rack_csrf 1.0.0

data/LICENSE.rdoc

@@ -0,0 +1,23 @@
+= LICENSE
+
+(The MIT License)
+
+Copyright (c) 2009 Emanuele Vicentini
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the 'Software'), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/Manifest

@@ -0,0 +1,25 @@
+cucumber.yml
+example/app.rb
+example/config-with-raise.ru
+example/config.ru
+example/views/form.erb
+example/views/form_not_working.erb
+example/views/response.erb
+features/empty_responses.feature
+features/raising_exception.feature
+features/setup.feature
+features/skip_some_routes.feature
+features/step_definitions/request_steps.rb
+features/step_definitions/response_steps.rb
+features/step_definitions/setup_steps.rb
+features/support/env.rb
+lib/rack/csrf.rb
+lib/rack/vendor/securerandom.rb
+LICENSE.rdoc
+Manifest
+rack_csrf.gemspec
+Rakefile
+README.rdoc
+spec/csrf_spec.rb
+spec/spec.opts
+spec/spec_helper.rb

data/README.rdoc

@@ -0,0 +1,69 @@
+= Rack::Csrf
+
+This is just a small Rack middleware whose only goal is to lessen the hazards
+posed by CSRF attacks by trying to ensure that all requests of particular
+types come from the right client, not from a mischievous impersonator.
+
+== Usage
+
+First of all, beyond Rack itself, there is only one prerequisite: you must set
+up your rack with a session middleware, inserted anywhere before Rack::Csrf.
+
+Every POST, PUT and DELETE request will be searched for the anti-forging
+token, randomly generated by Rack::Csrf and stored inside the session. If
+there's a token and it matches with the stored one, then the request is handed
+over to the next rack component; if not, Rack::Csrf immediately replies with
+an empty response.
+
+I have not tested Rack::Csrf with Rack 0.4.0 or earlier versions, but it could
+possibly work.
+
+== Options
+
+The following options allow you to tweak Rack::Csrf.
+
+[<tt>:raise</tt>]
+  Set it to true to change the handling of bad request: instead of producing
+  an empty response, Rack::Csrf will raise an exception of class
+  Rack::Csrf::InvalidCsrfToken.
+
+[<tt>:skip</tt>]
+  By default, Rack::Csrf checks every POST, PUT and DELETE request; passing an
+  array of HTTP method/URL to this option you can choose what to let pass
+  unchecked:
+
+    use Rack::Csrf, :skip => ['POST:/not_checking', 'PUT:/me_too']
+
+[<tt>:field</tt>]
+  Default field name (see below) is <tt>_csrf</tt>; you can adapt it to
+  specific needs.
+
+== Helpers
+
+The following class methods try to ease the insertion of the anti-forging
+token.
+
+[<tt>Rack::Csrf.csrf_field</tt>]
+  Returns the name of the field that must be present in the request.
+
+[<tt>Rack::Csrf.csrf_token(env)</tt>]
+  Given the request's environment, it generates a random token, stuffs it in
+  the session and returns it to the caller or simply retrieves the already
+  stored one.
+
+[<tt>Rack::Csrf.csrf_tag(env)</tt>]
+  Given the request's environment, it generates a small HTML fragment to
+  insert the token in a standard form like an hidden input field with the
+  right value already entered for you.
+
+== Working examples
+
+In the +example+ directory there is a mini Sinatra application with two
+slightly different rackup files. Beside Rack you only need Sinatra to try
+them, but Rack::Csrf is not tailored to any particular web framework.
+
+== Warning! Warning! Warning!
+
+I cannot stress enough that this middleware is not a bulletproof vest or a
+panacea for the CSRF plague; it is just an *aid* and by using it you cannot
+forgo responsibilities for keeping your application as safe as possible.

