rack_session_manipulation 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a9b92685bdfb1562d5c91f2f43e7d9f011bd7175
-  data.tar.gz: 4039479856583c1db25262e525da2e18ae1846c3
+  metadata.gz: dbcb62e888d972acb2dd24eb5a7a735381d58752
+  data.tar.gz: 9d540498faedaf7581331dd70623a95a617acb92
 SHA512:
-  metadata.gz: 35eb5e1f919e08e8f0182b7e996e096a811f6f9ca82df0a7013efa43eab50189d36089c7288b0bd5c6c878c82c7bafa26a118aa9054af74d1376eedb7ffda298
-  data.tar.gz: ec6dd5bcfb8be8733b156d77ac76bb873a70bd5c484f272c7fd4f7a80fc8b15ab4824d237d57aed88c4635a91a6a4d51d330198776e92eda2c855f7126fb6f04
+  metadata.gz: 30df0e975654195180fd191c52e9fa945f081014c00407e4da3064d979683afad96430b27afd2f74bd34c75ca437cc6428fd9079698fb6460427d8cf82b45089
+  data.tar.gz: 4aec3d4ced2064f6aef2456d805e3473985a60abed1bff6a6add1a60597d7688cfaac2b21c6533e9d4143d3d62f3a6fa9c11b7de93c40d000f764c837e3ddff0

data/README.md

@@ -15,7 +15,13 @@ isolation without the dependency of the rest of your application.
 This is not intended to replace full set of 'behavior' tests, but can be used
 to speed up getting to a 'Given' state in place of helpers that previously
 would be forced to walk through your entire application stack to establish the
-target state. That walkthrough is valuable but can be redundant and unecessary.
+target state. That walkthrough is valuable but can be redundant and unecessary
+when they are only used to setup other tests.
+
+RackSessionManipulation strives to be a lightweight and safe, while having a
+high quality code base following the best ruby practices.
+
+## Security Notice
 
 This middleware should never be used in production as it allows arbitrary
 tampering of encrypted server-side session information without any form of
@@ -23,6 +29,14 @@ authentication. Use in production can lead to abuses such as user
 impersonation, privilege escalation, and private information exposure depending
 on what the application stores in the session.
 
+## Alternatives
+
+There is a very similar rack middleware [RackSessionAccess][1] that
+accomplishes more or less the same task. I wasn't particularly fond of how that
+gem solved the updating of state using multiple requests, and marshalled
+objects as well as unecessary use of builder. The approach seemed more
+complicated, slower and more dangerous than necessary.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -43,9 +57,25 @@ Or install it yourself as:
 
 ## Contributing
 
-1. Reivew the [Contributor Code of Conduct](CODE_OF_CONDUCT.md)
+I welcome new ideas, bug fixes and comments from anyone and strive to take no
+longer than a week to respond to issues, PRs, or various comments.
+
+All code submitted through PRs will be licensed under this project's MIT
+license, if this is a problem please instead open an issue before making your
+changes indicating this and I depending on the request I may make the requested
+changes myself or attempt to convince about the usage of this license. I want
+to avoid a multi-license code base that may impede any individual's usage of
+this code.
+
+With all that said, if you'd like to contribute please follow the standard
+contribution guide:
+
+1. Review the [Contributor Code of Conduct][2]
 2. Fork it ( https://github.com/sstelfox/rack_session_manipulation/fork )
 3. Create your feature branch (`git checkout -b my-new-feature`)
 4. Commit your changes (`git commit -am 'Add some feature'`)
 5. Push to the branch (`git push origin my-new-feature`)
-6. Create a new Pull Request
+6. Create a new Pull Request against this repo's develop branch
+
+[1]: https://github.com/railsware/rack_session_access
+[2]: CODE_OF_CONDUCT.md

data/lib/rack_session_manipulation.rb

@@ -1,28 +1,11 @@
 require 'json'
 
 require 'rack_session_manipulation/config'
+require 'rack_session_manipulation/json_encoder'
 require 'rack_session_manipulation/middleware'
-require 'rack_session_manipulation/utilities'
 require 'rack_session_manipulation/version'
 
