nogara-wash_out 0.5.2

data/lib/wash_out/router.rb

@@ -0,0 +1,36 @@
+module WashOut
+  # This class is a Rack middleware used to route SOAP requests to a proper
+  # action of a given SOAP controller.
+  class Router
+    def initialize(controller_name)
+      @controller_name = "#{controller_name.to_s}_controller".camelize
+    end
+
+    def call(env)
+      controller = @controller_name.constantize
+
+      soap_action = env['HTTP_SOAPACTION']
+
+      if soap_action == '""'
+        soap_action = env["action_dispatch.request.request_parameters"]["Envelope"]["Body"].keys.first
+        env['wash_out.soap_action'] = soap_action
+      elsif soap_action
+        # RUBY18 1.8 does not have force_encoding.
+        soap_action.force_encoding('UTF-8') if soap_action.respond_to? :force_encoding
+
+        soap_action.gsub!(/^\"(.*)\"$/, '\1')
+
+        env['wash_out.soap_action'] = soap_action
+      end
+
+      action_spec = controller.soap_actions[soap_action]
+      if action_spec
+        action = action_spec[:to]
+      else
+        action = '_invalid_action'
+      end
+
+      controller.action(action).call(env)
+    end
+  end
+end

data/lib/wash_out/soap.rb

@@ -0,0 +1,40 @@
+require 'active_support/concern'
+
+module WashOut
+  module SOAP
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      attr_accessor :soap_actions
+
+      # Define a SOAP action +action+. The function has two required +options+:
+      # :args and :return. Each is a type +definition+ of format described in
+      # WashOut::Param#parse_def.
+      #
+      # An optional option :to can be passed to allow for names of SOAP actions
+      # which are not valid Ruby function names.
+      def soap_action(action, options={})
+        if action.is_a?(Symbol)
+          if WashOut::Engine.camelize_wsdl.to_s == 'lower'
+            options[:to] ||= action.to_s
+            action         = action.to_s.camelize(:lower)
+          elsif WashOut::Engine.camelize_wsdl
+            options[:to] ||= action.to_s
+            action         = action.to_s.camelize
+          end
+        end
+
+        self.soap_actions[action] = {
+          :in     => WashOut::Param.parse_def(options[:args]),
+          :out    => WashOut::Param.parse_def(options[:return]),
+          :to     => options[:to] || action
+        }
+      end
+    end
+
+    included do
+      include WashOut::Dispatcher
+      self.soap_actions = {}
+    end
+  end
+end

data/lib/wash_out/type.rb

@@ -0,0 +1,28 @@
+module WashOut
+  class Type
+    def self.type_name(value)
+      @param_type_name = value
+    end
+
+    def self.map(value)
+      raise RuntimeError, "Wrong definition: #{value.inspect}" unless value.is_a?(Hash)
+      @param_map = value
+    end
+
+    def self.wash_out_param_map
+      @param_map
+    end
+
+    def self.wash_out_param_name
+      @param_type_name ||= name.underscore
+
+      if WashOut::Engine.camelize_wsdl.to_s == 'lower'
+        @param_type_name = @param_type_name.camelize(:lower)
+      elsif WashOut::Engine.camelize_wsdl
+        @param_type_name = @param_type_name.camelize
+      end
+      
+      @param_type_name
+    end
+  end
+end

