drbservice 1.0.4

data/spec/drbservice/passwordauth_spec.rb

@@ -0,0 +1,141 @@
+#!/usr/bin/spec
+
+BEGIN {
+	require 'pathname'
+
+	basedir = Pathname( __FILE__ ).dirname.parent.parent
+	libdir = basedir + 'lib'
+
+	$LOAD_PATH.unshift( basedir.to_s ) unless $LOAD_PATH.include?( basedir.to_s )
+	$LOAD_PATH.unshift( libdir.to_s ) unless $LOAD_PATH.include?( libdir.to_s )
+}
+
+require 'digest/sha2'
+
+require 'rspec'
+require 'spec/lib/helpers'
+
+require 'drbservice'
+require 'drbservice/passwordauth'
+
+
+describe DRbService::PasswordAuthentication do
+	include DRbService::SpecHelpers
+
+	TEST_PASSWORD = 'hungerlumpkins'
+
+	before( :all ) do
+		setup_logging( :fatal )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	describe "mixed into a DRbService" do
+
+		it "provides a declarative to set a password for the service" do
+			serviceclass = Class.new( DRbService ) do
+				include DRbService::PasswordAuthentication
+				def do_some_stuff; return "Yep."; end
+				service_password TEST_PASSWORD
+			end
+			serviceclass.password_digest.should == Digest::SHA2.hexdigest( TEST_PASSWORD )
+		end
+
+		describe "without a password set" do
+
+			before( :all ) do
+				@serviceclass = Class.new( DRbService ) do
+					def do_some_guarded_stuff; return "Ronk."; end
+					unguarded do
+						def do_some_unguarded_stuff; return "Adonk."; end
+					end
+				end
+			end
+
+			before( :each ) do
+				@serviceobj = @serviceclass.new
+			end
+
+
+			it "raises an exception without calling the block on any authentication" do
+				block_called = false
+				expect {
+					@serviceobj.authenticate( '' ) do
+						block_called = true
+					end
+				}.should raise_exception( SecurityError, /authentication failure/i )
+				block_called.should == false
+			end
+
+			it "doesn't allow access to guarded methods" do
+				expect {
+					@serviceobj.do_some_guarded_stuff
+				}.to raise_exception( SecurityError, /not authenticated/i )
+			end
+
+			it "allows access to unguarded methods" do
+				@serviceobj.do_some_unguarded_stuff.should == 'Adonk.'
+			end
+
+		end
+
+
+		describe "instances with a password set" do
+
+			before( :each ) do
+				@serviceclass = Class.new( DRbService ) do
+					include DRbService::PasswordAuthentication
+					service_password TEST_PASSWORD
+					def do_some_guarded_stuff; return "Ronk."; end
+					unguarded do
+						def do_some_unguarded_stuff; return "Adonk."; end
+					end
+				end
+			end
+
+			before( :each ) do
+				@serviceobj = @serviceclass.new
+			end
+
+
+			it "raises an exception without calling the block on failed authentication" do
+				block_called = false
+				expect {
+					@serviceobj.authenticate( '' ) do
+						block_called = true
+					end
+				}.should raise_exception( SecurityError, /authentication failure/i )
+				block_called.should == false
+			end
+
+			it "doesn't allow access to guarded methods before authenticating" do
+				expect {
+					@serviceobj.do_some_guarded_stuff
+				}.to raise_exception( SecurityError, /not authenticated/i )
+			end
+
+			it "allows access to guarded methods after authenticating successfully" do
+				@serviceobj.authenticate( TEST_PASSWORD ) do
+					@serviceobj.do_some_guarded_stuff.should == 'Ronk.'
+				end
+			end
+
+			it "allows access to unguarded methods before authenticating" do
+				@serviceobj.do_some_unguarded_stuff.should == 'Adonk.'
+			end
+
+			it "allows access to unguarded methods after authenticating" do
+				@serviceobj.authenticate( TEST_PASSWORD ) do
+					@serviceobj.do_some_unguarded_stuff.should == 'Adonk.'
+				end
+			end
+
+		end
+
+	end
+
+end
+

