stronger_parameters 1.2.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3568bf8a5f163b2577c2a2db420c9ecd6534bc43
-  data.tar.gz: 9952531fa04a5b07988b532e59f5bfefca219dec
+  metadata.gz: 1bd826f84e376bd4d0b5c557b5770f40f08f653b
+  data.tar.gz: 7acf03a25fa7b77ff84b238252fa39cf13812df5
 SHA512:
-  metadata.gz: 97faf8d085c515a083c688eb9679a444c3eb19db132f739f9d69e2a3f809b33df8bd9af2552b5ec6263563c7147373c04e983becfdb834df7cf1ccabf91e1a20
-  data.tar.gz: dc48aaa7df830e1fd5032111408cd9a612aa61fdd323bc06444868f3163e42cc2f345077026f4f048c1b548472ea7521c89f2179958eccd2bd324a271fa732a2
+  metadata.gz: 23fd6b95f810e7637c4efa87e27d98b6d7a3b71932d812d7e3b604c9127e745be91441d34460983352a663b78ddc7cbaf9c9fb061c2a1abf4f2cd06decf0d81e
+  data.tar.gz: b213e7733e7123d08cc8f963b28e006e334e5a241482f873184af7d33038bc14daded5154e982879804eadf03982a9f72eea4be5d34cd47828a1ad50918bb6b3

data/README.md

@@ -1,15 +1,15 @@
 # stronger_parameters
 [![Build Status](https://travis-ci.org/zendesk/stronger_parameters.svg?branch=master)](https://travis-ci.org/zendesk/stronger_parameters)
 
-This is an extension of `strong_parameters` with added type checking.
+This is an extension of `strong_parameters` with added type checking and conversion.
 
 ## Simple types
 You can specify simple types like this:
 
 ```ruby
 params.permit(
-  :id   => Parameters.id,
-  :name => Parameters.string
+  id: Parameters.id,
+  name: Parameters.string
 )
 ```
 
@@ -18,25 +18,34 @@ You can specify arrays like this:
 
 ```ruby
 params.permit(
-  :id => Parameters.array(Parameters.id)
+  id: Parameters.array(Parameters.id)
 )
 ```
 
-This will allow an array of id parameters that all are IDs.
+This will allow an array of id parameters that all are IDs (integer less than 2**31, greater than 0) and convert to Fixnum (`'2' --> 2`).
+
+### Empty array -> nil
+Rails converts empty arrays to nil unless `config.action_dispatch.perform_deep_munge = false` is set
+(available in Rails 4.1+). Either use this or `Parameters.array | Parameters.nil` to deal with this.
+
+### Allowing nils
+
+It can be convenient to allow nil to be passed as all kinds of attributes since ActiveRecord converts it to false/0 behind the scenes.
+`ActionController::Parameters.allow_nil_for_everything = true`
 
 ## Nested Parameters
 
 ```ruby
 params.permit(
-  :name    => Parameters.string,
-  :emails  => Parameters.array(Parameters.string),
-  :friends => Parameters.array(
+  name: Parameters.string,
+  emails: Parameters.array(Parameters.string),
+  friends: Parameters.array(
     Parameters.map(
-      :name   => Parameters.string,
-      :family => Parameters.map(
-        :name => Parameters.string
+      name: Parameters.string,
+      family: Parameters.map(
+        name: Parameters.string
       )
-      :hobbies => Parameters.array(Parameters.string)
+      hobbies: Parameters.array(Parameters.string)
     )
   )
 )
@@ -59,12 +68,12 @@ This will allow parameters like this:
 
 ```ruby
 params.require(:author).permit(
-  :name => Parameters.string,
-  :books_attributes => Parameters.array(
+  name: Parameters.string,
+  books_attributes: Parameters.array(
     Parameters.map(
-      :title => Parameters.string,
-      :id => Parameters.id,
-      :_destroy => Parameters.boolean
+      title: Parameters.string,
+      id: Parameters.id,
+      _destroy: Parameters.boolean
     )
   )
 )
@@ -90,7 +99,7 @@ If you want to permit a parameter to be one of multiple types, you can use the `
 
 ```ruby
 params.require(:ticket).permit(
-  :status => Parameters.id | Parameters.enum('open', 'closed')
+  status: Parameters.id | Parameters.enum('open', 'closed')
 )
 ```
 
