active_url 0.1.4

data/Rakefile

@@ -0,0 +1,57 @@
+require 'rubygems'
+require 'rake'
+require 'yaml'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "active_url"
+    gem.summary = %Q{A Rails library for generating secret URLs.}
+    gem.description = <<-EOF
+      ActiveUrl enables the storing of a model in an encrypted URL. It facilitates implementation
+      of secret URLs for user (e.g. feed URLs) that can be accessed without logging in, and URLs
+      for confirming the email address of a new user.
+    EOF
+    gem.email = "mdholling@gmail.com"
+    gem.homepage = "http://github.com/mholling/active_url"
+    gem.authors = ["Matthew Hollingworth"]
+    gem.add_dependency 'activerecord'
+    gem.has_rdoc = false
+    
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  if File.exist?('VERSION.yml')
+    config = YAML.load(File.read('VERSION.yml'))
+    version = "#{config[:major]}.#{config[:minor]}.#{config[:patch]}"
+  else
+    version = ""
+  end
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "active_url #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+

data/VERSION.yml

@@ -0,0 +1,4 @@
+--- 
+:patch: 4
+:major: 0
+:minor: 1

data/active_url.gemspec

@@ -0,0 +1,72 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{active_url}
+  s.version = "0.1.4"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Matthew Hollingworth"]
+  s.date = %q{2009-10-10}
+  s.description = %q{      ActiveUrl enables the storing of a model in an encrypted URL. It facilitates implementation
+      of secret URLs for user (e.g. feed URLs) that can be accessed without logging in, and URLs
+      for confirming the email address of a new user.
+}
+  s.email = %q{mdholling@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.textile"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.textile",
+     "Rakefile",
+     "VERSION.yml",
+     "active_url.gemspec",
+     "lib/active_url.rb",
+     "lib/active_url/base.rb",
+     "lib/active_url/belongs_to.rb",
+     "lib/active_url/callbacks.rb",
+     "lib/active_url/configuration.rb",
+     "lib/active_url/crypto.rb",
+     "lib/active_url/errors.rb",
+     "lib/active_url/validations.rb",
+     "rails/init.rb",
+     "spec/belongs_to_spec.rb",
+     "spec/callbacks_spec.rb",
+     "spec/crypto_spec.rb",
+     "spec/instance_spec.rb",
+     "spec/spec_helper.rb",
+     "spec/validations_spec.rb"
+  ]
+  s.homepage = %q{http://github.com/mholling/active_url}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{A Rails library for generating secret URLs.}
+  s.test_files = [
+    "spec/belongs_to_spec.rb",
+     "spec/callbacks_spec.rb",
+     "spec/crypto_spec.rb",
+     "spec/instance_spec.rb",
+     "spec/spec_helper.rb",
+     "spec/validations_spec.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activerecord>, [">= 0"])
+    else
+      s.add_dependency(%q<activerecord>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<activerecord>, [">= 0"])
+  end
+end

data/lib/active_url.rb

@@ -0,0 +1,20 @@
+require 'rubygems'
+require 'active_record'
+ActiveRecord::Base # hack to get ActiveRecord::Validations to load..?
+
+require 'active_url/errors'
+require 'active_url/configuration'
+require 'active_url/crypto'
+require 'active_url/belongs_to'
+require 'active_url/validations'
+require 'active_url/callbacks'
+require 'active_url/base'
+
+# module ActiveUrl
+#   autoload :Base,          'active_url/base'
+#   autoload :Configuration, 'active_url/configuration'
+#   autoload :Crypto,        'active_url/crypto'
+#   autoload :BelongsTo,     'active_url/belongs_to'
+#   autoload :Validations,   'active_url/validations'
+#   autoload :Callbacks,     'active_url/callbacks'
+# end