data/Rakefile

@@ -0,0 +1,30 @@
+require 'rake/clean'
+require 'cucumber/rake/task'
+require 'spec/rake/spectask'
+require 'echoe'
+
+Cucumber::Rake::Task.new do |c|
+  c.cucumber_opts = '--profile default'
+end
+
+Spec::Rake::SpecTask.new do |t|
+  t.spec_opts = %w(-O spec/spec.opts)
+end
+
+Echoe.new('rack_csrf', '1.0.0') do |s|
+  s.author = 'Emanuele Vicentini'
+  s.email = 'emanuele.vicentini@gmail.com'
+  s.summary = 'Anti-CSRF Rack middleware'
+  s.runtime_dependencies = ['rack >=0.9']
+  s.development_dependencies = ['rake >=0.8.2', 'cucumber >=1.1.13', 'rspec', 'echoe']
+  s.need_tar_gz = false
+  s.project = 'rackcsrf'
+  s.gemspec_format = :yaml
+  s.retain_gemspec = true
+  s.rdoc_pattern = /^README|^LICENSE/
+  s.url = 'http://github.com/baldowl/rack_csrf'
+end
+
+Rake::Task[:default].clear
+Rake::Task.tasks.each {|t| t.clear if t.name =~ /test/}
+task :default => [:features, :spec]

data/cucumber.yml

@@ -0,0 +1 @@
+default: --format pretty -n features

data/example/app.rb

@@ -0,0 +1,12 @@
+get '/' do
+  erb :form
+end
+
+get '/notworking' do
+  erb :form_not_working
+end
+
+post '/response' do
+  erb :response, :locals => {:utterance => params[:utterance],
+    :csrf => params[Rack::Csrf.csrf_field]}
+end

data/example/config-with-raise.ru

@@ -0,0 +1,10 @@
+require 'sinatra'
+require File.dirname(__FILE__) + '/../lib/rack/csrf'
+
+use Rack::ShowExceptions
+use Rack::Session::Cookie
+use Rack::Csrf, :raise => true
+
+set :app_file, 'app.rb'
+
+run Sinatra::Application

data/example/config.ru

@@ -0,0 +1,9 @@
+require 'sinatra'
+require File.dirname(__FILE__) + '/../lib/rack/csrf'
+
+use Rack::Session::Cookie
+use Rack::Csrf
+
+set :app_file, 'app.rb'
+
+run Sinatra::Application

data/example/views/form.erb

@@ -0,0 +1,8 @@
+<form action="/response" method="post">
+  <h1>Spit your utterance!</h1>
+  <input type="text" name="utterance">
+  <%= Rack::Csrf.csrf_tag(env) %>
+  <p><input type="submit" value="Send!"></p>
+</form>
+
+<p>Try also the <a href="/notworking">not working</a> form!</p>

data/example/views/form_not_working.erb

@@ -0,0 +1,7 @@
+<form action="/response" method="post">
+  <h1>Spit your utterance!</h1>
+  <input type="text" name="utterance">
+  <p><input type="submit" value="Send!"></p>
+</form>
+
+<p>Try also the <a href="/">working</a> form!</p>

data/example/views/response.erb

@@ -0,0 +1,5 @@
+<p>It seems you've just said: <em><%= utterance %></em></p>
+
+<p>Here's the anti-CSRF token stuffed in the session: <strong><%= csrf %></strong></p>
+
+<p><a href='/'>Back</a></p>

data/features/empty_responses.feature

@@ -0,0 +1,46 @@
+Feature: Handling of the HTTP requests returning an empty response
+
+  Scenario: GET request with CSRF token
+    Given a Rack setup with the anti-CSRF middleware
+    When it receives a GET request with the CSRF token
+    Then it lets it pass untouched
+
+  Scenario: GET request without CSRF token
+    Given a Rack setup with the anti-CSRF middleware
+    When it receives a GET request without the CSRF token
+    Then it lets it pass untouched
+
+  Scenario Outline: Handling request without CSRF token
+    Given a Rack setup with the anti-CSRF middleware
+    When it receives a <method> request without the CSRF token
+    Then it responds with 417
+    And the response body is empty
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |
+
+  Scenario Outline: Handling request with the right CSRF token
+    Given a Rack setup with the anti-CSRF middleware
+    When it receives a <method> request with the right CSRF token
+    Then it lets it pass untouched
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |
+
+  Scenario Outline: Handling request with the wrong CSRF token
+    Given a Rack setup with the anti-CSRF middleware
+    When it receives a <method> request with the wrong CSRF token
+    Then it responds with 417
+    And the response body is empty
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |

