dce_lti 0.4.0 → 0.5.0

data/spec/middleware/dce_lti/cookie_shim_spec.rb

@@ -0,0 +1,58 @@
+module DceLti
+  module Middleware
+    describe CookieShim do
+      include MiddlewareHelpers
+
+      context 'without a cookie' do
+        it 'shims the session into the cookie if there is a session' do
+          app_double = double('App stand-in')
+          allow(app_double).to receive(:call)
+          env = {
+            'QUERY_STRING' => %Q|#{session_key_name}=1000|,
+          }
+
+          middleware = described_class.new(app_double)
+          middleware.call(env)
+
+          expect(app_double).to have_received(:call).with(
+            hash_including('HTTP_COOKIE' => %Q|#{session_key_name}=1000;shimmed_cookie=1|)
+          )
+        end
+
+        it 'does not shim in the cookie if the session is not there' do
+          app_double = double('App stand-in')
+          allow(app_double).to receive(:call)
+          env = {
+            'QUERY_STRING' => ''
+          }
+          middleware = described_class.new(app_double)
+          middleware.call(env)
+
+          expect(app_double).to have_received(:call).with(
+            hash_not_including('HTTP_COOKIE')
+          )
+        end
+      end
+
+      context 'with a cookie' do
+        it 'leaves the cookie untouched' do
+          app_double = double('App stand-in')
+          allow(app_double).to receive(:call)
+          env = {
+            'QUERY_STRING' => 'query_string=100',
+            'HTTP_COOKIE' => 'cookie=beep'
+          }
+          middleware = described_class.new(app_double)
+          middleware.call(env)
+
+          expect(app_double).to have_received(:call).with(
+            hash_including(
+              'HTTP_COOKIE' => 'cookie=beep',
+              'QUERY_STRING' => 'query_string=100'
+            )
+          )
+        end
+      end
+    end
+  end
+end

data/spec/middleware/dce_lti/cookieless_sessions_spec.rb

@@ -0,0 +1,71 @@
+module DceLti
+  module Middleware
+    describe CookielessSessions do
+      include MiddlewareHelpers
+      context 'no cookies or a shimmed cookie' do
+        it 'puts in a session in urls and forms' do
+          app = lambda { |env| [200, {'Content-Type' => 'text/html'}, [html_output]] }
+          session_double = double('session')
+          session_id = '100'
+          allow(session_double).to receive(:id).and_return(session_id)
+
+          environments = [
+            { 'rack.session' => session_double },
+            {
+              'rack.session' => session_double,
+              'HTTP_COOKIE' => %Q|#{session_key_name}=#{session_id};shimmed_cookie=1|
+            }
+          ]
+
+          environments.each do |env|
+            middleware = described_class.new(app)
+            result = middleware.call(env)
+            modified_content = result[2][0]
+
+            expect(modified_content).to include %Q|href="/foobar/?#{session_key_name}=#{session_id}|
+
+            expect(modified_content).to include %Q|<input type="hidden" name="#{session_key_name}" value="#{session_id}">|
+          end
+        end
+      end
+
+      context 'a regular cookied session' do
+        it 'does not put a session in urls and forms' do
+          app = lambda { |env| [200, {'Content-Type' => 'text/html'}, [html_output]] }
+          session_double = double('session')
+          session_id = '100'
+          allow(session_double).to receive(:id).and_return(session_id)
+
+          env = {
+            'rack.session' => session_double,
+            'HTTP_COOKIE' => %Q|#{session_key_name}=#{session_id}|
+          }
+
+          middleware = described_class.new(app)
+          result = middleware.call(env)
+          modified_content = result[2][0]
+
+          expect(modified_content).not_to include %Q|#{session_key_name}|
+          expect(modified_content).to eq html_output
+        end
+      end
+
+      def html_output
+        %Q|<!DOCTYPE html>
+<html>
+  <head>
+  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
+  <title>A title</title>
+</head>
+  <body>
+    <a href="/foobar/" id="a_link">A link</a>
+    <form action="/form/action">
+    </form>
+  </body>
+</html>
+|
+      end
+
+    end
+  end
+end

data/spec/support/dce_lti/middleware_helpers.rb

@@ -0,0 +1,7 @@
+module DceLti
+  module MiddlewareHelpers
+    def session_key_name
+      Rails.application.config.session_options[:key]
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dce_lti
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Dan Collis-Puro
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-11 00:00:00.000000000 Z
+date: 2015-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -52,6 +52,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rack-plastic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.3
+- !ruby/object:Gem::Dependency
+  name: activerecord-session_store
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -191,9 +219,13 @@ files:
 - config/routes.rb
 - db/migrate/20141003180140_create_dce_lti_users.rb
 - db/migrate/20141008172001_create_dce_lti_nonces.rb
+- db/migrate/20150206152909_add_sessions_table.rb
 - lib/dce_lti.rb
 - lib/dce_lti/controller_methods.rb
 - lib/dce_lti/engine.rb
+- lib/dce_lti/middleware/cookie_shim.rb
+- lib/dce_lti/middleware/cookieless_sessions.rb
+- lib/dce_lti/redirect_to_helper.rb
 - lib/dce_lti/version.rb
 - lib/tasks/dce_lti_tasks.rake
 - spec/controllers/dce_lti/configs_controller_spec.rb
@@ -240,6 +272,8 @@ files:
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/factories.rb
+- spec/middleware/dce_lti/cookie_shim_spec.rb
+- spec/middleware/dce_lti/cookieless_sessions_spec.rb
 - spec/models/dce_lti/nonce_spec.rb
 - spec/models/dce_lti/user_spec.rb
 - spec/services/dce_lti/timestamp_validator_spec.rb
@@ -247,6 +281,7 @@ files:
 - spec/spec_helper.rb
 - spec/support/database_cleaner.rb
 - spec/support/dce_lti/configuration_helpers.rb
+- spec/support/dce_lti/middleware_helpers.rb
 - spec/support/factory_girl.rb
 homepage: http://www.dce.harvard.edu/
 licenses:
@@ -268,14 +303,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: A rails engine to make working with LTI easier
 test_files:
+- spec/middleware/dce_lti/cookie_shim_spec.rb
+- spec/middleware/dce_lti/cookieless_sessions_spec.rb
 - spec/spec_helper.rb
 - spec/services/dce_lti/timestamp_validator_spec.rb
 - spec/services/dce_lti/user_initializer_spec.rb
+- spec/support/dce_lti/middleware_helpers.rb
 - spec/support/dce_lti/configuration_helpers.rb
 - spec/support/database_cleaner.rb
 - spec/support/factory_girl.rb