dav4rack 0.2.11 → 0.3.0

data/CHANGELOG.rdoc

@@ -0,0 +1,109 @@
+=== v0.3.0
+* New minor release towards full litmus pass
+* Litmus passing: basic, copymove, props
+* Litmus in progress: locks
+* Internal reorganization of file structures
+* Propfind updates to provide proper returns (thanks {schmurfy}[https://github.com/schmurfy])
+* Properly detect malformed propfind requests
+* Updated custom attribute storage
+* Allow customized DAV headers (thanks {schmurfy}[https://github.com/schmurfy])
+* Extract parent collection detection to resource (thanks {schmurfy}[https://github.com/schmurfy])
+* Start of new locking implementation
+* Fix rack #serving usage in DAV4Rack::File (thanks {pifleo}[https://github.com/pifleo])
+* Force file namespacing in file resource to prevent conflicts with DAV4Rack::File (thanks {pifleo}[https://github.com/pifleo])
+* Add ability to build xml from within a resource (thanks {mlmorg}[https://github.com/mlmorg])
+
+=== v0.2.11
+* URL escaping updates (thanks {exabugs}[https://github.com/exabugs])
+* Return status updates to match RFC (thanks {exabugs}[https://github.com/exabugs])
+* Add option to provide httpdate formatted creation date to MS clients (thanks {doxavore}[https://github.com/doxavore])
+* New MongoDB resource (thanks {exabugs}[https://github.com/exabugs])
+* Controller subclass support (thanks {inferiorhumanorgans}[https://github.com/inferiorhumanorgans])
+* Root XML attributes (thanks {inferiorhumanorgans}[https://github.com/inferiorhumanorgans])
+* Allow propstat to return relative paths (apple carddav hack) (thanks {inferiorhumanorgans}[https://github.com/inferiorhumanorgans])
+
+=== v0.2.10
+* Fix unicorn starting from exec script (thanks {spicyj}[https://github.com/spicyj])
+* Return correct size using #bytesize instead of #size (thanks {TurchenkoAlex}[https://github.com/TurchenkoAlex])
+
+=== v0.2.9
+* Be less restrictive of Nokogiri dependency
+
+=== v0.2.8
+* Allow custom logger types to be used
+* Allow resource to handle existence on locking (fixes issue {#21}[https://github.com/chrisroberts/dav4rack/issues/21] thanks {doxavore}[https://github.com/doxavore])
+* Removed exception based control flow in favor of logic based control flow
+
+=== v0.2.7
+* Include location content within PUT response body (fixes issue described in {#20}[https://github.com/chrisroberts/dav4rack/issues/20])
+
+=== v0.2.6
+* Update response header from PUT to use Location
+
+=== v0.2.5
+* Return Created response in favor of current multi status response on PUT (thanks {buffym}[https://github.com/buffym])
+* Show class 1 compliance to be in accordance with WebDAV spec (thanks {buffym}[https://github.com/buffym])
+* Adds setup method to skip alias list for resources (thanks {jbangert}[https://github.com/jbangert])
+* Allow existing logger instance to be provided
+
+=== v0.2.4
+* Return absolute URI from #mkcol and #put (thanks {teefax}[http://github.com/teefax])
+* Nodes with text children properly serialized (pointed out by {jeffhos}[http://github.com/jeffhos])
+* Fixed bug in file locking (pointed out by {clyfe}[http://github.com/clyfe] with fix provided by {teefax}[http://github.com/teefax])
+
+=== v0.2.3
+* Completing missed step in last packaging
+
+=== v0.2.2
+* Fix for port numbers in host (thanks {krug}[http://github.com/krug])
+
+=== v0.2.1
+* Fix for better handling of MOVEs with badly encoded URLS
+
+=== v0.2.0
+* Update to remote URL is passed to NGINX for proxying. Use headers instead of request
+
+=== v0.1.8
+* Better exception handling for error logging
+* Send overwrite flag to Resource#move
+
+=== v0.1.7
+* Fix in interceptor to use correct File
+
+=== v0.1.6
+* Add DAV4Rack::File that overloads just enough of Rack::File to allow explicit path setting
+
+=== v0.1.5
+* Remove support for options[:delete_dotfiles]
+* Allow HTTP methods to be ignored within interceptor
+* Add owner information to lock response
+* Initial update of spec to work with DAV4Rack
+* Copy and delete recursively
+* Add expected overwrite for copy/move on resource (thanks {clyfe}[http://github.com/clyfe])
+* Add overwrite logic for copy/move on FileResource
+* Removed callback authentication from FileResource (uses simple controller based auth)
+
+=== v0.1.4
+* Fix for Rack::File issue (thanks {clyfe}[http://github.com/clyfe])
+* Logging now optional on executable
+* Include propstats even if empty (this resolves an issue in cyberduck not displaying files)
+
+=== v0.1.3
+* Fix for Hash modification issues in Ruby 1.9.2 (thanks {antiloopgmbh}[http://github.com/antiloopgmbh])
+* Fix executable to properly fallback
+* Use callback authentication in FileResource to allow for no auth
+
+=== v0.1.2
+* Add sendfile support (currently only tested on nginx)
+
+=== v0.1.1
+* Add logging capability
+* Simplify Interceptor mappings (provide options in hash instead of explicit :options)
+
+=== v0.1.0
+* Callbacks available for resources
+* RemoteFile more aligned with Rack::File
+* Return multistatus responses PUT MKCOL and COPY/MOVE
+* Executable now uses Unicorn, Mongrel and WEBrick in that order
+* Simple resource locking enabled by default
+* Updated FileResource to work properly with new architecture