data/features/raising_exception.feature

@@ -0,0 +1,41 @@
+Feature: Handling of the HTTP requests raising an exception
+
+  Scenario: GET request without CSRF token
+    Given a Rack setup with the anti-CSRF middleware and the :raise option
+    When it receives a GET request without the CSRF token
+    Then it lets it pass untouched
+
+  Scenario Outline: Handling request without CSRF token
+    Given a Rack setup with the anti-CSRF middleware and the :raise option
+    When it receives a <method> request without the CSRF token
+    Then there is no response
+    And an exception is climbing up the stack
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |
+
+  Scenario Outline: Handling request with the right CSRF token
+    Given a Rack setup with the anti-CSRF middleware and the :raise option
+    When it receives a <method> request with the right CSRF token
+    Then it lets it pass untouched
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |
+
+  Scenario Outline: Handling request with the wrong CSRF token
+    Given a Rack setup with the anti-CSRF middleware and the :raise option
+    When it receives a <method> request with the wrong CSRF token
+    Then there is no response
+    And an exception is climbing up the stack
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |

data/features/setup.feature

@@ -0,0 +1,24 @@
+Feature: Setup of the middleware
+
+  Scenario: Simple setup with session support
+    Given a Rack setup with the session middleware
+    When I insert the anti-CSRF middleware
+    Then I get a fully functional rack
+
+  Scenario: Simple setup without session support
+    Given a Rack setup without the session middleware
+    When I insert the anti-CSRF middleware
+    Then I get an error message
+
+  Scenario: Setup with :raise option
+    Given a Rack setup with the session middleware
+    When I insert the anti-CSRF middleware with the :raise option
+    Then I get a fully functional rack
+
+  Scenario: Setup with the :skip option
+    Given a Rack setup with the session middleware
+    When I insert the anti-CSRF middleware with the :skip option
+      | route              |
+      | POST:/not_checking |
+      | PUT:/is_wrong      |
+    Then I get a fully functional rack

data/features/skip_some_routes.feature

@@ -0,0 +1,33 @@
+Feature: Skipping the check for some specific routes
+
+  Scenario Outline: Skipping the check for a some requests
+    Given a Rack setup with the anti-CSRF middleware and the :skip option
+      | pair               |
+      | POST:/not_checking |
+      | PUT:/is_wrong      |
+    When it receives a <method> request for <path> without the CSRF token
+    Then it lets it pass untouched
+
+    Examples:
+      | method | path          |
+      | POST   | /not_checking |
+      | PUT    | /is_wrong     |
+
+  Scenario Outline: Keep checking the requests for other method/path pairs
+    Given a Rack setup with the anti-CSRF middleware and the :skip option
+      | pair               |
+      | POST:/not_checking |
+      | PUT:/is_wrong      |
+    When it receives a <method> request for <path> without the CSRF token
+    Then it responds with 417
+    And the response body is empty
+
+    Examples:
+      | method | path          |
+      | PUT    | /not_checking |
+      | DELETE | /not_checking |
+      | POST   | /is_wrong     |
+      | DELETE | /is_wrong     |
+      | POST   | /             |
+      | PUT    | /not          |
+      | POST   | /is           |

data/features/step_definitions/request_steps.rb

@@ -0,0 +1,45 @@
+When /^it receives a GET request (with|without) the CSRF token$/ do |prep|
+  if prep == 'with'
+    url = "/?#{Rack::Utils.build_query(Rack::Csrf.csrf_field => 'whatever')}"
+  else
+    url = '/'
+  end
+  @response = Rack::MockRequest.new(@app).get(url)
+end
+
+# Yes, they're not as DRY as possible, but I think they're more readable than
+# a single step definition with a few captures and more complex checkings.
+
+When /^it receives a (POST|PUT|DELETE) request without the CSRF token$/ do |http_method|
+  http_method.downcase!
+  begin
+    @response = Rack::MockRequest.new(@app).send http_method.to_sym, '/'
+  rescue Exception => e
+    @exception = e
+  end
+end
+
+When /^it receives a (POST|PUT|DELETE) request for (.+) without the CSRF token$/ do |http_method, path|
+  http_method.downcase!
+  begin
+    @response = Rack::MockRequest.new(@app).send http_method.to_sym, path
+  rescue Exception => e
+    @exception = e
+  end
+end
+
+When /^it receives a (POST|PUT|DELETE) request with the right CSRF token$/ do |http_method|
+  http_method.downcase!
+  @response = Rack::MockRequest.new(@app).send http_method.to_sym, '/',
+    :input => "#{Rack::Csrf.csrf_field}=right_token"
+end
+
+When /^it receives a (POST|PUT|DELETE) request with the wrong CSRF token$/ do |http_method|
+  http_method.downcase!
+  begin
+    @response = Rack::MockRequest.new(@app).send http_method.to_sym, '/',
+      :input => "#{Rack::Csrf.csrf_field}=whatever"
+  rescue Exception => e
+    @exception = e
+  end
+end

