probity 0.0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZjRlOGFjYmFjZWY3ODdjOTk0MTNlMzJmZDY1OTJiZjI0NjFhNjI1MA==
+  data.tar.gz: !binary |-
+    MTk3OWY0ZGZiY2FhNWFkNjU5MzZjZmI5MGM4Yzc5NzlhMDgyMjk1MA==
+SHA512:
+  metadata.gz: !binary |-
+    ODc2NTIzZTViMzRjOTQwYWY1NWUyNzNkMmJkZGRkZTFmYzBkODVmYzFjMzYw
+    ODJjYjM2ZjlkYTU4NzhhMTczZDI1Njg5NGM1MTk2YjVmMWEyMTE0OWNkYWY0
+    ZWMxNWQ2ODhlZGE0MWRiY2JhNDJlZDZjMzg1NDk1NjhhZTg5ZmM=
+  data.tar.gz: !binary |-
+    OTkxOWI1NzI2ZGUyYmVhMTZmZDc5Y2VhOTgzZWM3MzQzN2FjNjNiNmE3NDVk
+    NjhiYmYzNzU4YzY2NmJlNzVjMGQ5MjE1YTYyOGY5YjY3YmJiODE3Mzc2ZDNi
+    M2RlZDhhMGVjNWVmMDIzOWE4NDI3MmY5MmZiMmMxZDBhMTNkYzQ=

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in probity.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Medidata Solutions Worldwide
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,71 @@
+# Probity
+
+Even Rails can't be trusted not to produce malformed xml sometimes. Add this Rack middleware to the stack while you run your tests and it will monitor the responses you send, infer the appropriate validations based on content type, and raise if they fail.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'probity', git: 'git@github.com:mdsol/probity.git'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install probity
+
+## Usage
+
+Probity should only be included in your middleware stack when running in test/development mode. If you're using a conventional Rails app, for example, you could include it like so:
+
+```ruby
+# in config/environments/test.rb
+config.middleware.use(Probity::ResponseValidatorMiddleware)
+```
+
+Now, run your test scripts! If your app produces malformed responses, Probity will turn a passing test into a failing one by raising a parsing error in your server. Depending on your particular test setup, this might manifest in different ways, but as long as your tests are at all meaningful they at least shouldn't pass.
+
+## Configuration
+
+By default, Probity will validate the `application/xml` and `application/json` content types, and **raise** if it sees anything else. If you're serving something other than those two, such as html, you'll probably want to do
+
+```ruby
+middleware.use(Probity::ResponseValidatorMiddleware, missing_validator: :warn)
+#or
+middleware.use(Probity::ResponseValidatorMiddleware, missing_validator: :ignore)
+```
+
+A blank body is not valid JSON or XML. If you would like to special-case this as an allowable response, use
+
+```ruby
+middleware.use(Probity::ResponseValidatorMiddleware, blank_body: :ignore)
+```
+
+You can add validators for your content types with code like this:
+
+```ruby
+Probity.validators['application/hal+json'] = Proc.new do |body|
+	raise unless Halidator.new(body).valid?
+end
+```
+You can also override the default validators the same way:
+
+```ruby
+Probity.validators['application/xml'] = # Object that responds to .call(str)
+```
+
+## Validators
+
+The XML validator uses [Nokogiri](http://www.nokogiri.org/) in Strict Mode, while the JSON validator uses Ruby's built-in `JSON.parse`. Pull requests are welcome for more content types. 
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/probity/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/lib/probity.rb

@@ -0,0 +1,12 @@
+require 'probity/version'
+require 'probity/middleware'
+
+module Probity
+  def self.validators
+    @validators ||= {}
+  end
+end
+
+unless ENV['PROBITY_NO_AUTOLOAD']
+  Gem.find_files('probity/validators/*.rb').each { |f| require(f) }
+end

data/lib/probity/middleware.rb

@@ -0,0 +1,58 @@
+module Probity
+
+  class ResponseValidatorMiddleware
+
+    def initialize(app, options = {})
+      @app = app
+      @options = options
+    end
+
+    def call(env)
+      status, headers, response = @app.call(env)
+      content_type = response.respond_to?(:content_type) ? response.content_type : headers["Content-Type"]
+      validator = Probity.validators[content_type]
+      if validator
+        body = response.respond_to?(:body) ? response.body : response.join("")
+        validate(body, validator)
+      else
+        missing_validator(content_type)
+      end
+      [status, headers, response]
+    end
+
+    def validate(body, validator)
+      if blank_string?(body)
+        blank_body(body, validator)
+      else
+        validator.call(body)
+      end
+    end
+
+    def blank_string?(str)
+      ! str[/\S/]
+    end
+
+    def blank_body(body, validator)
+      case @options[:blank_body]
+      when nil, :validate
+        validator.call(body)
+      when :raise
+        raise 'Response with an empty body'
+      when :ignore
+      end
+    end
+
+    def missing_validator(content_type)
+      error = "No validator defined for #{content_type}. Fix this by putting `#{self.class}.validators['#{content_type}'] = Proc.new do |body| ... end` in a test initializer."
+      case @options[:missing_validator]
+      when nil, :raise
+        raise error
+      when :warn
+        warn(error)
+      when :ignore
+      end
+    end
+
+  end
+
+end

