hootenanny 0.0.1 → 0.1.0

data/lib/hootenanny/uri.rb

@@ -0,0 +1,53 @@
+require 'uri'
+require 'delegate'
+require 'digest'
+require 'hootenanny/errors'
+
+module  Hootenanny
+class   URI < SimpleDelegator
+  VALID_SCHEMES = ['http', 'https']
+
+  ###
+  # Private: Parses a String into a URI in conformance to the the PubSubHubbub
+  # spec. Only HTTP and HTTPS URIs are allowed.
+  #
+  # Returns a Ruby URI
+  # Raises a Hootenanny::URI::InvalidSchemeError if something other than an HTTP
+  #   or HTTPS URI is parsed
+  # Raises a Hootenanny::URI::InvalidError if the URI cannot be parsed
+  #
+  def self.parse(uriable)
+    uri = if uriable.is_a? self
+            uriable
+          else
+            ::URI.parse(uriable)
+          end
+
+    uri.fragment = nil
+
+    if !VALID_SCHEMES.include?(uri.scheme)
+      raise Hootenanny::URI::InvalidSchemeError
+    end
+
+    self.new(uri)
+  rescue ::URI::InvalidURIError => e
+    raise Hootenanny::URI::InvalidError.wrap(e)
+  end
+
+  def hash
+    self.to_s.hash
+  end
+
+  def ==(comparee)
+    self.to_s == comparee.to_s
+  end
+
+  def eql?(comparee)
+    self == comparee
+  end
+
+  def to_digest
+    @digest ||= Digest::SHA256.hexdigest(self.to_s)[0..16]
+  end
+end
+end

data/lib/hootenanny/verification.rb

@@ -0,0 +1,108 @@
+require 'faraday'
+require 'hootenanny/uri'
+require 'securerandom'
+
+###
+# Private: Takes information (typically related to a Request) and verifies that
+# the originating system confirms that the information is accurate.
+#
+# A Verification, like a Request, is designed to be publicly immutable. As far
+# as the users of a Verification instance are concerned, the state of
+# Verification never changes.
+#
+module  Hootenanny
+class   Verification
+
+  attr_reader :base_url,
+              :topic,
+              :requester_token,
+              :mode
+
+  def initialize(attrs = {})
+    self.base_url        = attrs.fetch(:url)
+    self.topic           = attrs.fetch(:topic)
+    self.mode            = attrs.fetch(:mode)
+    self.requester_token = attrs.fetch(:requester_token, nil)
+  end
+
+  ###
+  # Private: Identifies whether the originating system has verified the
+  # verification.
+  #
+  # This involves not only checking to see whether the system itself confirms it
+  # but also by verifying that the response from the originating system contains
+  # the challenge code sent to it.
+  #
+  # Returns a TrueClass or FalseClass
+  #
+  def verified?
+    return false unless response.body == challenge
+
+    response.success?
+  end
+
+  ###
+  # Private: Attempts to verify the URI which has been requested to receive
+  # topic feed updates.
+  #
+  # Returns a Faraday::Response
+  #
+  def response
+    @response ||= Faraday.get(uri.to_s)
+  end
+
+  ###
+  # Private: Constructs a PubSubHubbub compliant verification URI
+  #
+  # * Parameters which exist in the base_url must not be overwritten by
+  #   verification parameters even if they are of the same name. For example:
+  #
+  #   http://example.com?hub.mode=foo&hub.mode=subscribe
+  #
+  #   not
+  #
+  #   http://example.com?hub.mode=subscribe
+  #
+  # Returns a URI
+  # Raises a Hootenanny::URI::InvalidError if the base_url is not a valid URI
+  #
+  def uri
+    @uri ||= -> do
+      uri     = base_url
+      params  = ::URI.encode_www_form(parameters)
+
+      uri.query = [uri.query, params].compact.join('&')
+
+      uri
+    end.call
+  end
+
+  protected
+
+  attr_writer :requester_token,
+              :mode
+
+  def base_url=(other)
+    @base_url = Hootenanny::URI.parse(other)
+  end
+
+  def topic=(other)
+    @topic = Hootenanny::URI.parse(other)
+  end
+
+  private
+
+  def challenge
+    @challenge ||= SecureRandom.hex(16)
+  end
+
+  def parameters
+    @parameters ||= {
+      :'hub.mode'         => mode,
+      :'hub.topic'        => topic,
+      :'hub.challenge'    => challenge,
+      :'hub.verify_token' => requester_token,
+    }.delete_if { |k, v| v.nil? || v == '' }
+  end
+end
+end