data/README.rdoc

@@ -286,6 +286,11 @@ Something special to notice in the last example is the DAV_ prefix on authentica
 any callbacks being applied to the given method. This allows us to provide a public method that the callback can access on the resource
 without getting stuck in a loop.
 
+== Software using DAV4Rack!
+
+* {meishi}[https://github.com/inferiorhumanorgans/meishi] - Lightweight CardDAV implementation in Rails
+* {dav4rack_ext}[https://github.com/schmurfy/dav4rack_ext] - CardDAV extension. (CalDAV planned)
+
 == Issues/Bugs/Questions
 
 === Known Issues
@@ -313,6 +318,9 @@ A big thanks to everyone contributing to help make this project better.
 * {TurchenkoAlex}[https://github.com/TurchenkoAlex]
 * {exabugs}[https://github.com/exabugs]
 * {inferiorhumanorgans}[https://github.com/inferiorhumanorgans]
+* {schmurfy}[https://github.com/schmurfy]
+* {pifleo}[https://github.com/pifleo]
+* {mlmorg}[https://github.com/mlmorg]
 
 == License
 

data/dav4rack.gemspec

@@ -15,26 +15,5 @@ Gem::Specification.new do |s|
   s.add_dependency 'nokogiri', '>= 1.4.2'
   s.add_dependency 'uuidtools', '~> 2.1.1'
   s.add_dependency 'rack', '>= 1.1.0'
-  s.files = %w{
-.gitignore
-LICENSE
-dav4rack.gemspec
-lib/dav4rack.rb
-lib/dav4rack/file_resource.rb
-lib/dav4rack/handler.rb
-lib/dav4rack/controller.rb
-lib/dav4rack/http_status.rb
-lib/dav4rack/resource.rb
-lib/dav4rack/interceptor.rb
-lib/dav4rack/interceptor_resource.rb
-lib/dav4rack/remote_file.rb
-lib/dav4rack/file.rb
-lib/dav4rack/lock.rb
-lib/dav4rack/lock_store.rb
-lib/dav4rack/logger.rb
-lib/dav4rack/version.rb
-bin/dav4rack
-spec/handler_spec.rb
-README.rdoc
-}
+  s.files = %w(dav4rack.gemspec README.rdoc CHANGELOG.rdoc LICENSE) + Dir.glob("{bin,lib}/**/*")
 end

