qoobaa-rack 1.0.0.1

data/test/cgi/lighttpd.conf

@@ -0,0 +1,20 @@
+server.modules = ("mod_fastcgi", "mod_cgi")
+server.document-root = "."
+server.errorlog = "lighttpd.errors"
+server.port = 9203
+
+server.event-handler = "select"
+
+cgi.assign = ("/test" => "",
+#              ".ru" => ""
+             )
+
+fastcgi.server = ("test.fcgi" => ("localhost" =>
+                    ("min-procs" => 1,
+                     "socket" => "/tmp/rack-test-fcgi",
+                     "bin-path" => "test.fcgi")),
+                  "test.ru" => ("localhost" =>
+                    ("min-procs" => 1,
+                     "socket" => "/tmp/rack-test-ru-fcgi",
+                     "bin-path" => "test.ru")),
+                 )

data/test/cgi/test

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+# -*- ruby -*-
+
+$: << File.join(File.dirname(__FILE__), "..", "..", "lib")
+
+require 'rack'
+require '../testrequest'
+
+Rack::Handler::CGI.run(Rack::Lint.new(TestRequest.new))

data/test/cgi/test.fcgi

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# -*- ruby -*-
+
+$:.unshift '../../lib'
+require 'rack'
+require '../testrequest'
+
+Rack::Handler::FastCGI.run(Rack::Lint.new(TestRequest.new))

data/test/cgi/test.ru

@@ -0,0 +1,7 @@
+#!/usr/bin/env ../../bin/rackup
+#\ -E deployment -I ../../lib
+# -*- ruby -*-
+
+require '../testrequest'
+
+run TestRequest.new

data/test/multipart/empty

@@ -0,0 +1,10 @@
+--AaB03x
+Content-Disposition: form-data; name="submit-name"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="file1.txt"
+Content-Type: text/plain
+
+
+--AaB03x--

data/test/multipart/file1.txt

@@ -0,0 +1 @@
+contents

data/test/multipart/ie

@@ -0,0 +1,6 @@
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="C:\Documents and Settings\Administrator\Desktop\file1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/multipart/nested

@@ -0,0 +1,10 @@
+--AaB03x
+Content-Disposition: form-data; name="foo[submit-name]"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="foo[files]"; filename="file1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/multipart/none

@@ -0,0 +1,9 @@
+--AaB03x
+Content-Disposition: form-data; name="submit-name"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="files"; filename=""
+
+
+--AaB03x--

data/test/multipart/text

@@ -0,0 +1,10 @@
+--AaB03x
+Content-Disposition: form-data; name="submit-name"
+
+Larry
+--AaB03x
+Content-Disposition: form-data; name="files"; filename="file1.txt"
+Content-Type: text/plain
+
+contents
+--AaB03x--

data/test/spec_rack_auth_basic.rb

@@ -0,0 +1,73 @@
+require 'test/spec'
+
+require 'rack/auth/basic'
+require 'rack/mock'
+
+context 'Rack::Auth::Basic' do
+
+  def realm
+    'WallysWorld'
+  end
+  
+  def unprotected_app
+    lambda { |env| [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ] }
+  end
+  
+  def protected_app
+    app = Rack::Auth::Basic.new(unprotected_app) { |username, password| 'Boss' == username }
+    app.realm = realm
+    app
+  end
+
+  setup do
+    @request = Rack::MockRequest.new(protected_app)
+  end
+
+  def request_with_basic_auth(username, password, &block)
+    request 'HTTP_AUTHORIZATION' => 'Basic ' + ["#{username}:#{password}"].pack("m*"), &block
+  end
+
+  def request(headers = {})
+    yield @request.get('/', headers)
+  end
+
+  def assert_basic_auth_challenge(response)
+    response.should.be.a.client_error
+    response.status.should.equal 401
+    response.should.include 'WWW-Authenticate'
+    response.headers['WWW-Authenticate'].should =~ /Basic realm="#{Regexp.escape(realm)}"/
+    response.body.should.be.empty
+  end
+
+  specify 'should challenge correctly when no credentials are specified' do
+    request do |response|
+      assert_basic_auth_challenge response
+    end
+  end
+
+  specify 'should rechallenge if incorrect credentials are specified' do
+    request_with_basic_auth 'joe', 'password' do |response|
+      assert_basic_auth_challenge response
+    end
+  end
+
+  specify 'should return application output if correct credentials are specified' do
+    request_with_basic_auth 'Boss', 'password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Boss'
+    end
+  end
+  
+  specify 'should return 400 Bad Request if different auth scheme used' do
+    request 'HTTP_AUTHORIZATION' => 'Digest params' do |response|
+      response.should.be.a.client_error
+      response.status.should.equal 400
+      response.should.not.include 'WWW-Authenticate'
+    end
+  end
+
+  specify 'realm as optional constructor arg' do
+    app = Rack::Auth::Basic.new(unprotected_app, realm) { true }
+    assert_equal realm, app.realm
+  end
+end

