cloudkit 0.9.0

data/test/oauth_store_test.rb

@@ -0,0 +1,12 @@
+require 'helper'
+class OAuthStoreTest < Test::Unit::TestCase
+
+  context "An OAuthStore" do
+
+    should "know its version" do
+      store = CloudKit::UserStore.new
+      assert_equal 1, store.version
+    end
+
+  end
+end

data/test/openid_filter_test.rb

@@ -0,0 +1,54 @@
+require 'helper'
+class OpenIDFilterTest < Test::Unit::TestCase
+
+  context "An OpenIDFilter" do
+
+    setup do
+      @request = Rack::MockRequest.new(openid_app)
+    end
+
+    should "allow root url pass through" do
+      response = @request.get('/')
+      assert_equal 200, response.status
+    end
+
+    should "redirect to the login page if authorization is required" do
+      response = @request.get('/protected')
+      assert_equal 302, response.status
+      assert_equal '/login', response['Location']
+    end
+
+    should "notify downstream nodes of its presence" do
+      app = Rack::Builder.new do
+        use Rack::Session::Pool
+        use CloudKit::OpenIDFilter
+        run echo_env('cloudkit.via')
+      end
+      response = Rack::MockRequest.new(app).get('/')
+      assert_equal 'cloudkit.filter.openid', response.body
+    end
+
+    context "with upstream authorization middleware" do
+
+      should "allow pass through if the auth env variable is populated" do
+        response = @request.get('/protected', auth)
+        assert_equal 200, response.status
+        assert_equal remote_user, response.body
+      end
+
+      should "return the auth challenge header" do
+        response = @request.get('/protected',
+          'cloudkit.via' => 'cloudkit.filter.oauth',
+          'cloudkit.challenge' => {'WWW-Authenticate' => 'etc.'})
+        assert response['WWW-Authenticate']
+      end
+
+      should "return a 401 status if authorization is required" do
+        response = @request.get('/protected',
+          'cloudkit.via' => 'cloudkit.filter.oauth',
+          'cloudkit.challenge' => {'WWW-Authenticate' => 'etc.'})
+        assert_equal 401, response.status
+      end
+    end
+  end
+end

data/test/openid_store_test.rb

@@ -0,0 +1,12 @@
+require 'helper'
+class OpenIDStoreTest < Test::Unit::TestCase
+
+  context "An OpenIDStore" do
+
+    should "know its version" do
+      store = CloudKit::UserStore.new
+      assert_equal 1, store.version
+    end
+
+  end
+end

data/test/rack_builder_test.rb

@@ -0,0 +1,41 @@
+require 'helper'
+class RackBuilderTest < Test::Unit::TestCase
+
+  context "Rack::Builder" do
+
+    should "expose services" do
+      app = Rack::Builder.new do
+        expose :items, :things
+        run lambda {|app| [200, {}, ['hello']]}
+      end
+      response = Rack::MockRequest.new(app).get('/items')
+      assert_equal 200, response.status
+      documents = JSON.parse(response.body)['uris']
+      assert_equal [], documents
+    end
+
+    should "expose services with auth using 'contain'" do
+      app = Rack::Builder.new do
+        contain :items, :things
+        run lambda {|app| [200, {}, ['hello']]}
+      end
+      response = Rack::MockRequest.new(app).get('/items')
+      assert_equal 401, response.status
+      response = Rack::MockRequest.new(app).get('/things')
+      assert_equal 401, response.status
+      response = Rack::MockRequest.new(app).get('/')
+      assert_equal 200, response.status
+      assert_equal 'hello', response.body
+    end
+
+    should "insert a default app if one does not exist" do
+      app = Rack::Builder.new { contain :items }
+      response = Rack::MockRequest.new(app).get('/items')
+      assert_equal 401, response.status
+      response = Rack::MockRequest.new(app).get('/')
+      assert_equal 200, response.status
+      assert response.body.match('CloudKit')
+    end
+
+  end
+end

data/test/request_test.rb

@@ -0,0 +1,197 @@
+require 'helper'
+class RequestTest < Test::Unit::TestCase
+
+  context "A Request" do
+
+    should "match requests with routes" do
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com')).match?(
+          'GET', '/')
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/')).match?(
+          'GET', '/')
+      assert !CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/')).match?(
+          'POST', '/')
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello')).match?(
+          'GET', '/hello')
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello')).match?(
+          'GET', '/hello')
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello', :method => 'POST')).match?(
+          'POST', '/hello')
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q=a', :method => 'POST')).match?(
+          'POST', '/hello', [{'q' => 'a'}])
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q=a', :method => 'POST')).match?(
+          'POST', '/hello', ['q'])
+      assert !CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q=a', :method => 'POST')).match?(
+          'POST', '/hello', [{'q' => 'b'}])
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q', :method => 'POST')).match?(
+          'POST', '/hello', [{'q' => nil}])
+      assert !CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q=a', :method => 'POST')).match?(
+          'POST', '/hello', [{'q' => nil}])
+      assert !CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q=a', :method => 'POST')).match?(
+          'POST', '/hello', [{'q' => ''}])
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q&x=y', :method => 'PUT')).match?(
+          'PUT', '/hello', ['q', {'x' => 'y'}])
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q&x=y&z', :method => 'PUT')).match?(
+          'PUT', '/hello', ['q', {'x' => 'y'}])
+      assert !CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello?q&x=y', :method => 'PUT')).match?(
+          'PUT', '/hello', [{'q' => 'a'},{'x' => 'y'}])
+    end
+
+    should "treat a trailing :id as a wildcard for path matching" do
+      assert CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://example.com/hello/123')).match?('GET', '/hello/:id')
+    end
+
+    should "inject stack-internal via-style env vars" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/test'))
+      assert_equal [], request.via
+      request.inject_via('a.b')
+      assert request.via.include?('a.b')
+      request.inject_via('c.d')
+      assert request.via.include?('a.b')
+      assert request.via.include?('c.d')
+    end
+
+    should "announce the use of auth middleware" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      request.announce_auth('cloudkit.filter.oauth')
+      assert request.via.include?('cloudkit.filter.oauth')
+    end
+
+    should "know if auth provided by upstream middleware" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      request.announce_auth('cloudkit.filter.oauth')
+      assert request.using_auth?
+    end
+
+    should "know the current user" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      assert_nil request.current_user
+      request = CloudKit::Request.new(
+        Rack::MockRequest.env_for('/', 'cloudkit.user' => 'cecil'))
+      assert request.current_user
+      assert_equal 'cecil', request.current_user
+    end
+
+    should "set the current user" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      request.current_user = 'cecil'
+      assert request.current_user
+      assert_equal 'cecil', request.current_user
+    end
+
+    should "know the login url" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      assert_equal '/login', request.login_url
+      request = CloudKit::Request.new(
+        Rack::MockRequest.env_for(
+          '/', 'cloudkit.filter.openid.url.login' => '/sessions'))
+      assert_equal '/sessions', request.login_url
+    end
+
+    should "set the login url" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      request.login_url = '/welcome'
+      assert_equal '/welcome', request.login_url
+    end
+
+    should "know the logout url" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      assert_equal '/logout', request.logout_url
+      request = CloudKit::Request.new(
+        Rack::MockRequest.env_for(
+          '/', 'cloudkit.filter.openid.url.logout' => '/sessions'))
+      assert_equal '/sessions', request.logout_url
+    end
+
+    should "set the logout url" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      request.logout_url = '/goodbye'
+      assert_equal '/goodbye', request.logout_url
+    end
+
+    should "get the session" do
+      request = CloudKit::Request.new(
+        Rack::MockRequest.env_for('/', 'rack.session' => 'this'))
+      assert request.session
+      assert_equal 'this', request.session
+    end
+
+    should "know the flash" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for(
+        '/', 'rack.session' => {}))
+      assert request.flash.is_a?(CloudKit::FlashSession)
+    end
+