data/lib/dav4rack.rb

@@ -3,7 +3,12 @@ require 'uri'
 require 'nokogiri'
 
 require 'rack'
+require 'dav4rack/utils'
 require 'dav4rack/http_status'
 require 'dav4rack/resource'
 require 'dav4rack/handler'
 require 'dav4rack/controller'
+
+module DAV4Rack
+  IS_18 = RUBY_VERSION[0,3] == '1.8'
+end

data/lib/dav4rack/controller.rb

@@ -4,6 +4,7 @@ module DAV4Rack
   
   class Controller
     include DAV4Rack::HTTPStatus
+    include DAV4Rack::Utils
     
     attr_reader :request, :response, :resource
 
@@ -17,7 +18,15 @@ module DAV4Rack
       @request = request
       @response = response
       @options = options
+      
+      @dav_extensions = options.delete(:dav_extensions) || []
+      @always_include_dav_header = options.delete(:always_include_dav_header)
+      
       @resource = resource_class.new(actual_path, implied_path, @request, @response, @options)
+      
+      if(@always_include_dav_header)
+        add_dav_header
+      end
     end
     
     # s:: string
@@ -34,13 +43,20 @@ module DAV4Rack
     # Unescape URL string
     def url_unescape(s)
       URI.unescape(s)
-    end  
+    end
+    
+    def add_dav_header
+      unless(response['Dav'])
+        dav_support = %w(1 2) + @dav_extensions
+        response['Dav'] = dav_support.join(', ')
+      end
+    end
     
     # Return response to OPTIONS
     def options
-      response["Allow"] = 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK'
-      response["Dav"] = "1, 2"
-      response["Ms-Author-Via"] = "DAV"
+      add_dav_header
+      response['Allow'] = 'OPTIONS,HEAD,GET,PUT,POST,DELETE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK'
+      response['Ms-Author-Via'] = 'DAV'
       OK
     end
     
@@ -76,10 +92,10 @@ module DAV4Rack
     def put
       if(resource.collection?)
         Forbidden
-      elsif(!resource.parent_exists? || !resource.parent.collection?)
+      elsif(!resource.parent_exists? || !resource.parent_collection?)
         Conflict
       else
-        resource.lock_check
+        resource.lock_check if resource.supports_locking?
         status = resource.put(request, response)
         response['Location'] = "#{scheme}://#{host}:#{port}#{url_format(resource)}" if status == Created
         response.body = response['Location']
@@ -95,7 +111,7 @@ module DAV4Rack
     # Return response to DELETE
     def delete
       if(resource.exist?)
-        resource.lock_check
+        resource.lock_check if resource.supports_locking?
         resource.delete
       else
         NotFound
@@ -104,7 +120,7 @@ module DAV4Rack
     
     # Return response to MKCOL
     def mkcol
-      resource.lock_check
+      resource.lock_check if resource.supports_locking?
       status = resource.make_collection
       gen_url = "#{scheme}://#{host}:#{port}#{url_format(resource)}" if status == Created
       if(resource.use_compat_mkcol_response?)
@@ -132,7 +148,7 @@ module DAV4Rack
       unless(resource.exist?)
         NotFound
       else
-        resource.lock_check unless args.include?(:copy)
+        resource.lock_check if resource.supports_locking? && !args.include(:copy)
         destination = url_unescape(env['HTTP_DESTINATION'].sub(%r{https?://([^/]+)}, ''))
         dest_host = $1
         if(dest_host && dest_host.gsub(/:\d{2,5}$/, '') != request.host)
@@ -165,25 +181,33 @@ module DAV4Rack
       end
     end
     
