class Devise::ParameterFilter

Public Class Methods

new(case_insensitive_keys, strip_whitespace_keys) click to toggle source
# File lib/devise/parameter_filter.rb, line 4
def initialize(case_insensitive_keys, strip_whitespace_keys)
  @case_insensitive_keys = case_insensitive_keys || []
  @strip_whitespace_keys = strip_whitespace_keys || []
end

Public Instance Methods

filter(conditions) click to toggle source
# File lib/devise/parameter_filter.rb, line 9
def filter(conditions)
  conditions = stringify_params(conditions.dup)

  conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :downcase, @case_insensitive_keys))
  conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :strip, @strip_whitespace_keys))

  conditions
end
filtered_hash_by_method_for_given_keys(conditions, method, condition_keys) click to toggle source
# File lib/devise/parameter_filter.rb, line 18
def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
  condition_keys.each do |k|
    value = conditions[k]
    conditions[k] = value.send(method) if value.respond_to?(method)
  end

  conditions
end
stringify_params(conditions) click to toggle source

Force keys to be string to avoid injection on mongoid related database.

# File lib/devise/parameter_filter.rb, line 28
def stringify_params(conditions)
  return conditions unless conditions.is_a?(Hash)
  conditions.each do |k, v|
    conditions[k] = v.to_s if param_requires_string_conversion?(v)
  end
end

Private Instance Methods

param_requires_string_conversion?(value) click to toggle source
# File lib/devise/parameter_filter.rb, line 37
def param_requires_string_conversion?(value)
  true
end