bot-away 1.2.0 → 2.0.0

data/VERSION

@@ -1 +0,0 @@
-1.2.0

data/lib/bot-away/action_dispatch/request.rb

@@ -1,20 +0,0 @@
-request = (defined?(Rails::VERSION) && Rails::VERSION::STRING >= "3.0") ? 
-          ActionDispatch::Request : # Rails 3.0
-          ActionController::Request # Rails 2.3
-
-request.module_eval do
-  def parameters_with_deobfuscation
-    # NFC what is happening behind the scenes but Rails 2.3 croaks when we memoize; Rails 3 croaks when we don't.
-    if defined?(Rails::VERSION) && Rails::VERSION::STRING >= "3.0"
-      @deobfuscated_parameters ||= begin
-        BotAway::ParamParser.new(ip, parameters_without_deobfuscation.dup).params
-      end
-    else
-      Rails.logger.info parameters_without_deobfuscation.inspect
-      BotAway::ParamParser.new(ip, parameters_without_deobfuscation.dup).params
-    end
-  end
-
-  alias_method_chain :parameters, :deobfuscation
-  alias_method :params, :parameters
-end

data/spec/rspec_version.rb

@@ -1,19 +0,0 @@
-unless defined?(RSPEC_VERSION)
-  begin
-    # RSpec 1.3.0
-    require 'spec/rake/spectask'
-    require 'spec/version'
-    
-    RSPEC_VERSION = Spec::VERSION::STRING
-  rescue LoadError
-    # RSpec 2.0
-    begin
-      require 'rspec/core/rake_task'
-      require 'rspec/core/version'
-      
-      RSPEC_VERSION = RSpec::Core::Version::STRING
-    rescue LoadError
-      raise "RSpec does not seem to be installed. You must install rspec to test this gem."
-    end
-  end
-end

data/spec/support/honeypot_matcher.rb

@@ -1,30 +0,0 @@
-class HoneypotMatcher
-  def initialize(object_name, method_name)
-    @object_name, @method_name = object_name, method_name
-  end
-
-  def matches?(target)
-    target = target.call if target.kind_of?(Proc)
-    @target = target
-    if @method_name.nil?
-      @rx = /name="#{Regexp::escape @object_name}/m
-    else
-      @rx = /name="#{Regexp::escape @object_name}\[#{Regexp::escape @method_name}/m
-    end
-    @target[@rx]
-  end
-
-  def failure_message
-    "expected #{@target.inspect}\n  to match #{@rx.to_s}"
-  end
-
-  def negative_failure_message
-    "expected #{@target.inspect}\n  to not match #{@rx.to_s}"
-  end
-end
-
-def include_honeypot(object_name, method_name)
-  HoneypotMatcher.new(object_name, method_name)
-end
-
-alias contain_honeypot include_honeypot

