rack-wwwhisper 1.0.2.pre → 1.0.3.pre

data/lib/rack/wwwhisper.rb

@@ -24,6 +24,14 @@ class WWWhisper
 
   def initialize(app)
     @app = app
+
+    if ENV['WWWHISPER_DISABLE'] == "1"
+      def self.call(env)
+        @app.call(env)
+      end
+      return
+    end
+
     if not ENV['WWWHISPER_URL']
       raise StandardError, 'WWWHISPER_URL environment variable not set'
     end
@@ -79,9 +87,7 @@ class WWWhisper
   end
 
   def call(env)
-    req = Rack::Request.new(env)
-
-    normalize_path req
+    req = Request.new(env)
 
     if req.path =~ %r{^#{@@WWWHISPER_PREFIX}auth}
       # Requests to /@@WWWHISPER_PREFIX/auth/ should not be authorized,
@@ -94,10 +100,12 @@ class WWWhisper
 
     if auth_resp.code == '200'
       debug req, 'access granted'
+      env['REMOTE_USER'] = auth_resp['User']
       status, headers, body = dispatch(req)
       if should_inject_iframe(status, headers)
         body = inject_iframe(headers, body)
       end
+      headers['User'] = auth_resp['User']
       [status, headers, body]
     else
       debug req, {
@@ -110,13 +118,51 @@ class WWWhisper
 
   private
 
-  def debug(req, message)
-    req.logger.debug "wwwhisper #{message}" if req.logger
+  class Request < Rack::Request
+    def initialize(env)
+      super(env)
+      normalize_path
+    end
+
+    def scheme
+      env['HTTP_X_FORWARDED_PROTO'] || 'http'
+    end
+
+    def host
+      env['HTTP_HOST']
+    end
+
+    def port
+      env['HTTP_X_FORWARDED_PORT'] || default_port(scheme)
+    end
+
+    def site_url
+      port_str = port != default_port(scheme) ? ":#{port}" : ""
+      "#{scheme}://#{host}#{port_str}"
+    end
+
+    private
+    def normalize_path()
+      self.script_name =
+        Addressable::URI.normalize_path(script_name).squeeze('/')
+      self.path_info =
+        Addressable::URI.normalize_path(path_info).squeeze('/')
+      # Avoid /foo/ /bar being combined into /foo//bar
+      if self.path_info[0] == ?/
+        self.script_name.chomp!('/')
+      end
+    end
+
+    def default_port(proto)
+      {
+        'http' => 80,
+        'https' => 443,
+      }[proto]
+    end
   end
 
-  def normalize_path(req)
-    req.script_name = Addressable::URI.normalize_path(req.script_name)
-    req.path_info = Addressable::URI.normalize_path(req.path_info)
+  def debug(req, message)
+    req.logger.debug "wwwhisper #{message}" if req.logger
   end
 
   def parse_uri(uri)
@@ -127,30 +173,6 @@ class WWWhisper
     parsed_uri
   end
 
-  def default_port(proto)
-    {
-      'http' => 80,
-      'https' => 443,
-    }[proto]
-  end
-
-  def proto_host_port(env)
-    proto = env['HTTP_X_FORWARDED_PROTO'] || 'http'
-    return proto,
-    env['HTTP_HOST'],
-    env['HTTP_X_FORWARDED_PORT'] || default_port(proto)
-  end
-
-  def site_url(env)
-    proto, host, port = proto_host_port(env)
-    port_str = if port != default_port(proto)
-                 ":#{port}"
-               else
-                 ''
-               end
-    "#{proto}://#{host}#{port_str}"
-  end
-
   def http_init(connection_id)
     http = Net::HTTP::Persistent.new(connection_id)
     store = OpenSSL::X509::Store.new()
@@ -164,7 +186,7 @@ class WWWhisper
     path = @aliases[path] || path
     sub_req = Net::HTTP.const_get(method).new(path)
     copy_headers(config[:forwarded_headers], rack_req.env, sub_req)
-    sub_req['Site-Url'] = site_url(rack_req.env) if config[:send_site_url]
+    sub_req['Site-Url'] = rack_req.site_url if config[:send_site_url]
     uri = config[:uri]
     sub_req.basic_auth(uri.user, uri.password) if uri.user and uri.password
     sub_req
@@ -198,20 +220,23 @@ class WWWhisper
       if header == 'Location'
         location = Addressable::URI.parse(value)
         location.scheme, location.host, location.port =
-          proto_host_port(rack_req.env)
+          rack_req.scheme, rack_req.host, rack_req.port
         value = location.to_s
       end
-      rack_headers[header] = value
+      # If sub request returned chunked response, remove the header
+      # (chunks will be combined and returned with 'Content-Length).
+      rack_headers[header] = value if header != 'Transfer-Encoding'
     end
     return rack_headers
   end
 
