kotovalexarian-likes-github
/
heartcombo--devise
mirror of https://github.com/heartcombo/devise.git
1
0
Fork 0
Code Releases Activity
heartcombo--devise/lib/devise/param_filter.rb

42 lines
1.2 KiB
Ruby
Raw Normal View History

Move param filtering to its own object and make all finder methods pass through it, closes #1413.
2011-11-10 12:14:02 +00:00
module Devise
class ParamFilter
def initialize(case_insensitive_keys, strip_whitespace_keys)
@case_insensitive_keys = case_insensitive_keys || []
@strip_whitespace_keys = strip_whitespace_keys || []
end
def filter(conditions)
conditions = stringify_params(conditions.dup)
@case_insensitive_keys.each do |k|
value = conditions[k]
next unless value.respond_to?(:downcase)
conditions[k] = value.downcase
end
@strip_whitespace_keys.each do |k|
value = conditions[k]
next unless value.respond_to?(:strip)
conditions[k] = value.strip
end
conditions
end
# Force keys to be string to avoid injection on mongoid related database.
def stringify_params(conditions)
return conditions unless conditions.is_a?(Hash)
conditions.each do |k, v|
conditions[k] = v.to_s if param_requires_string_conversion?(v)
end
end
private
# Determine which values should be transformed to string or passed as-is to the query builder underneath
def param_requires_string_conversion?(value)
Allow regular expressions to avoid string conversion for parameter filtering.
2011-12-14 16:41:24 +00:00
[Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
Move param filtering to its own object and make all finder methods pass through it, closes #1413.
2011-11-10 12:14:02 +00:00
end
end
end