data/lib/probity/validators/json.rb

@@ -0,0 +1,5 @@
+require 'json'
+
+Probity.validators['application/json'] = Proc.new do |body|
+ JSON.parse(body)
+end

data/lib/probity/validators/xml.rb

@@ -0,0 +1,5 @@
+require 'nokogiri'
+
+Probity.validators['application/xml'] = Proc.new do |body|
+ Nokogiri::XML(body) { |config| config.options = Nokogiri::XML::ParseOptions::STRICT}
+end

data/lib/probity/version.rb

@@ -0,0 +1,3 @@
+module Probity
+  VERSION = "0.0.1"
+end

data/probity.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'probity/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'probity'
+  spec.version       = Probity::VERSION
+  spec.authors       = ['Aaron Weiner', 'Curtis White']
+  spec.email         = spec.authors.map{|name|name.sub(/(.).* (.*)/,'\1\2@mdsol.com')}
+  spec.summary       = %q{Rack middleware to test whether your app is producing valid json, xml, etc.}
+  spec.description   = %q{Even Rails can't be trusted not to produce malformed xml sometimes. Add this Rack middleware to the stack while you run your tests and it will monitor the responses you send, infer the appropriate validations based on content type, and raise if they fail.}
+  spec.homepage      = 'https://github.com/mdsol/probity'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rspec'
+
+  spec.add_dependency 'nokogiri'
+
+end

data/spec/middleware_spec.rb

@@ -0,0 +1,141 @@
+require 'probity'
+
+describe(Probity::ResponseValidatorMiddleware) do
+
+  context 'missing a validator for the content type' do
+
+    before do
+      @inner_app = double
+      @response = double
+      allow(@response).to receive(:content_type).and_return('magic')
+      allow(@inner_app).to receive(:call).and_return([200, {}, @response])
+    end
+
+    it 'raises by default' do
+      app = described_class.new(@inner_app)
+      expect{app.call({})}.to raise_error(RuntimeError, /No validator defined for magic/)
+    end
+
+    it 'warns when passed {missing_validator: :warn}' do
+      app = described_class.new(@inner_app, missing_validator: :warn)
+      expect_any_instance_of(Object).to receive(:warn).once
+      expect{app.call({})}.not_to raise_error
+    end
+
+    it 'does nothing when passed ignore' do
+      app = described_class.new(@inner_app, missing_validator: :ignore)
+      expect_any_instance_of(Object).not_to receive(:warn)
+      expect{app.call({})}.not_to raise_error
+    end
+
+    context "with an array of json strings as the body" do
+      before do
+        @body = [
+          JSON.pretty_generate( {'errors' => {'authentication' => ['Unauthorized']}} ),
+          JSON.pretty_generate( {'warning' => "warning"} )
+        ]
+
+        allow(@response).to receive(:content_type).and_return('magic')
+        allow(@response).to receive(:body).and_return(@body)
+        allow(@inner_app).to receive(:call).and_return([401, {'Content-Type' => 'magic'}, @body])
+      end
+
+      it 'raises by default' do
+        app = described_class.new(@inner_app)
+        expect{app.call({})}.to raise_error(RuntimeError, /No validator defined for magic/)
+      end
+
+      it 'warns when passed {missing_validator: :warn}' do
+        app = described_class.new(@inner_app, missing_validator: :warn)
+        expect_any_instance_of(Object).to receive(:warn).once
+        expect{app.call({})}.not_to raise_error
+      end
+
+      it 'does nothing when passed ignore' do
+        app = described_class.new(@inner_app, missing_validator: :ignore)
+        expect_any_instance_of(Object).not_to receive(:warn)
+        expect{app.call({})}.not_to raise_error
+      end
+
+    end
+
+  end
+
+  context 'with an appropriate validator' do
+
+    before do
+      @inner_app = double
+      @response = double
+      @body = 'some_body'
+      allow(@response).to receive(:content_type).and_return('application/json')
+      allow(@response).to receive(:body).and_return(@body)
+      allow(@inner_app).to receive(:call).and_return([201,{'foo' => 'bar'},@response])
+    end
+
+    it 'calls the appropriate validator' do
+      expect(Probity.validators['application/json']).to receive(:call).with(@body)
+      expect(Probity.validators['application/xml']).not_to receive(:call)
+      app = described_class.new(@inner_app)
+      app.call({})
+    end
+
+    it 'passes the response through transparently if no error is raised by the validator' do
+      allow(Probity.validators['application/json']).to receive(:call).and_return(nil)
+      app = described_class.new(@inner_app)
+      expect(app.call({})).to eq([201,{'foo' => 'bar'},@response])
+    end
+
+    context 'with an empty body' do
+
+      before do
+        @inner_app = double
+        @response = double
+        @body = ''
+        allow(@response).to receive(:content_type).and_return('application/json')
+        allow(@response).to receive(:body).and_return(@body)
+        allow(@inner_app).to receive(:call).and_return([201,{'foo' => 'bar'},@response])
+      end
+
+      it 'validates as normal by default' do
+        expect(Probity.validators['application/json']).to receive(:call).with(@body)
+        app = described_class.new(@inner_app)
+        app.call({})
+      end
+
+      it 'raises when passed {blank_body: :raise}' do
+        expect(Probity.validators['application/json']).not_to receive(:call)
+        app = described_class.new(@inner_app, blank_body: :raise)
+        expect{app.call({})}.to raise_error(/Response with an empty body/)
+      end
+
+      it 'skips validation when passed {blank_body: :ignore}' do
+        expect(Probity.validators['application/json']).not_to receive(:call)
+        app = described_class.new(@inner_app, blank_body: :ignore)
+        expect{app.call({})}.not_to raise_error
+      end
+
+    end
+
+    context "with an array of json strings as the body" do
+      before do
+        @body = [
+          JSON.pretty_generate( {'errors' => {'authentication' => ['Unauthorized']}} ),
+          JSON.pretty_generate( {'warning' => "warning"} )
+        ]
+
+        allow(@response).to receive(:content_type).and_return('application/json')
+        allow(@response).to receive(:body).and_return(@body)
+        allow(@inner_app).to receive(:call).and_return([401, {'Content-Type' => 'application/json'}, @body])
+      end
+
+      it 'validates the joined json strings by default' do
+        expect(Probity.validators['application/json']).to receive(:call).with(@body.join(""))
+        app = described_class.new(@inner_app)
+        app.call({})
+      end
+
+    end
+
+  end
+
+end