   def sub_response_to_rack(rack_req, sub_resp)
-    [
-     sub_resp.code.to_i,
-     sub_response_headers_to_rack(rack_req, sub_resp),
-     [(sub_resp.read_body() or '')]
-    ]
+    headers = sub_response_headers_to_rack(rack_req, sub_resp)
+    body = sub_resp.read_body() || ''
+    if body.length and not headers['Content-Length']
+      headers['Content-Length'] = Rack::Utils::bytesize(body).to_s
+    end
+    [ sub_resp.code.to_i, headers, [body] ]
   end
 
   def wwwhisper_auth_request(req)
@@ -237,6 +262,8 @@ class WWWhisper
     body.each { |part|
       total << part
     }
+    body.close if body.respond_to?(:close)
+
     total = total.join()
     if idx = total.rindex('</body>')
       total.insert(idx, @wwwhisper_iframe)
@@ -269,6 +296,6 @@ class WWWhisper
     end
   end
 
-end
+end # class WWWhisper
 
-end
+end # module

data/test/test_wwwhisper.rb

@@ -11,14 +11,20 @@ require 'rack/wwwhisper'
 
 ENV['RACK_ENV'] = 'test'
 
+TEST_USER = 'foo@example.com'
+
 class MockBackend
+  include Test::Unit::Assertions
   attr_accessor :response
 
-  def initialize()
+  def initialize(email)
     @response = [200, {'Content-Type' => 'text/html'}, ['Hello World']]
+    @expected_email = email
   end
 
   def call(env)
+    # Make sure remote user is set by wwwhisper.
+    assert_equal @expected_email, env['REMOTE_USER']
     @response
   end
 end
@@ -32,7 +38,8 @@ class TestWWWhisper < Test::Unit::TestCase
   SITE_PORT = 443
 
   def setup()
-    @backend = MockBackend.new()
+    @backend = MockBackend.new(TEST_USER)
+    ENV.delete('WWWHISPER_DISABLE')
     ENV['WWWHISPER_URL'] = WWWHISPER_URL
     ENV['WWWHISPER_ASSETS_URL'] = WWWHISPER_ASSETS_URL
     @wwwhisper = Rack::WWWhisper.new(@backend)
@@ -69,14 +76,19 @@ class TestWWWhisper < Test::Unit::TestCase
                  @wwwhisper.auth_query('/foo/bar'))
   end
 
+  def granted()
+    {:status => 200, :body => '', :headers => {'User' => TEST_USER}}
+  end
+
   def test_request_allowed
     path = '/foo/bar'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
 
     get path
     assert last_response.ok?
     assert_equal 'Hello World', last_response.body
+    assert_equal TEST_USER, last_response['User']
     assert_requested :get, full_url(@wwwhisper.auth_query(path))
   end
 
@@ -107,7 +119,7 @@ class TestWWWhisper < Test::Unit::TestCase
   def test_iframe_injected_to_html_response
     path = '/foo/bar'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
     # wwwhisper iframe is injected only when response is a html document
     # with <body></body>
     body = '<html><body>Hello World</body></html>'
@@ -122,7 +134,7 @@ class TestWWWhisper < Test::Unit::TestCase
   def test_iframe_not_injected_to_non_html_response
     path = '/foo/bar'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
     body = '<html><body>Hello World</body></html>'
     @backend.response= [200, {'Content-Type' => 'text/plain'}, [body]]
 
@@ -132,6 +144,18 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_requested :get, full_url(@wwwhisper.auth_query(path))
   end
 
