add: strict helpers

Reegan Viljoen · Reegan Viljoen · commit edf9b0bd5b85 · 2024-02-08T08:49:09.000+02:00
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -10,6 +10,10 @@ nav_order: 5
 
 ## main
 
+* Add Strict helpers mode.
+
+    *Reegan Viljoen*
+
 * Make `use_helpers` a default method for all components
 
       *Reegan Viljoen*
diff --git a/lib/view_component/base.rb b/lib/view_component/base.rb
@@ -35,11 +35,8 @@ def config
 
     RESERVED_PARAMETER = :content
 
-    # For CSRF authenticity tokens in forms
-    delegate :form_authenticity_token, :protect_against_forgery?, :config, to: :helpers
-
-    # For Content Security Policy nonces
-    delegate :content_security_policy_nonce, to: :helpers
+    # For CSRF authenticity tokens in forms and Content Security Policy nonces
+    use_helpers :form_authenticity_token, :protect_against_forgery?, :config, :content_security_policy_nonce
 
     # Config option that strips trailing whitespace in templates before compiling them.
     class_attribute :__vc_strip_trailing_whitespace, instance_accessor: false, instance_predicate: false
@@ -224,7 +221,7 @@ def controller
     # @return [ActionView::Base]
     def helpers
       raise HelpersCalledBeforeRenderError if view_context.nil?
-
+      raise StrictHelperError if ViewComponent::Base.strict_helpers_enabled
       # Attempt to re-use the original view_context passed to the first
       # component rendered in the rendering pipeline. This prevents the
       # instantiation of a new view_context via `controller.view_context` which
@@ -241,11 +238,19 @@ def method_missing(method_name, *args) # rubocop:disable Style/MissingRespondToM
         super
       rescue => e # rubocop:disable Style/RescueStandardError
         e.set_backtrace e.backtrace.tap(&:shift)
-        raise e, <<~MESSAGE.chomp if view_context && e.is_a?(NameError) && helpers.respond_to?(method_name)
+        if ViewComponent::Base.strict_helpers_enabled
+          raise e, <<~MESSAGE.chomp if view_context && e.is_a?(NameError) && (__vc_original_view_context.respond_to?(method_name)|| controller.view_context.respond_to?(method_name))
           #{e.message}
 
-          You may be trying to call a method provided as a view helper. Did you mean `helpers.#{method_name}'?
-        MESSAGE
+            You may be trying to call a method provided as a view helper. To use it try decalring it using use_helpers :#{method_name}'?
+          MESSAGE
+        else
+          raise e, <<~MESSAGE.chomp if view_context && e.is_a?(NameError) && helpers.respond_to?(method_name)
+            #{e.message}
+
+            You may be trying to call a method provided as a view helper. Did you mean `helpers.#{method_name}'?
+          MESSAGE
+        end
 
         raise
       end
diff --git a/lib/view_component/config.rb b/lib/view_component/config.rb
@@ -25,7 +25,8 @@ def defaults
           preview_paths: default_preview_paths,
           test_controller: "ApplicationController",
           default_preview_layout: nil,
-          capture_compatibility_patch_enabled: false
+          capture_compatibility_patch_enabled: false,
+          strict_helpers_enabled: false
         })
       end
 
@@ -154,6 +155,11 @@ def defaults
       # previews.
       # Defaults to `false`.
 
+      # @!attribute strict_helpers_enabled
+      # @return [Boolean]
+      # Enables the experimental strict helpers mode wich throws ViewComponent::StrictHelperError when helpers is used
+      # Defaults to `false`.
+
       def default_preview_paths
         return [] unless defined?(Rails.root) && Dir.exist?("#{Rails.root}/test/components/previews")
 
diff --git a/lib/view_component/errors.rb b/lib/view_component/errors.rb
@@ -226,6 +226,10 @@ class SystemTestControllerNefariousPathError < BaseError
     MESSAGE = "ViewComponent SystemTest controller attempted to load a file outside of the expected directory."
   end
 
