Module: Sinatra::AcceptParams

Defined in:

lib/sinatra/accept_params.rb,
lib/sinatra/accept_params/param.rb,
lib/sinatra/accept_params/helpers.rb,
lib/sinatra/accept_params/param_rules.rb

Defined Under Namespace

Modules: Helpers Classes: Definition, InvalidParamType, InvalidParamValue, LoginRequired, MissingParam, NoParamsDefined, ParamError, ParamRules, SslRequired, UnexpectedParam

Class Method Summary

• .cache_rules ⇒ Object
• .cache_rules=(val) ⇒ Object

  Below here are settings that can be modified in environment.rb Whether or not to cache rules for performance.

• .ignore_columns ⇒ Object
• .ignore_columns=(val) ⇒ Object

  The columns in ActiveRecord models that we should ignore by default when expanding an is_a directive into a series of must_have directives for each attribute.

• .ignore_params ⇒ Object
• .ignore_params=(val) ⇒ Object

  The list of params that we should allow (but not require) by default.

• .ignore_unexpected ⇒ Object
• .ignore_unexpected=(val) ⇒ Object

  If unexpected params are encountered, default behavior is to raise an exception Setting this to true will instead just all them on through.

• .registered(app) ⇒ Object

  Needed to register params handling with Sinatra.

• .remove_unexpected ⇒ Object
• .remove_unexpected=(val) ⇒ Object

  If unexpected params are encountered, remove them to prevent injection attacks.

• .ssl_enabled ⇒ Object
• .ssl_enabled=(val) ⇒ Object

  Global on/off for SSL.

• .type_validations ⇒ Object
• .type_validations=(val) ⇒ Object

  How to validate parameters, if the person doesn’t specify :validate.

Class Method Details

.cache_rules ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 17

def self.cache_rules; @@cache_rules; end

.cache_rules=(val) ⇒ Object

Below here are settings that can be modified in environment.rb Whether or not to cache rules for performance.

# File 'lib/sinatra/accept_params.rb', line 16

def self.cache_rules=(val); @@cache_rules = val; end

.ignore_columns ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 57

def self.ignore_columns; @@ignore_columns; end

.ignore_columns=(val) ⇒ Object

The columns in ActiveRecord models that we should ignore by default when expanding an is_a directive into a series of must_have directives for each attribute. These are the attributes that are almost never present in your forms (and hence your params). By default this list is set to:

• id

• created_at

• updated_at

• created_on

• updated_on

• lock_version

You can modify this in your environment.rb if you have common attributes that should always be ignored. Here’s an example:

AcceptParams::ParamRules.ignore_columns << "deleted_at"

# File 'lib/sinatra/accept_params.rb', line 56

def self.ignore_columns=(val); @@ignore_columns = val; end

.ignore_params ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 35

def self.ignore_params; @@ignore_params; end

.ignore_params=(val) ⇒ Object

The list of params that we should allow (but not require) by default. It’s as if we said that all requests may_have these elements. By default this list is set to:

• action

• controller

• commit

• _method

You can modify this list in your environment.rb if you need to. Always use strings, not symbols for the elements. Here’s an example:

AcceptParams::ParamRules.ignore_params << "orientation"

# File 'lib/sinatra/accept_params.rb', line 34

def self.ignore_params=(val); @@ignore_params = val; end

.ignore_unexpected ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 65

def self.ignore_unexpected; @@ignore_unexpected; end

.ignore_unexpected=(val) ⇒ Object

If unexpected params are encountered, default behavior is to raise an exception Setting this to true will instead just all them on through. Note this defeats much of the purpose of the plugin. To mitigate security issues, try setting the next flag to “true” if you set this to true.

# File 'lib/sinatra/accept_params.rb', line 64

def self.ignore_unexpected=(val); @@ignore_unexpected = val; end

.registered(app) ⇒ Object

Needed to register params handling with Sinatra

# File 'lib/sinatra/accept_params/helpers.rb', line 26

def self.registered(app)
  app.helpers AcceptParams::Helpers

  app.error Sinatra::AcceptParams::LoginRequired do
    headers["WWW-Authenticate"] = %(Basic realm="Login required")
    halt 401, "Authorization required"
  end

  # Have to enumerate errors, because Sinatra uses is_a? test, not inheritance
  [ Sinatra::AcceptParams::ParamError,
    Sinatra::AcceptParams::NoParamsDefined,
    Sinatra::AcceptParams::MissingParam,
    Sinatra::AcceptParams::UnexpectedParam,
    Sinatra::AcceptParams::InvalidParamType,
    Sinatra::AcceptParams::InvalidParamValue,
    Sinatra::AcceptParams::SslRequired ].each do |cl|
    app.error cl do
      halt 400, request.env['sinatra.error'].message
    end
  end  
end

.remove_unexpected ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 73

def self.remove_unexpected; @@remove_unexpected; end

.remove_unexpected=(val) ⇒ Object

If unexpected params are encountered, remove them to prevent injection attacks. Note: This is only relevant if you set ignore_unexpected to true, in which case you can have them removed (safer) by setting this. The basic idea is that then an exception won’t be raised, but an attacker still won’t be able to inject params.

# File 'lib/sinatra/accept_params.rb', line 72

def self.remove_unexpected=(val); @@remove_unexpected = val; end

.ssl_enabled ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 89

def self.ssl_enabled; @@ssl_enabled; end

.ssl_enabled=(val) ⇒ Object

Global on/off for SSL

# File 'lib/sinatra/accept_params.rb', line 88

def self.ssl_enabled=(val); @@ssl_enabled = val; end

.type_validations ⇒ Object

# File 'lib/sinatra/accept_params.rb', line 78

def self.type_validations; @@type_validations; end

.type_validations=(val) ⇒ Object

How to validate parameters, if the person doesn’t specify :validate

# File 'lib/sinatra/accept_params.rb', line 77

def self.type_validations=(val); @@type_validations = val; end