data/spec/support/obfuscation_helper.rb

@@ -1,123 +0,0 @@
-module ObfuscationHelper
-  def controller_class
-    TestController
-  end
-
-  def dump
-    result = yield
-    puts result if ENV['DUMP']
-    result
-  end
-  
-  if RAILS_VERSION >= "3.0"
-    def self.included(base)
-      base.before(:each) do
-        session[:_csrf_token] = '1234'
-        controller.stub!(:protect_from_forgery?).and_return(true)
-        if respond_to?(:view)
-          controller.request.path_parameters["action"] ||= "index"
-          controller.action_name ||= "index"
-          view.stub!(:request_forgery_protection_token).and_return(:authenticity_token)
-          view.stub!(:form_authenticity_token).and_return('1234')
-        else
-#          response.stub!(:request_forgery_protection_token).and_return(:authenticity_token)
-#          response.stub!(:form_authenticity_token).and_return('1234')
-        end
-      end
-    end
-  end
-  
-  def builder
-    return @builder if @builder
-    if RAILS_VERSION < "3.0"
-      response = TestController.call(Rack::MockRequest.env_for('/').merge({'REQUEST_URI' => '/',
-                                                                           'REMOTE_ADDR' => '127.0.0.1'}))
-      response.template.controller.request_forgery_protection_token = :authenticity_token
-      response.template.controller.session[:_csrf_token] = '1234'
-      @builder = ActionView::Helpers::FormBuilder.new(:object_name, MockObject.new, response.template, {}, proc {})
-    else
-      @builder = ActionView::Base.default_form_builder.new(:object_name, MockObject.new, view, {}, proc {})
-    end
-  end
-  
-  # this is the obfuscated version of the string "object_name_method_name"
-  def obfuscated_id
-    self.class.obfuscated_id
-  end
-  
-  # this is the obfuscated version of the string "object_name[method_name]"
-  def obfuscated_name
-    self.class.obfuscated_name
-  end
-
-  def object_name
-    self.class.object_name
-  end
-  
-  def method_name
-    self.class.method_name
-  end
-  
-  module ClassMethods
-    def includes_honeypot(object_name, method_name)
-      it "includes a honeypot called #{object_name}[#{method_name}]" do
-        subject.should include_honeypot(object_name, method_name)
-      end
-    end
-
-    def is_obfuscated_as(id, name)
-      it "is obfuscated as #{id}, #{name}" do
-        subject.should be_obfuscated_as(id, name)
-      end
-    end
-  
-    def obfuscates(method, options = {}, unused = nil, &block)
-      if !options.kind_of?(Hash)
-        options = { :obfuscated_id => options, :obfuscated_name => unused }
-      end
-      
-      obfuscated_id   = options[:obfuscated_id]  || self.obfuscated_id
-      obfuscated_name = options[:obfuscatd_name] || self.obfuscated_name
-      
-      context "##{method}" do
-        before(:each) { @obfuscates_value = instance_eval(&block) }
-        subject { proc { dump { @obfuscates_value } } }
-        
-        if options[:name]
-          includes_honeypot(options[:name], nil)
-        else
-          includes_honeypot(options[:object_name] || object_name, options[:method_name] || method_name)
-        end
-        is_obfuscated_as(obfuscated_id, obfuscated_name)
-      end
-    end
-
-    def obfuscated_id
-      RAILS_VERSION >= "3.0" ? "f51a02a636f507f1bd64722451b71297" : "e21372563297c728093bf74c3cb6b96c"
-    end
-  
-    def obfuscated_name
-      RAILS_VERSION >= "3.0" ? "cd538a9170613d6dedbcc54a0aa24881" : "a0844d45bf150668ff1d86a6eb491969"
-    end
-    
-    def object_name
-      "object_name"
-    end
-  
-    def method_name
-      "method_name"
-    end
-  end
-end
-
-if RSPEC_VERSION < "2.0"
-  Spec::Runner.configure do |config|
-    config.extend  ObfuscationHelper::ClassMethods
-    config.include ObfuscationHelper
-  end
-else
-  RSpec.configure do |config|
-    config.extend ObfuscationHelper::ClassMethods
-    config.include ObfuscationHelper
-  end
-end

data/spec/support/obfuscation_matcher.rb

@@ -1,28 +0,0 @@
-class ObfuscationMatcher
-  def initialize(id, name)
-    @id, @name = id, name
-  end
-
-  def matches?(target)
-    target = target.call if target.kind_of?(Proc)
-    @target = target
-    match(:id) && match(:name)
-  end
-
-  def match(which)
-    @rx = /#{which}=['"]#{Regexp::escape instance_variable_get("@#{which}")}/
-    @target[@rx]
-  end
-
-  def failure_message
-    "expected #{@target.inspect}\n  to match #{@rx.inspect}"
-  end
-
-  def negative_failure_message
-    "expected #{@target.inspect}\n  to not match #{@rx.inspect}"
-  end
-end
-
-def be_obfuscated_as(id, name)
-  ObfuscationMatcher.new(id, name)
-end

