rack_global_session 0.2

data/.gitignore

@@ -0,0 +1,11 @@
+.idea
+pkg
+tags
+.emacs-project
+config/environment.rb
+fulllib
+TAGS
+doc
+/config/mirror.yaml
+.rvmrc
+*.gem

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in rack_global_session.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,44 @@
+PATH
+  remote: .
+  specs:
+    rack_global_session (0.2)
+      activesupport (~> 3.0.3)
+      has_global_session (~> 1.1.3)
+      i18n (~> 0.5.0)
+      rack (~> 1.2)
+      rack-contrib (~> 1.0.1)
+      tzinfo
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activesupport (3.0.3)
+    flexmock (0.8.11)
+    has_global_session (1.1.3)
+      activesupport (>= 2.1.2)
+      json (>= 1.1.7)
+      uuidtools (>= 1.0.7)
+    i18n (0.5.0)
+    json (1.4.6)
+    rack (1.2.1)
+    rack-contrib (1.0.1)
+      rack (>= 0.9.1)
+    rspec (1.3.0)
+    rtags (0.97)
+    tzinfo (0.3.23)
+    uuidtools (2.1.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport (~> 3.0.3)
+  flexmock (~> 0.8.11)
+  has_global_session (~> 1.1.3)
+  i18n (~> 0.5.0)
+  rack (~> 1.2)
+  rack-contrib (~> 1.0.1)
+  rack_global_session!
+  rspec (~> 1.3)
+  rtags (~> 0.97)
+  tzinfo

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 RightScale, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,66 @@
+= rack_global_session
+
+== DESCRIPTION
+
+=== Synopsis
+
+rack_global_session is a shim to make has_global_session work as Rack
+middleware.  rack_global_session requires that Rack::Cookies from
+rack-contrib be loaded before it.
+
+== USAGE
+
+=== Simple Example
+
+  use Rack::Cookies
+  use Rack::GlobalSession, filename
+
+=== Complex Example
+
+  use Rack::Cookies
+  use Rack::GlobalSession, filename, do |env|
+    auth = Rack::Auth::Basic::Request.new(env)
+    auth.provided? && auth.basic? && auth.credentials[1]
+  end
+
+== INSTALLATION
+
+This gem can be installed by entering the following at a command
+prompt:
+
+  gem install rack_global_session
+
+== TESTING
+
+Install the following gems for testing:
+- rspec
+- flexmock
+
+Then the build can be tested with
+
+  rake spec
+
+== LICENSE
+
+<b>RightScraper</b>
+
+Copyright:: Copyright (c) 2010 RightScale, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,93 @@
+#--  -*-ruby-*-
+# Copyright: Copyright (c) 2010 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require 'rubygems'
+require 'bundler'
+require 'fileutils'
+require 'rake'
+require 'spec/rake/spectask'
+require 'rake/rdoctask'
+require 'rake/gempackagetask'
+require 'rake/clean'
+
+Bundler::GemHelper.install_tasks
+
+# == Gem == #
+
+gemtask = Rake::GemPackageTask.new(Gem::Specification.load("rack_global_session.gemspec")) do |package|
+  package.package_dir = ENV['PACKAGE_DIR'] || 'pkg'
+  package.need_zip = true
+  package.need_tar = true
+end
+
+directory gemtask.package_dir
+
+CLEAN.include(gemtask.package_dir)
+
+# == Unit Tests == #
+
+task :specs => :spec
+
+desc "Run unit tests"
+Spec::Rake::SpecTask.new do |t|
+  t.spec_files = Dir['spec/**/*_spec.rb']
+  t.spec_opts = lambda do
+    IO.readlines(File.join(File.dirname(__FILE__), 'spec', 'spec.opts')).map {|l| l.chomp.split " "}.flatten
+  end
+end
+
+desc "Run unit tests with RCov"
+Spec::Rake::SpecTask.new(:rcov) do |t|
+  t.spec_files = Dir['spec/**/*_spec.rb']
+  t.rcov = true
+  t.rcov_opts = lambda do
+    IO.readlines(File.join(File.dirname(__FILE__), 'spec', 'rcov.opts')).map {|l| l.chomp.split " "}.flatten
+  end
+end
+
+desc "Print Specdoc for unit tests"
+Spec::Rake::SpecTask.new(:doc) do |t|
+   t.spec_opts = ["--format", "specdoc", "--dry-run"]
+   t.spec_files = Dir['spec/**/*_spec.rb']
+end
+
+# == Documentation == #
+
+desc "Generate API documentation to doc/rdocs/index.html"
+Rake::RDocTask.new do |rd|
+  rd.rdoc_dir = 'doc/rdocs'
+  rd.main = 'README.rdoc'
+  rd.rdoc_files.include 'README.rdoc', "lib/**/*.rb"
+
+  rd.options << '--inline-source'
+  rd.options << '--line-numbers'
+  rd.options << '--all'
+  rd.options << '--fileboxes'
+  rd.options << '--diagram'
+end
+
+# == Emacs integration == #
+desc "Rebuild TAGS file"
+task :tags do
+  sh "rtags -R lib spec"
+end