+  def test_response_body_combined
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(granted())
+    @backend.response= [200, {'Content-Type' => 'text/html'},
+                        ['abc', 'def', 'ghi']]
+    get path
+    assert last_response.ok?
+    assert_equal('abcdefghi', last_response.body)
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
   def test_auth_query_not_sent_for_login_request
     path = '/wwwhisper/auth/api/login'
     stub_request(:get, full_url(path)).
@@ -146,7 +170,7 @@ class TestWWWhisper < Test::Unit::TestCase
     path = '/foo/bar'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
       with(:headers => {'Cookie' => /wwwhisper_auth.+wwwhisper_csrf.+/}).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
 
     get(path, {},
         {'HTTP_COOKIE' => 'wwwhisper_auth=xyz; wwwhisper_csrf_token=abc'})
@@ -157,7 +181,7 @@ class TestWWWhisper < Test::Unit::TestCase
 
   def assert_path_normalized(normalized, requested, script_name=nil)
     stub_request(:get, full_url(@wwwhisper.auth_query(normalized))).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
 
     env = script_name ? { 'SCRIPT_NAME' => script_name } : {}
     get(requested, {}, env)
@@ -179,12 +203,8 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_path_normalized '/', '/./././'
     assert_path_normalized '/bar', '/foo/./bar/../../bar'
     assert_path_normalized '/foo/', '/foo/bar/..'
-
-    # These two do not seem to be handled correctly and consistency,
-    # but this is not a big issue, because wwwhisper rejects such
-    # paths.
-    assert_path_normalized '/foo//', '/foo//'
-    assert_path_normalized '//', '/./././/'
+    assert_path_normalized '/foo/', '/foo/'
+    assert_path_normalized '/', '/./././/'
   end
 
   def test_path_normalization_with_script_name
@@ -194,16 +214,14 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_path_normalized '/baz/bar/hello', '/bar/hello', '/foo/../baz'
 
     assert_path_normalized '/foo/baz/bar/hello', 'bar/hello', '/foo/./baz'
-
-    # Not handled too well (see comment above).
-    assert_path_normalized '/foo//', '/', '/foo/'
-    assert_path_normalized '//bar/hello', '/bar/hello', '/foo/..'
+    assert_path_normalized '/foo/', '/', '/foo/'
+    assert_path_normalized '/bar/hello', '/bar/hello', '/foo/..'
   end
 
   def test_admin_request
     path = '/wwwhisper/admin/api/users/xyz'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
     stub_request(:delete, full_url(path)).
       # Test that a header with multiple '-' is correctly passed
       with(:headers => {'X-Requested-With' => 'XMLHttpRequest'}).
@@ -232,7 +250,7 @@ class TestWWWhisper < Test::Unit::TestCase
     # assets server.
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
       with(:headers => {'Site-Url' => "#{SITE_PROTO}://#{SITE_HOST}"}).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
     stub_request(:get, full_assets_url(path)).
       with { |request| request.headers['Site-Url'] == nil}.
       to_return(:status => 200, :body => 'Admin page', :headers => {})
@@ -274,7 +292,7 @@ class TestWWWhisper < Test::Unit::TestCase
   def test_redirects
     path = '/wwwhisper/admin/index.html'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
-      to_return(:status => 200, :body => '', :headers => {})
+      to_return(granted())
     stub_request(:get, full_assets_url(path)).
       to_return(:status => 303, :body => 'Admin page moved',
                 :headers => {'Location' => 'https://new.location/foo/bar'})
@@ -289,4 +307,28 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_requested :get, full_assets_url(path)
   end
 
+  def test_disable_wwwhisper
+    ENV.delete('WWWHISPER_URL')
+    ENV['WWWHISPER_DISABLE'] = "1"
+    # Configure MockBackend to make sure REMOTE_USER is not set.
+    @wwwhisper = Rack::WWWhisper.new(MockBackend.new(nil))
+
+    path = '/foo/bar'
+    get path
+    assert last_response.ok?
+    assert_equal 'Hello World', last_response.body
+    assert_nil last_response['User']
+  end
+
+  def test_chunked_encoding_from_wwwhisper_removed
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 401, :body => 'Login required',
+                :headers => {'Transfer-Encoding' => 'chunked'})
+    get path
+    assert_equal 401, last_response.status
+    assert_nil last_response['Transfer-Encoding']
+    assert_not_nil last_response['Content-Length']
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-wwwhisper
 version: !ruby/object:Gem::Version
-  version: 1.0.2.pre
+  version: 1.0.3.pre
   prerelease: 6
 platform: ruby
 authors:
@@ -131,7 +131,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3933889389209313993
+      hash: 1268452761752086879
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: