• Stars
    star
    297
  • Rank 140,075 (Top 3 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created almost 11 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Type checking and type casting of parameters for Action Pack

stronger_parameters

CI

This is an extension of strong_parameters with added type checking and conversion.

Simple types

You can specify simple types like this:

params.permit(
  id: Parameters.id,
  name: Parameters.string
)

Arrays

You can specify arrays like this:

params.permit(
  id: Parameters.array(Parameters.id)
)

This will allow an array of id parameters that all are IDs (integer less than 2**31, greater than 0) and convert to Fixnum ('2' --> 2).

Empty array -> nil

Rails converts empty arrays to nil, so often Parameters.array | Parameters.nil is needed.

Allowing nils

It can be convenient to allow nil for all attributes since ActiveRecord converts it to false/0. ActionController::Parameters.allow_nil_for_everything = true

Rejecting nils

You can reject a request that fails to supply certain parameters by marking them as required with the .required operator:

params.permit(
  name: Parameters.string.required, # will not accept a nil or a non-String
  email: Parameters.string          # optional, may be omitted
)

This also works in conjunction with the & and | constraints. For example, to express that a uid must be either a string or a number:

params.permit(
  uid: (Parameters.string | Parameters.integer).required
)

Nested Parameters

params.permit(
  name: Parameters.string,
  emails: Parameters.array(Parameters.string),
  friends: Parameters.array(
    Parameters.map(
      name: Parameters.string,
      family: Parameters.map(
        name: Parameters.string
      ),
      hobbies: Parameters.array(Parameters.string)
    )
  )
)

This will allow parameters like this:

{
  "name": "Mick",
  "emails": ["[email protected]", "[email protected]"],
  "friends": [
    {"name": "Morten", "family": {"name": "Primdahl"}, "hobbies": ["work", "art"]},
    {"name": "Eric", "family": {"name": "Chapweske"}, "hobbies": ["boating", "whiskey"]}
  ]
}

ActiveModel Nested Attributes

params.require(:author).permit(
  name: Parameters.string,
  books_attributes: Parameters.array(
    Parameters.map(
      title: Parameters.string,
      id: Parameters.id,
      _destroy: Parameters.boolean
    )
  )
)

This will allow parameters like this:

{
  "author": {
    "name": "Eric Chapweske",
    "books_attributes": [
      {"title": "Boatin' and Drinkin'", "id": 234, "_destroy": true},
      {"title": "Advanced Boatin' and Drinkin'", "id": 567}
    ]
  }
}

Combining Requirements

If you want to permit a parameter to be one of multiple types, you can use the | operator:

params.require(:ticket).permit(
  status: Parameters.id | Parameters.enum('open', 'closed')
)

This will allow these parameter sets:

{
  "ticket": {
    "status": 123
  }
}
{
  "ticket": {
    "status": "open"
  }
}

You can use the & operator to apply further restrictions on the type:

params.require(:user).permit(
  age: Parameters.integer & Parameters.gte(0)
)

This requires the parameter to be an integer greater than or equal to 0.

Combining Requirements in Arrays

You can also use the | and & operators in arrays:

params.require(:group).permit(
  users: Parameters.array(Parameters.id | Parameters.string)
)

This will permit these parameters:

{
  "group": {
    "users": [123, "[email protected]", 345, 676, "[email protected]"]
  }
}

Rollout in log-only mode

Just want to log violations in production:

# config/environments/production.rb
ActionController::Parameters.action_on_invalid_parameters = :log

Controller support

Include PermittedParameters into a controller to force the developer to explicitly permit params for every action.

Examples:

class TestController < ApplicationController
  include StrongerParameters::ControllerSupport::PermittedParameters

  permitted_parameters :all, locale: Parameters.string # permit :locale in all actions for this controller

  permitted_parameters :show, id: Parameters.integer
  def show
  end

  permitted_parameters :create, topic: { forum: { id: Parameters.integer } }
  def create
  end

  permitted_parameters :index, {} # no parameters permitted
  def index
  end

  permitted_parameters :update, :skip # use when migrating old controllers/actions
  def update
  end
end

Log only mode for invalid parameters

To only log invalid (not unpermitted) parameters during rollout of stronger_parameters:

class MyController < ApplicationController
  log_invalid_parameters! if Rails.env.production? # Still want other environments and controllers to raise

  permitted_parameters :update, user: { name: Parameters.string }
  def update
  end
end

Notifying users about unpermitted params

Add headers to all requests that have unpermitted params (does not log invalid):

# config/application.rb
config.stronger_parameters_violation_header = 'X-StrongerParameters-API-Warn'
curl -I 'http://localhost/api/users/1.json' -X POST -d '{ "user": { "id": 1 } }'
=> HTTP/1.1 200 OK
=> ...
=> X-StrongerParameters-API-Warn: Removed restricted keys ["user.id"] from parameters

Types

Syntax (Simplified) Definition
Parameters.string value.is_a?(String)
Parameters.integer value.is_a?(Fixnum) or '-1'
Parameters.float value.is_a?(Float) or '-1.2'
Parameters.date value.is_a?(Date) or '2014-05-13' or '13.05.2014'
Parameters.date_iso8601 value is a date that conforms to ISO8601: '2014-05-13'
Parameters.time value.is_a?(Time) or '2014-05-13' or '2015-03-31 14:34:56 +0000'
Parameters.time_iso8601 value is a time that conforms to ISO8601: '2014-05-13' or '2015-03-31T14:34:56Z'
Parameters.datetime value.is_a?(DateTime) or '2014-05-13' or '2015-03-31T14:34:56Z'
Parameters.datetime_iso8601 value is a date that conforms to ISO8601: '2014-05-13' or '2015-03-31T14:34:56Z'
Parameters.regexp(/foo/) value =~ regexp
Parameters.enum('asc', 'desc') ['asc', 'desc'].include?(value)
Parameters.lt(10) value < 10
Parameters.lte(10) value <= 10
Parameters.gt(0) value > 0
Parameters.gte(0) value >= 0
Parameters.integer32 Parameters.integer & Parameters.lt(2 ** 31) & Parameters.gte(-2 ** 31)
Parameters.integer64 Parameters.integer & Parameters.lt(2 ** 63) & Parameters.gte(-2 ** 63)
Parameters.id Parameters.integer & Parameters.lt(2 ** 31) & Parameters.gte(0)
Parameters.bigid Parameters.integer & Parameters.lt(2 ** 63) & Parameters.gte(0)
Parameters.uid Parameters.integer & Parameters.lt(2 ** 32) & Parameters.gte(0)
Parameters.ubigid Parameters.integer & Parameters.lt(2 ** 64) & Parameters.gte(0)
Parameters.boolean Parameters.enum(true, false, 'true', 'false', 1, 0)
Parameters.nil value is nil
Parameters.nil_string value is nil, '', 'undefined'
Parameters.file File, StringIO, Rack::Test::UploadedFile, ActionDispatch::Http::UploadedFile or subclasses
Parameters.decimal(8,2) value is a String, Integer or Float with a precision of 9 and scale of 2
Parameters.hex value is a String that matches the hexadecimal format
Parameters.ulid value is a String of length 26 with only Crockford Base32 symbols

Development

Releasing a new version

git checkout master && git fetch origin && git reset --hard origin/master
bundle exec rake bump:<patch|minor|major>
bundle exec rake release

github action will release a new version to rubygems.org

More Repositories

1

android-floating-action-button

Floating Action Button for Android based on Material Design specification
Java
6,374
star
2

maxwell

Maxwell's daemon, a mysql-to-json kafka producer
Java
3,989
star
3

cross-storage

Cross domain local storage, with permissions
JavaScript
2,190
star
4

samson

Web interface for deployments, with plugin architecture and kubernetes support
Ruby
1,446
star
5

ruby-kafka

A Ruby client library for Apache Kafka
Ruby
1,269
star
6

helm-secrets

DEPRECATED A helm plugin that help manage secrets with Git workflow and store them anywhere
Shell
1,159
star
7

curly

The Curly template language allows separating your logic from the structure of your HTML templates.
Ruby
594
star
8