data/test/spec_rack_auth_digest.rb

@@ -0,0 +1,226 @@
+require 'test/spec'
+
+require 'rack/auth/digest/md5'
+require 'rack/mock'
+
+context 'Rack::Auth::Digest::MD5' do
+
+  def realm
+    'WallysWorld'
+  end
+
+  def unprotected_app
+    lambda do |env|
+      [ 200, {'Content-Type' => 'text/plain'}, ["Hi #{env['REMOTE_USER']}"] ]
+    end
+  end
+
+  def protected_app
+    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
+      { 'Alice' => 'correct-password' }[username]
+    end
+    app.realm = realm
+    app.opaque = 'this-should-be-secret'
+    app
+  end
+
+  def protected_app_with_hashed_passwords
+    app = Rack::Auth::Digest::MD5.new(unprotected_app) do |username|
+      username == 'Alice' ? Digest::MD5.hexdigest("Alice:#{realm}:correct-password") : nil
+    end
+    app.realm = realm
+    app.opaque = 'this-should-be-secret'
+    app.passwords_hashed = true
+    app
+  end
+
+  def partially_protected_app
+    Rack::URLMap.new({
+      '/' => unprotected_app,
+      '/protected' => protected_app
+    })
+  end
+
+  def protected_app_with_method_override
+    Rack::MethodOverride.new(protected_app)
+  end
+
+  setup do
+    @request = Rack::MockRequest.new(protected_app)
+  end
+
+  def request(method, path, headers = {}, &block)
+    response = @request.request(method, path, headers)
+    block.call(response) if block
+    return response
+  end
+
+  class MockDigestRequest
+    def initialize(params)
+      @params = params
+    end
+    def method_missing(sym)
+      if @params.has_key? k = sym.to_s
+        return @params[k]
+      end
+      super
+    end
+    def method
+      @params['method']
+    end
+    def response(password)
+      Rack::Auth::Digest::MD5.new(nil).send :digest, self, password
+    end
+  end
+
+  def request_with_digest_auth(method, path, username, password, options = {}, &block)
+    request_options = {}
+    request_options[:input] = options.delete(:input) if options.include? :input
+
+    response = request(method, path, request_options)
+
+    return response unless response.status == 401
+
+    if wait = options.delete(:wait)
+      sleep wait
+    end
+
+    challenge = response['WWW-Authenticate'].split(' ', 2).last
+
+    params = Rack::Auth::Digest::Params.parse(challenge)
+
+    params['username'] = username
+    params['nc'] = '00000001'
+    params['cnonce'] = 'nonsensenonce'
+    params['uri'] = path
+
+    params['method'] = method
+
+    params.update options
+
+    params['response'] = MockDigestRequest.new(params).response(password)
+
+    request(method, path, request_options.merge('HTTP_AUTHORIZATION' => "Digest #{params}"), &block)
+  end
+
+  def assert_digest_auth_challenge(response)
+    response.should.be.a.client_error
+    response.status.should.equal 401
+    response.should.include 'WWW-Authenticate'
+    response.headers['WWW-Authenticate'].should =~ /^Digest /
+    response.body.should.be.empty
+  end
+
+  def assert_bad_request(response)
+    response.should.be.a.client_error
+    response.status.should.equal 400
+    response.should.not.include 'WWW-Authenticate'
+  end
+
+  specify 'should challenge when no credentials are specified' do