data/features/step_definitions/response_steps.rb

@@ -0,0 +1,21 @@
+Then /^it lets it pass untouched$/ do
+  @response.should be_ok
+  @response.should =~ /Hello world!/
+end
+
+Then /^it responds with 417$/ do
+  @response.status.should == 417
+end
+
+Then /^the response body is empty$/ do
+  @response.body.should be_empty
+end
+
+Then /^there is no response$/ do
+  @response.should be_nil
+end
+
+Then /^an exception is climbing up the stack$/ do
+  @exception.should_not be_nil
+  @exception.should be_an_instance_of(Rack::Csrf::InvalidCsrfToken)
+end

data/features/step_definitions/setup_steps.rb

@@ -0,0 +1,68 @@
+Given /^a Rack setup (with|without) the session middleware$/ do |prep|
+  @rack_builder = Rack::Builder.new
+  @rack_builder.use Rack::Session::Cookie if prep == 'with'
+end
+
+class CsrfFaker
+  def initialize(app)
+    @app = app
+  end
+  def call(env)
+    env['rack.session']['rack.csrf'] = 'right_token'
+    @app.call(env)
+  end
+end
+
+# Yes, they're not as DRY as possible, but I think they're more readable than
+# a single step definition with a few captures and more complex checkings.
+
+Given /^a Rack setup with the anti\-CSRF middleware$/ do
+  Given 'a Rack setup with the session middleware'
+  @rack_builder.use CsrfFaker
+  When 'I insert the anti-CSRF middleware'
+end
+
+Given /^a Rack setup with the anti\-CSRF middleware and the :raise option$/ do
+  Given 'a Rack setup with the session middleware'
+  @rack_builder.use CsrfFaker
+  When 'I insert the anti-CSRF middleware with the :raise option'
+end
+
+Given /^a Rack setup with the anti\-CSRF middleware and the :skip option$/ do |table|
+  Given 'a Rack setup with the session middleware'
+  @rack_builder.use CsrfFaker
+  When 'I insert the anti-CSRF middleware with the :skip option', table
+end
+
+# Yes, they're not as DRY as possible, but I think they're more readable than
+# a single step definition with a few captures and more complex checkings.
+
+When /^I insert the anti\-CSRF middleware$/ do
+  @rack_builder.use Rack::Lint
+  @rack_builder.use Rack::Csrf
+  @rack_builder.run(lambda {|env| Rack::Response.new('Hello world!').finish})
+  @app = @rack_builder.to_app
+end
+
+When /^I insert the anti\-CSRF middleware with the :raise option$/ do
+  @rack_builder.use Rack::Lint
+  @rack_builder.use Rack::Csrf, :raise => true
+  @rack_builder.run(lambda {|env| Rack::Response.new('Hello world!').finish})
+  @app = @rack_builder.to_app
+end
+
+When /^I insert the anti\-CSRF middleware with the :skip option$/ do |table|
+  skippable = table.hashes.collect {|t| t.values}.flatten
+  @rack_builder.use Rack::Lint
+  @rack_builder.use Rack::Csrf, :skip => skippable
+  @rack_builder.run(lambda {|env| Rack::Response.new('Hello world!').finish})
+  @app = @rack_builder.to_app
+end
+
+Then /^I get a fully functional rack$/ do
+  lambda {Rack::MockRequest.new(@app).get('/')}.should_not raise_error
+end
+
+Then /^I get an error message$/ do
+  lambda {Rack::MockRequest.new(@app).get('/')}.should raise_error(Rack::Csrf::SessionUnavailable, 'Rack::Csrf depends on session middleware')
+end

data/features/support/env.rb

@@ -0,0 +1,4 @@
+require 'rubygems'
+require 'spec/expectations'
+
+require File.dirname(__FILE__) + "/../../lib/rack/csrf"

