door_code 0.0.3 → 0.0.5

data/README.md

@@ -1,19 +1,38 @@
-### DoorCode. Restrict access with a 5-digit PIN code.
+Door Code
+=========
+
+### Restrict access with a 3-6 digit PIN code.
 
 ## Installation
 
-Install with Bundler:
+Rubygems:
+
+    (sudo) gem install door_code
+
+Bundler:
+
+    gem 'door_code', '~> 0.0.3'
 
-    gem 'door_code', '0.0.2'
+### Then
     
 In config.ru:
 
     use DoorCode::RestrictedAccess, :code => '12345'
+  
+    # to use a custom salt for cookie encryption
+    
+    use DoorCode::RestrictedAccess, :code => '12345', :salt => "my super secret code"
+  
+    
     
 In application.rb (Rails3) or environment.rb (Rails2):
 
     config.middleware.use DoorCode::RestrictedAccess, :code => '12345'
 
+## Demo
+
+There is a simple demo application running on Heroku at [http://doorcodedemo.heroku.com](http://doorcodedemo.heroku.com). Log in using the default door code: `12345`
+
 ## Notes
 
 * The default code is '12345'
@@ -21,5 +40,5 @@ In application.rb (Rails3) or environment.rb (Rails2):
 
 ## To Do
 
-* Example app (heroku, sinatra)
 * Allow specifying domains and paths to restrict access conditionally
+* Write more tests

data/Rakefile

@@ -1,2 +1,12 @@
 require 'bundler'
+require 'rake/testtask'
+
 Bundler::GemHelper.install_tasks
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test' << 'lib'
+  t.verbose = true
+end
+
+desc "Default Task"
+task :default => [ :test ]

data/door_code.gemspec

@@ -3,10 +3,10 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "door_code"
-  s.version     = '0.0.3'
+  s.version     = '0.0.5'
   s.platform    = Gem::Platform::RUBY
-  s.authors     = ["Mike Fulcher", "Alex Neill"]
-  s.email       = ["mike@plan9design.co.uk", "alex.neill@gmail.com"]
+  s.authors     = ["Mike Fulcher", "Alex Neill", "Spencer Steffen"]
+  s.email       = ["mike@plan9design.co.uk", "alex.neill@gmail.com", "spencer@citrusme.com"]
   s.homepage    = "https://github.com/6twenty/door_code"
   s.summary     = %q{Restrict access to your site with a 3-6 digit PIN code}
   s.description = %q{Rack middleware which requires that visitors to the site enter a 3-6 digit PIN code to gain access.}
@@ -20,4 +20,8 @@ Gem::Specification.new do |s|
   
   # Runtime
   s.add_runtime_dependency 'rack'
+  
+  s.add_development_dependency 'shoulda', '2.11.3'
+  s.add_development_dependency 'rack-test', '0.5.7'
+  
 end