data/lib/rack_global_session/version.rb

@@ -0,0 +1,5 @@
+module Rack
+  module GlobalSessions
+    VERSION = "0.2"
+  end
+end

data/lib/rack_global_session.rb

@@ -0,0 +1,154 @@
+#--
+# Copyright: Copyright (c) 2010 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require "has_global_session"
+require "active_support"
+require "active_support/time"
+
+module Rack
+  # A port of has_global_session to Rack middleware.
+  module GlobalSessions
+    # Alias some of the HasGlobalSession classes for easy typing.
+    Configuration = HasGlobalSession::Configuration
+    Directory = HasGlobalSession::Directory
+    Session = HasGlobalSession::GlobalSession
+    # Global session middleware.  Note: this class relies on
+    # Rack::Cookies being used higher up in the chain.
+    class GlobalSession
+      # Make a new global session.
+      #
+      # The optional block here controls an alternate ticket retrieval
+      # method.  If no ticket is stored in the cookie jar, this
+      # function is called.  If it returns a non-nil value, that value
+      # is the ticket.
+      #
+      # === Parameters
+      # app(Rack client): application to run
+      # configuration(String or HasGlobalSession::Configuration): has_global_session configuration.
+      #                                                           If a string, is interpreted as a
+      #                                                           filename to load the config from.
+      # block: optional alternate ticket retrieval function
+      def initialize(app, configuration, &block)
+        @app = app
+        if configuration.instance_of?(String)
+          @configuration = Configuration.new(configuration, ENV['RACK_ENV'] || 'development')
+        else
+          @configuration = configuration
+        end
+        @cookie_retrieval = block
+        @directory = Directory.new(@configuration, @configuration['directory'])
+        @cookie_name = @configuration['cookie']['name']
+      end
+
+      # Read a cookie from the Rack environment.
+      #
+      # === Parameters
+      # env(Hash): Rack environment.
+      def read_cookie(env)
+        begin
+          if env['rack.cookies'].key?(@cookie_name)
+            env['global_session'] = Session.new(@directory,
+                                                env['rack.cookies'][@cookie_name])
+          elsif @cookie_retrieval && cookie = @cookie_retrieval.call(env)
+            env['global_session'] = Session.new(@directory, cookie)
+          else
+            env['global_session'] = Session.new(@directory)
+          end
+          true
+        rescue Exception => e
+          # Reinitialize global session cookie
+          env['global_session'] = Session.new(@directory)
+          update_cookie(env)
+          raise e
+        end
+      end
+
+      # Renew the session ticket.
+      #
+      # === Parameters
+      # env(Hash): Rack environment
+      def renew_ticket(env)
+        if @configuration['renew'] && env['global_session'] &&
+            env['global_session'].directory.local_authority_name &&
+            env['global_session'].expired_at < renew.to_i.minutes.from_now.utc
+          env['global_session'].renew!
+        end
+      end
+
+      # Update the cookie jar with the revised ticket.
+      #
+      # === Parameters
+      # env(Hash): Rack environment
+      def update_cookie(env)
+        begin
+          domain = @configuration['cookie']['domain'] || ENV['SERVER_NAME']
+          if env['global_session'] && env['global_session'].valid?
+            value = env['global_session'].to_s
+            expires = @configuration['ephemeral'] ? nil : env['global_session'].expired_at
+            unless env['rack.cookies'].key?(@cookie_name) &&
+                env['rack.cookies'][@cookie_name] == value
+              env['rack.cookies'][@cookie_name] = {:value => value, :domain => domain, :expires => expires}
+            end
+          else
+            # write an empty cookie
+            env['rack.cookies'][@cookie_name] = {:value => nil, :domain => domain, :expires => Time.at(0)}
+          end
+        rescue Exception => e
+          wipe_cookie(env)
+          raise e
+        end
+      end
+
+      # Delete the ticket from the cookie jar.
+      #
+      # === Parameters
+      # env(Hash): Rack environment
+      def wipe_cookie(env)
+        domain = @configuration['cookie']['domain'] || ENV['SERVER_NAME']
+        env['rack.cookies'][@cookie_name] = {:value => nil, :domain => domain, :expires => Time.at(0)}
+      end
+
+      # Rack request chain.  Sets up the global session ticket from
+      # the environment and passes it up the chain.
+      def call(env)
+        env['rack.cookies'] = {} unless env['rack.cookies']
+        begin
+          read_cookie(env)
+          renew_ticket(env)
+          tuple = @app.call(env)
+        rescue Exception => e
+          wipe_cookie(env)
+          $stderr.puts "Error while reading cookies: #{e.class} #{e} #{e.backtrace}"
+          if env['rack.logger']
+            env['rack.logger'].error("Error while reading cookies: #{e.class} #{e} #{e.backtrace}")
+          end
+          return [503, {'Content-Type' => 'text/plain'}, "Invalid cookie"]
+        else
+          update_cookie(env)
+          return tuple
+        end
+      end
+    end
+  end
+  GlobalSession = GlobalSessions::GlobalSession
+end

