opensrs 0.3.4 → 0.4.0

data/Rakefile

@@ -1,40 +1 @@
-require 'rubygems'
-require 'bundler'
-
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-
-$LOAD_PATH.unshift("lib")
-
-require 'rake'
-require 'opensrs'
-
-begin
-  require 'jeweler'
-  
-  Jeweler::Tasks.new do |gem|
-    gem.name        = "opensrs"
-    gem.version     = OpenSRS::Version::VERSION
-    gem.summary     = "Provides support to utilize the OpenSRS API with Ruby/Rails."
-    gem.description = "Provides support to utilize the OpenSRS API with Ruby/Rails."
-    gem.email       = "jdelsman@voxxit.com"
-    gem.homepage    = "http://github.com/voxxit/opensrs"
-    gem.license     = "MIT"
-    gem.authors     = ["Josh Delsman"]
-    
-    # Requirements are in Gemfile
-  end
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
-end
-
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec
+require 'bundler/gem_tasks'

data/SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.4.x   | :white_check_mark: |
+| < 0.4.x | :x:                |
+
+## Reporting a Vulnerability
+
+Please encyrpt your message to me at https://keybase.io/encrypt#jdelsman, then send to j@srv.im. Since this is an unsupported open-source project, I will get to it as quickly as I can.

data/bin/console

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+require 'bundler/setup'
+require 'opensrs'
+
+require 'pry'
+Pry.start
+
+require 'irb'
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/opensrs.rb

@@ -1,8 +1,9 @@
-require File.dirname(__FILE__) + '/opensrs/xml_processor'
-require File.dirname(__FILE__) + '/opensrs/xml_processor/libxml.rb'
-require File.dirname(__FILE__) + '/opensrs/server.rb'
-require File.dirname(__FILE__) + '/opensrs/response.rb'
-require File.dirname(__FILE__) + '/opensrs/version.rb'
+require 'opensrs/xml_processor'
+require 'opensrs/server'
+require 'opensrs/response'
+require 'opensrs/sanitizable_string'
+require 'opensrs/version'
 
+# OpenSRS
 module OpenSRS
-end
+end

data/lib/opensrs/response.rb

@@ -1,29 +1,35 @@
 module OpenSRS
+  # Response
   class Response
     attr_reader :request_xml, :response_xml
     attr_accessor :response, :success
-    
+
     def initialize(parsed_response, request_xml, response_xml)
       @response     = parsed_response
       @request_xml  = request_xml
       @response_xml = response_xml
       @success      = success?
     end
-  
+
     # We need to return the error message unless the
     # response is successful.
     def errors
-      if !success?
-        if response["response_text"] and response["response_code"]
-          "#{response["response_text"]} (Code #{response["response_code"]})"
-        else
-          "Unknown error"
-        end
-      end
+      return if success?
+
+      msg  = @response['response_text']
+      code = @response['response_code']
+
+      msg && code ? "#{msg} (Code #{code})" : 'Unknown error'
     end
-  
+
+    # If 'is_success' is returned, the API is letting us know that they
+    # will explicitly tell us whether something has succeeded or not.
+    #
+    # Otherwise, just assume it failed.
     def success?
-      response["is_success"] ? response["is_success"].to_s == "1" : true
+      return false unless @response['is_success']
+
+      @response['is_success'] == '1'
     end
   end
-end
+end

data/lib/opensrs/sanitizable_string.rb

@@ -0,0 +1,21 @@
+require 'delegate'
+
+module OpenSRS
+  # SanitizableString
+  class SanitizableString < SimpleDelegator
+    @enable_sanitization = false
+
+    class << self
+      attr_accessor :enable_sanitization
+    end
+
+    def initialize(original_string, sanitized_string)
+      super(original_string)
+      @sanitized_string = sanitized_string
+    end
+
+    def sanitized
+      self.class.enable_sanitization ? @sanitized_string : self
+    end
+  end
+end

data/lib/opensrs/server.rb

@@ -1,37 +1,53 @@
-require "uri"
-require "net/https"
-require "digest/md5"
-require "openssl"
+require 'uri'
+require 'net/https'
+require 'digest/md5'
+require 'openssl'
 
 module OpenSRS
-  class BadResponse < StandardError; end
-  class TimeoutError < StandardError; end
+  class OpenSRSError < StandardError; end
 