data/lib/door_code.rb

@@ -1,119 +1,2 @@
-module DoorCode
-  class RestrictedAccess
-    
-    MIN_LENGTH = 3
-    MAX_LENGTH = 6
-    
-    DEFAULT_CODE = '12345'
-    
-    def initialize app, options={}
-      @app = app
-      @code = parse_code(options[:code])
-    end
-    
-    # Ensures the code is good & valid, otherwise
-    # reverts to the default
-    def parse_code code
-      parsed_code = code.gsub(/\D/, '')
-      if parsed_code == code
-        # Means the supplied code contains only digits, which is good
-        # Just need to check that the code length is valid
-        parsed_code = DEFAULT_CODE if code.length < MIN_LENGTH || code.length > MAX_LENGTH
-      else
-        # Means the supplied code contained non-digits, so revert to default
-        parsed_code = DEFAULT_CODE
-      end
-      parsed_code
-    end
-    
-    def cookie_name
-      'door_code'
-    end
-    
-    # Rack::Request wrapper around @env
-    def request
-      @request ||= Rack::Request.new(@env)
-    end
-    
-    # Rack::Response object with which to respond with
-    def response
-      @response ||= Rack::Response.new
-    end
-    
-    # Is the request verb POST?
-    def post?
-      request.request_method == 'POST'
-    end
-    
-    # Was the request called via AJAX?
-    def xhr?
-      @env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest"
-    end
-    
-    # Code supplied from user
-    def supplied_code
-      request.params['code']
-    end
-    
-    # Is the supplied code vaid for the current area
-    def valid_code? code
-      @code == code
-    end
-    
-    # Check if the supplied code is valid;
-    # Either sets a confirming cookie and Success message
-    # or delete any door code cookie and set Failure message
-    def validate_code!
-      valid_code?(supplied_code) ? confirm! : unconfirm!
-    end
-    
-    # Is there a valid code for the area set in the cookie
-    def confirmed?
-      request.cookies[cookie_name] && valid_code?(request.cookies[cookie_name])
-    end
-    
-    # Set a cookie for the correct value (server value may change)
-    # Also set up Success message
-    def confirm!
-      xhr? ? response.write('success') : response.redirect('/')
-      response.set_cookie(cookie_name, {:value => supplied_code, :path => "/"})
-    end
-    
-    # Delete and invalid cookies
-    # Also set up Failure message
-    def unconfirm!
-      xhr? ? response.write('failure') : response.redirect('/')
-      response.delete_cookie(supplied_code)
-    end
-    
-    def code_length
-      @code.length.to_s
-    end
-    
-    def build_rack_objects
-      @request = Rack::Request.new(@env)
-      @response = Rack::Response.new
-    end
-
-    # Where the magic happens...
-    def call env
-      @env = env
-      build_rack_objects
-      
-      return @app.call(env) if confirmed?
-      p 'Loading DoorCode::RestrictedAccess'
-      
-      if post?
-        response['Content-Type'] = 'text/javascript' if xhr?
-        validate_code! # Validate the user's code and set a cookie if valid
-      else
-        index = ::File.read(::File.dirname(__FILE__) + '/index.html')
-        index_with_code_length = index.gsub(/\{\{codeLength\}\}/, code_length)
-        response.write index_with_code_length
-      end
-      
-      # Render response
-      return response.finish
-    end
-  end
-end
+require 'digest/sha1'
+require 'door_code/restricted_access'

data/lib/{index.html → door_code/index.html}

@@ -283,7 +283,10 @@
 
     var interval;
     var code;
-    var codeLength = {{codeLength}};
+    var minLength = 3;
+    var maxLength = 6;
+    
+    var clones;
 
     var defaultClass = 'green';
     var successClass = 'blue';
@@ -321,7 +324,7 @@
       // Map clicking on the keys to showing the number in the display
       $('#keys a').click(function(e){
         e.preventDefault();
-        if ($('.clone').length < codeLength) {
+        if ($('.clone').length <= maxLength) {
           var num = $(this).attr('rel');
           if (num === 'clear' || num === 'help') {
             if (num === 'clear') { reset(); } else
@@ -340,7 +343,7 @@
         if (charCode === backspace) { e.preventDefault(); }
         if (charCode === backspace && $('.clone').length > 0) {
           $('.clone').last().remove();
-        } else if (validKeys.indexOf(charCode) >= 0 && $('.clone').length < codeLength) {
+        } else if (validKeys.indexOf(charCode) >= 0 && $('.clone').length <= maxLength) {
           var n = charCode;
           var num = '';
           if (zero.indexOf(n) >= 0)       { num = 'zero' }
@@ -382,12 +385,11 @@
 
     function checkCode() {
       // Check that the code is the correct length, and check it via ajax
-      if ($('.clone').length == codeLength) {
+      clones = $('.clone');
+      if (clones.length >= minLength && clones.length <= maxLength) {
         // Now we need to manually build the code based on the digits on display
         code = '';
-        $('.clone').each(function(){
-          code += $(this).attr('rel');
-        });
+        $('.clone').each(function(){ code += $(this).attr('rel'); });
         ajax();
       }
     }
@@ -400,7 +402,7 @@
         dataType: "text",
         success: function(data, textStatus, jqXHR){
           if (data === 'success') { showSuccess(); } else
-          if (data === 'failure') { showError(); }
+          if (data === 'failure' && clones.length == maxLength) { showError(); }
         }
       });
     }