data/lib/hootenanny/version.rb

@@ -1,3 +1,3 @@
 module Hootenanny
-  VERSION = '0.0.1'
+  VERSION = '0.1.0'
 end

data/spec/dummy/config/database.yml

@@ -1,11 +1,17 @@
 development:
-  adapter: sqlite3
-  database: db/development.sqlite3
+  database: hootenanny_development
+  min_messages: warning
+  adapter: postgresql
+  encoding: unicode
   pool: 5
-  timeout: 5000
+  username: postgres
+  password:
 
 test:
-  adapter: sqlite3
-  database: db/test.sqlite3
+  database: hootenanny_test
+  min_messages: warning
+  adapter: postgresql
+  encoding: unicode
   pool: 5
-  timeout: 5000
+  username: postgres
+  password:

data/spec/dummy/db/migrate/20130607183149_add_started_at_and_lease_duration_to_subscriptions.hootenanny.rb

@@ -0,0 +1,16 @@
+# This migration comes from hootenanny (originally 20130607182642)
+class AddStartedAtAndLeaseDurationToSubscriptions < ActiveRecord::Migration
+  def change
+    remove_index :hootenanny_subscriptions, :subscriber
+    remove_index :hootenanny_subscriptions, [:subscriber, :topic]
+
+    add_column :hootenanny_subscriptions, :started_at,     :datetime
+    add_column :hootenanny_subscriptions, :lease_duration, :integer
+
+    change_column :hootenanny_subscriptions, :started_at,     :datetime,  :null => false
+    change_column :hootenanny_subscriptions, :lease_duration, :integer,   :null => false
+
+    add_index :hootenanny_subscriptions, :subscriber,            :unique => false
+    add_index :hootenanny_subscriptions, [:subscriber, :topic],  :unique => true
+  end
+end

data/spec/dummy/db/migrate/20130608231253_add_hmac_secret_to_subscription.hootenanny.rb

@@ -0,0 +1,6 @@
+# This migration comes from hootenanny (originally 20130608225621)
+class AddHmacSecretToSubscription < ActiveRecord::Migration
+  def change
+    add_column :hootenanny_subscriptions, :digest_secret, :string, :null => true, :limit => 200
+  end
+end

data/spec/dummy/db/migrate/20130611235546_add_publish_notifications.hootenanny.rb

@@ -0,0 +1,10 @@
+# This migration comes from hootenanny (originally 20130611235218)
+class AddPublishNotifications < ActiveRecord::Migration
+  def change
+    create_table :hootenanny_publish_notifications do |t|
+      t.string :topic, :limit => 250, :null => false
+    end
+
+    add_index 'hootenanny_publish_notifications', 'topic', :name => 'index_hootenanny_publish_notifications_on_topic', :unique => true
+  end
+end

data/spec/dummy/db/migrate/20130612153353_add_timestamps_to_publish_notification.hootenanny.rb

@@ -0,0 +1,6 @@
+# This migration comes from hootenanny (originally 20130612153138)
+class AddTimestampsToPublishNotification < ActiveRecord::Migration
+  def change
+    add_timestamps :hootenanny_publish_notifications
+  end
+end

data/spec/dummy/db/migrate/20130705200832_add_processed_flag_to_publish_notifications.hootenanny.rb

@@ -0,0 +1,7 @@
+# This migration comes from hootenanny (originally 20130705200729)
+class AddProcessedFlagToPublishNotifications < ActiveRecord::Migration
+  def change
+    add_column :hootenanny_publish_notifications, :processed, :boolean, :null => false, :default => false
+    add_index  :hootenanny_publish_notifications, :processed
+  end
+end

data/spec/dummy/db/migrate/20130711061518_switch_publish_notification_process_state_from_boolean_to_string.hootenanny.rb

@@ -0,0 +1,12 @@
+# This migration comes from hootenanny (originally 20130711061329)
+class SwitchPublishNotificationProcessStateFromBooleanToString < ActiveRecord::Migration
+  def up
+    add_column    :hootenanny_publish_notifications, :state, :string, :limit => 15, :null => false, :default => 'unprocessed'
+    remove_column :hootenanny_publish_notifications, :processed
+  end
+
+  def down
+    add_column    :hootenanny_publish_notifications, :processed, :boolean, :default => false, :null => false
+    remove_column :hootenanny_publish_notifications, :state
+  end
+end

data/spec/dummy/db/migrate/20130711061629_add_index_to_notifications_state.hootenanny.rb