data/lib/rack/csrf.rb

@@ -0,0 +1,57 @@
+require 'rack'
+begin
+  require 'securerandom'
+rescue LoadError
+  require File.dirname(__FILE__) + '/vendor/securerandom'
+end
+
+module Rack
+  class Csrf
+    class SessionUnavailable < StandardError; end
+    class InvalidCsrfToken < StandardError; end
+
+    @@field = '_csrf'
+
+    def initialize(app, opts = {})
+      @app = app
+      @raisable = opts[:raise] || false
+      @skippable = opts[:skip] || []
+      @skippable.map {|s| s.downcase!}
+      @@field = opts[:field] if opts[:field]
+    end
+
+    def call(env)
+      unless env['rack.session']
+        raise SessionUnavailable.new('Rack::Csrf depends on session middleware')
+      end
+      req = Rack::Request.new(env)
+      untouchable = !%w(POST PUT DELETE).include?(req.request_method) ||
+        req.POST[self.class.csrf_field] == env['rack.session']['rack.csrf'] ||
+        skip_checking(req)
+      if untouchable
+        @app.call(env)
+      else
+        raise InvalidCsrfToken if @raisable
+        [417, {'Content-Type' => 'text/html', 'Content-Length' => '0'}, []]
+      end
+    end
+
+    def self.csrf_field
+      @@field
+    end
+
+    def self.csrf_token(env)
+      env['rack.session']['rack.csrf'] ||= SecureRandom.base64(32)
+    end
+
+    def self.csrf_tag(env)
+      %Q(<input type="hidden" name="#{csrf_field}" value="#{csrf_token(env)}" />)
+    end
+
+    protected
+
+    def skip_checking request
+      @skippable.include?(request.request_method.downcase + ':' + request.path_info)
+    end
+  end
+end