data/spec/validators/json_spec.rb

@@ -0,0 +1,24 @@
+require 'probity'
+
+describe "Probity's built-in json validator" do
+
+  it 'is callable' do
+    expect(Probity.validators['application/json']).to respond_to(:call)
+  end
+
+  it 'does not raise on valid json' do
+    valid_json = <<-'JSON'
+    {"fruit": [
+      {"name": "apple",
+      "number": 3}
+      ]
+    }
+    JSON
+    expect{Probity.validators['application/json'].call(valid_json)}.not_to raise_error
+  end
+
+  it 'raises an error on invalid json' do
+    expect{Probity.validators['application/json'].call('{"fruit":[,{"name":"apple","number":3}]}')}.to raise_error
+  end
+
+end

data/spec/validators/xml_spec.rb

@@ -0,0 +1,27 @@
+require 'probity'
+
+describe "Probity's built-in xml validator" do
+
+  it 'is callable' do
+    expect(Probity.validators['application/xml']).to respond_to(:call)
+  end
+
+  it 'does not raise on valid xml' do
+    valid_xml = <<-'XML'
+<?xml version="1.0"?>
+<?xml-stylesheet href="example.xsl" type="text/xsl"?>
+<!DOCTYPE example SYSTEM "example.dtd">
+<fruit>
+   <apple color="red" image="red_apple_1.jpg">
+      <condition>Fresh</condition>
+   </apple>
+</fruit>
+    XML
+    expect{Probity.validators['application/xml'].call(valid_xml)}.not_to raise_error
+  end
+
+  it 'raises an error on invalid xml' do
+    expect{Probity.validators['application/xml'].call('<a></b>')}.to raise_error
+  end
+
+end

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: probity
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Aaron Weiner
+- Curtis White
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-05-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Even Rails can't be trusted not to produce malformed xml sometimes. Add
+  this Rack middleware to the stack while you run your tests and it will monitor the
+  responses you send, infer the appropriate validations based on content type, and
+  raise if they fail.
+email:
+- AWeiner@mdsol.com
+- CWhite@mdsol.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE.txt
+- README.md
+- lib/probity.rb
+- lib/probity/middleware.rb
+- lib/probity/validators/json.rb
+- lib/probity/validators/xml.rb
+- lib/probity/version.rb
+- probity.gemspec
+- spec/middleware_spec.rb
+- spec/validators/json_spec.rb
+- spec/validators/xml_spec.rb
+homepage: https://github.com/mdsol/probity
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.10
+signing_key: 
+specification_version: 4
+summary: Rack middleware to test whether your app is producing valid json, xml, etc.
+test_files:
+- spec/middleware_spec.rb
+- spec/validators/json_spec.rb
+- spec/validators/xml_spec.rb
+has_rdoc: