Check for dry-types type existence and prevent top level const lookup

Vasfed · Vasfed · commit c061898b4201 · 2022-07-22T18:24:03.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@
 * [#2249](https://github.com/ruby-grape/grape/pull/2251): Upgraded to RuboCop 1.25.1 - [@dblock](https://github.com/dblock).
 * [#2271](https://github.com/ruby-grape/grape/pull/2271): Fixed validation regression on Numeric type introduced in 1.3 - [@vasfed](https://github.com/Vasfed).
 * [#2267](https://github.com/ruby-grape/grape/pull/2267): Standardized English error messages - [@dblock](https://github.com/dblock).
+* [#2272](https://github.com/ruby-grape/grape/pull/2272): Added error on param init when provided type does not have `[]` coercion method, previously validation silently failed for any value - [@vasfed](https://github.com/Vasfed).
 * Your contribution here.
 
 #### Fixes
diff --git a/lib/grape/validations/types/primitive_coercer.rb b/lib/grape/validations/types/primitive_coercer.rb
@@ -13,6 +13,8 @@ class PrimitiveCoercer < DryTypeCoercer
           Grape::API::Boolean => DryTypes::Params::Bool,
           BigDecimal => DryTypes::Params::Decimal,
           Numeric => DryTypes::Params::Integer | DryTypes::Params::Float | DryTypes::Params::Decimal,
+          TrueClass => DryTypes::Params::Bool.constrained(eql: true),
+          FalseClass => DryTypes::Params::Bool.constrained(eql: false),
 
           # unfortunately, a +Params+ scope doesn't contain String
           String => DryTypes::Coercible::String
@@ -21,19 +23,23 @@ class PrimitiveCoercer < DryTypeCoercer
         STRICT_MAPPING = {
           Grape::API::Boolean => DryTypes::Strict::Bool,
           BigDecimal => DryTypes::Strict::Decimal,
-          Numeric => DryTypes::Strict::Integer | DryTypes::Strict::Float | DryTypes::Strict::Decimal
+          Numeric => DryTypes::Strict::Integer | DryTypes::Strict::Float | DryTypes::Strict::Decimal,
+          TrueClass => DryTypes::Strict::Bool.constrained(eql: true),
+          FalseClass => DryTypes::Strict::Bool.constrained(eql: false)
         }.freeze
 
         def initialize(type, strict = false)
           super
 
           @type = type
 
-          @coercer = if strict
-                       STRICT_MAPPING.fetch(type) { scope.const_get(type.name) }
-                     else
-                       MAPPING.fetch(type) { scope.const_get(type.name) }
-                     end
+          @coercer = (strict ? STRICT_MAPPING : MAPPING).fetch(type) do
+            scope.const_get(type.name, false)
+          rescue NameError
+            raise ArgumentError, "type #{type} should support coercion via `[]`" unless type.respond_to?(:[])
+
+            type
+          end
         end
 
         def call(val)
diff --git a/spec/grape/validations/types/primitive_coercer_spec.rb b/spec/grape/validations/types/primitive_coercer_spec.rb
@@ -110,6 +110,15 @@
       end
     end
 
+    context 'a type unknown in Dry-types' do
+      let(:type) { Complex }
+
+      it 'raises error on init' do
+        expect(DryTypes::Params.constants).not_to include(type.name.to_sym)
+        expect { subject }.to raise_error(/type Complex should support coercion/)
+      end
+    end
+
     context 'the strict mode' do
       let(:strict) { true }
 