data/spec/support/rails/mock_logger.rb

@@ -1,21 +0,0 @@
-require 'spec/mocks'
-
-module Rails
-  class << self
-    def logger
-      return @logger if @logger
-      @logger = Object.new
-      klass = class << @logger; self; end
-      if RSPEC_VERSION < "2.0"
-        klass.send(:include, Spec::Mocks::Methods)
-      else
-      end
-      
-      def @logger.debug(message); end
-      def @logger.info(message); end
-      def @logger.error(message); end
-      def @logger.warn(message); end
-      @logger
-    end
-  end
-end

data/spec/support/test_controller.rb

@@ -1,28 +0,0 @@
-class Post
-  attr_reader :subject, :body, :subscribers
-  
-  if defined?(ActiveModel)
-    extend ActiveModel::Naming
-    
-    def to_key
-      [1]
-    end
-  end
-end
-
-class ApplicationController < ActionController::Base
-  
-end
-
-class TestController < ApplicationController
-  def index
-  end
-
-  def model_form
-    @post = Post.new
-  end
-
-  def proc_form
-    render :text => params.to_yaml
-  end
-end

data/spec/support/views/test/index.html.erb

@@ -1,4 +0,0 @@
-<%form_for :test, :url => {:action => 'post_to'} do |f|%>
-  <%=f.text_field :name%>
-<%end%>
-

data/spec/support/views/test/model_form.html.erb

@@ -1,6 +0,0 @@
-<%form_for @post, :url => url_for('proc_form') do |f|%>
-  <p>
-    <%=f.label :subject%><br/>
-    <%=f.text_field :subject%>
-  </p>
-<%end%>

data/spec/views/lib/action_view/helpers/instance_tag_spec.rb

@@ -1,75 +0,0 @@
-require 'spec_helper'
-
-describe ActionView::Helpers::InstanceTag do
-  if method_defined?(:controller)
-    def template
-      view
-    end
-  else
-    def template
-      return @response if @response
-      @response = TestController.call(Rack::MockRequest.env_for('/').merge({'REQUEST_URI' => '/',
-                                                                            'REMOTE_ADDR' => '127.0.0.1'}))
-      @response.template.controller.request_forgery_protection_token = :authenticity_token
-      @response.template.controller.session[:_csrf_token] = '1234'
-      @response.template
-    end
-  end
-  
-  def mock_object
-    @mock_object ||= MockObject.new
-  end
-
-  def default_instance_tag
-    ActionView::Helpers::InstanceTag.new("object_name", "method_name", template, mock_object)
-  end
-
-  subject { default_instance_tag }
-
-  context "with a valid text area tag" do
-    subject do
-      dump { default_instance_tag.to_text_area_tag }
-    end
-
-    it "should produce blank honeypot value" do
-      subject.should_not =~ /name="object_name\[method_name\]"[^>]+>method_value<\/textarea>/
-    end
-  end
-
-  context "with a valid input type=text tag" do
-    before(:each) { @tag_options = ["input", {:type => 'text', 'name' => 'object_name[method_name]', 'id' => 'object_name_method_name', 'value' => 'method_value'}] }
-    #subject { dump { default_instance_tag.tag(*@tag_options) } }
-    
-    it "should turn off autocomplete for honeypots" do
-      subject.honeypot_tag(*@tag_options).should =~ /autocomplete="off"/
-    end
-
-    it "should obfuscate tag name" do
-      subject.obfuscated_tag(*@tag_options).should =~ /name="#{obfuscated_name}"/
-    end
-
-    it "should obfuscate tag id" do
-      subject.obfuscated_tag(*@tag_options).should =~ /id="#{obfuscated_id}"/
-    end
-
-#    it "should not obfuscate tag value" do
-#      subject.obfuscated_tag(*@tag_options).should =~ /value="@tag_options"/
-#    end
-#
-    it "should include unobfuscated tag value" do
-      subject.obfuscated_tag(*@tag_options).should =~ /value="method_value"/
-    end
-
-    it "should create honeypot name" do
-      subject.honeypot_tag(*@tag_options).should =~ /name="object_name\[method_name\]"/
-    end
-
-    it "should create honeypot id" do
-      subject.honeypot_tag(*@tag_options).should =~ /id="object_name_method_name"/
-    end
-
-    it "should create empty honeypot tag value" do
-      subject.honeypot_tag(*@tag_options).should =~ /value=""/
-    end
-  end
-end