+    should "parse if-match headers" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for(
+        '/items/123/versions'))
+      assert_nil request.if_match
+      request = CloudKit::Request.new(Rack::MockRequest.env_for(
+        '/items/123/versions',
+        'HTTP_IF_MATCH' => '"a"'))
+      assert_equal 'a', request.if_match
+    end
+
+    should "treat a list of etags in an if-match header as a single etag" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for(
+        '/items/123/versions',
+        'HTTP_IF_MATCH' => '"a", "b"'))
+      # See CloudKit::Request#if_match for more info on this expectation
+      assert_equal 'a", "b', request.if_match 
+    end
+
+    should "ignore if-match when set to *" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for(
+        '/items/123/versions',
+        'HTTP_IF_MATCH' => '*'))
+      assert_nil request.if_match
+    end
+
+    should "understand header auth" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for(
+        'http://photos.example.net/photos?file=vacation.jpg&size=original',
+        'Authorization' =>
+        'OAuth realm="",' + 
+        'oauth_version="1.0",' +
+        'oauth_consumer_key="dpf43f3p2l4k3l03",' +
+        'oauth_token="nnch734d00sl2jdk",' +
+        'oauth_timestamp="1191242096",' +
+        'oauth_nonce="kllo9940pd9333jh",' +
+        'oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D",' +
+        'oauth_signature_method="HMAC-SHA1"'))
+      assert_equal 'dpf43f3p2l4k3l03', request['oauth_consumer_key']
+      assert_equal 'nnch734d00sl2jdk', request['oauth_token']
+      assert_equal '1191242096', request['oauth_timestamp']
+      assert_equal 'kllo9940pd9333jh', request['oauth_nonce']
+      assert_equal 'tR3+Ty81lMeYAr/Fid0kMTYa/WM=', request['oauth_signature']
+      assert_equal 'HMAC-SHA1', request['oauth_signature_method']
+    end
+
+    should "know the last path element" do
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/'))
+      assert_nil request.last_path_element
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/abc'))
+      assert_equal 'abc', request.last_path_element
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/abc/'))
+      assert_equal 'abc', request.last_path_element
+      request = CloudKit::Request.new(Rack::MockRequest.env_for('/abc/def'))
+      assert_equal 'def', request.last_path_element
+    end
+
+  end
+end

data/test/service_test.rb

@@ -0,0 +1,718 @@
+require 'helper'
+class ServiceTest < Test::Unit::TestCase
+
+  context "A CloudKit::Service" do
+
+    setup do
+      @request = Rack::MockRequest.new(plain_service)
+    end
+
+    teardown do
+      FileUtils.rm_f('service.db')
+    end
+
+    should "return a 501 for unimplemented methods" do
+      response = @request.request('TRACE', '/items')
+      assert_equal 501, response.status
+      response = @request.request('REJUXTAPOSE', '/items')
+      assert_equal 501, response.status
+    end
+
+    context "using auth" do
+
+      setup do
+        @store = CloudKit::Store.new(
+          :adapter     => CloudKit::SQLAdapter.new('sqlite://service.db'),
+          :collections => [:items, :things])
+        @request = Rack::MockRequest.new(authed_service)
+      end
+
+      should "allow requests for / to pass through" do
+        response = @request.get('/')
+        assert_equal 'martino', response.body
+      end
+
+      should "allow any non-specified resource request to pass through" do
+        response = @request.get('/hammers')
+        assert_equal 'martino', response.body
+      end
+
+      should "return a 500 if authentication is configured incorrectly" do
+        # simulate auth requirement without the auth_key being set by the
+        # auth filter(s)
+        response = @request.get('/items')
+        assert_equal 500, response.status
+      end
+
+      context "on GET /cloudkit-meta" do
+
+        setup do
+          @response = @request.get('/cloudkit-meta', auth_key => remote_user)
+        end
+
+        should "be successful" do
+          assert_equal 200, @response.status
+        end
+
+        should "return a list of hosted collection URIs" do
+          uris = JSON.parse(@response.body)['uris']
+          assert_same_elements ['/things', '/items'], uris
+        end
+
+        should "return a Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "return an ETag" do
+          assert @response['ETag']
+        end
+