data/lib/active_url/base.rb

@@ -0,0 +1,103 @@
+module ActiveUrl
+  class RecordNotFound < ActiveUrlError
+  end
+  
+  class Base
+    class_inheritable_reader :attribute_names
+    class_inheritable_reader :accessible_attributes
+    
+    def self.attribute(*attribute_names)
+      options = attribute_names.extract_options!
+      attribute_names.map(&:to_sym).each { |attribute_name| add_attribute(attribute_name, options) }
+    end
+    
+    def self.attr_accessible(*attribute_names)
+      self.accessible_attributes += attribute_names.map(&:to_sym)
+    end
+    
+    attr_reader :id
+
+    def initialize(attributes = nil)
+      attributes ||= {}
+      self.attributes = attributes
+    end
+    
+    def attributes=(attributes)
+      attributes.symbolize_keys.select do |key, value|
+        self.class.accessible_attributes.include? key
+      end.map do |key, value|
+        [ "#{key}=", value ]
+      end.each do |setter, value|
+        send setter, value if respond_to? setter
+      end
+    end
+    
+    def attributes
+      attribute_names.inject({}) do |hash, name|
+        hash.merge(name => send(name))
+      end
+    end
+    
+    def create
+      serialized = [ self.class.to_s, attributes ].to_yaml
+      @id = Crypto.encrypt(serialized)
+    end
+
+    def save
+      !create.blank?
+    end
+    
+    def save!
+      save
+    end
+    
+    def self.find(id)
+      raise RecordNotFound unless id.is_a?(String) && !id.blank?
+      serialized = begin
+        Crypto.decrypt(id)
+      rescue Crypto::CipherError
+        raise RecordNotFound
+      end
+      type, attributes = YAML.load(serialized)
+      raise RecordNotFound unless type == self.to_s && attributes.is_a?(Hash)
+      active_url = new
+      attributes.each { |key, value| active_url.send "#{key}=", value }
+      active_url.create
+      active_url
+    rescue RecordNotFound
+      raise RecordNotFound.new("Couldn't find #{self.name} with id=#{id}")
+    end
+    
+    def to_param
+      @id.to_s
+    end
+
+    def new_record?
+      @id.nil?
+    end
+    
+    def ==(other)
+      attributes == other.attributes && self.class == other.class
+    end
+
+    private
+    
+    class_inheritable_writer :attribute_names
+    class_inheritable_writer :accessible_attributes
+    self.attribute_names = Set.new
+    self.accessible_attributes = Set.new
+    
+    def self.add_attribute(attribute_name, options)
+      self.attribute_names << attribute_name
+      self.accessible_attributes << attribute_name if options[:accessible]
+      public
+      attr_accessor attribute_name
+    end
+  end
+  
+  Base.class_eval do
+    extend BelongsTo
+    include Validations
+    include Callbacks
+  end
+end

data/lib/active_url/belongs_to.rb

@@ -0,0 +1,32 @@
+module ActiveUrl
+  module BelongsTo
+    def belongs_to(object_name)
+      begin
+        object_name.to_s.classify.constantize
+      
+        attribute_name = "#{object_name}_id"
+        attribute attribute_name
+    
+        define_method object_name do
+          begin
+            object_name.to_s.classify.constantize.find(send(attribute_name))
+          rescue ActiveRecord::RecordNotFound
+            nil
+          end
+        end
+    
+        define_method "#{object_name}=" do |object|
+          if object.nil?
+            self.send "#{object_name}_id=", nil
+          elsif object.is_a?(object_name.to_s.classify.constantize)
+            self.send "#{object_name}_id=", object.id
+          else
+            raise TypeError.new("object is not of type #{object_name.to_s.classify}")
+          end
+        end
+      rescue NameError
+        raise ArgumentError.new("#{object_name.to_s.classify} is not an ActiveRecord class.")
+      end
+    end
+  end
+end

data/lib/active_url/callbacks.rb

@@ -0,0 +1,17 @@
+module ActiveUrl
+  module Callbacks
+    def save_with_callbacks
+      returning(save_without_callbacks) do |result|
+        run_callbacks(:after_save) if result
+      end
+    end
+    
+    def self.included(base)
+      base.class_eval do
+        include ActiveSupport::Callbacks # Already included by ActiveRecord.
+        alias_method_chain :save, :callbacks
+        define_callbacks :after_save
+      end
+    end
+  end
+end

data/lib/active_url/configuration.rb

@@ -0,0 +1,5 @@
+module ActiveUrl
+  module Config
+    mattr_accessor :secret
+  end
+end

data/lib/active_url/crypto.rb

@@ -0,0 +1,34 @@
+require 'openssl'
+require 'digest/sha2'
+require 'base64'
+
+module ActiveUrl
+  module Crypto
+    CipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
+    
+    PADDING = { 2 => "==", 3 => "=" }
+ 
+    def self.encrypt(clear)
+      crypto = start(:encrypt)
+      cipher = crypto.update(clear)
+      cipher << crypto.final
+      Base64.encode64(cipher).gsub(/[\s=]+/, "").gsub("+", "-").gsub("/", "_")
+    end
+ 
+    def self.decrypt(b64)
+      cipher = Base64.decode64("#{b64.gsub("-", "+").gsub("_", "/")}#{PADDING[b64.length % 4]}")
+      crypto = start(:decrypt)
+      clear = crypto.update(cipher)
+      clear << crypto.final
+    end
+ 
+    private
+ 
+    def self.start(mode)
+      raise ::ArgumentError.new("Set a secret key using ActiveUrl::Config.secret = 'your-secret'") if ActiveUrl::Config.secret.blank?
+      crypto = OpenSSL::Cipher::Cipher.new('aes-256-ecb').send(mode)
+      crypto.key = Digest::SHA256.hexdigest(ActiveUrl::Config.secret)
+      return crypto
+    end
+  end
+end

