# File lib/devise/parameter_filter.rb, line 3 def initialize(case_insensitive_keys, strip_whitespace_keys) @case_insensitive_keys = case_insensitive_keys || [] @strip_whitespace_keys = strip_whitespace_keys || [] end
# File lib/devise/parameter_filter.rb, line 8 def filter(conditions) conditions = stringify_params(conditions.dup) conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :downcase, @case_insensitive_keys)) conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :strip, @strip_whitespace_keys)) conditions end
# File lib/devise/parameter_filter.rb, line 17 def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys) condition_keys.each do |k| value = conditions[k] conditions[k] = value.send(method) if value.respond_to?(method) end conditions end
Force keys to be string to avoid injection on mongoid related database.
# File lib/devise/parameter_filter.rb, line 27 def stringify_params(conditions) return conditions unless conditions.is_a?(Hash) conditions.each do |k, v| conditions[k] = v.to_s if param_requires_string_conversion?(v) end end
# File lib/devise/parameter_filter.rb, line 36 def param_requires_string_conversion?(value) true end