data/lib/rack/vendor/securerandom.rb

@@ -0,0 +1,256 @@
+# Library taken from Ruby 1.9 SVN repository on 2009-04-15T10:25Z
+# For copyright and license see http://www.ruby-lang.org
+
+# = Secure random number generator interface.
+#
+# This library is an interface for secure random number generator which is
+# suitable for generating session key in HTTP cookies, etc.
+#
+# It supports following secure random number generators.
+#
+# * openssl
+# * /dev/urandom
+# * Win32
+#
+# == Example
+#
+# # random hexadecimal string.
+# p SecureRandom.hex(10) #=> "52750b30ffbc7de3b362"
+# p SecureRandom.hex(10) #=> "92b15d6c8dc4beb5f559"
+# p SecureRandom.hex(11) #=> "6aca1b5c58e4863e6b81b8"
+# p SecureRandom.hex(12) #=> "94b2fff3e7fd9b9c391a2306"
+# p SecureRandom.hex(13) #=> "39b290146bea6ce975c37cfc23"
+# ...
+#
+# # random base64 string.
+# p SecureRandom.base64(10) #=> "EcmTPZwWRAozdA=="
+# p SecureRandom.base64(10) #=> "9b0nsevdwNuM/w=="
+# p SecureRandom.base64(10) #=> "KO1nIU+p9DKxGg=="
+# p SecureRandom.base64(11) #=> "l7XEiFja+8EKEtY="
+# p SecureRandom.base64(12) #=> "7kJSM/MzBJI+75j8"
+# p SecureRandom.base64(13) #=> "vKLJ0tXBHqQOuIcSIg=="
+# ...
+#
+# # random binary string.
+# p SecureRandom.random_bytes(10) #=> "\016\t{\370g\310pbr\301"
+# p SecureRandom.random_bytes(10) #=> "\323U\030TO\234\357\020\a\337"
+# ...
+
+begin
+  require 'openssl'
+rescue LoadError
+end
+
+module SecureRandom
+  # SecureRandom.random_bytes generates a random binary string.
+  #
+  # The argument n specifies the length of the result string.
+  #
+  # If n is not specified, 16 is assumed.
+  # It may be larger in future.
+  #
+  # The result may contain any byte: "\x00" - "\xff".
+  #
+  #   p SecureRandom.random_bytes #=> "\xD8\\\xE0\xF4\r\xB2\xFC*WM\xFF\x83\x18\xF45\xB6"
+  #   p SecureRandom.random_bytes #=> "m\xDC\xFC/\a\x00Uf\xB2\xB2P\xBD\xFF6S\x97"
+  #
+  # If secure random number generator is not available,
+  # NotImplementedError is raised.
+  def self.random_bytes(n=nil)
+    n ||= 16
+
+    if defined? OpenSSL::Random
+      return OpenSSL::Random.random_bytes(n)
+    end
+
+    if !defined?(@has_urandom) || @has_urandom
+      flags = File::RDONLY
+      flags |= File::NONBLOCK if defined? File::NONBLOCK
+      flags |= File::NOCTTY if defined? File::NOCTTY
+      flags |= File::NOFOLLOW if defined? File::NOFOLLOW
+      begin
+        File.open("/dev/urandom", flags) {|f|
+          unless f.stat.chardev?
+            raise Errno::ENOENT
+          end
+          @has_urandom = true
+          ret = f.readpartial(n)
+          if ret.length != n
+            raise NotImplementedError, "Unexpected partial read from random device"
+          end
+          return ret
+        }
+      rescue Errno::ENOENT
+        @has_urandom = false
+      end
+    end
+
+    if !defined?(@has_win32)
+      begin
+        require 'Win32API'
+
+        crypt_acquire_context = Win32API.new("advapi32", "CryptAcquireContext", 'PPPII', 'L')
+        @crypt_gen_random = Win32API.new("advapi32", "CryptGenRandom", 'LIP', 'L')
+
+        hProvStr = " " * 4
+        prov_rsa_full = 1
+        crypt_verifycontext = 0xF0000000
+
+        if crypt_acquire_context.call(hProvStr, nil, nil, prov_rsa_full, crypt_verifycontext) == 0
+          raise SystemCallError, "CryptAcquireContext failed: #{lastWin32ErrorMessage}"
+        end
+        @hProv, = hProvStr.unpack('L')
+
+        @has_win32 = true
+      rescue LoadError
+        @has_win32 = false
+      end
+    end
+    if @has_win32
+      bytes = " " * n
+      if @crypt_gen_random.call(@hProv, bytes.size, bytes) == 0
+        raise SystemCallError, "CryptGenRandom failed: #{lastWin32ErrorMessage}"
+      end
+      return bytes
+    end
+
+    raise NotImplementedError, "No random device"
+  end
+
+  # SecureRandom.hex generates a random hex string.
+  #
+  # The argument n specifies the length of the random length.
+  # The length of the result string is twice of n.
+  #
+  # If n is not specified, 16 is assumed.
+  # It may be larger in future.
+  #
+  # The result may contain 0-9 and a-f.
+  #
+  #   p SecureRandom.hex #=> "eb693ec8252cd630102fd0d0fb7c3485"
+  #   p SecureRandom.hex #=> "91dc3bfb4de5b11d029d376634589b61"
+  #
+  # If secure random number generator is not available,
+  # NotImplementedError is raised.
+  def self.hex(n=nil)
+    random_bytes(n).unpack("H*")[0]
+  end
+
+  # SecureRandom.base64 generates a random base64 string.
+  #
+  # The argument n specifies the length of the random length.
+  # The length of the result string is about 4/3 of n.
+  #
+  # If n is not specified, 16 is assumed.
+  # It may be larger in future.
+  #
+  # The result may contain A-Z, a-z, 0-9, "+", "/" and "=".
+  #
+  #   p SecureRandom.base64 #=> "/2BuBuLf3+WfSKyQbRcc/A=="
+  #   p SecureRandom.base64 #=> "6BbW0pxO0YENxn38HMUbcQ=="
+  #
+  # If secure random number generator is not available,
+  # NotImplementedError is raised.
+  #
+  # See RFC 3548 for base64.
+  def self.base64(n=nil)
+    [random_bytes(n)].pack("m*").delete("\n")
+  end
+
+  # SecureRandom.urlsafe_base64 generates a random URL-safe base64 string.
+  #
+  # The argument _n_ specifies the length of the random length.
+  # The length of the result string is about 4/3 of _n_.
+  #
+  # If _n_ is not specified, 16 is assumed.
+  # It may be larger in future.
+  #
+  # The boolean argument _padding_ specifies the padding.
+  # If it is false or nil, padding is not generated.
+  # Otherwise padding is generated.
+  # By default, padding is not generated because "=" may be used as a URL delimiter.
+  #
+  # The result may contain A-Z, a-z, 0-9, "-" and "_".
+  # "=" is also used if _padding_ is true.
+  #
+  #   p SecureRandom.urlsafe_base64 #=> "b4GOKm4pOYU_-BOXcrUGDg"
+  #   p SecureRandom.urlsafe_base64 #=> "UZLdOkzop70Ddx-IJR0ABg"
+  #
+  #   p SecureRandom.urlsafe_base64(nil, true) #=> "i0XQ-7gglIsHGV2_BNPrdQ=="
+  #   p SecureRandom.urlsafe_base64(nil, true) #=> "-M8rLhr7JEpJlqFGUMmOxg=="
+  #
+  # If secure random number generator is not available,
+  # NotImplementedError is raised.
+  #
+  # See RFC 3548 for URL-safe base64.
+  def self.urlsafe_base64(n=nil, padding=false)
+    s = [random_bytes(n)].pack("m*")
+    s.delete!("\n")
+    s.tr!("+/", "-_")
+    s.delete!("=") if !padding
+    s
+  end
+
+  # SecureRandom.random_number generates a random number.
+  #
+  # If an positive integer is given as n,
+  # SecureRandom.random_number returns an integer:
+  # 0 <= SecureRandom.random_number(n) < n.
+  #
+  #   p SecureRandom.random_number(100) #=> 15
+  #   p SecureRandom.random_number(100) #=> 88
+  #
+  # If 0 is given or an argument is not given,
+  # SecureRandom.random_number returns an float:
+  # 0.0 <= SecureRandom.random_number() < 1.0.
+  #
+  #   p SecureRandom.random_number #=> 0.596506046187744
+  #   p SecureRandom.random_number #=> 0.350621695741409
+  #
+  def self.random_number(n=0)
+    if 0 < n
+      hex = n.to_s(16)
+      hex = '0' + hex if (hex.length & 1) == 1
+      bin = [hex].pack("H*")
+      mask = bin[0].ord
+      mask |= mask >> 1
+      mask |= mask >> 2
+      mask |= mask >> 4
+      begin
+        rnd = SecureRandom.random_bytes(bin.length)
+        rnd[0] = (rnd[0].ord & mask).chr
+      end until rnd < bin
+      rnd.unpack("H*")[0].hex
+    else
+      # assumption: Float::MANT_DIG <= 64
+      i64 = SecureRandom.random_bytes(8).unpack("Q")[0]
+      Math.ldexp(i64 >> (64-Float::MANT_DIG), -Float::MANT_DIG)
+    end
+  end
+
+  # SecureRandom.uuid generates a v4 random UUID (Universally Unique IDentifier).
+  #
+  #   p SecureRandom.uuid #=> "2d931510-d99f-494a-8c67-87feb05e1594"
+  #   p SecureRandom.uuid #=> "62936e70-1815-439b-bf89-8492855a7e6b"
+  #
+  # See RFC 4122 for UUID.
+  def self.uuid
+    ary = self.random_bytes(16).unpack("NnnnnN")
+    ary[2] = (ary[2] & 0x0fff) | 0x4000
+    ary[3] = (ary[3] & 0x3fff) | 0x8000
+    "%08x-%04x-%04x-%04x-%04x%08x" % ary
+  end
+
+  # Following code is based on David Garamond's GUID library for Ruby.
+  def self.lastWin32ErrorMessage # :nodoc:
+    get_last_error = Win32API.new("kernel32", "GetLastError", '', 'L')
+    format_message = Win32API.new("kernel32", "FormatMessageA", 'LPLLPLPPPPPPPP', 'L')
+    format_message_ignore_inserts = 0x00000200
+    format_message_from_system    = 0x00001000
+
+    code = get_last_error.call
+    msg = "\0" * 1024
+    len = format_message.call(format_message_ignore_inserts + format_message_from_system, 0, code, 0, msg, 1024, nil, nil, nil, nil, nil, nil, nil, nil)
+    msg[0, len].tr("\r", '').chomp
+  end
+end