+  class BadResponse < OpenSRSError; end
+
+  class ConnectionError < OpenSRSError; end
+
+  class TimeoutError < ConnectionError; end
+
+  # Server
   class Server
-    attr_accessor :server, :username, :password, :key, :timeout, :open_timeout
+    attr_accessor :server, :username, :password, :key, :timeout, :open_timeout, :logger, :proxy
 
     def initialize(options = {})
-      @server   = URI.parse(options[:server] || "https://rr-n1-tor.opensrs.net:55443/")
+      @server   = URI.parse(options[:server] || 'https://rr-n1-tor.opensrs.net:55443/')
       @username = options[:username]
       @password = options[:password]
       @key      = options[:key]
       @timeout  = options[:timeout]
-      @open_timeout  = options[:open_timeout]
+      @open_timeout = options[:open_timeout]
+      @logger   = options[:logger]
+      @proxy    = URI.parse(options[:proxy]) if options[:proxy]
+      @sanitize_request = options[:sanitize_request]
+
+      OpenSRS::SanitizableString.enable_sanitization = @sanitize_request
     end
 
     def call(data = {})
-      xml = xml_processor.build({ :protocol => "XCP" }.merge!(data))
+      xml = xml_processor.build({ protocol: 'XCP' }.merge!(data))
+      log('Request', xml.sanitized, data)
 
       begin
         response = http.post(server_path, xml, headers(xml))
+        log('Response', response.body, data)
       rescue Net::HTTPBadResponse
-        raise OpenSRS::BadResponse, "Received a bad response from OpenSRS. Please check that your IP address is added to the whitelist, and try again."
+        raise OpenSRS::BadResponse,
+              'Received a bad response from OpenSRS. Please check that your IP address is added to the whitelist, and try again.'
       end
 
       parsed_response = xml_processor.parse(response.body)
-      return OpenSRS::Response.new(parsed_response, xml, response.body)
-    rescue Timeout::Error => err
-      raise OpenSRS::TimeoutError, err
+      OpenSRS::Response.new(parsed_response, xml.sanitized, response.body)
+    rescue Timeout::Error => e
+      raise OpenSRS::TimeoutError, e
+    rescue Errno::ECONNRESET, Errno::ECONNREFUSED => e
+      raise OpenSRS::ConnectionError, e
     end
 
     def xml_processor
@@ -39,37 +55,49 @@ module OpenSRS
     end
 
     def self.xml_processor=(name)
-      require File.dirname(__FILE__) + "/xml_processor/#{name.to_s.downcase}"
-      @@xml_processor = OpenSRS::XmlProcessor.const_get("#{name.to_s.capitalize}")
+      require "opensrs/xml_processor/#{name.to_s.downcase}"
+      @@xml_processor = OpenSRS::XmlProcessor.const_get(name.to_s.capitalize.to_s)
     end
 
-    OpenSRS::Server.xml_processor = :libxml
-
     private
 
     def headers(request)
-      { "Content-Length"  => request.length.to_s,
-        "Content-Type"    => "text/xml",
-        "X-Username"      => username,
-        "X-Signature"     => signature(request)
+      {
+        'Content-Length' => request.length.to_s,
+        'Content-Type' => 'text/xml',
+        'X-Username' => username,
+        'X-Signature' => signature(request)
       }
     end
 
     def signature(request)
-      signature = Digest::MD5.hexdigest(request + key)
-      signature = Digest::MD5.hexdigest(signature + key)
-      signature
+      Digest::MD5.hexdigest(Digest::MD5.hexdigest(request + key) + key)
     end
 
     def http
-      http = Net::HTTP.new(server.host, server.port)
-      http.use_ssl = (server.scheme == "https")
+      http = if @proxy
+               Net::HTTP.new(server.host, server.port, @proxy.host, @proxy.port, @proxy.user, @proxy.password)
+             else
+               Net::HTTP.new(server.host, server.port)
+             end
+
+      http.use_ssl = (server.scheme == 'https')
       http.verify_mode = OpenSSL::SSL::VERIFY_NONE
       http.read_timeout = http.open_timeout = @timeout if @timeout
       http.open_timeout = @open_timeout                if @open_timeout
       http
     end
 