@@ -115,7 +124,7 @@ You can use the `&` operator to apply further restrictions on the type:
 
 ```ruby
 params.require(:user).permit(
-  :age => Parameters.integer & Parameters.gte(0)
+  age: Parameters.integer & Parameters.gte(0)
 )
 ```
 
@@ -127,7 +136,7 @@ You can also use the `|` and `&` operators in arrays:
 
 ```ruby
 params.require(:group).permit(
-  :users => Parameters.array(Parameters.id | Parameters.string)
+  users: Parameters.array(Parameters.id | Parameters.string)
 )
 ```
 
@@ -140,19 +149,35 @@ This will permit these parameters:
 }
 ```
 
+## Production rollout
+
+Just want to log violations in production:
+
+```Ruby
+# config/environments/production.rb
+ActionController::Parameters.action_on_invalid_parameters = :log
+```
+
 ## Types
 
 | Syntax                         | (Simplified) Definition                                                 |
 |--------------------------------|-------------------------------------------------------------------------|
 | Parameters.string              | value.is_a?(String)                                                     |
-| Parameters.integer             | value.is_a?(Fixnum)                                                     |
+| Parameters.integer             | value.is_a?(Fixnum) or '-1'                                             |
+| Parameters.float               | value.is_a?(Float) or '-1.2'                                            |
+| Parameters.datetime            | value.is_a?(DateTime) or '2014-05-13' or '2015-03-31T14:34:56Z'         |
+| Parameters.regexp(/foo/)       | value =~ regexp                                                         |
 | Parameters.enum('asc', 'desc') | ['asc', 'desc'].include?(value)                                         |
 | Parameters.lt(10)              | value < 10                                                              |
 | Parameters.lte(10)             | value <= 10                                                             |
 | Parameters.gt(0)               | value > 0                                                               |
 | Parameters.gte(0)              | value >= 0                                                              |
-| Parameters.integer32           | Parameters.integer & Parameters.lte(2 ** 31) & Parameters.gte(-2 ** 31) |
-| Parameters.integer64           | Parameters.integer & Parameters.lte(2 ** 63) & Parameters.gte(-2 ** 63) |
-| Parameters.id                  | Parameters.integer & Parameters.lte(2 ** 31) & Parameters.gte(0)        |
-| Parameters.bigid               | Parameters.integer & Parameters.lte(2 ** 63) & Parameters.gte(0)        |
+| Parameters.integer32           | Parameters.integer & Parameters.lt(2 ** 31) & Parameters.gte(-2 ** 31)  |
+| Parameters.integer64           | Parameters.integer & Parameters.lt(2 ** 63) & Parameters.gte(-2 ** 63)  |
+| Parameters.id                  | Parameters.integer & Parameters.lt(2 ** 31) & Parameters.gte(0)         |
+| Parameters.bigid               | Parameters.integer & Parameters.lt(2 ** 63) & Parameters.gte(0)         |
+| Parameters.uid                 | Parameters.integer & Parameters.lt(2 ** 32) & Parameters.gte(0)         |
+| Parameters.ubigid              | Parameters.integer & Parameters.lt(2 ** 64) & Parameters.gte(0)         |
 | Parameters.boolean             | Parameters.enum(true, false, 'true', 'false', 1, 0)                     |
+| Parameters.nil                 | value is nil                                                            |
+| Parameters.nil_string          | value is nil, '', 'undefined'                                           |

data/lib/stronger_parameters.rb

@@ -1,6 +1,5 @@
 require 'stronger_parameters/version'
 require 'action_pack'
 require 'strong_parameters' if ActionPack::VERSION::MAJOR == 3
-require 'stronger_parameters/railtie'
 require 'stronger_parameters/parameters'
 require 'stronger_parameters/constraints'

data/lib/stronger_parameters/constraints.rb

@@ -30,14 +30,15 @@ module StrongerParameters
       exception = nil
 
       constraints.each do |c|
-        begin
-          return c.value(v)
-        rescue InvalidParameter => e
-          exception ||= e
+        result = c.value(v)
+        if result.is_a?(InvalidValue)
+          exception ||= result
+        else
+          return result
         end
       end
 