data/spec/drbservice_spec.rb

@@ -0,0 +1,168 @@
+#!/usr/bin/spec
+
+BEGIN {
+	require 'pathname'
+
+	basedir = Pathname( __FILE__ ).dirname.parent
+	libdir = basedir + 'lib'
+
+	$LOAD_PATH.unshift( basedir.to_s ) unless $LOAD_PATH.include?( basedir.to_s )
+	$LOAD_PATH.unshift( libdir.to_s ) unless $LOAD_PATH.include?( libdir.to_s )
+}
+
+require 'rspec'
+require 'spec/lib/helpers'
+
+require 'uri'
+require 'drbservice'
+
+
+describe DRbService do
+	include DRbService::SpecHelpers
+
+	SERVICE_URI = URI( "drbssl://localhost:8484" )
+
+	before( :all ) do
+		setup_logging( :fatal )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	it "is always an 'undumped' service object" do
+		testclass = Class.new( DRbService )
+		testclass.should include( DRbUndumped )
+	end
+
+	it "doesn't allow instances to be created of itself" do
+		expect {
+			DRbService.new
+		}.should raise_exception( ScriptError, /can't instantiate/ )
+	end
+
+	it "obscures instance methods declared by subclasses by default" do
+		testclass = Class.new( DRbService ) do
+			def do_some_stuff; return "Yep."; end
+		end
+		testclass.new.should_not respond_to( :do_some_stuff )
+	end
+
+
+	it "provides an 'unguarded' declarative to define instance methods that can " +
+	   "be used without authentication" do
+		testclass = Class.new( DRbService ) do
+			unguarded do
+				def do_some_stuff; return "Yep."; end
+			end
+		end
+		testclass.new.should respond_to( :do_some_stuff )
+	end
+
+
+	describe "subclass" do
+
+		it "is an 'undumped' service objects" do
+			serviceclass = Class.new( DRbService )
+			serviceclass.should include( DRbUndumped )
+		end
+
+		it "obscures instance methods by default" do
+			serviceclass = Class.new( DRbService ) do
+				def do_some_stuff; return "Yep."; end
+			end
+			serviceclass.new.should_not respond_to( :do_some_stuff )
+		end
+
+
+		it "can use an 'unguarded' declarative to define instance methods that can " +
+		   "be used without authentication" do
+			serviceclass = Class.new( DRbService ) do
+				unguarded do
+					def do_some_stuff; return "Yep."; end
+				end
+			end
+			serviceclass.new.should respond_to( :do_some_stuff )
+		end
+
+
+		it "has a .start class method that does the necessary DRb setup and runs the service" do
+			serviceclass = Class.new( DRbService )
+			drbserver = mock( "drb server" )
+			thread = mock( "drb service thread" )
+
+			File.should_receive( :read ).with( 'service-cert.pem' ).
+				and_return( :cert_data )
+			OpenSSL::X509::Certificate.should_receive( :new ).with( :cert_data ).
+				and_return( :ssl_cert )
+			File.should_receive( :read ).with( 'service-key.pem' ).
+				and_return( :key_data )
+			OpenSSL::PKey::RSA.should_receive( :new ).with( :key_data ).
+				and_return( :ssl_key )
+
+			expected_config = {
+				:SSLCertificate => :ssl_cert,
+				:SSLPrivateKey  => :ssl_key,
+				:safe_level     => 1,
+				:verbose        => true,
+			}
+
+	 		DRb::DRbServer.should_receive( :new ).
+				with( SERVICE_URI.to_s, an_instance_of(serviceclass), expected_config ).
+				and_return( drbserver )
+			drbserver.should_receive( :thread ).and_return( thread )
+			thread.should_receive( :join )
+
+			serviceclass.start( :ip => SERVICE_URI.host, :port => SERVICE_URI.port )
+		end
+
+
+		describe "instances without an authentication strategy mixed in" do
+
+			before( :all ) do
+				@serviceclass = Class.new( DRbService ) do
+					def do_some_guarded_stuff; return "Ronk."; end
+
+					unguarded do
+						def make_authenticated
+							self.log.debug "Making it authenticated!"
+							@authenticated = true
+						end
+						def do_some_unguarded_stuff; return "Adonk."; end
+					end
+				end
+			end
+
+			before( :each ) do
+				@serviceobj = @serviceclass.new
+			end
+
+
+			it "raises an exception when #authenticate is called" do
+				expect {
+					@serviceobj.authenticate( '' )
+				}.to raise_exception( SecurityError, /authentication failure/i )
+			end
+
+			it "allows access to unguarded methods without authenticating" do
+				@serviceobj.do_some_unguarded_stuff.should == 'Adonk.'
+			end
+
+			it "knows whether the user is authenticated or not" do
+				@serviceobj.should_not be_authenticated()
+				@serviceobj.make_authenticated
+				@serviceobj.should be_authenticated()
+			end
+
+			it "knows whether the user is authorized or not; in the base class authentication " +
+			   "is sufficient for authorization as well" do
+				@serviceobj.should_not be_authorized()
+				@serviceobj.make_authenticated
+				@serviceobj.should be_authorized()
+			end
+
+		end
+
+	end
+end