biz

Time calculations using business hours.
Ruby
488
star
9

racecar

Racecar: a simple framework for Kafka consumers in Ruby
Ruby
486
star
10

zendesk_api_client_rb

Official Ruby Zendesk API Client
Ruby
387
star
11

dropbox-api

Dropbox API Ruby Client
Ruby
362
star
12

zendesk_api_client_php

Official Zendesk API v2 client library for PHP
PHP
335
star
13

active_record_shards

Support for sharded databases and replicas for ActiveRecord
Ruby
250
star
14

delivery_boy

A simple way to publish messages to Kafka from Ruby applications
Ruby
238
star
15

android-db-commons

Some common utilities for ContentProvider/ContentResolver/Cursor and other db-related android stuff
Java
223
star
16

radar

High level API and backend for writing web apps that use push messaging
JavaScript
221
star
17

sunshine-conversations-web

The Smooch Web SDK will add live web messaging to your website or web app.
212
star
18

demo_apps

HTML
179
star
19

arturo

Feature Sliders for Rails
Ruby
174
star
20

belvedere

An image picker library for Android
Java
146
star
21

zendesk_jwt_sso_examples

Examples using JWT for Zendesk SSO
Ruby
142
star
22

sunshine-conversations-ios

Smooch
Objective-C
122
star
23

laika

Log, test, intercept and modify Apollo Client's operations
TypeScript
122
star
24

prop

Puts a cork in their requests
Ruby
117
star
25

zendesk_sdk_ios

Zendesk Mobile SDK for iOS
Objective-C
117
star
26

zopim-chat-web-sdk-sample-app

Zendesk Chat Web SDK sample app developed using React
JavaScript
98
star
27

copenhagen_theme

The default theme for Zendesk Guide
Handlebars
98
star
28

app_scaffold

A scaffold for developers to build ZAF v2 apps
JavaScript
90
star
29

node-publisher

A zero-configuration release automation tool for Node packages inspired by create-react-app and Travis CI.
JavaScript
75
star
30

zendesk_apps_tools

Ruby
74
star
31

zendesk_app_framework_sdk

The Zendesk App Framework (ZAF) SDK is a JavaScript library that simplifies cross-frame communication between iframed apps and the Zendesk App Framework
JavaScript
72
star
32

ios_sdk_demo_apps

This repository contains sample iOS code and applications which use our SDKs
Swift
64
star
33

zendesk_sdk_chat_ios

Mobile Chat SDK for iOS
Objective-C
63
star
34

kamcaptcha

A captcha plugin for Rails
Ruby
63
star
35

zcli

A command-line tool for Zendesk
TypeScript
62
star
36

linksf

A mobile website to connect those in need in to services that can help them
JavaScript
62
star
37

sdk_demo_app_android

This is Remember The Date, an Android demo app for our Mobile SDK. All docs available on developer.zendesk.com
Java
61
star
38

property_sets

A way to store attributes in a side table.
Ruby
51
star
39

go-httpclerk

A simple HTTP request/response logger for Go supporting multiple formatters.
Go
51
star
40

android-schema-utils

Android library for simplifying database schema and migrations management.
Java
48
star
41

android_sdk_demo_apps

This repository contains sample android code and applications which use our SDKs
Java
46
star
42

statsd-logger

StatsD + Datadog APM logging server for development - standalone or embedded
Go
44
star
43

sunshine-conversations-android

Smooch Android SDK
42
star
44

support_sdk_ios

Zendesk Support SDK for iOS
Objective-C
37
star
45

react-native-sunshine-conversations

React Native wrapper for Smooch.io
Java
36
star
46

docker-logs-tail

Docker Logs Tail simultaneously tails logs for all running Docker containers, interleaving them in the command line output
JavaScript
35
star
47

call_center

Ruby
34
star
48

curlybars

Handlebars.js compatible templating library in Ruby
Ruby
34
star
49

kasket

A caching layer for ActiveRecord. Puts a cap on your queries!
Ruby
33
star
50

ruby_memprofiler_pprof

Experimental memory profiler for Ruby that emits pprof files.
C
33
star
51

method_struct

Ruby
33
star
52

samlr

Clean room implementation of SAML for Ruby
Ruby
31
star
53

sdk_demo_app_ios

This is Remember The Date, an iOS demo app for our Mobile SDK. All docs available on developer.zendesk.com
Objective-C
31
star
54

volunteer_portal

An event calendar focused on tracking and reporting volunteering opportunities
JavaScript
29
star
55

classic_asp_jwt

A JWT implementation in Classic ASP
ASP
29
star
56

basecrm-ruby

Base CRM API Client
Ruby
29
star
57

ultragrep

the grep that greps the hardest.
C
28
star
58

chariot-tooltips

A javascript library for creating on screen step by step tutorials.
JavaScript
26
star
59

clj-headlights

Clojure on Beam
Clojure
26
star
60

sunshine-conversations-javascript

Javascript API for Sunshine Conversations
JavaScript
26
star
61

android-autoprovider

Utility for creating ContentProviders without boilerplate and with heavy customization options.
Java
25
star
62

basecrm-php

Base CRM API client, PHP edition
PHP
24
star
63

migration_tools

Rake tasks for Rails that add groups to migrations
Ruby
23
star
64

large_object_store

Store large objects in memcache or others by slicing them.
Ruby
22
star
65

term-check

A GitHub app which runs checks for flagged terminology in GitHub repos
Go
22
star
66

basecrm-python

BaseCRM API Client for Python
Python
22
star
67

sdk_unity_plugin

This repository contains a unity plugin which wraps the Zendesk support SDKs
Objective-C
22
star
68

jazon

Test assertions on JSONs have never been easier
Java
21
star
69

ipcluster

Node.js master/worker clustering module for sticky session load balancing using IPTABLES
JavaScript
21
star
70

sunshine-conversations-python

Smooch API Library for Python
Python
21
star
71

cloudwatch-logger

Connects standard input to Amazon CloudWatch Logs
Go
20
star
72

forger

Android library for populating the ContentProvider with test data.
Java
19
star
73

radar_client

High level API and backend for writing web apps that use push messaging
JavaScript
19
star
74

double_doc

Write documentation with your code, to keep them in sync, ideal for public API docs.
Ruby
18
star
75

pakkr

Python pipeline utility library
Python
18
star
76

chat_sdk_ios

Zendesk Chat SDK
Objective-C
18
star
77

goship

Utility that helps find, connect and copy to particular cloud resources using configured providers
Go
18
star
78

url_builder_app

A Zendesk App to help you generate links for agents.
JavaScript
18
star
79

sunshine-conversations-api-quickstart-example

Sample code to get started with the Smooch REST APIs
JavaScript
17
star
80

sunshine-conversations-desk

A sample business system built with Meteor and the Smooch API
CSS
17
star
81

apt-s3

apt method for private S3 buckets
Go
17
star
82

api_client

HTTP API Client Builder
Ruby
16
star
83

zendesk_apps_support

Ruby
16
star
84

iron_bank

An opinionated Ruby interface to the Zuora REST API
Ruby
15
star
85

private_gem

Keeps your private gems private
Ruby
15
star
86

active_record_host_pool

Connect to multiple databases using one ActiveRecord connection
Ruby
15
star
87

sdk_messaging_ios

The Zendesk Messaging SDK
Objective-C
14
star
88

rate_my_app_ios

An open source version of the Rate My App feature from 1.x versions of the Support SDK.
Swift
14
star
89

input_sanitizer

A gem to sanitize hash of incoming data
Ruby
14
star
90

sunshine-conversations-conversation-extension-examples

A series of examples using Smooch conversation extensions
HTML
14
star
91

scala-flow

A lightweight library intended to make developing Google DataFlow jobs in Scala easier.
Scala
14
star
92

punchabunch

Punchabunch: A highly concurrent, easily configurable SSH local-forwarding proxy
Go
14
star
93

zendesk-jira-plugin

Java
13
star
94

sunshine-conversations-ruby

Smooch API Library for Ruby
Ruby
13
star
95

samson_secret_puller

kubernetes sidecar and app to publish secrets to a containerized app.
Ruby
13
star
96

sqlitemaster

Android library for getting existing db schema information from sqlite_master table.
Java
13
star
97

sunshine-conversations-wordpress

PHP
13
star
98

predictive_load

Ruby
12
star
99

sunshine-conversations-api-spec

Sunshine Conversations OpenAPI Specification for v2+
12
star
100

zombie_record

A soft-delete library
Ruby
12
star