edgar-rack 1.2.1

data/test/multipart/file1.txt

@@ -0,0 +1 @@
+contents

data/test/multipart/filename_and_modification_param

@@ -0,0 +1,7 @@
+--AaB03x
+Content-Type: image/jpeg
+Content-Disposition: attachment; name="files"; filename=genome.jpeg; modification-date="Wed, 12 Feb 1997 16:29:51 -0500";
+Content-Description: a complete map of the human genome
+
+contents
+--AaB03x--

data/test/multipart/filename_with_escaped_quotes

@@ -0,0 +1,6 @@
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="escape \"quotes"
+Content-Type: application/octet-stream
+
+contents
+--AaB03x--

data/test/multipart/filename_with_escaped_quotes_and_modification_param

@@ -0,0 +1,7 @@
+--AaB03x
+Content-Type: image/jpeg
+Content-Disposition: attachment; name="files"; filename=""human" genome.jpeg"; modification-date="Wed, 12 Feb 1997 16:29:51 -0500";
+Content-Description: a complete map of the human genome
+
+contents
+--AaB03x--

data/test/multipart/filename_with_percent_escaped_quotes

@@ -0,0 +1,6 @@
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="escape %22quotes"
+Content-Type: application/octet-stream
+
+contents
+--AaB03x--

data/test/multipart/filename_with_unescaped_quotes

@@ -0,0 +1,6 @@
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="escape "quotes"
+Content-Type: application/octet-stream
+
+contents
+--AaB03x--

data/test/multipart/ie

@@ -0,0 +1,6 @@
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="C:\Documents and Settings\Administrator\Desktop\file1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/multipart/nested

@@ -0,0 +1,10 @@
+--AaB03x
+Content-Disposition: form-data; name="foo[submit-name]"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="foo[files]"; filename="file1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/multipart/none

@@ -0,0 +1,9 @@
+--AaB03x
+Content-Disposition: form-data; name="submit-name"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="files"; filename=""
+
+
+--AaB03x--

data/test/multipart/semicolon

@@ -0,0 +1,6 @@
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="fi;le1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/multipart/text

@@ -0,0 +1,15 @@
+--AaB03x
+Content-Disposition: form-data; name="submit-name"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="submit-name-with-content"
+Content-Type: text/plain
+
+Berry
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="file1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/rackup/config.ru

@@ -0,0 +1,31 @@
+require "#{File.dirname(__FILE__)}/../testrequest"
+
+$stderr = File.open("#{File.dirname(__FILE__)}/log_output", "w")
+
+class EnvMiddleware
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    # provides a way to test that lint is present
+    if env["PATH_INFO"] == "/broken_lint"
+      return [200, {}, ["Broken Lint"]]
+    # provides a way to kill the process without knowing the pid
+    elsif env["PATH_INFO"] == "/die"
+      exit!
+    end
+
+    env["test.$DEBUG"]      = $DEBUG
+    env["test.$EVAL"]       = BUKKIT if defined?(BUKKIT)
+    env["test.$VERBOSE"]    = $VERBOSE
+    env["test.$LOAD_PATH"]  = $LOAD_PATH
+    env["test.stderr"]      = File.expand_path($stderr.path)
+    env["test.Ping"]        = defined?(Ping)
+    env["test.pid"]         = Process.pid
+    @app.call(env)
+  end
+end
+
+use EnvMiddleware
+run TestRequest.new

data/test/spec_auth_basic.rb

@@ -0,0 +1,70 @@
+require 'rack/auth/basic'
+require 'rack/mock'
+
+describe Rack::Auth::Basic do
+  def realm
+    'WallysWorld'
+  end
+
+  def unprotected_app
+    lambda { |env| [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ] }
+  end
+
+  def protected_app
+    app = Rack::Auth::Basic.new(unprotected_app) { |username, password| 'Boss' == username }
+    app.realm = realm
+    app
+  end
+
+  before do
+    @request = Rack::MockRequest.new(protected_app)
+  end
+
+  def request_with_basic_auth(username, password, &block)
+    request 'HTTP_AUTHORIZATION' => 'Basic ' + ["#{username}:#{password}"].pack("m*"), &block
+  end
+
+  def request(headers = {})
+    yield @request.get('/', headers)
+  end
+
+  def assert_basic_auth_challenge(response)
+    response.should.be.a.client_error
+    response.status.should.equal 401
+    response.should.include 'WWW-Authenticate'
+    response.headers['WWW-Authenticate'].should =~ /Basic realm="#{Regexp.escape(realm)}"/
+    response.body.should.be.empty
+  end
+
+  should 'challenge correctly when no credentials are specified' do
+    request do |response|
+      assert_basic_auth_challenge response
+    end
+  end
+
+  should 'rechallenge if incorrect credentials are specified' do
+    request_with_basic_auth 'joe', 'password' do |response|
+      assert_basic_auth_challenge response
+    end
+  end
+
+  should 'return application output if correct credentials are specified' do
+    request_with_basic_auth 'Boss', 'password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Boss'
+    end
+  end
+
+  should 'return 400 Bad Request if different auth scheme used' do
+    request 'HTTP_AUTHORIZATION' => 'Digest params' do |response|
+      response.should.be.a.client_error
+      response.status.should.equal 400
+      response.should.not.include 'WWW-Authenticate'
+    end
+  end
+
+  it 'takes realm as optional constructor arg' do
+    app = Rack::Auth::Basic.new(unprotected_app, realm) { true }
+    realm.should == app.realm
+  end
+end

