexp as value, such as { /count/ => :integer }.
@@ -265,6 +272,16 @@ See https://github.com/plataformatec/simple_form/pull/997 for more information.
     @@form_class = value
   end
 
+  def self.file_methods=(file_methods)
+    ActiveSupport::Deprecation.warn(FILE_METHODS_DEPRECATION_WARN, caller)
+    @@file_methods = file_methods
+  end
+
+  def self.file_methods
+    ActiveSupport::Deprecation.warn(FILE_METHODS_DEPRECATION_WARN, caller)
+    @@file_methods
+  end
+
   # Default way to setup Simple Form. Run rails generate simple_form:install
   # to create a fresh initializer with all configuration values.
   def self.setup

data/lib/simple_form/components/errors.rb

@@ -11,7 +11,7 @@ module SimpleForm
       end
 
       def has_errors?
-        object && object.respond_to?(:errors) && errors.present?
+        object_with_errors? || object.nil? && has_custom_error?
       end
 
       def has_value?
@@ -34,6 +34,10 @@ module SimpleForm
         has_custom_error? ? options[:error] : full_errors.send(error_method)
       end
 
+      def object_with_errors?
+        object && object.respond_to?(:errors) && errors.present?
+      end
+
       def error_method
         options[:error_method] || SimpleForm.error_method
       end

data/lib/simple_form/components/labels.rb

@@ -6,11 +6,9 @@ module SimpleForm
 
       module ClassMethods #:nodoc:
         def translate_required_html
-          i18n_cache :translate_required_html do
-            I18n.t(:"required.html", scope: i18n_scope, default:
-              %(<abbr title="#{translate_required_text}">#{translate_required_mark}</abbr>)
-            )
-          end
+          I18n.t(:"required.html", scope: i18n_scope, default:
+            %(<abbr title="#{translate_required_text}">#{translate_required_mark}</abbr>)
+          )
         end
 
         def translate_required_text

data/lib/simple_form/components/maxlength.rb

@@ -24,10 +24,6 @@ module SimpleForm
         find_validator(:length)
       end
 
-      def has_tokenizer?(length_validator)
-        length_validator.options[:tokenizer]
-      end
-
       def maximum_length_value_from(length_validator)
         if length_validator
           length_validator.options[:is] || length_validator.options[:maximum]

data/lib/simple_form/components/minlength.rb

@@ -24,10 +24,6 @@ module SimpleForm
         find_validator(:length)
       end
 
-      def has_tokenizer?(length_validator)
-        length_validator.options[:tokenizer]
-      end
-
       def minimum_length_value_from(length_validator)
         if length_validator
           length_validator.options[:is] || length_validator.options[:minimum]

data/lib/simple_form/form_builder.rb

@@ -26,6 +26,7 @@ module SimpleForm
     map_type :range,                                               to: SimpleForm::Inputs::RangeInput
     map_type :check_boxes,                                         to: SimpleForm::Inputs::CollectionCheckBoxesInput
     map_type :radio_buttons,                                       to: SimpleForm::Inputs::CollectionRadioButtonsInput
+    map_type :rich_text_area,                                      to: SimpleForm::Inputs::RichTextAreaInput
     map_type :select,                                              to: SimpleForm::Inputs::CollectionSelectInput
     map_type :grouped_select,                                      to: SimpleForm::Inputs::GroupedCollectionSelectInput
     map_type :date, :time, :datetime,                              to: SimpleForm::Inputs::DateTimeInput
@@ -165,7 +166,7 @@ module SimpleForm
       components = (wrapper.components.map(&:namespace) & ATTRIBUTE_COMPONENTS)
 
       options = options.dup
-      options[:input_html] = options.except(:as, :boolean_style, :collection, :label_method, :value_method, :prompt, *components)
+      options[:input_html] = options.except(:as, :boolean_style, :collection, :disabled, :label_method, :value_method, :prompt, *components)
       options = @defaults.deep_dup.deep_merge(options) if @defaults
 
