fix passing string value when hash is expected

CHANGELOG.md

@@ -13,6 +13,7 @@
 * [#809](https://github.com/intridea/grape/pull/809): Removed automatic `(.:format)` suffix on paths if you're using only one format (e.g., with `format :json`, `/path` will respond with JSON but `/path.xml` will be a 404) - [@ajvondrak](https://github.com/ajvondrak).
 * [#816](https://github.com/intridea/grape/pull/816): Added ability to filter out missing params if params is a nested hash with `declared(params, include_missing: false)` - [@georgimitev](https://github.com/georgimitev).
 * [#819](https://github.com/intridea/grape/pull/819): Allowed both `desc` and `description` in the params DSL - [@mzikherman](https://github.com/mzikherman).
+* [#821](https://github.com/intridea/grape/pull/821): Fixed passing string value when hash is expected in params - [@rebelact](https://github.com/rebelact).
 * Your contribution here.
 
 0.9.0 (8/27/2014)

lib/grape/validations/validators/allow_blank.rb

@@ -2,7 +2,7 @@ module Grape
  module Validations
  class AllowBlankValidator < Base
  def validate_param!(attr_name, params)
- return if @option
+ return if @option || !params.is_a?(Hash)
 
  value = params[attr_name]
  value = value.strip if value.respond_to?(:strip)

lib/grape/validations/validators/base.rb

@@ -13,7 +13,7 @@ def initialize(attrs, options, required, scope)
  def validate!(params)
  attributes = AttributesIterator.new(self, @scope, params)
  attributes.each do |resource_params, attr_name|
- if @required || resource_params.key?(attr_name)
+ if @required || (resource_params.respond_to?(:key?) && resource_params.key?(attr_name))
  validate_param!(attr_name, resource_params)
  end
  end

spec/grape/validations/validators/allow_blank_spec.rb

@@ -43,12 +43,26 @@ class API < Grape::API
  end
  get '/disallow_blank_required_param_in_a_required_group'
 
+ params do
+ requires :user, type: Hash do
+ requires :name, allow_blank: false
+ end
+ end
+ get '/disallow_string_value_in_a_required_hash_group'
+
  params do
  requires :user, type: Hash do
  optional :name, allow_blank: false
  end
  end
  get '/disallow_blank_optional_param_in_a_required_group'
+
+ params do
+ optional :user, type: Hash do
+ optional :name, allow_blank: false
+ end
+ end
+ get '/disallow_string_value_in_an_optional_hash_group'
  end
  end
  end
@@ -129,6 +143,11 @@ def app
  get '/disallow_blank_required_param_in_a_required_group', user: { name: "" }
  expect(last_response.status).to eq(400)
  end
+
+ it 'refuses a string value in a required hash group' do
+ get '/disallow_string_value_in_a_required_hash_group', user: ""
+ expect(last_response.status).to eq(400)
+ end
  end
 
  context 'as an optional param' do
@@ -141,6 +160,11 @@ def app
  get '/disallow_blank_optional_param_in_a_required_group', user: { age: "29", name: "" }
  expect(last_response.status).to eq(400)
  end
+
+ it 'refuses a string value in an optional hash group' do
+ get '/disallow_string_value_in_an_optional_hash_group', user: ""
+ expect(last_response.status).to eq(400)
+ end
  end
  end
 end