data/rack_global_session.gemspec

@@ -0,0 +1,57 @@
+# -*-mode: ruby-mode; encoding: utf-8-*-
+# Copyright: Copyright (c) 2010 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+$:.push File.expand_path("../lib", __FILE__)
+require "rack_global_session/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "rack_global_session"
+  spec.version = Rack::GlobalSessions::VERSION
+  spec.summary = "Add global session handling to Rack servers"
+  spec.description = <<EOS
+A port of has_global_session to Rack middleware.
+EOS
+  spec.authors = ['Graham Hughes']
+  spec.email = 'graham@rightscale.com'
+  spec.platform = Gem::Platform::RUBY
+  spec.has_rdoc = true
+  spec.rdoc_options = ["--main", "README.rdoc", "--title", "Rack::GlobalSession"]
+  spec.extra_rdoc_files = ["README.rdoc"]
+  spec.required_ruby_version = '>= 1.8.7'
+  spec.require_path = 'lib'
+
+  spec.add_dependency 'activesupport', '~> 3.0.3'
+  spec.add_dependency 'i18n', "~> 0.5.0"
+  spec.add_dependency 'tzinfo'
+  spec.add_dependency 'has_global_session', '~> 1.1.3'
+  spec.add_dependency 'rack', '~> 1.2'
+  spec.add_dependency 'rack-contrib', '~> 1.0.1'
+
+  spec.add_development_dependency 'rspec', "~> 1.3"
+  spec.add_development_dependency 'flexmock', "~> 0.8.11"
+  spec.add_development_dependency 'rtags', "~> 0.97"
+
+  spec.files         = `git ls-files`.split("\n")
+  spec.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  spec.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+end

data/spec/rack_global_session_spec.rb

@@ -0,0 +1,200 @@
+#--
+# Copyright: Copyright (c) 2010 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require File.expand_path(File.dirname(__FILE__) + "/spec_helper")
+require 'tmpdir'
+require 'fileutils'
+require 'stringio'
+
+module Rack
+  describe GlobalSession do
+    it_should_behave_like 'Authentication'
+
+    before(:each) do
+      ENV['SERVER_NAME'] = "server"
+      ENV['RACK_ENV'] = "test"
+    end
+
+    before(:each) do
+      @olderr = $stderr
+      $stderr = StringIO.new
+    end
+
+    after(:each) do
+      $stderr = @olderr
+    end
+
+    it 'should create an empty session if none exists' do
+      token = Object.new
+      @app = Proc.new do |env|
+        env['global_session'].should_not be_nil
+        env['global_session'].should be_valid
+        token
+      end
+      environment = {}
+      Rack::GlobalSession.new(@app, @configuration).call(environment).should == token
+      environment['rack.cookies']["aCookie"][:value].should_not be_nil
+      environment['rack.cookies']["aCookie"][:domain].should == "example.com"
+      environment['rack.cookies']["aCookie"][:expires].should <= 10.minutes.from_now.utc
+      environment['rack.cookies']["aCookie"][:expires].should >= 9.minutes.from_now.utc
+    end
+    it 'should use SERVER_NAME if no domain is specified' do
+      @config_hash["common"]["cookie"].delete("domain")
+      dump_config(@config_hash)
+      environment = {}
+      Rack::GlobalSession.new(lambda {}, @configuration).call(environment)
+      environment['rack.cookies']["aCookie"][:domain].should == "server"
+    end
+
+    it 'should raise an error on ludicrously invalid cookies' do
+      environment = {"rack.cookies" => {
+          "aCookie" => "foo"
+        }}
+      key, hash, value = Rack::GlobalSession.new(lambda {}, @configuration).call(environment)
+      key.should == 503
+      hash.should == {'Content-Type' => 'text/plain'}
+      value.should == "Invalid cookie"
+      $stderr.string.should =~ /HasGlobalSession::MalformedCookie/
+      $stderr.string.should =~ /buffer error/
+    end
+
+    it 'should raise an error on well formed but invalid cookies' do
+      hash = {'id' => "root",
+        'tc' => Time.now, 'te' => Time.now,
+        'ds' => "not actually a signature",
+        'dx' => {"third" => 4},
+        's' => @first_key.private_encrypt("blah"),
+        'a' => "first",
+      }
+      json = HasGlobalSession::Encoding::JSON.dump(hash)
+      compressed = Zlib::Deflate.deflate(json, Zlib::BEST_COMPRESSION)
+      base64 = HasGlobalSession::Encoding::Base64Cookie.dump(compressed)
+      environment = {"rack.cookies" => {"aCookie" => base64}}
+      key, hash, value = Rack::GlobalSession.new(lambda {}, @configuration).call(environment)
+      key.should == 503
+      hash.should == {'Content-Type' => 'text/plain'}
+      value.should == "Invalid cookie"
+      $stderr.string.should =~ /OpenSSL::PKey::RSAError/
+    end
+
+    context 'with a valid environment' do
+      before(:each) do
+        @environment = {}
+        Rack::GlobalSession.new(lambda {}, @configuration).call(@environment)
+        @environment['rack.cookies']['aCookie'] = @environment['rack.cookies']['aCookie'][:value]
+      end
+
+      it 'should be able to read cookies from random places' do
+        Rack::GlobalSession.new(lambda {}, @configuration) do |env|
+          env['foo']
+        end.call({'foo' => @environment['rack.cookies']['aCookie']})
+      end
+
+      it 'should read a valid cookie' do
+        Rack::GlobalSession.new(lambda {}, @configuration).call(@environment)
+      end
+
+      context 'with an expired session' do
+        before(:each) do
+          Rack::GlobalSession.new(lambda {|e|
+                                    e['global_session'].instance_variable_set(:@expired_at,
+                                                                              1.minutes.from_now)},