data/spec/views/lib/disabled_for_spec.rb

@@ -1,101 +0,0 @@
-require 'spec_helper'
-
-describe "Bot-Away" do
-  # Basically we're just switching BA on and off, so we only need 2 sets of tests: what to expect when it's on, and
-  # what to expect when it's off. The rest of this file just flips the switches.
-  
-  def test_params
-    {"model"=>"User", "commit"=>"Sign in",
-     "authenticity_token"=>"XBQEDkXrm4E8U9slBX45TWNx7TPcx8ww2FSJRy/XXg4=",
-     "action"=>"index", "controller"=>"test", "user"=>{"username"=>"admin", "password"=>"Admin01"}
-    }
-  end
-  
-  def self.it_should_be_disabled
-    it "should not obfuscate the field, because it should be disabled" do
-      builder.text_field('method_name').should_not match(/name="#{obfuscated_name}/)
-    end
-    
-    it "should not drop invalid params, because it should be disabled" do
-      parms = BotAway::ParamParser.new('127.0.0.1', test_params).params
-      parms.should == test_params
-    end
-
-    it "should be disabled" do
-      BotAway.disabled_for?(:controller => 'test', :action => "index").should == true
-    end
-  end
-  
-  def self.it_should_be_enabled
-    it "should obfuscate the field, because it should be enabled" do
-      builder.text_field('method_name').should be_obfuscated_as(obfuscated_id, obfuscated_name)
-    end
-    
-    it "should drop invalid params, because it should be enabled" do
-      parms = BotAway::ParamParser.new('127.0.0.1', test_params).params
-      parms.should_not == test_params
-    end
-
-    it "should be disabled" do
-      BotAway.disabled_for?(:controller => 'test', :action => "index").should == false
-    end
-  end
-  
-  # flip-switching begins
-  
-  context "with matching controller name" do
-    context "and no action" do
-      before(:each) { BotAway.disabled_for :controller => 'test' }
-      it_should_be_disabled
-    end
-    
-    context "and matching action" do
-      before(:each) { BotAway.disabled_for :controller => 'test', :action => 'index' }
-      it_should_be_disabled
-    end
-    
-    context "and not matching action" do
-      before(:each) { BotAway.disabled_for :controller => 'test', :action => 'create' }
-      it_should_be_enabled
-    end
-  end
-  
-  context "with not matching controller name" do
-    context "and no action" do
-      before(:each) { BotAway.disabled_for :controller => 'users' }
-      it_should_be_enabled
-    end
-    
-    context "and matching action" do
-      before(:each) { BotAway.disabled_for :controller => 'users', :action => 'index' }
-      it_should_be_enabled
-    end
-    
-    context "and not matching action" do
-      before(:each) { BotAway.disabled_for :controller => 'users', :action => 'create' }
-      it_should_be_enabled
-    end
-  end
-
-  context "with no controller name" do
-    context "and matching action" do
-      before(:each) { BotAway.disabled_for :action => 'index' }
-      it_should_be_disabled
-    end
-    
-    context "and not matching action" do
-      before(:each) { BotAway.disabled_for :action => 'create' }
-      it_should_be_enabled
-    end
-  end
-  
-  context "with matching mode" do
-    before(:each) { BotAway.disabled_for :mode => ENV['RAILS_ENV'] }
-    it_should_be_disabled
-  end
-
-  context "with not matching mode" do
-    before(:each) { BotAway.disabled_for :mode => "this_is_not_#{ENV['RAILS_ENV']}" }
-    it_should_be_enabled
-  end
-end