aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib/active_model/validations/format.rb
blob: be7cae588fcbd9d39ca69fe2fac4c684e2565caa (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
module ActiveModel

  module Validations
    class FormatValidator < EachValidator # :nodoc:
      def validate_each(record, attribute, value)
        if options[:with]
          regexp = option_call(record, :with)
          record_error(record, attribute, :with, value) if value.to_s !~ regexp
        elsif options[:without]
          regexp = option_call(record, :without)
          record_error(record, attribute, :without, value) if value.to_s =~ regexp
        end
      end

      def check_validity!
        unless options.include?(:with) ^ options.include?(:without)  # ^ == xor, or "exclusive or"
          raise ArgumentError, "Either :with or :without must be supplied (but not both)"
        end

        check_options_validity(options, :with)
        check_options_validity(options, :without)
      end

      private

      def option_call(record, name)
        option = options[name]
        option.respond_to?(:call) ? option.call(record) : option
      end

      def record_error(record, attribute, name, value)
        record.errors.add(attribute, :invalid, options.except(name).merge!(value: value))
      end

      def regexp_using_multiline_anchors?(regexp)
        regexp.source.start_with?("^") ||
          (regexp.source.end_with?("$") && !regexp.source.end_with?("\\$"))
      end

      def check_options_validity(options, name)
        option = options[name]
        if option && !option.is_a?(Regexp) && !option.respond_to?(:call)
          raise ArgumentError, "A regular expression or a proc or lambda must be supplied as :#{name}"
        elsif option && option.is_a?(Regexp) &&
              regexp_using_multiline_anchors?(option) && options[:multiline] != true
          raise ArgumentError, "The provided regular expression is using multiline anchors (^ or $), " \
          "which may present a security risk. Did you mean to use \\A and \\z, or forgot to add the " \
          ":multiline => true option?"
        end
      end
    end

    module HelperMethods
      # Validates whether the value of the specified attribute is of the correct
      # form, going by the regular expression provided.You can require that the
      # attribute matches the regular expression:
      #
      #   class Person < ActiveRecord::Base
      #     validates_format_of :email, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, on: :create
      #   end
      #
      # Alternatively, you can require that the specified attribute does _not_
      # match the regular expression:
      #
      #   class Person < ActiveRecord::Base
      #     validates_format_of :email, without: /NOSPAM/
      #   end
      #
      # You can also provide a proc or lambda which will determine the regular
      # expression that will be used to validate the attribute.
      #
      #   class Person < ActiveRecord::Base
      #     # Admin can have number as a first letter in their screen name
      #     validates_format_of :screen_name,
      #                         with: ->(person) { person.admin? ? /\A[a-z0-9][a-z0-9_\-]*\z/i : /\A[a-z][a-z0-9_\-]*\z/i }
      #   end
      #
      # Note: use <tt>\A</tt> and <tt>\Z</tt> to match the start and end of the
      # string, <tt>^</tt> and <tt>$</tt> match the start/end of a line.
      #
      # Due to frequent misuse of <tt>^</tt> and <tt>$</tt>, you need to pass
      # the <tt>multiline: true</tt> option in case you use any of these two
      # anchors in the provided regular expression. In most cases, you should be
      # using <tt>\A</tt> and <tt>\z</tt>.
      #
      # You must pass either <tt>:with</tt> or <tt>:without</tt> as an option.
      # In addition, both must be a regular expression or a proc or lambda, or
      # else an exception will be raised.
      #
      # Configuration options:
      # * <tt>:message</tt> - A custom error message (default is: "is invalid").
      # * <tt>:allow_nil</tt> - If set to true, skips this validation if the
      #   attribute is +nil+ (default is +false+).
      # * <tt>:allow_blank</tt> - If set to true, skips this validation if the
      #   attribute is blank (default is +false+).
      # * <tt>:with</tt> - Regular expression that if the attribute matches will
      #   result in a successful validation. This can be provided as a proc or
      #   lambda returning regular expression which will be called at runtime.
      # * <tt>:without</tt> - Regular expression that if the attribute does not
      #   match will result in a successful validation. This can be provided as
      #   a proc or lambda returning regular expression which will be called at
      #   runtime.
      # * <tt>:multiline</tt> - Set to true if your regular expression contains
      #   anchors that match the beginning or end of lines as opposed to the
      #   beginning or end of the string. These anchors are <tt>^</tt> and <tt>$</tt>.
      #
      # There is also a list of default options supported by every validator:
      # +:if+, +:unless+, +:on+ and +:strict+.
      # See <tt>ActiveModel::Validation#validates</tt> for more information
      def validates_format_of(*attr_names)
        validates_with FormatValidator, _merge_attributes(attr_names)
      end
    end
  end
end