+    request 'GET', '/' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  specify 'should return application output if correct credentials given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  specify 'should return application output if correct credentials given (hashed passwords)' do
+    @request = Rack::MockRequest.new(protected_app_with_hashed_passwords)
+
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  specify 'should rechallenge if incorrect username given' do
+    request_with_digest_auth 'GET', '/', 'Bob', 'correct-password' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  specify 'should rechallenge if incorrect password given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'wrong-password' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  specify 'should rechallenge with stale parameter if nonce is stale' do
+    begin
+      Rack::Auth::Digest::Nonce.time_limit = 1
+
+      request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', :wait => 2 do |response|
+        assert_digest_auth_challenge response
+        response.headers['WWW-Authenticate'].should =~ /\bstale=true\b/
+      end
+    ensure
+      Rack::Auth::Digest::Nonce.time_limit = nil
+    end
+  end
+
+  specify 'should return 400 Bad Request if incorrect qop given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'qop' => 'auth-int' do |response|
+      assert_bad_request response
+    end
+  end
+
+  specify 'should return 400 Bad Request if incorrect uri given' do
+    request_with_digest_auth 'GET', '/', 'Alice', 'correct-password', 'uri' => '/foo' do |response|
+      assert_bad_request response
+    end
+  end
+
+  specify 'should return 400 Bad Request if different auth scheme used' do
+    request 'GET', '/', 'HTTP_AUTHORIZATION' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' do |response|
+      assert_bad_request response
+    end
+  end
+
+  specify 'should not require credentials for unprotected path' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request 'GET', '/' do |response|
+      response.should.be.ok
+    end
+  end
+
+  specify 'should challenge when no credentials are specified for protected path' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request 'GET', '/protected' do |response|
+      assert_digest_auth_challenge response
+    end
+  end
+
+  specify 'should return application output if correct credentials given for protected path' do
+    @request = Rack::MockRequest.new(partially_protected_app)
+    request_with_digest_auth 'GET', '/protected', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  specify 'should return application output if correct credentials given for POST' do
+    request_with_digest_auth 'POST', '/', 'Alice', 'correct-password' do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  specify 'should return application output if correct credentials given for PUT (using method override of POST)' do
+    @request = Rack::MockRequest.new(protected_app_with_method_override)
+    request_with_digest_auth 'POST', '/', 'Alice', 'correct-password', :input => "_method=put" do |response|
+      response.status.should.equal 200
+      response.body.to_s.should.equal 'Hi Alice'
+    end
+  end
+
+  specify 'realm as optional constructor arg' do
+    app = Rack::Auth::Digest::MD5.new(unprotected_app, realm) { true }
+    assert_equal realm, app.realm
+  end
+end