+        should "not set a Last-Modified header" do
+          assert_nil @response['Last-Modified']
+        end
+      end
+
+      context "on GET /:collection" do
+
+        setup do
+          3.times do |i|
+            json = JSON.generate(:this => i.to_s)
+            @store.put("/items/#{i}", :json => json, :remote_user => remote_user)
+          end
+          json = JSON.generate(:this => '4')
+          @store.put('/items/4', :json => json, :remote_user => 'someoneelse')
+          @response = @request.get('/items', auth_key => remote_user)
+          @parsed_response = JSON.parse(@response.body)
+        end
+
+        should "be successful" do
+          assert_equal 200, @response.status
+        end
+
+        should "return a list of URIs for all owner-originated resources" do
+          assert_same_elements ['/items/0', '/items/1', '/items/2'],
+            @parsed_response['uris']
+        end
+
+        should "sort descending on last_modified date" do
+          assert_equal ['/items/2', '/items/1', '/items/0'],
+            @parsed_response['uris']
+        end
+
+        should "return the total number of uris" do
+          assert @parsed_response['total']
+          assert_equal 3, @parsed_response['total']
+        end
+
+        should "return the offset" do
+          assert @parsed_response['offset']
+          assert_equal 0, @parsed_response['offset']
+        end
+
+        should "return a Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "return an ETag" do
+          assert @response['ETag']
+        end
+
+        should "return a Last-Modified date" do
+          assert @response['Last-Modified']
+        end
+
+        should "accept a limit parameter" do
+          response = @request.get('/items?limit=2', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal ['/items/2', '/items/1'], parsed_response['uris']
+          assert_equal 3, parsed_response['total']
+        end
+
+        should "accept an offset parameter" do
+          response = @request.get('/items?offset=1', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal ['/items/1', '/items/0'], parsed_response['uris']
+          assert_equal 1, parsed_response['offset']
+          assert_equal 3, parsed_response['total']
+        end
+
+        should "accept combined limit and offset parameters" do
+          response = @request.get('/items?limit=1&offset=1', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal ['/items/1'], parsed_response['uris']
+          assert_equal 1, parsed_response['offset']
+          assert_equal 3, parsed_response['total']
+        end
+
+        should "return an empty list if no resources are found" do
+          response = @request.get('/things', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal [], parsed_response['uris']
+          assert_equal 0, parsed_response['total']
+          assert_equal 0, parsed_response['offset']
+        end
+      end
+
+      context "on GET /:collection/:id" do
+
+        setup do
+          json = JSON.generate(:this => 'that')
+          @store.put('/items/abc', :json => json, :remote_user => remote_user)
+          @response = @request.get(
+            '/items/abc', 'HTTP_HOST' => 'example.org', auth_key => remote_user)
+        end
+
+        should "be successful" do
+          assert_equal 200, @response.status
+        end
+
+        should "return a document for valid owner-originated requests" do
+          data = JSON.parse(@response.body)
+          assert_equal 'that', data['this']
+        end
+
+        should "return a 404 if a document does not exist" do
+          response = @request.get('/items/nothing', auth_key => remote_user)
+          assert_equal 404, response.status
+        end
+
+        should "return a Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "return an ETag header" do
+          assert @response['ETag']
+        end
+
+        should "return a Last-Modified header" do
+          assert @response['Last-Modified']
+        end
+
+        should "not return documents for unauthorized users" do
+          response = @request.get('/items/abc', auth_key => 'bogus')
+          assert_equal 404, response.status
+        end
+
+        should "return a versions link header" do
+          assert @response['Link']
+          assert @response['Link'].match("<http://example.org/items/abc/versions>; rel=\"http://joncrosby.me/cloudkit/1.0/rel/versions\"")
+        end
+      end
+