+  class StrictHelperError < BaseError
+    MESSAGE = "ViewComponent strict helper mode is enbaled so #helpers is disabled."
+  end
+
   class AlreadyDefinedPolymorphicSlotSetterError < StandardError
     MESSAGE =
       "A method called 'SETTER_METHOD_NAME' already exists and would be overwritten by the 'SETTER_NAME' polymorphic " \
diff --git a/test/sandbox/test/rendering_test.rb b/test/sandbox/test/rendering_test.rb
@@ -171,6 +171,20 @@ def test_renders_button_to_component
     ActionController::Base.allow_forgery_protection = old_value
   end
 
+  def test_renders_button_to_component_with_strict_helpers
+    with_strict_helpers_config(true) do
+      old_value = ActionController::Base.allow_forgery_protection
+      ActionController::Base.allow_forgery_protection = true
+
+      render_inline(ButtonToComponent.new) { "foo" }
+
+      assert_selector("form[class='button_to'][action='/'][method='post']")
+      assert_selector("input[type='hidden'][name='authenticity_token']", visible: false)
+
+      ActionController::Base.allow_forgery_protection = old_value
+    end
+  end
+
   def test_renders_component_with_variant
     with_variant :phone do
       render_inline(VariantsComponent.new)
@@ -329,6 +343,22 @@ def test_renders_component_with_asset_url
     assert_match(%r{http://assets.example.com/assets/application-\w+.css}, render_inline(component).text)
   end
 
+  def test_renders_component_with_asset_url_with_strict_helpers
+    with_strict_helpers_config(true) do
+      component = AssetComponent.new
+      assert_match(%r{http://assets.example.com/assets/application-\w+.css}, render_inline(component).text)
+
+      component.config.asset_host = nil
+      assert_match(%r{/assets/application-\w+.css}, render_inline(component).text)
+
+      component.config.asset_host = "http://assets.example.com"
+      assert_match(%r{http://assets.example.com/assets/application-\w+.css}, render_inline(component).text)
+
+      component.config.asset_host = "assets.example.com"
+      assert_match(%r{http://assets.example.com/assets/application-\w+.css}, render_inline(component).text)
+    end
+  end
+
   def test_template_changes_are_not_reflected_if_cache_is_not_cleared
     render_inline(MyComponent.new)
 
@@ -757,6 +787,14 @@ def test_renders_component_using_rails_config
     assert_text("http://assets.example.com")
   end
 
+  def test_renders_component_using_rails_config_with_strict_helpers
+    with_strict_helpers_config(true) do
+      render_inline(RailsConfigComponent.new)
+
+      assert_text("http://assets.example.com")
+    end
+  end
+
   def test_inherited_component_inherits_template
     render_inline(InheritedTemplateComponent.new)
 
@@ -1109,8 +1147,24 @@ def test_content_security_policy_nonce
     assert_selector("script", text: "\n//<![CDATA[\n  \"alert('hello')\"\n\n//]]>\n", visible: :hidden)
   end
 
+  def test_content_security_policy_nonce_with_strict_helpers
+    with_strict_helpers_config(true) do
+      render_inline(ContentSecurityPolicyNonceComponent.new)
+
+      assert_selector("script", text: "\n//<![CDATA[\n  \"alert('hello')\"\n\n//]]>\n", visible: :hidden)
+    end
+  end
+
   def test_use_helper
     render_inline(UseHelpersComponent.new)
     assert_selector ".helper__message", text: "Hello helper method"
   end
+
+  def test_strict_helpers
+    with_strict_helpers_config(true) do
+      assert_raises ViewComponent::StrictHelperError do
+        render_inline(HelpersProxyComponent.new)
+      end
+    end
+  end
 end
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -172,6 +172,10 @@ def with_render_monkey_patch_config(enabled, &block)
   with_config_option(:render_monkey_patch_enabled, enabled, &block)
 end
 
+def with_strict_helpers_config(enabled, &block)
+  with_config_option(:strict_helpers_enabled, enabled, &block)
+end
+
 def with_compiler_mode(mode)
   previous_mode = ViewComponent::Compiler.mode
   ViewComponent::Compiler.mode = mode