data/lib/door_code/restricted_access.rb

@@ -0,0 +1,126 @@
+module DoorCode
+  class RestrictedAccess
+    
+    MIN_LENGTH = 3
+    MAX_LENGTH = 6
+    
+    DEFAULT_CODE = '12345'
+    
+    def initialize app, options={}
+      @app = app
+      @salt = parse_salt(options[:salt])
+      @code = parse_code(options[:code])
+    end
+    
+    # Ensures the code is good & valid, otherwise
+    # reverts to the default
+    def parse_code(code)
+      parsed_code = code.to_s.gsub(/\D/, '')
+      if parsed_code == code
+        # Means the supplied code contains only digits, which is good
+        # Just need to check that the code length is valid
+        parsed_code = DEFAULT_CODE if code.length < MIN_LENGTH || code.length > MAX_LENGTH
+      else
+        # Means the supplied code contained non-digits, so revert to default
+        parsed_code = DEFAULT_CODE
+      end
+      Digest::SHA1.hexdigest("--#{@salt}--#{parsed_code}--")
+    end
+    
+    
+    # Ensures a salt is supplied, otherwise set to default
+    def parse_salt(salt)
+      if 0 < salt.to_s.length
+        salt = Digest::SHA1.hexdigest("Door Code Secret Key")
+      end
+      salt
+    end
+    
+    # Name of the cookie
+    def cookie_name
+      'door_code'
+    end
+    
+    # Returns the value of the saved cookie
+    def cookied_code
+      request.cookies[cookie_name]
+    end
+    
+    
+    # Rack::Request wrapper around @env
+    def request
+      @request ||= Rack::Request.new(@env)
+    end
+    
+    # Rack::Response object with which to respond with
+    def response
+      @response ||= Rack::Response.new
+    end
+    
+    # Encrypted code supplied from user
+    def supplied_code
+      Digest::SHA1.hexdigest("--#{@salt}--#{request.params['code']}--")
+    end
+    
+    # Is the supplied code valid for the current area
+    def valid_code?(code)
+      @code == code
+    end
+    
+    # Check if the supplied code is valid;
+    # Either sets a confirming cookie and Success message
+    # or delete any door code cookie and set Failure message
+    def validate_code!
+      valid_code?(supplied_code) ? confirm! : unconfirm!
+    end
+    
+    # Is there a valid code for the area set in the cookie
+    def confirmed?
+      cookied_code && valid_code?(cookied_code)
+    end
+    
+    # Set a cookie for the correct value (server value may change)
+    # Also set up Success message
+    def confirm!
+      request.xhr? ? response.write('success') : response.redirect('/')
+      response.set_cookie(cookie_name, { :value => supplied_code, :path => "/", :expire_after => (24*60*60) })
+    end
+    
+    # Delete and invalid cookies
+    # Also set up Failure message
+    def unconfirm!
+      request.xhr? ? response.write('failure') : response.redirect('/')
+      response.delete_cookie(supplied_code)
+    end
+    
+    # Creates instances of Rack::Request and Rack::Response
+    def build_rack_objects
+      @request = Rack::Request.new(@env)
+      @response = Rack::Response.new
+    end
+
+    # Where the magic happens...
+    def call(env)
+      @env = env
+      build_rack_objects
+      
+      return @app.call(env) if confirmed?
+      p 'Loading DoorCode::RestrictedAccess'
+      
+      if request.post?
+        response['Content-Type'] = 'text/javascript' if request.xhr?
+        validate_code! # Validate the user's code and set a cookie if valid
+      else
+        
+        # Set request status to Unauthorized
+        #response.status = 401
+    
+        index = ::File.read(::File.dirname(__FILE__) + '/index.html')
+        response.write index
+      end
+            
+      # Render response
+      return response.finish
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,31 @@
+ENV["environment"] = "test"
+
+require 'test/unit'
+require 'rack/test'
+require 'shoulda'
+require 'door_code'
+require 'sinatra/base'
+
+
+module Rack
+  module Test
+    DEFAULT_HOST='localhost'
+  end
+end
+
+class TestingApp < Sinatra::Base
+
+  #set :sessions, false
+
+  use DoorCode::RestrictedAccess, :code => '12345'
+
+  get '/' do
+    'Logged In!'
+  end
+  
+  get '/logout' do
+    response.delete_cookie('door_code')
+    redirect '/'
+  end
+  
+end