data/test/spec_auth_digest.rb

@@ -0,0 +1,241 @@
+require 'rack/auth/digest/md5'
+require 'rack/mock'
+
+describe Rack::Auth::Digest::MD5 do
+  def realm
+    'WallysWorld'
+  end
+
+  def unprotected_app
+    lambda do |env|
+      friend = Rack::Utils.parse_query(env["QUERY_STRING"])["friend"]
+      [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}#{friend ? " and #{friend}" : ''}"] ]
+    end
+  end
+
+  def protected_app
+    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
+      { 'Alice' => 'correct-password' }[username]
+    end
+    app.realm = realm
+    app.opaque = 'this-should-be-secret'
+    app
+  end
+
+  def protected_app_with_hashed_passwords
+    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
+      username == 'Alice' ? Digest::MD5.hexdigest("Alice:#{realm}:correct-password") : nil
+    end
+    app.realm = realm
+    app.opaque = 'this-should-be-secret'
+    app.passwords_hashed = true
+    app
+  end
+
+  def partially_protected_app
+    Rack::URLMap.new({
+      '/' => unprotected_app,
+      '/protected' => protected_app
+    })
+  end
+
+  def protected_app_with_method_override
+    Rack::MethodOverride.new(protected_app)
+  end
+
+  before do
+    @request = Rack::MockRequest.new(protected_app)
+  end
+
+  def request(method, path, headers = {}, &block)
+    response = @request.request(method, path, headers)
+    block.call(response) if block
+    return response
+  end
+
+  class MockDigestRequest
+    def initialize(params)
+      @params = params
+    end
+    def method_missing(sym)
+      if @params.has_key? k = sym.to_s
+        return @params[k]
+      end
+      super
+    end
+    def method
+      @params['method']
+    end
+    def response(password)
+      Rack::Auth::Digest::MD5.new(nil).send :digest, self, password
+    end
+  end
+
+  def request_with_digest_auth(method, path, username, password, options = {}, &block)
+    request_options = {}
+    request_options[:input] = options.delete(:input) if options.include? :input
+
+    response = request(method, path, request_options)
+
+    return response unless response.status == 401
+
+    if wait = options.delete(:wait)
+      sleep wait
+    end
+
+    challenge = response['WWW-Authenticate'].split(' ', 2).last
+
+    params = Rack::Auth::Digest::Params.parse(challenge)
+
+    params['username'] = username
+    params['nc'] = '00000001'
+    params['cnonce'] = 'nonsensenonce'
+    params['uri'] = path
+
+    params['method'] = method
+
+    params.update options
+
+    params['response'] = MockDigestRequest.new(params).response(password)
+
+    request(method, path, request_options.merge('HTTP_AUTHORIZATION' => "Digest #{params}"), &block)
+  end
+
+  def assert_digest_auth_challenge(response)
+    response.should.be.a.client_error
+    response.status.should.equal 401
+    response.should.include 'WWW-Authenticate'
+    response.headers['WWW-Authenticate'].should =~ /^Digest /
+    response.body.should.be.empty
+  end
+
+  def assert_bad_request(response)
+    response.should.be.a.client_error
+    response.status.should.equal 400
+    response.should.not.include 'WWW-Authenticate'
+  end
+
+  should 'challenge when no credentials are specified' do
+    request 'GET', '/' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  should 'return application output if correct credentials given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  should 'return application output if correct credentials given (hashed passwords)' do
+    @request = Rack::MockRequest.new(protected_app_with_hashed_passwords)
+
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  should 'rechallenge if incorrect username given' do
+    request_with_digest_auth 'GET', '/', 'Bob', 'correct-password' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  should 'rechallenge if incorrect password given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'wrong-password' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  should 'rechallenge with stale parameter if nonce is stale' do
+    begin
+      Rack::Auth::Digest::Nonce.time_limit = 1
+
+      request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 2 do |response|
+        assert_digest_auth_challenge response
+        response.headers['WWW-Authenticate'].should =~ /\bstale=true\b/
+      end
+    ensure
+      Rack::Auth::Digest::Nonce.time_limit = nil
+    end
+  end
+
+  should 'return 400 Bad Request if incorrect qop given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response|
+      assert_bad_request response
+    end
+  end
+
+  should 'return 400 Bad Request if incorrect uri given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response|
+      assert_bad_request response
+    end
+  end
+
+  should 'return 400 Bad Request if different auth scheme used' do
+    request 'GET', '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response|
+      assert_bad_request response
+    end
+  end
+
+  should 'not require credentials for unprotected path' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request 'GET', '/' do |response|
+      response.should.be.ok
+    end
+  end
+
+  should 'challenge when no credentials are specified for protected path' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request 'GET', '/protected' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  should 'return application output if correct credentials given for protected path' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request_with_digest_auth 'GET', '/protected', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  should 'return application output when used with a query string and path as uri' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request_with_digest_auth 'GET', '/protected?friend=Mike', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice and Mike'
+    end
+  end
+
+  should 'return application output when used with a query string and fullpath as uri' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    qs_uri = '/protected?friend=Mike'
+    request_with_digest_auth 'GET', qs_uri, 'Alice', 'correct-password', 'uri' => qs_uri do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice and Mike'
+    end
+  end
+
+  should 'return application output if correct credentials given for POST' do
+    request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  should 'return application output if correct credentials given for PUT (using method override of POST)' do
+    @request = Rack::MockRequest.new(protected_app_with_method_override)
+    request_with_digest_auth 'POST', '/', 'Alice', 'correct-password', :input => "_method=put" do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  it 'takes realm as optional constructor arg' do
+    app = Rack::Auth::Digest::MD5.new(unprotected_app, realm) { true }
+    realm.should == app.realm
+  end
+end

