Merge pull request #821 from rebelact/fix_hash_parameters

fix passing string value when hash is expected

CHANGELOG.md

@@ -13,6 +13,7 @@
 * [#809](https://github.com/intridea/grape/pull/809): Removed automatic `(.:format)` suffix on paths if you're using only one format (e.g., with `format :json`, `/path` will respond with JSON but `/path.xml` will be a 404) - [@ajvondrak](https://github.com/ajvondrak).
 * [#816](https://github.com/intridea/grape/pull/816): Added ability to filter out missing params if params is a nested hash with `declared(params, include_missing: false)` - [@georgimitev](https://github.com/georgimitev).
 * [#819](https://github.com/intridea/grape/pull/819): Allowed both `desc` and `description` in the params DSL - [@mzikherman](https://github.com/mzikherman).
+* [#821](https://github.com/intridea/grape/pull/821): Fixed passing string value when hash is expected in params - [@rebelact](https://github.com/rebelact).
 * Your contribution here.
 
 0.9.0 (8/27/2014)

lib/grape/validations/validators/allow_blank.rb

@@ -2,7 +2,7 @@ module Grape
   module Validations
     class AllowBlankValidator < Base
       def validate_param!(attr_name, params)
-        return if @option
+        return if @option || !params.is_a?(Hash)
 
         value = params[attr_name]
         value = value.strip if value.respond_to?(:strip)

lib/grape/validations/validators/base.rb

@@ -13,7 +13,7 @@ def initialize(attrs, options, required, scope)
       def validate!(params)
         attributes = AttributesIterator.new(self, @scope, params)
         attributes.each do |resource_params, attr_name|
-          if @required || resource_params.key?(attr_name)
+          if @required || (resource_params.respond_to?(:key?) && resource_params.key?(attr_name))
             validate_param!(attr_name, resource_params)
           end
         end

spec/grape/validations/validators/allow_blank_spec.rb

@@ -43,12 +43,26 @@ class API < Grape::API
         end
         get '/disallow_blank_required_param_in_a_required_group'
 
+        params do
+          requires :user, type: Hash do
+            requires :name, allow_blank: false
+          end
+        end
+        get '/disallow_string_value_in_a_required_hash_group'
+
         params do
           requires :user, type: Hash do
             optional :name, allow_blank: false
           end
         end
         get '/disallow_blank_optional_param_in_a_required_group'
+
+        params do
+          optional :user, type: Hash do
+            optional :name, allow_blank: false
+          end
+        end
+        get '/disallow_string_value_in_an_optional_hash_group'
       end
     end
   end
@@ -129,6 +143,11 @@ def app
         get '/disallow_blank_required_param_in_a_required_group', user: { name: "" }
         expect(last_response.status).to eq(400)
       end
+
+      it 'refuses a string value in a required hash group' do
+        get '/disallow_string_value_in_a_required_hash_group', user: ""
+        expect(last_response.status).to eq(400)
+      end
     end
 
     context 'as an optional param' do
@@ -141,6 +160,11 @@ def app
         get '/disallow_blank_optional_param_in_a_required_group', user: { age: "29", name: "" }
         expect(last_response.status).to eq(400)
       end
+
+      it 'refuses a string value in an optional hash group' do
+        get '/disallow_string_value_in_an_optional_hash_group', user: ""
+        expect(last_response.status).to eq(400)
+      end
     end
   end
 end