+                                  @configuration).call(@environment)
+          @environment['rack.cookies']['aCookie'] = @environment['rack.cookies']['aCookie'][:value]
+        end
+
+        it 'should renew expired cookies when permitted' do
+          Rack::GlobalSession.new(lambda {|e| e['global_session'].renew!},
+                                  @configuration).call(@environment)
+          @environment['rack.cookies']["aCookie"][:expires].should <= 10.minutes.from_now.utc
+          @environment['rack.cookies']["aCookie"][:expires].should >= 9.minutes.from_now.utc
+        end
+
+        it 'should renew expired cookies implicitly' do
+          Rack::GlobalSession.new(lambda {|e| e['global_session'].expired_at.should >=
+                                    9.minutes.from_now.utc},
+                                  @configuration).call(@environment)
+        end
+      end
+
+      context 'when it is not an authority' do
+        before(:each) do
+          @config_hash["common"].delete("authority")
+          dump_config(@config_hash)
+        end
+
+        it 'should not renew expired cookies' do
+          key, hash, value = Rack::GlobalSession.new(lambda {|e| e['global_session'].renew!},
+                                                     @configuration).call(@environment)
+          key.should == 503
+          hash.should == {'Content-Type' => 'text/plain'}
+          value.should == "Invalid cookie"
+          $stderr.string.should =~ /HasGlobalSession::NoAuthority/
+        end
+
+        it 'should not attempt to update the cookie when it is not an authority' do
+          key, hash, value = Rack::GlobalSession.new(lambda {|e| e['global_session']['first'] = 4},
+                                                     @configuration).call(@environment)
+          key.should == 503
+          hash.should == {'Content-Type' => 'text/plain'}
+          value.should == "Invalid cookie"
+          $stderr.string.should =~ /HasGlobalSession::NoAuthority/
+        end
+      end
+
+      it 'should update cookies correctly' do
+        Rack::GlobalSession.new(lambda { |env|
+                                  env['global_session']['first'] = "foo"
+                                  env['global_session']['second'] = "bar"
+                                }, @configuration).call(@environment)
+        oldvalue = @environment['rack.cookies']['aCookie'][:value]
+        @environment['rack.cookies']['aCookie'] = @environment['rack.cookies']['aCookie'][:value]
+        Rack::GlobalSession.new(lambda { |env|
+                                  env['global_session']['first'].should == "foo"
+                                  env['global_session']['second'].should == "bar"
+                                  env['global_session']['first'] = "baz"
+                                }, @configuration).call(@environment)
+        @environment['rack.cookies']['aCookie'][:value].should_not == oldvalue
+      end
+
+      it 'should unconditionally wipe the cookie if an error occurs' do
+        @environment['rack.cookies']['aCookie'].should_not be_nil
+        key, hash, value = Rack::GlobalSession.new(lambda {raise "foo"}, @configuration).call(@environment)
+        key.should == 503
+        hash.should == {'Content-Type' => 'text/plain'}
+        value.should == "Invalid cookie"
+        @environment['rack.cookies']['aCookie'][:value].should be_nil
+      end
+
+      it 'should refuse cookies from invalid certification authorities' do
+        @config_hash["common"]["trust"] = "second"
+        dump_config(@config_hash)
+        key, hash, value = Rack::GlobalSession.new(lambda {}, @configuration).call(@environment)
+        key.should == 503
+        hash.should == {'Content-Type' => 'text/plain'}
+        value.should == "Invalid cookie"
+        $stderr.string.should =~ /SecurityError/
+      end
+    end
+  end
+end