data/test/spec_builder.rb

@@ -0,0 +1,123 @@
+require 'rack/builder'
+require 'rack/mock'
+require 'rack/showexceptions'
+require 'rack/urlmap'
+
+class NothingMiddleware
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    @@env = env
+    response = @app.call(env)
+    response
+  end
+  def self.env
+    @@env
+  end
+end
+
+describe Rack::Builder do
+  it "supports mapping" do
+    app = Rack::Builder.new do
+      map '/' do |outer_env|
+        run lambda { |inner_env| [200, {}, ['root']] }
+      end
+      map '/sub' do
+        run lambda { |inner_env| [200, {}, ['sub']] }
+      end
+    end.to_app
+    Rack::MockRequest.new(app).get("/").body.to_s.should.equal 'root'
+    Rack::MockRequest.new(app).get("/sub").body.to_s.should.equal 'sub'
+  end
+
+  it "doesn't dupe env even when mapping" do
+    app = Rack::Builder.new do
+      use NothingMiddleware
+      map '/' do |outer_env|
+        run lambda { |inner_env|
+          inner_env['new_key'] = 'new_value'
+          [200, {}, ['root']]
+        }
+      end
+    end.to_app
+    Rack::MockRequest.new(app).get("/").body.to_s.should.equal 'root'
+    NothingMiddleware.env['new_key'].should.equal 'new_value'
+  end
+
+  it "chains apps by default" do
+    app = Rack::Builder.new do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end.to_app
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  it "has implicit #to_app" do
+    app = Rack::Builder.new do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  it "supports blocks on use" do
+    app = Rack::Builder.new do
+      use Rack::ShowExceptions
+      use Rack::Auth::Basic do |username, password|
+        'secret' == password
+      end
+
+      run lambda { |env| [200, {}, ['Hi Boss']] }
+    end
+
+    response = Rack::MockRequest.new(app).get("/")
+    response.should.be.client_error
+    response.status.should.equal 401
+
+    # with auth...
+    response = Rack::MockRequest.new(app).get("/",
+        'HTTP_AUTHORIZATION' => 'Basic ' + ["joe:secret"].pack("m*"))
+    response.status.should.equal 200
+    response.body.to_s.should.equal 'Hi Boss'
+  end
+
+  it "has explicit #to_app" do
+    app = Rack::Builder.app do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  should "initialize apps once" do
+    app = Rack::Builder.new do
+      class AppClass
+        def initialize
+          @called = 0
+        end
+        def call(env)
+          raise "bzzzt"  if @called > 0
+        @called += 1
+          [200, {'Content-Type' => 'text/plain'}, ['OK']]
+        end
+      end
+
+      use Rack::ShowExceptions
+      run AppClass.new
+    end
+
+    Rack::MockRequest.new(app).get("/").status.should.equal 200
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+end