-    # Return respoonse to PROPFIND
+    # Return response to PROPFIND
     def propfind
       unless(resource.exist?)
         NotFound
       else
         unless(request_document.xpath("//#{ns}propfind/#{ns}allprop").empty?)
-          names = resource.property_names
+          properties = resource.properties
         else
-          names = (
-            ns.empty? ? request_document.remove_namespaces! : request_document
-          ).xpath(
-            "//#{ns}propfind/#{ns}prop"
-          ).children.find_all{ |item|
-            item.element? && item.name.start_with?(ns)
-          }.map{ |item|
-            item.name.sub("#{ns}::", '')
-          }
-          raise BadRequest if names.empty?
-          names = resource.property_names if names.empty?
+          check = request_document.xpath("//#{ns}propfind")
+          if(check && !check.empty?)
+            properties = request_document.xpath(
+              "//#{ns}propfind/#{ns}prop"
+            ).children.find_all{ |item|
+              item.element?
+            }.map{ |item|
+              # We should do this, but Nokogiri transforms prefix w/ null href into
+              # something valid.  Oops.
+              # TODO: Hacky grep fix that's horrible
+              hsh = to_element_hash(item)
+              if(hsh.namespace.nil? && !ns.empty?)
+                raise BadRequest if request_document.to_s.scan(%r{<#{item.name}[^>]+xmlns=""}).empty?
+              end
+              hsh
+            }.compact
+          else
+            raise BadRequest
+          end
         end
         multistatus do |xml|
           find_resources.each do |resource|
@@ -193,7 +217,7 @@ module DAV4Rack
               else
                 xml.href url_format(resource)
               end
-              propstats(xml, get_properties(resource, names))
+              propstats(xml, get_properties(resource, properties.empty? ? resource.properties : properties))
             end
           end
         end
@@ -205,14 +229,32 @@ module DAV4Rack
       unless(resource.exist?)
         NotFound
       else
-        resource.lock_check
-        prop_rem = request_match('/propertyupdate/remove/prop').children.map{|n| [n.name] }
-        prop_set = request_match('/propertyupdate/set/prop').children.map{|n| [n.name, n.text] }
+        resource.lock_check if resource.supports_locking?
+        prop_actions = []
+        request_document.xpath("/#{ns}propertyupdate").children.each do |element|
+          case element.name
+          when 'set', 'remove'
+            prp = element.children.detect{|e|e.name == 'prop'}
+            if(prp)
+              prp.children.each do |elm|
+                next if elm.name == 'text'
+                prop_actions << {:type => element.name, :name => to_element_hash(elm), :value => elm.text}
+              end
+            end
+          end
+        end
         multistatus do |xml|
           find_resources.each do |resource|
             xml.response do
               xml.href "#{scheme}://#{host}:#{port}#{url_format(resource)}"
-              propstats(xml, set_properties(resource, prop_set))
+              prop_actions.each do |action|
+                case action[:type]
+                when 'set'
+                  propstats(xml, set_properties(resource, action[:name] => action[:value]))
+                when 'remove'
+                  rm_properties(resource, action[:name] => action[:value])
+                end
+              end
             end
           end
         end
@@ -260,6 +302,7 @@ module DAV4Rack
               end
             end
           end
+          response.headers['Lock-Token'] = locktoken
           response.status = resource.exist? ? OK : Created
         rescue LockFailure => e
           multistatus do |xml|
@@ -300,9 +343,6 @@ module DAV4Rack
       raise Unauthorized unless authed
     end
     
-    # ************************************************************
-    # private methods
-    
     private
 
     # Request environment variables
@@ -402,22 +442,21 @@ module DAV4Rack
 
     # Namespace being used within XML document
     # TODO: Make this better
-    def ns
+    def ns(wanted_uri="DAV:")
       _ns = ''
       if(request_document && request_document.root && request_document.root.namespace_definitions.size > 0)
-        _ns = request_document.root.namespace_definitions.first.prefix.to_s
+        _ns = request_document.root.namespace_definitions.collect{|__ns| __ns if __ns.href == wanted_uri}.compact
+        if _ns.empty?
+          _ns = request_document.root.namespace_definitions.first.prefix.to_s if _ns.empty?
+        else
+          _ns = _ns.first
+          _ns = _ns.prefix.nil? ? 'xmlns' : _ns.prefix.to_s
+        end
         _ns += ':' unless _ns.empty?
       end
       _ns
     end
     