+    def log(type, data, options = {})
+      return unless logger
+
+      message = "[OpenSRS] #{type} XML"
+      message = "#{message} for #{options[:object]} #{options[:action]}" if options[:object] && options[:action]
+
+      line = [message, data].join("\n")
+      logger.info(line)
+    end
+
     def server_path
       server.path.empty? ? '/' : server.path
     end

data/lib/opensrs/version.rb

@@ -1,5 +1,3 @@
 module OpenSRS
-  class Version
-    VERSION = "0.3.4"
-  end
+  VERSION = '0.4.0'.freeze
 end

data/lib/opensrs/xml_processor.rb

@@ -1,59 +1,59 @@
 module OpenSRS
-
+  # XmlProcessor
   class XmlProcessor
-
     # Parses the main data block from OpenSRS and discards
     # the rest of the response.
     def self.parse(response)
       data_block = data_block_element(response)
 
-      raise ArgumentError.new("No data found in document") if !data_block
+      raise ArgumentError, 'No data found in document' unless data_block
 
-      return decode_data(data_block)
+      decode_data(data_block)
     end
 
-    protected
-
     # Encodes individual elements, and their child elements, for the root XML document.
     def self.encode_data(data, container = nil)
-      case data.class.to_s
-      when "Array" then return encode_dt_array(data, container)
-      when "Hash"  then return encode_dt_assoc(data, container)
-      when "String", "Numeric", "Date", "Time", "Symbol", "NilClass"
-        return data.to_s
+      case data
+      when Array
+        encode_dt_array(data, container)
+      when Hash
+        encode_dt_assoc(data, container)
+      when String, Numeric, Date, Time, Symbol, NilClass
+        data.to_s
       else
-        return data.inspect
+        data.inspect
       end
-
-      return nil
     end
 
     def self.encode_dt_array(data, container)
-      dt_array = new_element(:dt_array, container)
-
-      data.each_with_index do |item, index|
-        item_node = new_element(:item, container)
-        item_node["key"] = index.to_s
-        item_node << encode_data(item, item_node)
-
-        dt_array << item_node
-      end
-
-      return dt_array
+      build_element(:dt_array, data, container)
     end
 
     def self.encode_dt_assoc(data, container)
-      dt_assoc = new_element(:dt_assoc, container)
+      build_element(:dt_assoc, data, container)
+    end
+
+    def self.build_element(type, data, container)
+      element = new_element(type, container)
 
-      data.each do |key, value|
+      # if array, item = the item
+      # if hash, item will be array of the key & value
+      data.each_with_index do |item, index|
         item_node = new_element(:item, container)
-        item_node["key"] = key.to_s
-        item_node << encode_data(value, item_node)
+        item_node['key'] = item.is_a?(Array) ? item[0].to_s : index.to_s
+
+        value = item.is_a?(Array) ? item[1] : item
 
-        dt_assoc << item_node
+        encoded_data = encode_data(value, item_node)
+        if encoded_data.is_a?(String)
+          item_node.content = encoded_data
+        else
+          item_node << encoded_data
+        end
+        element << item_node
       end
 