data/spec/lib/helpers.rb

@@ -0,0 +1,108 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent
+
+	libdir = basedir + "lib"
+
+	$LOAD_PATH.unshift( basedir.to_s ) unless $LOAD_PATH.include?( basedir.to_s )
+	$LOAD_PATH.unshift( libdir.to_s ) unless $LOAD_PATH.include?( libdir.to_s )
+}
+
+require 'uri'
+require 'yaml'
+require 'drbservice'
+
+
+module DRbService::TestConstants
+
+	VALID_SERVICE_URISTRING = "drbauthssl://localhost:8484"
+	VALID_SERVICE_URI = URI( VALID_SERVICE_URISTRING )
+
+end # module DRbService::TestConstants
+
+
+### RSpec helper functions.
+module DRbService::SpecHelpers
+
+	### Make an easily-comparable version vector out of +ver+ and return it.
+	def vvec( ver )
+		return ver.split('.').collect {|char| char.to_i }.pack('N*')
+	end
+
+
+	class ArrayLogger
+		### Create a new ArrayLogger that will append content to +array+.
+		def initialize( array )
+			@array = array
+		end
+
+		### Write the specified +message+ to the array.
+		def write( message )
+			@array << message
+		end
+
+		### No-op -- this is here just so Logger doesn't complain
+		def close; end
+
+	end # class ArrayLogger
+
+
+	unless defined?( LEVEL )
+		LEVEL = {
+			:debug => Logger::DEBUG,
+			:info  => Logger::INFO,
+			:warn  => Logger::WARN,
+			:error => Logger::ERROR,
+			:fatal => Logger::FATAL,
+		  }
+	end
+
+	###############
+	module_function
+	###############
+
+	### Reset the logging subsystem to its default state.
+	def reset_logging
+		DRbService.reset_logger
+	end
+
+
+	### Alter the output of the default log formatter to be pretty in SpecMate output
+	def setup_logging( level=Logger::FATAL )
+
+		# Turn symbol-style level config into Logger's expected Fixnum level
+		if DRbService::Logging::LEVEL.key?( level )
+			level = DRbService::Logging::LEVEL[ level ]
+		end
+
+		logger = Logger.new( $stderr )
+		DRbService.logger = logger
+		DRbService.logger.level = level
+
+		# Only do this when executing from a spec in TextMate
+		if ENV['HTML_LOGGING'] || (ENV['TM_FILENAME'] && ENV['TM_FILENAME'] =~ /_spec\.rb/)
+			Thread.current['logger-output'] = []
+			logdevice = ArrayLogger.new( Thread.current['logger-output'] )
+			DRbService.logger = Logger.new( logdevice )
+			# DRbService.logger.level = level
+			DRbService.logger.formatter = DRbService::HtmlLogFormatter.new( logger )
+		end
+	end
+
+end
+
+### Mock with Rspec
+RSpec.configure do |c|
+	include DRbService::SpecHelpers,
+	        DRbService::TestConstants
+
+	c.mock_with :rspec
+
+	c.filter_run_excluding( :ruby_1_9_only => true ) unless vvec( RUBY_VERSION ) >= vvec('1.9.0')
+end
+
+# vim: set nosta noet ts=4 sw=4:
+