       input      = find_input(attribute_name, options)
@@ -511,7 +512,7 @@ module SimpleForm
       when :has_one
         raise ArgumentError, ":has_one associations are not supported by f.association"
       else
-        if options[:as] == :select
+        if options[:as] == :select || options[:as] == :grouped_select
           html_options = options[:input_html] ||= {}
           html_options[:multiple] = true unless html_options.key?(:multiple)
         end
@@ -552,12 +553,12 @@ module SimpleForm
         :datetime
       when :string, :citext, nil
         case attribute_name.to_s
-        when /password/  then :password
-        when /time_zone/ then :time_zone
-        when /country/   then :country
-        when /email/     then :email
-        when /phone/     then :tel
-        when /url/       then :url
+        when /(?:\b|\W|_)password(?:\b|\W|_)/  then :password
+        when /(?:\b|\W|_)time_zone(?:\b|\W|_)/ then :time_zone
+        when /(?:\b|\W|_)country(?:\b|\W|_)/   then :country
+        when /(?:\b|\W|_)email(?:\b|\W|_)/     then :email
+        when /(?:\b|\W|_)phone(?:\b|\W|_)/     then :tel
+        when /(?:\b|\W|_)url(?:\b|\W|_)/       then :url
         else
           file_method?(attribute_name) ? :file : (input_type || :string)
         end
@@ -572,9 +573,28 @@ module SimpleForm
       }.try(:last) if SimpleForm.input_mappings
     end
 
+    # Internal: Try to discover whether an attribute corresponds to a file or not.
+    #
+    # Most upload Gems add some kind of attributes to the ActiveRecord's model they are included in.
+    # This method tries to guess if an attribute belongs to some of these Gems by checking the presence
+    # of their methods using `#respond_to?`.
+    #
+    # Note: This does not support multiple file upload inputs, as this is very application-specific.
+    #
+    # The order here was chosen based on the popularity of Gems:
+    #
+    # - `#{attribute_name}_attachment` - ActiveStorage >= `5.2` and Refile >= `0.2.0` <= `0.4.0`
+    # - `remote_#{attribute_name}_url` - Refile >= `0.3.0` and CarrierWave >= `0.2.2`
+    # - `#{attribute_name}_attacher` - Refile >= `0.4.0` and Shrine >= `0.9.0`
+    # - `#{attribute_name}_file_name` - Paperclip ~> `2.0` (added for backwards compatibility)
+    #
+    # Returns a Boolean.
     def file_method?(attribute_name)
-      file = @object.send(attribute_name) if @object.respond_to?(attribute_name)
-      file && SimpleForm.file_methods.any? { |m| file.respond_to?(m) }
+      @object.respond_to?("#{attribute_name}_attachment") ||
+        @object.respond_to?("#{attribute_name}_attachments") ||
+        @object.respond_to?("remote_#{attribute_name}_url") ||
+        @object.respond_to?("#{attribute_name}_attacher") ||
+        @object.respond_to?("#{attribute_name}_file_name")
     end
 
     def find_attribute_column(attribute_name)

data/lib/simple_form/inputs.rb

@@ -10,6 +10,7 @@ module SimpleForm
     autoload :CollectionInput
     autoload :CollectionRadioButtonsInput
     autoload :CollectionSelectInput
+    autoload :ColorInput
     autoload :DateTimeInput
     autoload :FileInput
     autoload :GroupedCollectionSelectInput
@@ -18,6 +19,7 @@ module SimpleForm
     autoload :PasswordInput
     autoload :PriorityInput
     autoload :RangeInput
+    autoload :RichTextAreaInput
     autoload :StringInput
     autoload :TextInput
   end

data/lib/simple_form/inputs/base.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-require 'simple_form/i18n_cache'
 require 'active_support/core_ext/string/output_safety'
 require 'action_view/helpers'
 
@@ -9,8 +8,6 @@ module SimpleForm
       include ERB::Util
       include ActionView::Helpers::TranslationHelper
 
-      extend I18nCache
-
       include SimpleForm::Helpers::Autofocus
       include SimpleForm::Helpers::Disabled
       include SimpleForm::Helpers::Readonly
@@ -72,7 +69,10 @@ module SimpleForm
         @html_classes = SimpleForm.additional_classes_for(:input) { additional_classes }
 