+      context "on GET /:collection/:id/versions" do
+
+        setup do
+          @etags = []
+          4.times do |i|
+            json = JSON.generate(:this => i)
+            options = {:json => json, :remote_user => remote_user}
+            options.filter_merge!(:etag => @etags.try(:last))
+            result = @store.put('/items/abc', options)
+            @etags << result.parsed_content['etag']
+          end
+          @response = @request.get('/items/abc/versions', auth_key => remote_user)
+          @parsed_response = JSON.parse(@response.body)
+        end
+
+        should "be successful" do
+          assert_equal 200, @response.status
+        end
+
+        should "be successful even if the current resource has been deleted" do
+          @store.delete('/items/abc', :etag => @etags.last, :remote_user => remote_user)
+          response = @request.get('/items/abc/versions', auth_key => remote_user)
+          assert_equal 200, @response.status
+          parsed_response = JSON.parse(response.body)
+          assert_equal 4, parsed_response['uris'].size
+        end
+
+        should "return a list of URIs for all versions of a resource" do
+          uris = @parsed_response['uris']
+          assert uris
+          assert_equal 4, uris.size
+        end
+
+        should "return a 404 if the resource does not exist" do
+          response = @request.get('/items/nothing/versions', auth_key => remote_user)
+          assert_equal 404, response.status
+        end
+
+        should "return a 404 for non-owner-originated requests" do
+          response = @request.get('/items/abc/versions', auth_key => 'someoneelse')
+          assert_equal 404, response.status
+        end
+
+        should "sort descending on last_modified date" do
+          assert_equal ['/items/abc'].concat(@etags[0..-2].reverse.map{|e| "/items/abc/versions/#{e}"}),
+            @parsed_response['uris']
+        end
+
+        should "return the total number of uris" do
+          assert @parsed_response['total']
+          assert_equal 4, @parsed_response['total']
+        end
+
+        should "return the offset" do
+          assert @parsed_response['offset']
+          assert_equal 0, @parsed_response['offset']
+        end
+
+        should "return a Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "return an ETag" do
+          assert @response['ETag']
+        end
+
+        should "return a Last-Modified date" do
+          assert @response['Last-Modified']
+        end
+
+        should "accept a limit parameter" do
+          response = @request.get('/items/abc/versions?limit=2', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal ['/items/abc', "/items/abc/versions/#{@etags[-2]}"],
+            parsed_response['uris']
+          assert_equal 4, parsed_response['total']
+        end
+
+        should "accept an offset parameter" do
+          response = @request.get('/items/abc/versions?offset=1', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal @etags.reverse[1..-1].map{|e| "/items/abc/versions/#{e}"},
+            parsed_response['uris']
+          assert_equal 1, parsed_response['offset']
+          assert_equal 4, parsed_response['total']
+        end
+
+        should "accept combined limit and offset parameters" do
+          response = @request.get('/items/abc/versions?limit=1&offset=1', auth_key => remote_user)
+          parsed_response = JSON.parse(response.body)
+          assert_equal ["/items/abc/versions/#{@etags[-2]}"], parsed_response['uris']
+          assert_equal 1, parsed_response['offset']
+          assert_equal 4, parsed_response['total']
+        end
+      end
+
+      context "on GET /:collection/:id/versions/:etag" do
+
+        setup do
+          @etags = []
+          2.times do |i|
+            json = JSON.generate(:this => i)
+            options = {:json => json, :remote_user => remote_user}
+            options.filter_merge!(:etag => @etags.try(:last))
+            result = @store.put('/items/abc', options)
+            @etags << result.parsed_content['etag']
+          end
+          @response = @request.get(
+            "/items/abc/versions/#{@etags.first}", auth_key => remote_user)
+          @parsed_response = JSON.parse(@response.body)
+        end
+
+        should "be successful" do
+          assert_equal 200, @response.status
+        end
+
+        should "return a document for valid owner-originated requests" do