data/test/spec_rack_auth_openid.rb

@@ -0,0 +1,84 @@
+require 'test/spec'
+
+begin
+# requires the ruby-openid gem
+require 'rack/auth/openid'
+
+context "Rack::Auth::OpenID" do
+  OID = Rack::Auth::OpenID
+  host = 'host'
+  subd = 'sub.host'
+  wild = '*.host'
+  path = 'path'
+  long = 'path/long'
+  scheme = 'http://'
+  realm = scheme+host+'/'+path
+
+  specify 'realm uri should be valid' do
+    lambda{OID.new('/'+path)}.should.raise ArgumentError
+    lambda{OID.new('/'+long)}.should.raise ArgumentError
+    lambda{OID.new(scheme+host)}.should.not.raise
+    lambda{OID.new(scheme+host+'/')}.should.not.raise
+    lambda{OID.new(scheme+host+'/'+path)}.should.not.raise
+    lambda{OID.new(scheme+subd)}.should.not.raise
+    lambda{OID.new(scheme+subd+'/')}.should.not.raise
+    lambda{OID.new(scheme+subd+'/'+path)}.should.not.raise
+  end
+
+  specify 'should be able to check if a uri is within the realm' do
+  end
+
+  specify 'return_to should be valid' do
+    uri = '/'+path
+    lambda{OID.new(realm, :return_to=>uri)}.should.raise ArgumentError
+    uri = '/'+long
+    lambda{OID.new(realm, :return_to=>uri)}.should.raise ArgumentError
+    uri = scheme+host
+    lambda{OID.new(realm, :return_to=>uri)}.should.raise ArgumentError
+    uri = scheme+host+'/'+path
+    lambda{OID.new(realm, :return_to=>uri)}.should.not.raise
+    uri = scheme+subd+'/'+path
+    lambda{OID.new(realm, :return_to=>uri)}.should.raise ArgumentError
+    uri = scheme+host+'/'+long
+    lambda{OID.new(realm, :return_to=>uri)}.should.not.raise
+    uri = scheme+subd+'/'+long
+    lambda{OID.new(realm, :return_to=>uri)}.should.raise ArgumentError
+  end
+
+  specify 'extensions should have required constants defined' do
+    badext = Rack::Auth::OpenID::BadExtension
+    ext = Object.new
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext = Module.new
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::Request = nil
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::Response = nil
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::NS_URI = nil
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+  end
+
+  specify 'extensions should have Request and Response defined and inherit from OpenID::Extension' do
+    $-w, w = nil, $-w               # yuck
+    badext = Rack::Auth::OpenID::BadExtension
+    ext = Module.new
+    ext::Request = nil
+    ext::Response = nil
+    ext::NS_URI = nil
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::Request = Class.new()
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::Response = Class.new()
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::Request = Class.new(::OpenID::Extension)
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    ext::Response = Class.new(::OpenID::Extension)
+    lambda{OID.new(realm).add_extension(ext)}.should.raise(badext)
+    $-w = w
+  end
+end
+
+rescue LoadError
+  $stderr.puts "Skipping Rack::Auth::OpenID tests (ruby-openid 2 is required). `gem install ruby-openid` and try again."
+end

data/test/spec_rack_builder.rb

@@ -0,0 +1,84 @@
+require 'test/spec'
+
+require 'rack/builder'
+require 'rack/mock'
+require 'rack/showexceptions'
+require 'rack/auth/basic'
+
+context "Rack::Builder" do
+  specify "chains apps by default" do
+    app = Rack::Builder.new do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end.to_app
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  specify "has implicit #to_app" do
+    app = Rack::Builder.new do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  specify "supports blocks on use" do
+    app = Rack::Builder.new do
+      use Rack::ShowExceptions
+      use Rack::Auth::Basic do |username, password|
+        'secret' == password
+      end
+
+      run lambda { |env| [200, {}, ['Hi Boss']] }
+    end
+
+    response = Rack::MockRequest.new(app).get("/")
+    response.should.be.client_error
+    response.status.should.equal 401
+
+    # with auth...
+    response = Rack::MockRequest.new(app).get("/", 
+        'HTTP_AUTHORIZATION' => 'Basic ' + ["joe:secret"].pack("m*"))
+    response.status.should.equal 200
+    response.body.to_s.should.equal 'Hi Boss'
+  end
+
+  specify "has explicit #to_app" do
+    app = Rack::Builder.app do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  specify "apps are initialized once" do
+    app = Rack::Builder.new do
+      class AppClass
+        def initialize
+          @called = 0
+        end
+        def call(env)
+          raise "bzzzt"  if @called > 0
+        @called += 1
+          [200, {'Content-Type' => 'text/plain'}, ['OK']]
+        end
+      end
+
+      use Rack::ShowExceptions
+      run AppClass.new
+    end
+
+    Rack::MockRequest.new(app).get("/").status.should.equal 200
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+end

