garb 0.2.1 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -8,7 +8,7 @@ garb
8
8
  Changes
9
9
  =======
10
10
 
11
- Version 0.2.0 makes major changes to the way garb is used to build reports.
11
+ Version 0.2.0 makes major changes (compared to 0.1.0) to the way garb is used to build reports.
12
12
  There is now both a module that gets included for generating defined classes.
13
13
  As well as, slight changes to the way that the Report class can be used.
14
14
 
@@ -131,6 +131,19 @@ Filtering
131
131
 
132
132
  report.filters << {:request_uri.eql => '/extend/effectively-using-git-with-subversion/'}
133
133
 
134
+ SSL
135
+ ---
136
+
137
+ Version 0.2.3 includes support for real ssl encryption for authentication. First do:
138
+
139
+ Garb::Session.login(username, password, :secure => true)
140
+
141
+ Next, be sure to download http://curl.haxx.se/ca/cacert.pem into your application somewhere.
142
+ Then, define a constant CA_CERT_FILE and point to that file.
143
+
144
+ For whatever reason, simply creating a new certificate store and setting the defaults would
145
+ not validate the google ssl certificate as authentic.
146
+
134
147
  TODOS
135
148
  -----
136
149
 
@@ -23,24 +23,30 @@ module Garb
23
23
  URI.parse(URL)
24
24
  end
25
25
 
26
- def send_request
26
+ def send_request(ssl_mode)
27
27
  http = Net::HTTP.new(uri.host, uri.port)
28
28
  http.use_ssl = true
29
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE
29
+ http.verify_mode = ssl_mode
30
+
31
+ if ssl_mode == OpenSSL::SSL::VERIFY_PEER
32
+ http.ca_file = CA_CERT_FILE
33
+ end
34
+
30
35
  http.request(build_request) do |response|
31
36
  raise AuthError unless response.is_a?(Net::HTTPOK)
32
37
  end
33
38
  end
34
-
39
+
35
40
  def build_request
36
41
  post = Net::HTTP::Post.new(uri.path)
37
42
  post.set_form_data(parameters)
38
43
  post
39
44
  end
40
45
 
41
- def auth_token
42
- send_request.body.match(/^Auth=(.*)$/)[1]
46
+ def auth_token(opts={})
47
+ ssl_mode = opts[:secure] ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
48
+ send_request(ssl_mode).body.match(/^Auth=(.*)$/)[1]
43
49
  end
44
-
50
+
45
51
  end
46
52
  end
@@ -1,16 +1,16 @@
1
1
  module Garb
2
2
  class Session
3
3
 
4
- def self.login(email, password)
4
+ def self.login(email, password, opts={})
5
5
  @email = email
6
6
  auth_request = AuthenticationRequest.new(email, password)
7
- @auth_token = auth_request.auth_token
7
+ @auth_token = auth_request.auth_token(opts)
8
8
  end
9
-
9
+
10
10
  def self.auth_token
11
11
  @auth_token
12
12
  end
13
-
13
+
14
14
  def self.email
15
15
  @email
16
16
  end
@@ -3,7 +3,7 @@ module Garb
3
3
 