data/lib/active_url/errors.rb

@@ -0,0 +1,4 @@
+module ActiveUrl
+  class ActiveUrlError < StandardError
+  end
+end

data/lib/active_url/validations.rb

@@ -0,0 +1,57 @@
+module ActiveUrl
+  class RecordInvalid < ActiveUrlError
+    attr_reader :record
+    def initialize(record)
+      @record = record
+      super("Validation failed: #{@record.errors.full_messages.join(", ")}")
+    end
+  end
+
+  module Validations
+    module ClassMethods
+      def self_and_descendants_from_active_record
+        [self]
+      end
+      alias_method :self_and_descendents_from_active_record, :self_and_descendants_from_active_record
+      
+      def human_name()
+      end
+      
+      def human_attribute_name(name, options = {})
+        name.to_s.humanize
+      end
+      
+      def find_with_validation(id)
+        active_url = find_without_validation(id)
+        raise ActiveUrl::RecordNotFound unless active_url.valid?
+        active_url
+      end
+      
+      private
+      
+      def add_attribute_with_validation(attribute_name, options)
+        add_attribute_without_validation(attribute_name, options)
+        alias_method "#{attribute_name}_before_type_cast", attribute_name
+      end
+        
+    end
+    
+    def save_with_active_url_exception!
+      save_without_active_url_exception!
+    rescue ActiveRecord::RecordInvalid => e
+      raise ActiveUrl::RecordInvalid.new(e.record)
+    end
+
+    def self.included(base)
+      base.class_eval do
+        extend ClassMethods
+        include ActiveRecord::Validations
+        alias_method_chain :save!, :active_url_exception
+        class << self
+          alias_method_chain :find, :validation
+          alias_method_chain :add_attribute, :validation
+        end
+      end
+    end
+  end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require 'active_url'

data/spec/belongs_to_spec.rb

@@ -0,0 +1,94 @@
+require 'spec_helper'
+
+describe ActiveUrl do
+  before(:each) do
+    ActiveUrl::Config.stub!(:secret).and_return("secret")
+  end
+  
+  context "instance with belongs_to association" do
+    before(:all) do    
+      # a simple pretend-ActiveRecord model for testing belongs_to without setting up a db:
+      class ::User < ActiveRecord::Base
+        def self.columns() @columns ||= []; end
+        def self.column(name, sql_type = nil, default = nil, null = true)
+          columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s, default, sql_type.to_s, null)
+        end
+      end
+    
+      class ::Secret < ActiveUrl::Base
+        belongs_to :user
+      end
+    end
+    
+    after(:all) do
+      Object.send(:remove_const, "Secret")
+    end
+    
+    before(:each) do
+      @url = Secret.new
+      @user = User.new
+      @user.stub!(:id).and_return(1)
+    end
+    
+    it "should raise ArgumentError if the association name is not an ActiveRecord class" do
+      lambda { Secret.belongs_to :foo }.should raise_error(ArgumentError)
+    end
+    
+    it "should respond to association_id, association_id=, association & association=" do
+      @url.attribute_names.should include(:user_id)
+      @url.should respond_to(:user)
+      @url.should respond_to(:user=)
+    end
+    
+    it "should have nil association if association or association_id not set" do
+      @url.user.should be_nil
+    end
+    
+    it "should not allow mass assignment of association_id" do
+      @url = Secret.new(:user_id => @user.id)
+      @url.user_id.should be_nil
+      @url.user.should be_nil
+    end
+    
+    it "should not allow mass assignment of association" do
+      @url = Secret.new(:user => @user)
+      @url.user_id.should be_nil
+      @url.user.should be_nil
+    end
+    
+    it "should be able to have its association set to nil" do
+      @url.user_id = @user.id
+      @url.user = nil
+      @url.user_id.should be_nil
+    end
+    
+    it "should raise ArgumentError if association is set to wrong type" do
+      lambda { @url.user = Object.new }.should raise_error(TypeError)
+    end
+      
+    it "should find its association_id if association is set" do
+      @url.user = @user
+      @url.user_id.should == @user.id
+    end
+    
+    it "should find its association if association_id is set" do
+      User.should_receive(:find).with(@user.id).and_return(@user)
+      @url.user_id = @user.id
+      @url.user.should == @user
+    end
+    
+    it "should return nil association if association_id is unknown" do
+      User.should_receive(:find).and_raise(ActiveRecord::RecordNotFound)
+      @url.user_id = 10
+      @url.user.should be_nil
+    end
+    
+    it "should know its association when found by id" do
+      User.should_receive(:find).with(@user.id).and_return(@user)
+      @url.user_id = @user.id
+      @url.save
+      @found = Secret.find(@url.id)
+      @found.user.should == @user
+    end
+  end
+end