module ActiveModel # == Active Model Format Validator module Validations class FormatValidator < EachValidator #:nodoc: def validate_each(record, attribute, value) if options[:with] regexp = option_call(record, :with) record_error(record, attribute, :with, value) if value.to_s !~ regexp elsif options[:without] regexp = option_call(record, :without) record_error(record, attribute, :without, value) if value.to_s =~ regexp end end def check_validity! unless options.include?(:with) ^ options.include?(:without) # ^ == xor, or "exclusive or" raise ArgumentError, "Either :with or :without must be supplied (but not both)" end check_options_validity(options, :with) check_options_validity(options, :without) end private def option_call(record, name) option = options[name] option.respond_to?(:call) ? option.call(record) : option end def record_error(record, attribute, name, value) record.errors.add(attribute, :invalid, options.except(name).merge!(:value => value)) end def regexp_using_multiline_anchors?(regexp) regexp.source.start_with?("^") || (regexp.source.end_with?("$") && !regexp.source.end_with?("\\$")) end def check_options_validity(options, name) option = options[name] if option && !option.is_a?(Regexp) && !option.respond_to?(:call) raise ArgumentError, "A regular expression or a proc or lambda must be supplied as :#{name}" elsif option && option.is_a?(Regexp) && regexp_using_multiline_anchors?(option) && options[:multiline] != true raise ArgumentError, "The provided regular expression is using multiline anchors (^ or $), " \ "which may present a security risk. Did you mean to use \\A and \\z, or forgot to add the " \ ":multiline => true option?" end end end module HelperMethods # Validates whether the value of the specified attribute is of the correct # form, going by the regular expression provided.You can require that the # attribute matches the regular expression: # # class Person < ActiveRecord::Base # validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :on => :create # end # # Alternatively, you can require that the specified attribute does _not_ # match the regular expression: # # class Person < ActiveRecord::Base # validates_format_of :email, :without => /NOSPAM/ # end # # You can also provide a proc or lambda which will determine the regular # expression that will be used to validate the attribute. # # class Person < ActiveRecord::Base # # Admin can have number as a first letter in their screen name # validates_format_of :screen_name, # :with => lambda{ |person| person.admin? ? /\A[a-z0-9][a-z0-9_\-]*\z/i : /\A[a-z][a-z0-9_\-]*\z/i } # end # # Note: use \A and \Z to match the start and end of the # string, ^ and $ match the start/end of a line. # # Due to frequent misuse of ^ and $, you need to pass the # :multiline => true option in case you use any of these two anchors in the provided # regular expression. In most cases, you should be using \A and \z. # # You must pass either :with or :without as an option. # In addition, both must be a regular expression or a proc or lambda, or # else an exception will be raised. # # Configuration options: # * :message - A custom error message (default is: "is invalid"). # * :allow_nil - If set to true, skips this validation if the attribute # is +nil+ (default is +false+). # * :allow_blank - If set to true, skips this validation if the # attribute is blank (default is +false+). # * :with - Regular expression that if the attribute matches will # result in a successful validation. This can be provided as a proc or lambda # returning regular expression which will be called at runtime. # * :without - Regular expression that if the attribute does not match # will result in a successful validation. This can be provided as a proc or # lambda returning regular expression which will be called at runtime. # * :on - Specifies when this validation is active. Runs in all # validation contexts by default (+nil+), other options are :create # and :update. # * :if - Specifies a method, proc or string to call to determine # if the validation should occur (e.g. :if => :allow_validation, or # :if => Proc.new { |user| user.signup_step > 2 }). The method, proc # or string should return or evaluate to a true or false value. # * :unless - Specifies a method, proc or string to call to determine # if the validation should not occur (e.g. :unless => :skip_validation, # or :unless => Proc.new { |user| user.signup_step <= 2 }). The # method, proc or string should return or evaluate to a true or false value. # * :strict - Specifies whether validation should be strict. # See ActiveModel::Validation#validates! for more information. # * :multiline - Set to true if your regular expression contains # anchors that match the beginning or end of lines as opposed to the # beginning or end of the string. These anchors are ^ and $. def validates_format_of(*attr_names) validates_with FormatValidator, _merge_attributes(attr_names) end end end end