         @input_html_classes = @html_classes.dup
-        if SimpleForm.input_class && !input_html_classes.empty?
+
+        input_html_classes = self.input_html_classes
+
+        if SimpleForm.input_class && input_html_classes.any?
           input_html_classes << SimpleForm.input_class
         end
 

data/lib/simple_form/inputs/boolean_input.rb

@@ -63,6 +63,7 @@ module SimpleForm
         return "" if !include_hidden? || !unchecked_value
         options = { value: unchecked_value, id: nil, disabled: input_html_options[:disabled] }
         options[:name] = input_html_options[:name] if input_html_options.key?(:name)
+        options[:form] = input_html_options[:form] if input_html_options.key?(:form)
 
         @builder.hidden_field(attribute_name, options)
       end

data/lib/simple_form/inputs/collection_check_boxes_input.rb

@@ -5,7 +5,7 @@ module SimpleForm
       protected
 
       # Checkbox components do not use the required html tag.
-      # More info: https://github.com/plataformatec/simple_form/issues/340#issuecomment-2871956
+      # More info: https://github.com/heartcombo/simple_form/issues/340#issuecomment-2871956
       def has_required?
         false
       end

data/lib/simple_form/inputs/collection_input.rb

@@ -10,10 +10,8 @@ module SimpleForm
       # Texts can be translated using i18n in "simple_form.yes" and
       # "simple_form.no" keys. See the example locale file.
       def self.boolean_collection
-        i18n_cache :boolean_collection do
-          [ [I18n.t(:"simple_form.yes", default: 'Yes'), true],
-            [I18n.t(:"simple_form.no", default: 'No'), false] ]
-        end
+        [ [I18n.t(:"simple_form.yes", default: 'Yes'), true],
+          [I18n.t(:"simple_form.no", default: 'No'), false] ]
       end
 
       def input(wrapper_options = nil)
@@ -41,7 +39,7 @@ module SimpleForm
       end
 
       def has_required?
-        super && (input_options[:include_blank] || input_options[:prompt] || multiple?)
+        super && (input_options[:include_blank] || input_options[:prompt].present? || multiple?)
       end
 
       # Check if :include_blank must be included by default.

data/lib/simple_form/inputs/color_input.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module SimpleForm
+  module Inputs
+    class ColorInput < Base
+      def input(wrapper_options = nil)
+        input_html_options[:type] ||= "color" if html5?
+
+        merged_input_options = merge_wrapper_options(input_html_options, wrapper_options)
+
+        @builder.text_field(attribute_name, merged_input_options)
+      end
+    end
+  end
+end

data/lib/simple_form/inputs/priority_input.rb

@@ -15,10 +15,6 @@ module SimpleForm
 
       protected
 
-      def has_required?
-        false
-      end
-
       def skip_include_blank?
         super || input_priority.present?
       end

data/lib/simple_form/inputs/rich_text_area_input.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module SimpleForm
+  module Inputs
+    class RichTextAreaInput < Base
+      def input(wrapper_options = nil)
+        merged_input_options = merge_wrapper_options(input_html_options, wrapper_options)
+
+        @builder.rich_text_area(attribute_name, merged_input_options)
+      end
+    end
+  end
+end

data/lib/simple_form/inputs/string_input.rb

@@ -18,7 +18,7 @@ module SimpleForm
       private
 
       def string?
-        input_type == :string
+        input_type == :string || input_type == :citext
       end
     end
   end

data/lib/simple_form/tags.rb

@@ -48,7 +48,9 @@ module SimpleForm
       private
 
       def render_component(builder)
-        builder.radio_button + builder.label(class: "collection_radio_buttons")
+        label_class = "#{@options[:item_label_class]} collection_radio_buttons".strip
+
+        builder.radio_button + builder.label(class: label_class)
       end
     end
 
@@ -62,7 +64,9 @@ module SimpleForm
       private
 
       def render_component(builder)
-        builder.check_box + builder.label(class: "collection_check_boxes")
+        label_class = "#{@options[:item_label_class]} collection_check_boxes".strip
+
+        builder.check_box + builder.label(class: label_class)
       end
     end
   end

data/lib/simple_form/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module SimpleForm
-  VERSION = "4.0.1".freeze
+  VERSION = "5.1.0".freeze
 end