+          assert_equal 0, @parsed_response['this']
+        end
+
+        should "return a 404 if a document is not found" do
+          response = @request.get(
+            "/items/nothing/versions/#{@etags.first}", auth_key => remote_user)
+          assert_equal 404, response.status
+        end
+
+        should "return a Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "return an ETag header" do
+          assert @response['ETag']
+        end
+
+        should "return a Last-Modified header" do
+          assert @response['Last-Modified']
+        end
+
+        should "not return documents for unauthorized users" do
+          response = @request.get(
+            "/items/abc/versions/#{@etags.first}", auth_key => 'someoneelse')
+          assert_equal 404, response.status
+        end
+      end
+
+      context "on POST /:collection" do
+
+        setup do
+          json = JSON.generate(:this => 'that')
+          @response = @request.post(
+            '/items', :input => json, auth_key => remote_user)
+          @body = JSON.parse(@response.body)
+        end
+
+        should "store the document" do
+          result = @store.get(@body['uri'])
+          assert_equal 200, result.status
+        end
+
+        should "return a 201 when successful" do
+          assert_equal 201, @response.status
+        end
+
+        should "return the metadata" do
+          assert_equal 4, @body.keys.size
+          assert_same_elements ['ok', 'uri', 'etag', 'last_modified'], @body.keys
+        end
+
+        should "set the Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "not set an ETag header" do
+          assert_nil @response['ETag']
+        end
+
+        should "not set a Last-Modified header" do
+          assert_nil @response['Last-Modified']
+        end
+
+        should "return a 422 if parsing fails" do
+          response = @request.post('/items', :input => 'fail', auth_key => remote_user)
+          assert_equal 422, response.status
+        end
+
+        should "insert into its views" do
+          view = CloudKit::ExtractionView.new(
+            :fruits,
+            :observe => :items,
+            :extract => [:apple, :lemon])
+          store = CloudKit::Store.new(
+            :collections => [:items],
+            :views       => [view])
+          json = JSON.generate(:apple => 'green')
+          store.put('/items/123', :json => json)
+          json = JSON.generate(:apple => 'red')
+          store.put('/items/456', :json => json)
+          result = store.get('/fruits', :apple => 'green')
+          uris = result.parsed_content['uris']
+          assert_equal 1, uris.size
+          assert uris.include?('/items/123')
+        end
+      end
+
+      context "on PUT /:collection/:id" do 
+
+        setup do
+          json = JSON.generate(:this => 'that')
+          @original = @store.put('/items/abc', :json => json, :remote_user => remote_user)
+          etag = @original.parsed_content['etag']
+          json = JSON.generate(:this => 'other', :etag => etag)
+          @response = @request.put(
+            '/items/abc',
+            :input          => json,
+            'HTTP_IF_MATCH' => etag,
+            auth_key        => remote_user)
+          @json = JSON.parse(@response.body)
+        end
+
+        should "create a document if it does not already exist" do
+          json = JSON.generate(:this => 'thing')
+          response = @request.put(
+            '/items/xyz', :input => json, auth_key => remote_user)
+          assert_equal 201, response.status
+          result = @store.get('/items/xyz')
+          assert_equal 200, result.status
+          assert_equal 'thing', result.parsed_content['this']
+        end
+
+        should "update the document if it already exists" do
+          assert_equal 200, @response.status
+          result = @store.get('/items/abc').parsed_content
+          assert_equal 'other', result['this']
+        end
+
+        should "return the metadata" do
+          assert_equal 4, @json.keys.size
+          assert_same_elements ['ok', 'uri', 'etag', 'last_modified'], @json.keys
+        end
+
+        should "set the Content-Type header" do
+          assert_equal 'application/json', @response['Content-Type']
+        end
+
+        should "not set an ETag header" do
+          assert_nil @response['ETag']
+        end
+
+        should "not set a Last-Modified header" do