-      raise exception
+      exception
     end
 
     def |(other)
@@ -60,6 +61,7 @@ module StrongerParameters
     def value(v)
       constraints.each do |c|
         v = c.value(v)
+        return v if v.is_a?(InvalidValue)
       end
       v
     end
@@ -76,9 +78,14 @@ module StrongerParameters
 end
 
 require 'stronger_parameters/constraints/string_constraint'
+require 'stronger_parameters/constraints/float_constraint'
+require 'stronger_parameters/constraints/date_time_constraint'
+require 'stronger_parameters/constraints/regexp_constraint'
 require 'stronger_parameters/constraints/integer_constraint'
+require 'stronger_parameters/constraints/nil_constraint'
 require 'stronger_parameters/constraints/boolean_constraint'
 require 'stronger_parameters/constraints/array_constraint'
 require 'stronger_parameters/constraints/hash_constraint'
 require 'stronger_parameters/constraints/enumeration_constraint'
 require 'stronger_parameters/constraints/comparison_constraints'
+require 'stronger_parameters/constraints/nil_string_contraint'

data/lib/stronger_parameters/constraints/array_constraint.rb

@@ -11,11 +11,13 @@ module StrongerParameters
     def value(v)
       if v.is_a?(Array)
         return v.map do |item|
-          item_constraint.value(item)
+          result = item_constraint.value(item)
+          return result if result.is_a?(InvalidValue)
+          result
         end
       end
 
-      raise InvalidParameter.new(v, "must be an array")
+      InvalidValue.new(v, "must be an array")
     end
 
     def ==(other)

data/lib/stronger_parameters/constraints/boolean_constraint.rb

@@ -14,7 +14,7 @@ module StrongerParameters
         return false
       end
 
-      raise InvalidParameter.new(v, "must be either true or false")
+      InvalidValue.new(v, "must be either true or false")
     end
   end
 end

data/lib/stronger_parameters/constraints/comparison_constraints.rb

@@ -17,7 +17,7 @@ module StrongerParameters
     def value(v)
       return v if v < limit
 
-      raise InvalidParameter.new(v, "must be less than #{limit}")
+      InvalidValue.new(v, "must be less than #{limit}")
     end
   end
 
@@ -25,7 +25,7 @@ module StrongerParameters
     def value(v)
       return v if v <= limit
 
-      raise InvalidParameter.new(v, "must be less than or equal to #{limit}")
+      InvalidValue.new(v, "must be less than or equal to #{limit}")
     end
   end
 
@@ -33,7 +33,7 @@ module StrongerParameters
     def value(v)
       return v if v > limit
 
-      raise InvalidParameter.new(v, "must be greater than #{limit}")
+      InvalidValue.new(v, "must be greater than #{limit}")
     end
   end
 
@@ -41,7 +41,7 @@ module StrongerParameters
     def value(v)
       return v if v >= limit
 
-      raise InvalidParameter.new(v, "must be greater than or equal to #{limit}")
+      InvalidValue.new(v, "must be greater than or equal to #{limit}")
     end
   end
 end

data/lib/stronger_parameters/constraints/date_time_constraint.rb

@@ -0,0 +1,15 @@
+require 'stronger_parameters/constraints'
+
+module StrongerParameters
+  class DateTimeConstraint < Constraint
+    def value(v)
+      return v if v.is_a?(DateTime)
+
+      begin
+        DateTime.parse v
+      rescue ArgumentError
+        StrongerParameters::InvalidValue.new(v, "must be a date")
+      end
+    end
+  end
+end

data/lib/stronger_parameters/constraints/enumeration_constraint.rb

@@ -11,7 +11,7 @@ module StrongerParameters
     def value(v)
       return v if allowed.include?(v)
 
-      raise InvalidParameter.new(v, "must be one of these: #{allowed.to_sentence}")
+      InvalidValue.new(v, "must be one of these: #{allowed.to_sentence}")
     end
 
     def ==(other)

data/lib/stronger_parameters/constraints/float_constraint.rb

@@ -0,0 +1,15 @@
+require 'stronger_parameters/constraints'
+
+module StrongerParameters
+  class FloatConstraint < Constraint
+    def value(v)
+      if v.is_a?(Float)
+        return v
+      elsif v.is_a?(String) && v =~ /\A-?\d+\.\d+\Z/
+        return v.to_f
+      end
+
+      StrongerParameters::InvalidValue.new(v, "must be a float")
+    end
+  end
+end

data/lib/stronger_parameters/constraints/hash_constraint.rb

@@ -14,7 +14,7 @@ module StrongerParameters
         return ActionController::Parameters.new(v).permit(constraints)
       end
 
-      raise InvalidParameter.new(v, "must be a hash")