-    # pattern:: XPath pattern
-    # Search XML document for given XPath
-    # TODO: Stripping namespaces not so great
-    def request_match(pattern)
-      request_document.remove_namespaces!.xpath(pattern, request_document.root.namespaces)
-    end
-
     # root_type:: Root tag name
     # Render XML and set Rack::Response#body= to final XML
     def render_xml(root_type)
@@ -462,35 +501,44 @@ module DAV4Rack
     end
 
     # resource:: Resource
-    # names:: Property names
+    # elements:: Property hashes (name, ns_href, children)
     # Returns array of property values for given names
-    def get_properties(resource, names)
+    def get_properties(resource, elements)
       stats = Hash.new { |h, k| h[k] = [] }
-      for name in names
+      for element in elements
         begin
-          val = resource.get_property(name)
-          stats[OK].push [name, val]
+          val = resource.get_property(element)
+          stats[OK] << [element, val]
         rescue Unauthorized => u
           raise u
         rescue Status
-          stats[$!.class] << name
+          stats[$!.class] << element
         end
       end
       stats
     end
 
     # resource:: Resource
-    # pairs:: name value pairs
+    # elements:: Property hashes (name, namespace, children)
+    # Removes the given properties from a resource
+    def rm_properties(resource, elements)
+      for element, value in elements
+        resource.remove_property(element)
+      end
+    end
+
+    # resource:: Resource
+    # elements:: Property hashes (name, namespace, children)
     # Sets the given properties
-    def set_properties(resource, pairs)
+    def set_properties(resource, elements)
       stats = Hash.new { |h, k| h[k] = [] }
-      for name, value in pairs
+      for element, value in elements
         begin
-          stats[OK] << [name, resource.set_property(name, value)]
+          stats[OK] << [element, resource.set_property(element, value)]
         rescue Unauthorized => u
           raise u
         rescue Status
-          stats[$!.class] << name
+          stats[$!.class] << element
         end
       end
       stats
@@ -504,20 +552,36 @@ module DAV4Rack
       for status, props in stats
         xml.propstat do
           xml.prop do
-            for name, value in props
-              if(value.is_a?(Nokogiri::XML::DocumentFragment))
-                xml.__send__ :insert, value
-              elsif(value.is_a?(Nokogiri::XML::Node))
-                xml.send(name) do
-                  xml_convert(xml, value)
+            for element, value in props
+              defn = xml.doc.root.namespace_definitions.find{|ns_def| ns_def.href == element[:ns_href]}
+              if defn.nil?
+                if element[:ns_href] and not element[:ns_href].empty?
+                  _ns = "unknown#{rand(65536)}"
+                  xml.doc.root.add_namespace_definition(_ns, element[:ns_href])
+                else
+                  _ns = nil
                 end
+              else
+                # Unfortunately Nokogiri won't let the null href, non-null prefix happen
+                # So we can't properly handle that error.
+                _ns = element[:ns_href].nil? ? nil : defn.prefix
+              end
+              ns_xml = _ns.nil? ? xml : xml[_ns]
+              if (value.is_a?(Nokogiri::XML::Node)) or (value.is_a?(Nokogiri::XML::DocumentFragment))
+                xml.__send__ :insert, value
               elsif(value.is_a?(Symbol))
-                xml.send(name) do
-                  xml.send(value)
+                ns_xml.send(element[:name]) do
+                  ns_xml.send(value)
                 end
               else
-                xml.send(name, value)
+                ns_xml.send(element[:name], value) do |x|
+                  # Make sure we return valid XML
+                  x.parent.namespace = nil if _ns.nil?
+                end
               end
+
+              # This is gross, but make sure we set the current namespace back to DAV:
+              xml['D']
             end
           end
           xml.status "#{http_version} #{status.status_line}"