data/lib/wash_out/version.rb

@@ -0,0 +1,3 @@
+module WashOut
+  VERSION = "0.5.2"
+end

data/lib/wash_out/wsse.rb

@@ -0,0 +1,79 @@
+module WashOut
+  class Wsse
+
+    def self.authenticate(token)
+      wsse = self.new(token)
+
+      unless wsse.eligible?
+        raise WashOut::Dispatcher::SOAPError, "Unauthorized"
+      end
+    end
+
+    def initialize(token)
+      if token.blank? && required?
+        raise WashOut::Dispatcher::SOAPError, "Missing required UsernameToken"
+      end
+      @username_token = token
+    end
+
+    def required?
+      !WashOut::Engine.wsse_username.blank?
+    end
+
+    def expected_user
+      WashOut::Engine.wsse_username
+    end
+
+    def expected_password
+      WashOut::Engine.wsse_password
+    end
+
+    def matches_expected_digest?(password)
+      nonce     = @username_token.values_at(:nonce, :Nonce).compact.first
+      timestamp = @username_token.values_at(:created, :Created).compact.first
+
+      return false if nonce.nil? || timestamp.nil?
+
+      # Token should not be accepted if timestamp is older than 5 minutes ago
+      # http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
+      offset_in_minutes = ((DateTime.now - DateTime.parse(timestamp))* 24 * 60).to_i
+      return false if offset_in_minutes >= 5
+
+      # There are a few different implementations of the digest calculation
+
+      flavors = Array.new
+
+      # Ruby / Savon
+      token = nonce + timestamp + expected_password
+      flavors << Base64.encode64(Digest::SHA1.hexdigest(token)).chomp!
+
+      # Java
+      token = Base64.decode64(nonce) + timestamp + expected_password
+      flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
+
+      flavors.each do |f|
+        return true if f == password
+      end
+
+      return false
+    end
+
+    def eligible?
+      return true unless required?
+
+      user     = @username_token.values_at(:username, :Username).compact.first
+      password = @username_token.values_at(:password, :Password).compact.first
+
+      if (expected_user == user && expected_password == password)
+        return true
+      end
+
+      if (expected_user == user && matches_expected_digest?(password))
+        return true
+      end
+
+      return false
+    end
+
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+
+Dummy::Application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag :all %>
+  <%= javascript_include_tag :defaults %>
+  <%= csrf_meta_tag %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/config/application.rb

@@ -0,0 +1,42 @@
+require File.expand_path('../boot', __FILE__)
+
+require "action_controller/railtie"
+require "rails/test_unit/railtie"
+
+Bundler.require
+require "wash_out"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # JavaScript files you want as :defaults (application.js is always included).
+    # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,23 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+end
+

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,30 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_token = 'b8d5d5687c012c2ef1a7a6e8006172402c48a3dcccca67c076eaad81c4712ad236ca2717c3706df7b286468c749d223f22acb0d96c27bdf33bbdbb9684ad46e5'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/spec/dummy/config/routes.rb

@@ -0,0 +1,58 @@
+Dummy::Application.routes.draw do
+  # The priority is based upon order of creation:
+  # first created -> highest priority.
+
+  # Sample of regular route:
+  #   match 'products/:id' => 'catalog#view'
+  # Keep in mind you can assign values other than :controller and :action
+
+  # Sample of named route:
+  #   match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
+  # This route can be invoked with purchase_url(:id => product.id)
+
+  # Sample resource route (maps HTTP verbs to controller actions automatically):
+  #   resources :products
+
+  # Sample resource route with options:
+  #   resources :products do
+  #     member do
+  #       get 'short'
+  #       post 'toggle'
+  #     end
+  #
+  #     collection do
+  #       get 'sold'
+  #     end
+  #   end
+
+  # Sample resource route with sub-resources:
+  #   resources :products do
+  #     resources :comments, :sales
+  #     resource :seller
+  #   end
+
+  # Sample resource route with more complex sub-resources
+  #   resources :products do
+  #     resources :comments
+  #     resources :sales do
+  #       get 'recent', :on => :collection
+  #     end
+  #   end
+
+  # Sample resource route within a namespace:
+  #   namespace :admin do
+  #     # Directs /admin/products/* to Admin::ProductsController
+  #     # (app/controllers/admin/products_controller.rb)
+  #     resources :products
+  #   end
+
+  # You can have the root of your site routed with "root"
+  # just remember to delete public/index.html.
+  # root :to => "welcome#index"
+
+  # See how all your routes lay out with "rake routes"
+
+  # This is a legacy wild controller route that's not recommended for RESTful applications.
+  # Note: This route will make all actions in every controller accessible via GET requests.
+  # match ':controller(/:action(/:id(.:format)))'
+end