+          assert_nil @response['Last-Modified']
+        end
+
+        should "not allow a remote_user change" do
+          json = JSON.generate(:this => 'other')
+          response = @request.put(
+            '/items/abc',
+            :input          => json,
+            'HTTP_IF_MATCH' => @json['etag'],
+            auth_key        => 'someone_else')
+          assert_equal 404, response.status
+        end
+
+        should "detect and return conflicts" do
+          client_a_input = JSON.generate(:this => 'updated')
+          client_b_input = JSON.generate(:other => 'thing')
+          response = @request.put(
+            '/items/abc',
+            :input          => client_a_input,
+            'HTTP_IF_MATCH' => @json['etag'],
+            auth_key        => remote_user)
+          assert_equal 200, response.status
+          response = @request.put(
+            '/items/abc',
+            :input          => client_b_input,
+            'HTTP_IF_MATCH' => @json['etag'],
+            auth_key        => remote_user)
+          assert_equal 412, response.status
+        end
+
+        should "require an ETag for updates" do
+          json = JSON.generate(:this => 'updated')
+          response = @request.put(
+            '/items/abc',
+            :input   => json,
+            auth_key => remote_user)
+          assert_equal 400, response.status
+        end
+
+        should "return a 422 if parsing fails" do
+          response = @request.put(
+            '/items/zzz', :input => 'fail', auth_key => remote_user)
+          assert_equal 422, response.status
+        end
+
+        should "version document updates" do
+          json = JSON.generate(:this => 'updated')
+          response = @request.put(
+            '/items/abc',
+            :input          => json,
+            'HTTP_IF_MATCH' => @json['etag'],
+            auth_key        => remote_user)
+          assert_equal 200, response.status
+          etag = JSON.parse(response.body)['etag']
+          json = JSON.generate(:this => 'updated again')
+          new_response = @request.put(
+            '/items/abc',
+            :input          => json,
+            'HTTP_IF_MATCH' => etag,
+            auth_key        => remote_user)
+          assert_equal 200, new_response.status
+          new_etag = JSON.parse(new_response.body)['etag']
+          assert_not_equal etag, new_etag
+        end
+
+        should "update its views" do
+          view = CloudKit::ExtractionView.new(
+            :fruits,
+            :observe => :items,
+            :extract => [:apple, :lemon])
+          store = CloudKit::Store.new(
+            :collections => [:items],
+            :views       => [view])
+          json = JSON.generate(:apple => 'green')
+          result = store.put('/items/123', :json => json)
+          json = JSON.generate(:apple => 'red')
+          store.put(
+            '/items/123', :etag => result.parsed_content['etag'], :json => json)
+          result = store.get('/fruits', :apple => 'green')
+          uris = result.parsed_content['uris']
+          assert_equal 0, uris.size
+          result = store.get('/fruits', :apple => 'red')
+          uris = result.parsed_content['uris']
+          assert_equal 1, uris.size
+          assert uris.include?('/items/123')
+        end
+      end
+
+      context "on DELETE /:collection/:id" do
+
+        setup do
+          json = JSON.generate(:this => 'that')
+          @result = @store.put('/items/abc', :json => json, :remote_user => remote_user)
+          @etag = @result.parsed_content['etag']
+        end
+
+        should "delete the document" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          assert_equal 200, response.status
+          result = @store.get('/items/abc')
+          assert_equal 410, result.status
+        end
+
+        should "return the metadata" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          json = JSON.parse(response.body)
+          assert_equal 4, json.keys.size
+          assert_same_elements ['ok', 'uri', 'etag', 'last_modified'], json.keys
+        end
+
+        should "set the Content-Type header" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          assert_equal 'application/json', response['Content-Type']
+        end
+
+        should "not set an ETag header" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          assert_nil response['ETag']
+        end
+