data/test/test_restricted_access.rb

@@ -0,0 +1,59 @@
+require 'helper'
+
+# '12345' encrypted with the default salt
+DEFAULT_CODE = '9fa483ac55e30318a84f0046365a21021a409117'
+
+class TestRestrictedAccess < Test::Unit::TestCase
+  
+  include Rack::Test::Methods
+
+  def app
+    TestingApp.new
+  end
+  
+  def setup
+    clear_cookies
+  end
+    
+  should "require login" do
+    get "/"
+    assert_equal 200, last_response.status
+    assert last_response.body.include?("Authorized Personnel Only")
+  end
+
+  should "validate login" do
+    post "/", { "code" => "12345" }
+    assert_equal 302, last_response.status
+    
+    follow_redirect!    
+    
+    assert_equal 200, last_response.status
+    assert last_response.body.include?("Logged In")
+    assert_equal DEFAULT_CODE, rack_mock_session.cookie_jar['door_code']
+  end
+
+
+  context "when cookie exists" do
+
+    setup do
+      set_cookie("door_code=#{DEFAULT_CODE}")
+    end
+  
+    should "allow authorized cookies" do
+      get "/"
+      assert_equal 200, last_response.status
+      assert last_response.body.include?("Logged In")
+    end
+  
+    should "logout" do
+      get "/logout"
+      assert_equal 302, last_response.status
+      
+      follow_redirect!
+    
+      assert_equal 200, last_response.status
+      assert last_response.body.include?("Authorized Personnel Only")
+    end
+    
+  end
+end

metadata

@@ -1,17 +1,23 @@
 --- !ruby/object:Gem::Specification 
 name: door_code
 version: !ruby/object:Gem::Version 
+  hash: 21
   prerelease: 
-  version: 0.0.3
+  segments: 
+  - 0
+  - 0
+  - 5
+  version: 0.0.5
 platform: ruby
 authors: 
 - Mike Fulcher
 - Alex Neill
+- Spencer Steffen
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2011-02-20 00:00:00 +00:00
+date: 2011-02-21 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -22,13 +28,49 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
         version: "0"
   type: :runtime
   version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: shoulda
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 37
+        segments: 
+        - 2
+        - 11
+        - 3
+        version: 2.11.3
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rack-test
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 0
+        - 5
+        - 7
+        version: 0.5.7
+  type: :development
+  version_requirements: *id003
 description: Rack middleware which requires that visitors to the site enter a 3-6 digit PIN code to gain access.
 email: 
 - mike@plan9design.co.uk
 - alex.neill@gmail.com
+- spencer@citrusme.com
 executables: []
 
 extensions: []
@@ -42,7 +84,10 @@ files:
 - Rakefile
 - door_code.gemspec
 - lib/door_code.rb
-- lib/index.html
+- lib/door_code/index.html
+- lib/door_code/restricted_access.rb
+- test/helper.rb
+- test/test_restricted_access.rb
 has_rdoc: true
 homepage: https://github.com/6twenty/door_code
 licenses: []
@@ -57,19 +102,26 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 requirements: []
 
 rubyforge_project: door_code
-rubygems_version: 1.5.2
+rubygems_version: 1.5.1
 signing_key: 
 specification_version: 3
 summary: Restrict access to your site with a 3-6 digit PIN code
-test_files: []
-
+test_files: 
+- test/helper.rb
+- test/test_restricted_access.rb