4
4
  MAJOR = 0
5
5
  MINOR = 2
6
- TINY = 1
6
+ TINY = 3
7
7
 
8
8
  def self.to_s # :nodoc:
9
9
  [MAJOR, MINOR, TINY].join('.')
@@ -0,0 +1,67 @@
1
+ ##
2
+ ## cacert.pem-foo -- Bundle of CA Root Certificates
3
+ ##
4
+ ## Converted at: Thu Mar 26 21:23:06 2009 UTC
5
+ ##
6
+ ## This is a bundle of X.509 certificates of public Certificate Authorities
7
+ ## (CA). These were automatically extracted from Mozilla's root certificates
8
+ ## file (certdata.txt). This file can be found in the mozilla source tree:
9
+ ## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'
10
+ ##
11
+ ## It contains the certificates in PEM format and therefore
12
+ ## can be directly used with curl / libcurl / php_curl, or with
13
+ ## an Apache+mod_ssl webserver for SSL client authentication.
14
+ ## Just configure this file as the SSLCACertificateFile.
15
+ ##
16
+
17
+ # ***** BEGIN LICENSE BLOCK *****
18
+ # Version: MPL 1.1/GPL 2.0/LGPL 2.1
19
+ #
20
+ # The contents of this file are subject to the Mozilla Public License Version
21
+ # 1.1 (the "License"); you may not use this file except in compliance with
22
+ # the License. You may obtain a copy of the License at
23
+ # http://www.mozilla.org/MPL/
24
+ #
25
+ # Software distributed under the License is distributed on an "AS IS" basis,
26
+ # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
27
+ # for the specific language governing rights and limitations under the
28
+ # License.
29
+ #
30
+ # The Original Code is the Netscape security libraries.
31
+ #
32
+ # The Initial Developer of the Original Code is
33
+ # Netscape Communications Corporation.
34
+ # Portions created by the Initial Developer are Copyright (C) 1994-2000
35
+ # the Initial Developer. All Rights Reserved.
36
+ #
37
+ # Contributor(s):
38
+ #
39
+ # Alternatively, the contents of this file may be used under the terms of
40
+ # either the GNU General Public License Version 2 or later (the "GPL"), or
41
+ # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
42
+ # in which case the provisions of the GPL or the LGPL are applicable instead
43
+ # of those above. If you wish to allow use of your version of this file only
44
+ # under the terms of either the GPL or the LGPL, and not to allow others to
45
+ # use your version of this file under the terms of the MPL, indicate your
46
+ # decision by deleting the provisions above and replace them with the notice
47
+ # and other provisions required by the GPL or the LGPL. If you do not delete
48
+ # the provisions above, a recipient may use your version of this file under
49
+ # the terms of any one of the MPL, the GPL or the LGPL.
50
+ #
51
+ # ***** END LICENSE BLOCK *****
52
+ # @(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $
53
+
54
+ Verisign/RSA Secure Server CA
55
+ =============================
56
+ -----BEGIN CERTIFICATE-----
57
+ MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx
58
+ IDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
59
+ IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVow
60
+ XzELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQL
61
+ EyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
62
+ A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII0haGN1Xp
63
+ sSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphIuR2nKRoTLkoRWZweFdVJ
64
+ VCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZIhvcNAQECBQADfgBl3X7hsuyw4jrg7HFG
65
+ mhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2
66
+ qUtN8iD3zV9/ZHuO3ABc1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
67
+ -----END CERTIFICATE-----
@@ -1,5 +1,7 @@
1
1
  require File.join(File.dirname(__FILE__), '..', '/test_helper')
2
2
 
3
+ CA_CERT_FILE = File.join(File.dirname(__FILE__), '..', '/cacert.pem')
4
+
3
5
  module Garb
4
6
  class AuthenticationRequestTest < Test::Unit::TestCase
5
7
 
@@ -20,16 +22,33 @@ module Garb
20
22
  request = AuthenticationRequest.new('user@example.com', 'fuzzybunnies')
21
23
  assert_equal expected, request.parameters
22
24
  end
23
-
25
+
24
26
  should "have a URI" do
25
27
  assert_equal URI.parse('https://www.google.com/accounts/ClientLogin'), @request.uri
26
28
  end
27
-
28
-
29
- should "be able to send a request to the GAAPI service" do
29
+
30
+ should "be able to send a request to the GAAPI service with proper ssl" do
30
31
  @request.expects(:build_request).returns('post')
32
+
31
33
  response = mock {|m| m.expects(:is_a?).with(Net::HTTPOK).returns(true) }
34
+
35
+ http = mock do |m|
36
+ m.expects(:use_ssl=).with(true)
37
+ m.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
38
+ m.expects(:ca_file=).with(CA_CERT_FILE)
39
+ m.expects(:request).with('post').yields(response)
40
+ end
32
41
 
42
+ Net::HTTP.expects(:new).with('www.google.com', 443).returns(http)
43
+
44
+ @request.send_request(OpenSSL::SSL::VERIFY_PEER)
45
+ end
46
+
47
+ should "be able to send a request to the GAAPI service with ignoring ssl" do
48
+ @request.expects(:build_request).returns('post')
49
+
50
+ response = mock {|m| m.expects(:is_a?).with(Net::HTTPOK).returns(true) }
51
+
33
52
  http = mock do |m|
34
53
  m.expects(:use_ssl=).with(true)
35
54
  m.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
@@ -37,19 +56,19 @@ module Garb
37
56
  end
38
57
 
39
58
  Net::HTTP.expects(:new).with('www.google.com', 443).returns(http)
40
-
41
- @request.send_request
59
+
60
+ @request.send_request(OpenSSL::SSL::VERIFY_NONE)
42
61
  end
43
62
 
44
63
  should "be able to build a request for the GAAPI service" do
45
64
  params = "param"
46
65
  @request.expects(:parameters).with().returns(params)
47
-
66
+
48
67
  post = mock
49
68
  post.expects(:set_form_data).with(params)
50
-
69
+
51
70
  Net::HTTP::Post.expects(:new).with('/accounts/ClientLogin').returns(post)
52
-
71
+
53
72
  @request.build_request
54
73
  end
55
74
 