+      InvalidValue.new(v, "must be a hash")
     end
 
     def merge(other)

data/lib/stronger_parameters/constraints/integer_constraint.rb

@@ -9,7 +9,7 @@ module StrongerParameters
         return v.to_i
       end
 
-      raise InvalidParameter.new(v, 'must be an integer')
+      InvalidValue.new(v, 'must be an integer')
     end
   end
 end

data/lib/stronger_parameters/constraints/nil_constraint.rb

@@ -0,0 +1,11 @@
+require 'stronger_parameters/constraints'
+
+module StrongerParameters
+  class NilConstraint < Constraint
+    def value(v)
+      return v if v.nil?
+
+      InvalidValue.new(v, 'must be an nil')
+    end
+  end
+end

data/lib/stronger_parameters/constraints/nil_string_contraint.rb

@@ -0,0 +1,15 @@
+require 'stronger_parameters/constraints'
+
+module StrongerParameters
+  class NilStringConstraint < Constraint
+    NULL_VALUES = [nil, '', 'undefined']
+
+    def value(v)
+      if NULL_VALUES.include?(v)
+        nil
+      else
+        StrongerParameters::InvalidValue.new(v, "must be a nil string")
+      end
+    end
+  end
+end

data/lib/stronger_parameters/constraints/regexp_constraint.rb

@@ -0,0 +1,26 @@
+require 'stronger_parameters/constraints'
+
+module StrongerParameters
+  class RegexpConstraint < Constraint
+    attr_reader :regexp
+
+    def initialize(regexp)
+      @regexp = regexp
+      @string = StringConstraint.new
+    end
+
+    def value(v)
+      v = @string.value(v)
+      return v if v.is_a?(InvalidValue)
+      if v =~ regexp
+        v
+      else
+        InvalidValue.new(v, "must match #{regexp.source}")
+      end
+    end
+
+    def ==(other)
+      super && regexp == other.regexp
+    end
+  end
+end

data/lib/stronger_parameters/constraints/string_constraint.rb

@@ -11,13 +11,13 @@ module StrongerParameters
     def value(v)
       if v.is_a?(String)
         if maximum_length && v.bytesize > maximum_length
-          raise InvalidParameter.new(v, "can not be longer than #{maximum_length} bytes")
+          return InvalidValue.new(v, "can not be longer than #{maximum_length} bytes")
         end
 
         return v
       end
 
-      raise InvalidParameter.new(v, 'must be a string')
+      InvalidValue.new(v, 'must be a string')
     end
 
     def ==(other)

data/lib/stronger_parameters/errors.rb

@@ -1,19 +1,20 @@
 module StrongerParameters
-  class InvalidParameter < StandardError
-    attr_accessor :key, :value, :message
+  class InvalidValue
+    attr_accessor :value, :message
 
     def initialize(value, message)
       @value = value
       @message = message
-      super(message)
     end
+  end
+
+  class InvalidParameter < StandardError
+    attr_accessor :key, :value
 
-    def to_s
-      if key.present?
-        "found invalid value for #{key}. Value #{super}"
-      else
-        "found invalid value. Value #{super}"
-      end
+    def initialize(invalid_value, key)
+      @value = invalid_value.value
+      @key = key
+      super(invalid_value.message)
     end
   end
 end

data/lib/stronger_parameters/parameters.rb

@@ -16,6 +16,7 @@ module StrongerParameters
     included do
       alias_method_chain :hash_filter, :stronger_parameters
       cattr_accessor :action_on_invalid_parameters, :instance_accessor => false
+      cattr_accessor :allow_nil_for_everything, :instance_accessor => false
     end
 
     module ClassMethods
@@ -23,10 +24,18 @@ module StrongerParameters
         Constraint.new
       end
 
+      def nil
+        NilConstraint.new
+      end
+
       def string(options = {})
         StringConstraint.new(options)
       end
 
+      def regexp(regex)
+        RegexpConstraint.new(regex)
+      end
+
       def integer
         @integer ||= IntegerConstraint.new
       end
@@ -48,19 +57,27 @@ module StrongerParameters
       end
 
       def integer32
-        integer & lte(2 ** 31) & gte(-2 ** 31)
+        integer & lt(2 ** 31) & gte(-2 ** 31)
       end
 
       def integer64
-        integer & lte(2 ** 63) & gte(-2 ** 63)
+        integer & lt(2 ** 63) & gte(-2 ** 63)
       end
 
       def id
-        integer & lte(2 ** 31) & gte(0)
+        integer & lt(2 ** 31) & gte(0)
+      end
+
+      def uid
+        integer & lt(2 ** 32) & gte(0)
       end
 
       def bigid
-        integer & lte(2 ** 63) & gte(0)
+        integer & lt(2 ** 63) & gte(0)