data/rack_csrf.gemspec

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification 
+name: rack_csrf
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+platform: ruby
+authors: 
+- Emanuele Vicentini
+autorequire: 
+bindir: bin
+
+date: 2009-04-22 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0.9"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rake
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.8.2
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: cucumber
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.1.13
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: echoe
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Anti-CSRF Rack middleware
+email: emanuele.vicentini@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.rdoc
+- README.rdoc
+files: 
+- cucumber.yml
+- example/app.rb
+- example/config-with-raise.ru
+- example/config.ru
+- example/views/form.erb
+- example/views/form_not_working.erb
+- example/views/response.erb
+- features/empty_responses.feature
+- features/raising_exception.feature
+- features/setup.feature
+- features/skip_some_routes.feature
+- features/step_definitions/request_steps.rb
+- features/step_definitions/response_steps.rb
+- features/step_definitions/setup_steps.rb
+- features/support/env.rb
+- lib/rack/csrf.rb
+- lib/rack/vendor/securerandom.rb
+- LICENSE.rdoc
+- Manifest
+- rack_csrf.gemspec
+- Rakefile
+- README.rdoc
+- spec/csrf_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/baldowl/rack_csrf
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Rack_csrf
+- --main
+- README.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: rackcsrf
+rubygems_version: 1.3.2
+specification_version: 3
+summary: Anti-CSRF Rack middleware
+test_files: []