@@ -58,28 +77,39 @@ module Garb
58
77
  "SID=mysid\n" +
59
78
  "LSID=mylsid\n" +
60
79
  "Auth=auth_token\n"
61
-
62
- @request.expects(:send_request).with().returns(stub(:body => response_data))
63
-
80
+
81
+ @request.expects(:send_request).with(OpenSSL::SSL::VERIFY_NONE).returns(stub(:body => response_data))
82
+
64
83
  assert_equal 'auth_token', @request.auth_token
65
84
  end
85
+
86
+ should "use VERIFY_PEER if auth_token needs to be secure" do
87
+ response_data =
88
+ "SID=mysid\n" +
89
+ "LSID=mylsid\n" +
90
+ "Auth=auth_token\n"
91
+
92
+ @request.expects(:send_request).with(OpenSSL::SSL::VERIFY_PEER).returns(stub(:body => response_data))
93
+
94
+ assert_equal 'auth_token', @request.auth_token(:secure => true)
95
+ end
66
96
 
67
97
  should "raise an exception when requesting an auth_token when the authorization fails" do
68
98
  @request.stubs(:build_request)
69
99
  response = mock do |m|
70
100
  m.expects(:is_a?).with(Net::HTTPOK).returns(false)
71
101
  end
72
-
102
+
73
103
  http = stub do |s|
74
104
  s.stubs(:use_ssl=)
75
105
  s.stubs(:verify_mode=)
76
106
  s.stubs(:request).yields(response)
77
107
  end
78
-
108
+
79
109
  Net::HTTP.stubs(:new).with('www.google.com', 443).returns(http)
80
110
 
81
111
  assert_raise(Garb::AuthenticationRequest::AuthError) do
82
- @request.send_request
112
+ @request.send_request(OpenSSL::SSL::VERIFY_NONE)
83
113
  end
84
114
  end
85
115
 
@@ -6,12 +6,20 @@ module Garb
6
6
  context "The Session class" do
7
7
 
8
8
  should "be able retrieve an auth_token for a user" do
9
- auth_request = mock {|m| m.expects(:auth_token).with().returns('toke') }
9
+ auth_request = mock {|m| m.expects(:auth_token).with({}).returns('toke') }
10
10
  AuthenticationRequest.expects(:new).with('email', 'password').returns(auth_request)
11
-
11
+
12
12
  Session.login('email', 'password')
13
13
  assert_equal 'toke', Session.auth_token
14
14
  end
15
+
16
+ should "be able retrieve an auth_token for a user with secure ssl" do
17
+ auth_request = mock {|m| m.expects(:auth_token).with({:secure => true}).returns('toke') }
18
+ AuthenticationRequest.expects(:new).with('email', 'password').returns(auth_request)
19
+
20
+ Session.login('email', 'password', :secure => true)
21
+ assert_equal 'toke', Session.auth_token
22
+ end
15
23
 
16
24
  should "retain the email address for this session" do
17
25
  AuthenticationRequest.stubs(:new).returns(stub(:auth_token => 'toke'))
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: garb
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Pitale
@@ -11,7 +11,7 @@ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
13
 
14
- date: 2009-05-01 00:00:00 -04:00
14
+ date: 2009-05-11 00:00:00 -04:00
15
15
  default_executable:
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
@@ -52,6 +52,25 @@ files:
52
52
  - lib/garb/session.rb
53
53
  - lib/garb/version.rb
54
54
  - lib/garb.rb
55
+ - test/fixtures
56
+ - test/fixtures/cacert.pem
57
+ - test/fixtures/profile_feed.xml
58
+ - test/fixtures/report_feed.xml
59
+ - test/test_helper.rb
60
+ - test/unit
61
+ - test/unit/authentication_request_test.rb
62
+ - test/unit/data_request_test.rb
63
+ - test/unit/garb_test.rb
64
+ - test/unit/oauth_session_test.rb
65
+ - test/unit/operator_test.rb
66
+ - test/unit/profile_test.rb
67
+ - test/unit/report_parameter_test.rb
68
+ - test/unit/report_response_test.rb
69
+ - test/unit/report_test.rb
70
+ - test/unit/resource_test.rb
71
+ - test/unit/session_test.rb
72
+ - test/unit/string_test.rb
73
+ - test/unit/symbol_test.rb
55
74
  has_rdoc: false
56
75
  homepage: http://github.com/vigetlabs/garb
57
76
  post_install_message:
@@ -80,6 +99,7 @@ specification_version: 2
80
99
  summary: Google Analytics API Ruby Wrapper
81
100
  test_files:
82
101
  - test/fixtures
102
+ - test/fixtures/cacert.pem
83
103
  - test/fixtures/profile_feed.xml
84
104
  - test/fixtures/report_feed.xml
85
105
  - test/test_helper.rb