data/lib/simple_form/wrappers/root.rb

@@ -28,11 +28,16 @@ module SimpleForm
         css += SimpleForm.additional_classes_for(:wrapper) do
           input.additional_classes + [input.input_class]
         end
-        css << (options[:wrapper_error_class] || @defaults[:error_class]) if input.has_errors?
-        css << (options[:wrapper_hint_class] || @defaults[:hint_class]) if input.has_hint?
-        css << (options[:wrapper_valid_class] || @defaults[:valid_class]) if input.valid?
+        css << html_class(:error_class, options) { input.has_errors? }
+        css << html_class(:hint_class, options) { input.has_hint? }
+        css << html_class(:valid_class, options) { input.valid? }
         css.compact
       end
+
+      def html_class(key, options)
+        css = (options[:"wrapper_#{key}"] || @defaults[key])
+        css if css && yield
+      end
     end
   end
 end

data/test/action_view_extensions/builder_test.rb

@@ -45,8 +45,17 @@ class BuilderTest < ActionView::TestCase
 
   test "collection radio sanitizes collection values for labels correctly" do
     with_collection_radio_buttons @user, :name, ['$0.99', '$1.99'], :to_s, :to_s
-    assert_select 'label.collection_radio_buttons[for=user_name_099]', '$0.99'
-    assert_select 'label.collection_radio_buttons[for=user_name_199]', '$1.99'
+
+    # Rails 6 changed the way it sanitizes the values
+    # https://github.com/rails/rails/blob/6-0-stable/actionview/lib/action_view/helpers/tags/base.rb#L141
+    # https://github.com/rails/rails/blob/5-2-stable/actionview/lib/action_view/helpers/tags/base.rb#L141
+    if ActionView::VERSION::MAJOR == 5
+      assert_select 'label.collection_radio_buttons[for=user_name_099]', '$0.99'
+      assert_select 'label.collection_radio_buttons[for=user_name_199]', '$1.99'
+    else
+      assert_select 'label.collection_radio_buttons[for=user_name_0_99]', '$0.99'
+      assert_select 'label.collection_radio_buttons[for=user_name_1_99]', '$1.99'
+    end
   end
 
   test "collection radio checks the correct value to local variables" do
@@ -292,8 +301,17 @@ class BuilderTest < ActionView::TestCase
 
   test "collection check box sanitizes collection values for labels correctly" do
     with_collection_check_boxes @user, :name, ['$0.99', '$1.99'], :to_s, :to_s
-    assert_select 'label.collection_check_boxes[for=user_name_099]', '$0.99'
-    assert_select 'label.collection_check_boxes[for=user_name_199]', '$1.99'
+
+    # Rails 6 changed the way it sanitizes the values
+    # https://github.com/rails/rails/blob/6-0-stable/actionview/lib/action_view/helpers/tags/base.rb#L141
+    # https://github.com/rails/rails/blob/5-2-stable/actionview/lib/action_view/helpers/tags/base.rb#L141
+    if ActionView::VERSION::MAJOR == 5
+      assert_select 'label.collection_check_boxes[for=user_name_099]', '$0.99'
+      assert_select 'label.collection_check_boxes[for=user_name_199]', '$1.99'
+    else
+      assert_select 'label.collection_check_boxes[for=user_name_0_99]', '$0.99'
+      assert_select 'label.collection_check_boxes[for=user_name_1_99]', '$1.99'
+    end
   end
 
   test "collection check box checks the correct value to local variables" do

data/test/components/label_test.rb

@@ -4,10 +4,6 @@ require 'test_helper'
 
 # Isolated tests for label without triggering f.label.
 class IsolatedLabelTest < ActionView::TestCase
-  setup do
-    SimpleForm::Inputs::Base.reset_i18n_cache :translate_required_html
-  end
-
   def with_label_for(object, attribute_name, type, options = {})
     with_concat_form_for(object) do |f|
       options[:reflection] = Association.new(Company, :company, {}) if options.delete(:setup_association)

data/test/form_builder/association_test.rb

@@ -243,4 +243,10 @@ class AssociationTest < ActionView::TestCase
     assert_equal({ as: :check_boxes, collection_wrapper_tag: :ul, item_wrapper_tag: :li },
                  options)
   end
+
+  test 'builder with group select considers multiple select by default' do
+    with_association_for @user, :tags, as: :grouped_select, group_method: :group_method
+
+    assert_select 'select[multiple="multiple"].grouped_select'
+  end
 end