+        should "not set a Last-Modified header" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          assert_nil response['Last-Modified']
+        end
+
+        should "return a 404 for items that have never existed" do
+          response = @request.delete(
+            '/items/zzz',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          assert_equal 404, response.status
+        end
+
+        should "require an ETag" do
+          response = @request.delete(
+            '/items/abc',
+            auth_key => remote_user)
+          assert_equal 400, response.status
+        end
+
+        should "verify the user in the doc" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => 'someoneelse')
+          assert_equal 404, response.status
+        end
+
+        should "detect and return conflicts" do
+          json = JSON.generate(:this => 'that')
+          result = @store.put('/items/123', :json => json, :remote_user => remote_user)
+          etag = result.parsed_content['etag']
+          client_a_input = JSON.generate(:this => 'updated')
+          client_b_input = JSON.generate(:other => 'thing')
+          response = @request.put(
+            '/items/123',
+            :input          => client_a_input,
+            'HTTP_IF_MATCH' => etag,
+            auth_key        => remote_user)
+          assert_equal 200, response.status
+          response = @request.delete(
+            '/items/123',
+            :input          => client_b_input,
+            'HTTP_IF_MATCH' => etag,
+            auth_key        => remote_user)
+          assert_equal 412, response.status
+        end
+
+        should "retain version history" do
+          response = @request.delete(
+            '/items/abc',
+            'HTTP_IF_MATCH' => @etag,
+            auth_key        => remote_user)
+          assert_equal 200, response.status
+          response = @request.get(
+            '/items/abc/versions',
+            auth_key => remote_user)
+          json = JSON.parse(response.body)
+          assert_equal 1, json['total']
+        end
+
+        should "remove records from its views" do
+          view = CloudKit::ExtractionView.new(
+            :fruits,
+            :observe => :items,
+            :extract => [:apple, :lemon])
+          store = CloudKit::Store.new(
+            :collections => [:items],
+            :views       => [view])
+          json = JSON.generate(:apple => 'green')
+          result = store.put('/items/123', :json => json)
+          store.delete('/items/123', :etag => result.parsed_content['etag'])
+          result = store.get('/fruits', :apple => 'green')
+          uris = result.parsed_content['uris']
+          assert_equal [], uris
+        end
+      end
+
+      context "on OPTIONS /:collection" do
+
+        setup do
+          @response = @request.request('OPTIONS', '/items', auth_key => remote_user)
+        end
+
+        should "return a 200 status" do
+          assert_equal 200, @response.status
+        end
+
+        should "return a list of available methods" do
+          assert @response['Allow']
+          methods = @response['Allow'].split(', ')
+          assert_same_elements(['GET', 'POST', 'HEAD', 'OPTIONS'], methods)
+        end
+      end
+
+      context "on OPTIONS /:collection/:id" do
+
+        setup do
+          @response = @request.request('OPTIONS', '/items/xyz', auth_key => remote_user)
+        end
+
+        should "return a 200 status" do
+          assert_equal 200, @response.status
+        end
+
+        should "return a list of available methods" do
+          assert @response['Allow']
+          methods = @response['Allow'].split(', ')
+          assert_same_elements(['GET', 'PUT', 'DELETE', 'HEAD', 'OPTIONS'], methods)
+        end
+      end
+
+      context "on OPTIONS /:collection/:id/versions" do
+      end
+
+      context "on OPTIONS /:collection/:id/versions/:etag" do
+      end
+
+      context "on HEAD" do
+
+        should "return an empty body" do
+          json = JSON.generate(:this => 'that')
+          @store.put('/items/abc', :json => json, :remote_user => remote_user)
+          response = @request.request('HEAD', '/items/abc', auth_key => remote_user)
+          assert_equal '', response.body
+          response = @request.request('HEAD', '/items', auth_key => remote_user)
+          assert_equal '', response.body
+        end
+
+      end
+    end
+  end
+end