metadata

@@ -0,0 +1,166 @@
+--- !ruby/object:Gem::Specification
+name: drbservice
+version: !ruby/object:Gem::Version
+  version: 1.0.4
+  prerelease: 
+platform: ruby
+authors:
+- Michael Granger
+autorequire: 
+bindir: bin
+cert_chain:
+- ! '-----BEGIN CERTIFICATE-----
+
+  MIIDLDCCAhSgAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQwwCgYDVQQDDANnZWQx
+
+  FzAVBgoJkiaJk/IsZAEZFgdfYWVyaWVfMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4X
+
+  DTEwMDkxNjE0NDg1MVoXDTExMDkxNjE0NDg1MVowPDEMMAoGA1UEAwwDZ2VkMRcw
+
+  FQYKCZImiZPyLGQBGRYHX2FlcmllXzETMBEGCgmSJomT8ixkARkWA29yZzCCASIw
+
+  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALy//BFxC1f/cPSnwtJBWoFiFrir
+
+  h7RicI+joq/ocVXQqI4TDWPyF/8tqkvt+rD99X9qs2YeR8CU/YiIpLWrQOYST70J
+
+  vDn7Uvhb2muFVqq6+vobeTkILBEO6pionWDG8jSbo3qKm1RjKJDwg9p4wNKhPuu8
+
+  KGue/BFb67KflqyApPmPeb3Vdd9clspzqeFqp7cUBMEpFS6LWxy4Gk+qvFFJBJLB
+
+  BUHE/LZVJMVzfpC5Uq+QmY7B+FH/QqNndn3tOHgsPadLTNimuB1sCuL1a4z3Pepd
+
+  TeLBEFmEao5Dk3K/Q8o8vlbIB/jBDTUx6Djbgxw77909x6gI9doU4LD5XMcCAwEA
+
+  AaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFJeoGkOr9l4B
+
+  +saMkW/ZXT4UeSvVMA0GCSqGSIb3DQEBBQUAA4IBAQBG2KObvYI2eHyyBUJSJ3jN
+
+  vEnU3d60znAXbrSd2qb3r1lY1EPDD3bcy0MggCfGdg3Xu54z21oqyIdk8uGtWBPL
+
+  HIa9EgfFGSUEgvcIvaYqiN4jTUtidfEFw+Ltjs8AP9gWgSIYS6Gr38V0WGFFNzIH
+
+  aOD2wmu9oo/RffW4hS/8GuvfMzcw7CQ355wFR4KB/nyze+EsZ1Y5DerCAagMVuDQ
+
+  U0BLmWDFzPGGWlPeQCrYHCr+AcJz+NRnaHCKLZdSKj/RHuTOt+gblRex8FAh8NeA
+
+  cmlhXe46pZNJgWKbxZah85jIjx95hR8vOI+NAM5iH9kOqK13DrxacTKPhqj5PjwF
+
+  -----END CERTIFICATE-----
+
+'
+date: 2011-08-29 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hoe-mercurial
+  requirement: &70270604159400 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :development
+  prerelease: false
+  version_requirements: *70270604159400
+- !ruby/object:Gem::Dependency
+  name: hoe-highline
+  requirement: &70270604158900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :development
+  prerelease: false
+  version_requirements: *70270604158900
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70270604158380 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :development
+  prerelease: false
+  version_requirements: *70270604158380
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: &70270604157920 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.10'
+  type: :development
+  prerelease: false
+  version_requirements: *70270604157920
+description: ! "DRbService is a framework we use at LAIKA for creating authenticated\nSSL-encrypted
+  DRb services that provide access to privileged operations\nwithout the need to give
+  shell access to everyone.\n\nThere are a few examples in the `examples/` directory
+  of the gem, which\nare stripped-down versions of the services we actually use.\n\nThe
+  current implementation is kind of a hack, but I intend to \neventually finish a
+  DRb protocol that does the same thing in a more\nelegant, less-hackish way, as well
+  as a tool that can generate \na new service along with support files for one of
+  several different \nruntime environments.\n\nIf you're curious, see the `drb/authsslprotocol.rb`
+  file for the \nprotocol. This will replace the current method-hiding code in \n`drbservice.rb`,
+  but existing services should be able to switch over\nquite easily. Or that's the
+  intention."
+email:
+- ged@FaerieMUD.org
+executables: []
+extensions: []
+extra_rdoc_files:
+- Manifest.txt
+- README.rdoc
+- History.rdoc
+files:
+- ChangeLog
+- History.rdoc
+- LICENSE
+- Manifest.txt
+- README.rdoc
+- Rakefile
+- examples/homedirservice.rb
+- examples/rubyversion.rb
+- lib/drb/authsslprotocol.rb
+- lib/drbservice.rb
+- lib/drbservice/ldapauth.rb
+- lib/drbservice/passwordauth.rb
+- lib/drbservice/utils.rb
+- spec/drb/authsslprotocol_spec.rb
+- spec/drbservice/ldapauth_spec.rb
+- spec/drbservice/passwordauth_spec.rb
+- spec/drbservice_spec.rb
+- spec/lib/helpers.rb
+- .gemtest
+homepage: https://bitbucket.org/ged/drbservice
+licenses:
+- BSD
+post_install_message: ! "\n\nThis library isn't really ready for production use yet,
+  but\nfeel free to experiment with it.\n\n\t"
+rdoc_options:
+- --main
+- README.rdoc
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: drbservice
+rubygems_version: 1.8.8
+signing_key: 
+specification_version: 3
+summary: DRbService is a framework we use at LAIKA for creating authenticated SSL-encrypted
+  DRb services that provide access to privileged operations without the need to give
+  shell access to everyone
+test_files: []