data/spec/rcov.opts

@@ -0,0 +1 @@
+--exclude "spec/*"~

data/spec/spec.opts

@@ -0,0 +1,2 @@
+--format=nested
+--backtrace

data/spec/spec_helper.rb

@@ -0,0 +1,128 @@
+#--
+# Copyright: Copyright (c) 2010 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require "rubygems"
+require 'bundler/setup'
+$:.unshift(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib')))
+require File.expand_path(File.dirname(__FILE__) + "/../lib/rack_global_session")
+require "spec"
+require "flexmock"
+require "tmpdir"
+require "yaml"
+
+Spec::Runner.configuration.mock_with :flexmock
+
+module Rack::GlobalSessions
+  # Helper class for managing OpenSSL keys.
+  class KeyFactory
+    # Make a new keystore, including a temporary directory.
+    def initialize
+      @keystore = Dir.mktmpdir
+    end
+
+    # Return the directory all keys are stored in.
+    #
+    # === Returns
+    # keystore(String): directory where all keys are stored
+    def dir
+      @keystore
+    end
+
+    # Create a new OpenSSL key and write it to the temporary directory.
+    #
+    # === Parameters
+    # name(String): name of key
+    # write_private(Boolean): whether to write the private key to the directory
+    #
+    # === Returns
+    # new_key(OpenSSL::PKey::RSA): key generated
+    def create(name, write_private)
+      new_key     = OpenSSL::PKey::RSA.generate(1024)
+      new_public  = new_key.public_key.to_pem
+      new_private = new_key.to_pem
+      File.open(File.join(@keystore, "#{name}.pub"), 'w') { |f| f.puts new_public }
+      File.open(File.join(@keystore, "#{name}.key"), 'w') { |f| f.puts new_key } if write_private
+      new_key
+    end
+
+    # Remove all keys in the key store.
+    def reset()
+      Dir[File.join(@keystore, "*")].each { |f| FileUtils.remove_entry_secure f }
+    end
+
+    # Tear down the keystore.
+    def destroy()
+      FileUtils.remove_entry_secure(@keystore)
+    end
+  end
+
+  module SpecHelpers
+    shared_examples_for "Authentication" do
+      before(:all) do
+        @factory = KeyFactory.new
+      end
+
+      before(:each) do
+        @first_key = @factory.create("first", true)
+        @second_key = @factory.create("second", false)
+        @config_hash = {
+          "common" => {
+            "attributes" => {
+              "signed" => ["first", "second"],
+              "insecure" => ["third"]
+            },
+            "authority" => "first",
+            "trust" => "first",
+            "timeout" => 10,
+            "directory" => @factory.dir,
+            "cookie" => {
+              "name" => "aCookie",
+              "domain" => "example.com",
+            }
+          }
+        }
+        @config_file = File.join(@factory.dir, "config")
+        dump_config(@config_hash)
+      end
+
+      # Dump configuration for has_global_session to the config file.
+      #
+      # === Parameters
+      # hash(Hash): has_global_session configuration
+      def dump_config(hash)
+        File.open(@config_file, "w") do |file|
+          file << YAML.dump(hash)
+        end
+        @configuration = Configuration.new(@config_file, "test")
+      end
+
+      after(:all) do
+        @factory.destroy
+      end
+
+      after(:each) do
+        @factory.reset
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,226 @@
+--- !ruby/object:Gem::Specification 
+name: rack_global_session
+version: !ruby/object:Gem::Version 
+  hash: 15
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  version: "0.2"
+platform: ruby
+authors: 
+- Graham Hughes
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-11-30 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 3
+        - 0
+        - 3
+        version: 3.0.3
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: i18n
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 0
+        - 5
+        - 0
+        version: 0.5.0
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: tzinfo
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: has_global_session
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 21
+        segments: 
+        - 1
+        - 1
+        - 3
+        version: 1.1.3
+  type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 1
+        - 2
+        version: "1.2"
+  type: :runtime
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: rack-contrib
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 21
+        segments: 
+        - 1
+        - 0
+        - 1
+        version: 1.0.1
+  type: :runtime
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 1
+        - 3
+        version: "1.3"
+  type: :development
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: flexmock
+  prerelease: false
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 41
+        segments: 
+        - 0
+        - 8
+        - 11
+        version: 0.8.11
+  type: :development
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: rtags
+  prerelease: false
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 201
+        segments: 
+        - 0
+        - 97
+        version: "0.97"
+  type: :development
+  version_requirements: *id009
+description: |
+  A port of has_global_session to Rack middleware.
+
+email: graham@rightscale.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.rdoc
+- Rakefile
+- lib/rack_global_session.rb
+- lib/rack_global_session/version.rb
+- rack_global_session.gemspec
+- spec/rack_global_session_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: 
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --main
+- README.rdoc
+- --title
+- Rack::GlobalSession
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 57
+      segments: 
+      - 1
+      - 8
+      - 7
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Add global session handling to Rack servers
+test_files: 
+- spec/rack_global_session_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+- spec/spec_helper.rb