@@ -0,0 +1,6 @@
+# This migration comes from hootenanny (originally 20130711061558)
+class AddIndexToNotificationsState < ActiveRecord::Migration
+  def change
+    add_index :hootenanny_publish_notifications, :state
+  end
+end

data/spec/factories/publish_notification.rb

@@ -0,0 +1,13 @@
+FactoryGirl.define do
+  factory :publish_notification, :class => 'Hootenanny::PublishNotification' do
+    topic                             'mytopic'
+
+    trait :unprocessed do
+      state                           'unprocessed'
+    end
+
+    trait :processed do
+      state                           'processed'
+    end
+  end
+end

data/spec/factories/requests/publish_notification.rb

@@ -0,0 +1,11 @@
+FactoryGirl.define do
+  factory :publish_notification_request, :class => 'Hootenanny::Request::PublishNotification' do
+    topics                            'http://example.org'
+
+    initialize_with do
+      Hootenanny::Request::PublishNotification.build(
+        topics:             topics
+      )
+    end
+  end
+end

data/spec/factories/requests/subscription.rb

@@ -0,0 +1,46 @@
+module  HootenannyFactories
+class   VerifiedVerification
+  def initialize(*args)
+  end
+
+  def verified?
+    true
+  end
+end
+
+class   UnverifiedVerification
+  def initialize(*args)
+  end
+
+  def verified?
+    false
+  end
+end
+end
+
+FactoryGirl.define do
+  factory :subscription_request, :class => 'Hootenanny::Request::Subscription' do
+    subscriber                        'http://example.com'
+    topic                             'http://example.org'
+    verification_class                nil
+    requester_token                   '12345'
+    digest_secret                     'secret'
+
+    initialize_with do
+      Hootenanny::Request::Subscription.build(
+        subscriber:         subscriber,
+        topic:              topic,
+        requester_token:    requester_token,
+        secret:             digest_secret,
+        verification_class: verification_class)
+    end
+
+    trait :verified do
+      verification_class              HootenannyFactories::VerifiedVerification
+    end
+
+    trait :unverified do
+      verification_class              HootenannyFactories::UnverifiedVerification
+    end
+  end
+end

data/spec/factories/subscription.rb

@@ -1,6 +1,18 @@
 FactoryGirl.define do
   factory :subscription, :class => 'Hootenanny::Subscription' do
-    subscriber                        'my_subscriber'
-    topic                             'my_topic'
+    subscriber                        'http://subscriber.com'
+    topic                             'http://topic.com'
+    started_at                        { Time.now }
+    lease_duration                    { 10 }
+
+    trait :active do
+      started_at                      { Time.now - 907_200 }
+      lease_duration                  { 1_814_400 }
+    end
+
+    trait :inactive do
+      started_at                      { Time.now - 3601 }
+      lease_duration                  { 3600 }
+    end
   end
 end

data/spec/factories/verification.rb

@@ -0,0 +1,15 @@
+FactoryGirl.define do
+  factory :verification, :class => 'Hootenanny::Verification' do
+    url                               'http://example.com'
+    topic                             'http://example.org'
+    mode                              'mymode'
+    requester_token                   nil
+
+    initialize_with do
+      new(url:             url,
+          topic:           topic,
+          mode:            mode,
+          requester_token: requester_token,)
+    end
+  end
+end

