sweet_params 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 24b150701c6e6072aa8bb62ba842844a68d7cd70
+  data.tar.gz: e68ffaff84ee2cedc227cb46a6e7cc356023731d
+SHA512:
+  metadata.gz: cac1f99f54efbbeb04b871be84b771ce47152ad26be920920c63edadcbbb48b0de0ec4086fe7e0c0e8dfa589eff5351e5fb87496b2335b67b26c918de08c1125
+  data.tar.gz: ee68481da6fde49e27410d2013734b877209f5fe7f87668b54668ad65e20cb15cb3b434e1a8742ce08b114bbffe90d51f5d8b88cefa42e9e721a685d431d66e7

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Evgeny Likholetov <bsboris@gmail.com>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# Sweet Params
+
+Syntax sugar for Rails Strong Parameters, making them sweet and tasty to work with.
+
+This plugin protects you from bad practice of using #to_sym on user provided params when comparing with known value (e.g. when using params for filters or scopes):
+
+    if params[:scope].to_sym == :recent
+      ...
+Symbols are not garbage collectable, so the code above has potential DoS vulnerability.
+Attacker can send zillion of long random `[:scope]` params and your server will soon run out of memory.
+
+Of course, you can use strings instead of symbols for known values, but this just doesn't feel right. In Ruby, we used to symbols when naming things.
+
+So here goes Sweet Params, providing convinient (and safe!) methods for working with params using symbols:
+
+    def index
+      @posts = if params.has?(:scope, in: :recent)
+        Post.recent
+      elsif params.has?(:scope, in: %i(archived old))
+        Post.old
+      else
+        Post.all
+      end
+    end
+
+or using `#validate_to_sym` and `case` statement:
+
+    def index
+      @posts = case params.validate_to_sym(:scope, in: %i(recent archived old))
+      when :recent then Post.recent
+      when :archived, :old then Post.old
+      else Post.all
+      end
+    end
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'sweet_params', '~> 0.0.1'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sweet_params
+
+## Usage
+
+Testing whether param is present:
+
+    params.has?(:scope) # => params[:scope].present?
+
+Multidimensional hashes are supported:
+
+    params.has?([:filter, :scope]) # => params[:filter][:scope].present?
+
+Validating params with single:
+
+    params.has?(:scope, in: :recent) #=> params[:scope].to_s == :recent.to_s
+
+... or multiple values:
+
+    params.has?(:scope, in: %i(recent new)) #=> params[:scope].to_s == :recent.to_s or params[:scope].to_s == :new.to_s
+
+Or you can just get the param, ensure that it is allowed and work with it your way:
+
+    params.validate(:scope, in: %i(hot recent)) # => params[:scope] or nil if params is not in whitelist
+
+You can convert param to symbol (but only if it whitelisted)
+
+    params.validate_to_sym(:scope, in: %i(hot recent)) # => params[:scope].to_sym or nil if params is not in whitelist
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'spec'
+  t.pattern = 'spec/*_spec.rb'
+end

data/lib/sweet_params.rb

@@ -0,0 +1,9 @@
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/object/try'
+require 'action_controller'
+
+require 'sweet_params/version'
+require 'sweet_params/extensions'
+
+module SweetParams
+end

data/lib/sweet_params/extensions.rb

@@ -0,0 +1,32 @@
+module SweetParams
+  module Extensions
+    def has?(path, options = nil)
+      options ? !!validate(path, options) : get_param_by_path(path).present?
+    end
+
+    def validate(path, options)
+      param = get_param_by_path(path)
+      param.present? && allowed?(param, options) ? param : nil
+    end
+
+    def validate_to_sym(path, options)
+      validate(path, options).try(:to_sym)
+    end
+
+    private
+
+    def get_param_by_path(*path)
+      path.flatten.reduce(self) { |hash, key| hash && hash[key] }
+    end
+
+    def allowed?(param, options)
+      if (whitelist = *options[:in]).any?
+        whitelist.flatten.map(&:to_s).include?(param)
+      else
+        false
+      end
+    end
+  end
+end
+
+ActionController::Parameters.send :include, SweetParams::Extensions