data/test/spec_rack_camping.rb

@@ -0,0 +1,51 @@
+require 'test/spec'
+require 'stringio'
+require 'uri'
+
+begin
+  require 'rack/mock'
+
+  $-w, w = nil, $-w               # yuck
+  require 'camping'
+  require 'rack/adapter/camping'
+
+  Camping.goes :CampApp
+  module CampApp
+    module Controllers
+      class HW < R('/')
+        def get
+          @headers["X-Served-By"] = URI("http://rack.rubyforge.org")
+          "Camping works!"
+        end
+
+        def post
+          "Data: #{input.foo}"
+        end
+      end
+    end
+  end
+  $-w = w
+
+  context "Rack::Adapter::Camping" do
+    specify "works with GET" do
+      res = Rack::MockRequest.new(Rack::Adapter::Camping.new(CampApp)).
+        get("/")
+
+      res.should.be.ok
+      res["Content-Type"].should.equal "text/html"
+      res["X-Served-By"].should.equal "http://rack.rubyforge.org"
+
+      res.body.should.equal "Camping works!"
+    end
+
+    specify "works with POST" do
+      res = Rack::MockRequest.new(Rack::Adapter::Camping.new(CampApp)).
+        post("/", :input => "foo=bar")
+
+      res.should.be.ok
+      res.body.should.equal "Data: bar"
+    end
+  end
+rescue LoadError
+  $stderr.puts "Skipping Rack::Adapter::Camping tests (Camping is required). `gem install camping` and try again."
+end

data/test/spec_rack_cascade.rb

@@ -0,0 +1,48 @@
+require 'test/spec'
+
+require 'rack/cascade'
+require 'rack/mock'
+
+require 'rack/urlmap'
+require 'rack/file'
+
+context "Rack::Cascade" do
+  docroot = File.expand_path(File.dirname(__FILE__))
+  app1 = Rack::File.new(docroot)
+
+  app2 = Rack::URLMap.new("/crash" => lambda { |env| raise "boom" })
+
+  app3 = Rack::URLMap.new("/foo" => lambda { |env|
+                            [200, { "Content-Type" => "text/plain"}, [""]]})
+
+  specify "should dispatch onward on 404 by default" do
+    cascade = Rack::Cascade.new([app1, app2, app3])
+    Rack::MockRequest.new(cascade).get("/cgi/test").should.be.ok
+    Rack::MockRequest.new(cascade).get("/foo").should.be.ok
+    Rack::MockRequest.new(cascade).get("/toobad").should.be.not_found
+    Rack::MockRequest.new(cascade).get("/cgi/../bla").should.be.forbidden
+  end
+
+  specify "should dispatch onward on whatever is passed" do
+    cascade = Rack::Cascade.new([app1, app2, app3], [404, 403])
+    Rack::MockRequest.new(cascade).get("/cgi/../bla").should.be.not_found
+  end
+
+  specify "should return 404 if empty" do
+    Rack::MockRequest.new(Rack::Cascade.new([])).get('/').should.be.not_found
+  end
+
+  specify "should append new app" do
+    cascade = Rack::Cascade.new([], [404, 403])
+    Rack::MockRequest.new(cascade).get('/').should.be.not_found
+    cascade << app2
+    Rack::MockRequest.new(cascade).get('/cgi/test').should.be.not_found
+    Rack::MockRequest.new(cascade).get('/cgi/../bla').should.be.not_found
+    cascade << app1
+    Rack::MockRequest.new(cascade).get('/cgi/test').should.be.ok
+    Rack::MockRequest.new(cascade).get('/cgi/../bla').should.be.forbidden
+    Rack::MockRequest.new(cascade).get('/foo').should.be.not_found
+    cascade << app3
+    Rack::MockRequest.new(cascade).get('/foo').should.be.ok
+  end
+end