data/spec/features/publishers/can_notify_the_hub_of_content_updates_spec.rb

@@ -0,0 +1,58 @@
+require 'rspectacular/spec_helpers/rails_engine'
+require 'hootenanny'
+
+###
+# In order for the hub not to have to degrade performance by constantly checking each publisher for content updates,
+# As a Publisher
+# I want to be able to send a notification to the hub describing content updates
+#
+feature 'Publishers send notification of content updates' do
+  scenario 'Publishers can send a content update notification to the hub if all notifications for that topic have been processed' do
+    # Given there are no notifications
+    expect( Hootenanny::PublishNotification ).to have(0).items
+
+    # When the hub is sent a content update notification for a single topic
+    post( '/hootenanny/publish_notification', :url => 'http://mytopic')
+
+    # Then the notification should be created
+    expect( Hootenanny::PublishNotification.for('http://mytopic') ).to have(1).item
+
+    # And the response should be 204 'No Content'
+    expect( last_response.status ).to eql 204
+    expect( last_response ).to be_empty
+  end
+
+  scenario 'Publishers can send a content update notification to the hub if a notification for the topic has not yet been processed' do
+    # Given there is a notification for a topic
+    create :publish_notification, :topic => 'http://mytopic'
+
+    # When the hub is sent a content update notification for that topic
+    post( '/hootenanny/publish_notification', :url => 'http://mytopic')
+
+    # Then no new notifications should be created
+    expect( Hootenanny::PublishNotification.for('http://mytopic') ).to have(1).item
+
+    # And the response should be 204 'No Content'
+    expect( last_response.status ).to eql 204
+    expect( last_response ).to be_empty
+  end
+
+  scenario 'Publishers receive error information if there is a problem notifying the hub' do
+    # Given there are no notifications
+    expect( Hootenanny::PublishNotification ).to have(0).items
+
+    # When a notification request is made with invalid information
+    post( '/hootenanny/publish_notification', url: 'http://!nv4l!d')
+
+    # Then the notifications should not be created
+    expect( Hootenanny::PublishNotification ).to have(0).items
+
+    # And the response should be 400 'Bad Request'
+    expect( last_response.status ).to eql 400
+
+    # And the response should include a message indicating the problem
+    expect( last_response.body ).to eql({'error' => {
+                                          'message' => 'the scheme http does not accept registry part: !nv4l!d (or bad hostname?)' }
+                                        }.to_json)
+  end
+end

data/spec/features/subscribers/are_protected_from_unwarranted_subscriptions_spec.rb

@@ -0,0 +1,59 @@
+require 'rspectacular/spec_helpers/rails_engine'
+require 'hootenanny'
+
+###
+# So that I do not face potentially catastrophic repercussions,
+# As a potential Subscriber,
+# I do not want unverified users to be able to subscribe/unsubscribe me from topics
+#
+feature 'Subscribers cannot subscribe to an unverified topic', :web_mock do
+  scenario 'Potential subscribers cannot subscribe to a new topic if it cannot be confirmed' do
+    # Given there are no subscriptions
+    expect( Hootenanny::Subscription ).to have(0).items
+
+    # When an unverifiable subscription is requested for a topic
+    unconfirmed_subscription_verification('http://mycallback', 'http://mytopic')
+    post( '/hootenanny/subscription', topic:     'http://mytopic',
+                                      callback:  'http://mycallback')
+
+    # Then the subscriber should be subscribed
+    expect( Hootenanny::Subscription.to('http://mytopic') ).to have(0).item
+
+    # And the response should be 400 'Bad Request'
+    expect( last_response.status ).to eql 400
+    expect( last_response.body ).to   eql({'error' => {
+                                            'message' => 'Request could not be verified.' }
+                                          }.to_json)
+  end
+
+  scenario 'Potential subscribers see their verification token sent back to them so they can keep track of the request' do
+    # When an unverifiable subscription is requested for a topic
+    confirmed_verification('subscribe',
+                           'http://mycallback',
+                           'http://mytopic',
+                           :requester_token => '12345')
+
+    post( '/hootenanny/subscription', topic:           'http://mytopic',
+                                      callback:        'http://mycallback',
+                                      requester_token: '12345')
+  end
+
+  scenario 'Potential subscribers cannot subscribe to a new topic if the confirmation is invalid' do
+    # Given there are no subscriptions
+    expect( Hootenanny::Subscription ).to have(0).items
+
+    # When an unverifiable subscription is requested for a topic
+    unverified_subscription_verification('http://mycallback', 'http://mytopic')
+    post( '/hootenanny/subscription', topic:     'http://mytopic',
+                                      callback:  'http://mycallback')
+
+    # Then the subscriber should be subscribed
+    expect( Hootenanny::Subscription.to('http://mytopic') ).to have(0).item
+
+    # And the response should be 400 'Bad Request'
+    expect( last_response.status ).to eql 400
+    expect( last_response.body ).to   eql({'error' => {
+                                            'message' => 'Request could not be verified.' }
+                                          }.to_json)
+  end
+end