+      end
+
+      def ubigid
+        integer & lt(2 ** 64) & gte(0)
       end
 
       def enumeration(*allowed)
@@ -72,6 +89,10 @@ module StrongerParameters
         BooleanConstraint.new
       end
 
+      def float
+        FloatConstraint.new
+      end
+
       def array(item_constraint)
         ArrayConstraint.new(item_constraint)
       end
@@ -79,6 +100,14 @@ module StrongerParameters
       def map(constraints = nil)
         HashConstraint.new(constraints)
       end
+
+      def nil_string
+        NilStringConstraint.new
+      end
+
+      def datetime
+        DateTimeConstraint.new
+      end
     end
 
     def hash_filter_with_stronger_parameters(params, filter)
@@ -96,27 +125,35 @@ module StrongerParameters
       hash_filter_without_stronger_parameters(params, other_filter)
 
       slice(*stronger_filter.keys).each do |key, value|
-        if value.nil?
+        if value.nil? && self.class.allow_nil_for_everything
           params[key] = nil
           next
         end
 
         constraint = stronger_filter[key]
-        begin
-          params[key] = constraint.value(value)
-        rescue InvalidParameter => e
-          e.key = key
-
+        result = constraint.value(value)
+        if result.is_a?(InvalidValue)
           name = "invalid_parameter.action_controller"
-          ActiveSupport::Notifications.publish(name, :key => key, :value => value, :message => e.message)
+          ActiveSupport::Notifications.publish(name, :key => key, :value => value, :message => result.message)
+
+          action = self.class.action_on_invalid_parameters
+          case action
+          when :raise, nil
+            raise StrongerParameters::InvalidParameter.new(result, key)
+          when Proc
+            action.call(result, key)
+          when :log
+            Rails.logger.warn("#{key} #{result.message}, but was: #{value.inspect}")
+          else
+            raise ArgumentError, "Unsupported value in action_on_invalid_parameters: #{action}"
+          end
 
           params[key] = value
-
-          raise if self.class.action_on_invalid_parameters == :raise
+        else
+          params[key] = result
         end
       end
     end
-
   end
 
   module ControllerSupport

data/lib/stronger_parameters/version.rb

@@ -1,3 +1,3 @@
 module StrongerParameters
-  VERSION = '1.2.0'
+  VERSION = '2.0.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stronger_parameters
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Mick Staugaard
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-05 00:00:00.000000000 Z
+date: 2015-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-around
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest-rg
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +136,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: bump
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -149,13 +177,17 @@ files:
 - lib/stronger_parameters/constraints/array_constraint.rb
 - lib/stronger_parameters/constraints/boolean_constraint.rb
 - lib/stronger_parameters/constraints/comparison_constraints.rb
+- lib/stronger_parameters/constraints/date_time_constraint.rb
 - lib/stronger_parameters/constraints/enumeration_constraint.rb
+- lib/stronger_parameters/constraints/float_constraint.rb
 - lib/stronger_parameters/constraints/hash_constraint.rb
 - lib/stronger_parameters/constraints/integer_constraint.rb
+- lib/stronger_parameters/constraints/nil_constraint.rb
+- lib/stronger_parameters/constraints/nil_string_contraint.rb
+- lib/stronger_parameters/constraints/regexp_constraint.rb
 - lib/stronger_parameters/constraints/string_constraint.rb
 - lib/stronger_parameters/errors.rb
 - lib/stronger_parameters/parameters.rb
-- lib/stronger_parameters/railtie.rb
 - lib/stronger_parameters/version.rb
 homepage: https://github.com/zendesk/stronger_parameters
 licenses:

data/lib/stronger_parameters/railtie.rb

@@ -1,11 +0,0 @@
-require 'rails/railtie'
-
-module StrongParameters
-  class Railtie < ::Rails::Railtie
-    initializer "stronger_parameters.config", :before => "action_controller.set_configs" do |app|
-      ActionController::Parameters.action_on_invalid_parameters = app.config.action_controller.delete(:action_on_invalid_parameters) do
-        (Rails.env.test? || Rails.env.development?) ? :log : false
-      end
-    end
-  end
-end