-      return dt_assoc
+      element
     end
 
     # Recursively decodes individual data elements from OpenSRS
@@ -61,17 +61,16 @@ module OpenSRS
     def self.decode_data(data)
       data.each do |element|
         case element.name
-        when "dt_array"
+        when 'dt_array'
           return decode_dt_array_data(element)
-        when "dt_assoc"
+        when 'dt_assoc'
           return decode_dt_assoc_data(element)
-        when "text", "item", "dt_scalar"
+        when 'text', 'item', 'dt_scalar'
           next if element.content.strip.empty?
+
           return element.content.strip
         end
       end
     end
-
   end
-
-end
+end

data/lib/opensrs/xml_processor/libxml.rb

@@ -1,60 +1,81 @@
-require "libxml"
+begin
+  require 'libxml'
+rescue LoadError => e
+  warn 'Cannot find `libxml` gem. Please install it before using it as the XML processor'
+  raise e
+end
 
 module OpenSRS
-  class XmlProcessor::Libxml < OpenSRS::XmlProcessor
-    include ::LibXML::XML
-    
-    # First, builds REXML elements for the inputted data. Then, it will
-    # go ahead and build the entire XML document to send to OpenSRS.
-    def self.build(data)
-      xml = Document.new
-      xml.root = envelope = Node.new("OPS_envelope")
-
-      envelope << header = Node.new("header")
-      envelope << body = Node.new("body")
-      header   << Node.new("version", "0.9")
-      body     << data_block = Node.new("data_block")
-
-      data_block << encode_data(data, data_block)
-
-      return xml.to_s
-    end
+  class XmlProcessor
+    # Libxml
+    class Libxml < OpenSRS::XmlProcessor
+      include ::LibXML::XML
 
-    protected
+      # First, builds REXML elements for the inputted data. Then, it will
+      # go ahead and build the entire XML document to send to OpenSRS.
+      def self.build(data)
+        xml = Document.new
+        xml.root = envelope = Node.new('OPS_envelope')
 
-    def self.data_block_element(response)
-      doc = Parser.string(response).parse
-      return doc.find("//OPS_envelope/body/data_block/*")
-    end
+        envelope << header = Node.new('header')
+        envelope << body = Node.new('body')
+        header   << Node.new('version', '0.9')
+        body     << data_block = Node.new('data_block')
 
-    def self.decode_dt_array_data(element)
-      dt_array = []
+        data_block << encode_data(data, data_block)
 
-      element.children.each do |item|
-        next if item.empty?
-        dt_array[item.attributes["key"].to_i] = decode_data(item)
+        OpenSRS::SanitizableString.new(xml.to_s, sanitize(xml).to_s)
       end
 
-      return dt_array
-    end
+      def self.sanitize(doc)
+        # Before changing the iteration through the nodes, read:
+        # https://www.rubydoc.info/gems/libxml-ruby/LibXML/XML/Document#find-instance_method
 
-    def self.decode_dt_assoc_data(element)
-      dt_assoc = {}
+        username_nodes = doc.find("//item[@key='reg_username']")
+        username_nodes.each { |node| node.content = 'FILTERED' }
 
-      element.children.each do |item|
-        next if item.content.strip.empty?
-        dt_assoc[item.attributes["key"]] = decode_data(item)
+        password_nodes = doc.find("//item[@key='reg_password']")
+        password_nodes.each { |node| node.content = 'FILTERED' }
+
+        doc
       end
+      private_class_method :sanitize
 
-      return dt_assoc
-    end
+      def self.data_block_element(response)
+        doc = Parser.string(response).parse
+        doc.find('//OPS_envelope/body/data_block/*')
+      end
 
-    # Accepts two parameters but uses only one; to keep the interface same as other xml parser classes
-    # Is that a side effect of Template pattern?
-    #
-    def self.new_element(element_name, container)
-      return Node.new(element_name.to_s)
-    end
+      def self.decode_dt_array_data(element)
+        dt_array = []
+
+        element.children.each do |item|
+          next if item.empty?
+
+          dt_array[item.attributes['key'].to_i] = decode_data(item)
+        end
 
+        dt_array
+      end
+
+      def self.decode_dt_assoc_data(element)
+        dt_assoc = {}
+
+        element.children.each do |item|
+          next if item.content.strip.empty?
+
+          dt_assoc[item.attributes['key']] = decode_data(item)
+        end
+
+        dt_assoc
+      end
+
+      # Accepts two parameters but uses only one; to keep the interface same as other xml parser classes
+      # Is that a side effect of Template pattern?
+      #
+      def self.new_element(element_name, _container)
+        Node.new(element_name.to_s)
+      end
+    end
   end
-end
+end