data/lib/sweet_params/version.rb

@@ -0,0 +1,3 @@
+module SweetParams
+  VERSION = '0.0.1'
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'minitest/autorun'

data/spec/sweet_params_spec.rb

@@ -0,0 +1,69 @@
+require 'spec_helper'
+require 'sweet_params'
+
+describe SweetParams do
+  let(:params) { ActionController::Parameters.new(scope: 'recent', filter: { scope: 'recent' }, empty: '') }
+
+  describe '#has?' do
+    it 'should respond to method' do
+      params.must_respond_to :has?
+    end
+
+    it 'should be true if parameter is present' do
+      params.has?(:scope, in: [:recent, :new]).must_equal true
+    end
+
+    it 'should be false if parameter is missing' do
+      params.has?(:empty).must_equal false
+      params.has?(:not_here).must_equal false
+    end
+
+    it 'should handle multi-dimensional params hash' do
+      params.has?([:filter, :scope]).must_equal true
+    end
+
+    it 'should handle multi-dimensional params hash' do
+      params.has?([:filter, :not_here]).must_equal false
+    end
+
+    it 'should use single value as whitelist' do
+      params.has?(:scope, in: :recent).must_equal true
+    end
+
+    it 'should use array as whitelist' do
+      params.has?(:scope, in: [:recent, :new]).must_equal true
+    end
+
+    it 'should not allow not whitelisted params' do
+      params.has?(:scope, in: [:hot, :new]).must_equal false
+    end
+  end
+
+  describe '#validate' do
+    it 'should respond to method' do
+      params.must_respond_to :validate
+    end
+
+    it 'should allow whitelisted param' do
+      params.validate(:scope, in: [:hot, :recent]).must_equal 'recent'
+    end
+
+    it 'should return nil for not whitelisted param' do
+      params.validate(:scope, in: [:hot, :new]).must_equal nil
+    end
+  end
+
+  describe '#validate_to_sym' do
+    it 'should respond to method' do
+      params.must_respond_to :validate_to_sym
+    end
+
+    it 'should symbolize whitelisted param' do
+      params.validate_to_sym(:scope, in: [:hot, :recent]).must_equal :recent
+    end
+
+    it 'should return nil for not whitelisted param' do
+      params.validate_to_sym(:scope, in: [:hot, :new]).must_equal nil
+    end
+  end
+end

data/sweet_params.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sweet_params/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sweet_params'
+  spec.version       = SweetParams::VERSION
+  spec.platform      = Gem::Platform::RUBY
+  spec.authors       = ['Evgeny Likholetov']
+  spec.email         = ['bsboris@gmail.com']
+  spec.description   = 'Syntax sugar for Rails Strong Parameters.'
+  spec.summary       = 'Syntax sugar for Rails Strong Parameters.'
+  spec.homepage      = 'https://github.com/bsboris/sweet_params'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.test_files    = spec.files.grep(%r{^spec/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'activesupport', '>= 4.0'
+  spec.add_dependency 'actionpack', '>= 4.0'
+
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'minitest', '~> 4.2'
+  spec.add_development_dependency 'rake'
+end

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: sweet_params
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Evgeny Likholetov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Syntax sugar for Rails Strong Parameters.
+email:
+- bsboris@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/sweet_params.rb
+- lib/sweet_params/extensions.rb
+- lib/sweet_params/version.rb
+- spec/spec_helper.rb
+- spec/sweet_params_spec.rb
+- sweet_params.gemspec
+homepage: https://github.com/bsboris/sweet_params
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.0
+signing_key: 
+specification_version: 4
+summary: Syntax sugar for Rails Strong Parameters.
+test_files:
+- spec/spec_helper.rb
+- spec/sweet_params_spec.rb