data/spec/csrf_spec.rb

@@ -0,0 +1,63 @@
+require File.dirname(__FILE__) + '/spec_helper.rb'
+
+describe Rack::Csrf do
+  describe '#csrf_field' do
+    it "should be '_csrf'" do
+      Rack::Csrf.csrf_field.should == '_csrf'
+    end
+
+    it "should be the value of :field option" do
+      fakeapp = [200, {}, []]
+      Rack::Csrf.new fakeapp, :field => 'whatever'
+      Rack::Csrf.csrf_field.should == 'whatever'
+    end
+  end
+
+  describe '#csrf_token' do
+    before do
+      @env = {'rack.session' => {}}
+    end
+
+    it 'should be at least 32 characters long' do
+      Rack::Csrf.csrf_token(@env).length.should >= 32
+    end
+
+    it 'should store the token inside the session if it is not already there' do
+      @env['rack.session'].should be_empty
+      Rack::Csrf.csrf_token(@env)
+      @env['rack.session'].should_not be_empty
+      @env['rack.session']['rack.csrf'].should_not be_empty
+    end
+
+    it 'should get the token from the session if it is already there' do
+      @env['rack.session'].should be_empty
+      csrf_token = Rack::Csrf.csrf_token(@env)
+      csrf_token.should == @env['rack.session']['rack.csrf']
+      csrf_token.should == Rack::Csrf.csrf_token(@env)
+    end
+  end
+
+  describe '#csrf_tag' do
+    before do
+      @env = {'rack.session' => {}}
+      @tag = Rack::Csrf.csrf_tag(@env)
+    end
+
+    it 'should be an input field' do
+      @tag.should =~ /^<input/
+    end
+
+    it 'should be an hidden input field' do
+      @tag.should =~ /type="hidden"/
+    end
+
+    it "should have the csrf_field's name" do
+      @tag.should =~ /name="#{Rack::Csrf.csrf_field}"/
+    end
+
+    it "should have the csrf_token's output" do
+      quoted_value = Regexp.quote %Q(value="#{Rack::Csrf.csrf_token(@env)}")
+      @tag.should =~ /#{quoted_value}/
+    end
+  end
+end

data/spec/spec.opts

@@ -0,0 +1,2 @@
+--colour
+--format specdoc

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+require 'rubygems'
+require 'spec'
+
+require File.dirname(__FILE__) + '/../lib/rack/csrf'

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification 
+name: rack_csrf
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+platform: ruby
+authors: 
+- Emanuele Vicentini
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-04-22 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0.9"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rake
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.8.2
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: cucumber
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.1.13
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: echoe
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Anti-CSRF Rack middleware
+email: emanuele.vicentini@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.rdoc
+- README.rdoc
+files: 
+- cucumber.yml
+- example/app.rb
+- example/config-with-raise.ru
+- example/config.ru
+- example/views/form.erb
+- example/views/form_not_working.erb
+- example/views/response.erb
+- features/empty_responses.feature
+- features/raising_exception.feature
+- features/setup.feature
+- features/skip_some_routes.feature
+- features/step_definitions/request_steps.rb
+- features/step_definitions/response_steps.rb
+- features/step_definitions/setup_steps.rb
+- features/support/env.rb
+- lib/rack/csrf.rb
+- lib/rack/vendor/securerandom.rb
+- LICENSE.rdoc
+- Manifest
+- rack_csrf.gemspec
+- Rakefile
+- README.rdoc
+- spec/csrf_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/baldowl/rack_csrf
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Rack_csrf
+- --main
+- README.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: rackcsrf
+rubygems_version: 1.3.2
+signing_key: 
+specification_version: 3
+summary: Anti-CSRF Rack middleware
+test_files: []
+