 # RackSessionManipulation is rack middleware designed to expose internal
 # session information to be read and modified from within tests.
 module RackSessionManipulation
-  extend RackSessionManipulation::Utilities
-
-  # Keeps a globally accessible instance of a configuration object. This will
-  # initialize a new Config object the first time this is called (using a
-  # random path for the session access path).
-  #
-  # @return [RackSessionManipulation::Config]
-  def self.config
-    @config ||= RackSessionManipulation::Config.new(random_path_prefix)
-  end
-
-  # Allows block DSL style configuration of the global configuration instance.
-  #
-  # @yield [RackSessionManipulation::Config]
-  def self.configure
-    yield(config)
-  end
 end

data/lib/rack_session_manipulation/capybara.rb

@@ -5,16 +5,16 @@ module RackSessionManipulation
   module Capybara
     # Provides a mechanism to completely reset the server's session to a fresh
     # blank slate.
-    def reset_session
-      driver_method_fallback(:delete, RackSessionManipulation.config.path, data)
+    def session_reset
+      driver_method_fallback(:delete, session_manipulation_config.path, {})
     end
 
     # Retrieve a hash containing the entire state of the current session.
     #
     # @return [Hash] Hash of the session
     def session
-      driver.get(RackSessionManipulation.config.path)
-      RackSessionManipulation.decode(driver.response.body)
+      driver.get(session_manipulation_config.path)
+      session_manipulation_config.encoder.decode(driver.response.body)
     end
 
     # Updates the state of the current session. An important thing to note
@@ -28,8 +28,14 @@ module RackSessionManipulation
     #
     # @param [Hash] hash Data to be set / updated within the current session.
     def session=(hash)
-      data = { 'session_data' => RackSessionManipulation.encode(hash) }
-      driver_method_fallback(:put, RackSessionManipulation.config.path, data)
+      data = {
+        'session_data' => session_manipulation_config.encoder.encode(hash)
+      }
+      driver_method_fallback(:put, session_manipulation_config.path, data)
+    end
+
+    def session_manipulation_config
+      @rsm_config ||= Config.new
     end
 
     protected
@@ -53,7 +59,7 @@ module RackSessionManipulation
         return
       end
 
-      data.merge!('_method' => method.to_s.upcase)
+      dat.merge!('_method' => method.to_s.upcase)
       driver.respond_to?(:post) ? driver.post(path, dat) : driver.get(path, dat)
     end
   end

data/lib/rack_session_manipulation/config.rb

@@ -1,5 +1,27 @@
+require 'rack_session_manipulation/json_encoder'
+
 # Parent namespace for the Rack Session Manipulation middleware.
 module RackSessionManipulation
+  # Various default configuration options for the middleware.
+  DEFAULT_OPTIONS = {
+    encoder: RackSessionManipulation::JSONEncoder,
+    path:   '/rsm_session_path'
+  }
+
   # A data storage structure for holding configuration related information.
-  Config = Struct.new(:path)
+  class Config
+    attr_accessor :encoder, :path
+
+    # Setup the configuration object with the provided options, falling back on
+    # the configured defaults.
+    #
+    # @param [Hash<Symbol=>Object>] options Override the default configuration
+    #   options with the provided parameters.
+    def initialize(options = {})
+      options = DEFAULT_OPTIONS.merge(options)
+
+      self.encoder = options[:encoder]
+      self.path = options[:path]
+    end
+  end
 end

data/lib/rack_session_manipulation/json_encoder.rb

@@ -0,0 +1,25 @@
+# Parent namespace for the Rack Session Manipulation middleware.
+module RackSessionManipulation
+  # The stock encoder for session data. Encodes and decodes everything to/from
+  # JSON payloads.
+  module JSONEncoder
+    class << self
+      # Decoder for session state into a standard Ruby hash using JSON.
+      #
+      # @param [String] encoded_data JSON encoded session data
+      # @return [Hash] Hash version of the session data
+      def decode(encoded_data)
+        JSON.parse(encoded_data)
+      end
+
+      # Encoder for session state using JSON.
+      #
+      # @param [Hash] obj An object that can be serialized using JSON,
+      #   generally this is a hash.
+      # @return [String] The encoded data.
+      def encode(obj)
+        JSON.generate(obj)
+      end
+    end
+  end
+end

data/lib/rack_session_manipulation/middleware.rb

@@ -3,6 +3,8 @@ module RackSessionManipulation
   # Rack middleware that handles the accessing and modification of session
   # state.
   class Middleware
+    attr_reader :app, :config, :routes
+
     # Primary entry point of this middleware. Every request that makes it this
     # far into the stack will be parsed and when it matches something this
     # middleware is designed to handle it will stop the chain and process it
@@ -16,7 +18,7 @@ module RackSessionManipulation
       request = Rack::Request.new(env)
 
       action = get_action(request)
-      action.nil? ? @app.call(env) : send(action, request)
+      action.nil? ? app.call(env) : send(action, request)
     end
 
     # Setup the middleware with the primary application passed in, anything we
@@ -24,8 +26,11 @@ module RackSessionManipulation
     #
     # @param [Object#call] app A rack application that implements the #call
     #   method.
-    def initialize(app)
+    # @param [Hash<Symbol=>Object>] opts Configuration options for the
+    #   middleware.
+    def initialize(app, opts = {})
       @app = app
+      @config = Config.new(opts)
       @routes = {
         'DELETE'  => :reset,
         'GET'     => :retrieve,
@@ -33,8 +38,6 @@ module RackSessionManipulation
       }
     end
 
-    protected
-
     # Look up what HTTP method was used for this request. In the event the
     # client doesn't support all HTTP methods, the standard '_method' parameter
     # fall back is made available to override the method actually used.
@@ -63,8 +66,8 @@ module RackSessionManipulation
     # @return [Symbol,Nil] Name of method to use or nil if this middleware
     #   should pass the request on to the app.
     def get_action(request)
-      return unless request.path == RackSessionManipulation.config.path
-      @routes[extract_method(request)]
+      return unless request.path == config.path
+      routes[extract_method(request)]
     end
 
     # A helper mechanism to consistently generate common headers client will
@@ -95,7 +98,7 @@ module RackSessionManipulation
     # @return [Array<Fixnum, Hash, String>]
     def retrieve(request)
       session_hash = request.env['rack.session'].to_hash
-      content = RackSessionManipulation.encode(session_hash)
+      content = config.encoder.encode(session_hash)
 
       [200, headers(content.length), content]
     end
@@ -108,11 +111,11 @@ module RackSessionManipulation
     # @return [Array<Fixnum, Hash, String>]
     def update(request)
       session_data = request.params['session_data']
-      RackSessionManipulation.decode(session_data).each do |k, v|
+      config.encoder.decode(session_data).each do |k, v|
         request.env['rack.session'][k] = v
       end
 
-      loc_hdr = { 'Location' => RackSessionManipulation.config.path }
+      loc_hdr = { 'Location' => config.path }
       [303, headers(0).merge(loc_hdr), '']
     rescue JSON::ParserError
       [400, headers(0), '']

data/lib/rack_session_manipulation/version.rb

@@ -1,5 +1,5 @@
 # Parent namespace for the Rack Session Manipulation middleware.
 module RackSessionManipulation
   # The current version of this module
-  VERSION = '0.7.0'
+  VERSION = '0.8.0'
 end

data/rack_session_manipulation.gemspec

@@ -18,6 +18,8 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ['lib']
 
+  spec.add_dependency 'rack'
+
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'rake'

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rack_session_manipulation
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Sam Stelfox
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-01 00:00:00.000000000 Z
+date: 2015-04-06 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -198,8 +212,8 @@ files:
 - lib/rack_session_manipulation.rb
 - lib/rack_session_manipulation/capybara.rb
 - lib/rack_session_manipulation/config.rb
+- lib/rack_session_manipulation/json_encoder.rb
 - lib/rack_session_manipulation/middleware.rb
-- lib/rack_session_manipulation/utilities.rb
 - lib/rack_session_manipulation/version.rb
 - rack_session_manipulation.gemspec
 homepage: https://github.com/sstelfox/rack_session_manipulation

data/lib/rack_session_manipulation/utilities.rb

@@ -1,41 +0,0 @@
-# Parent namespace for the Rack Session Manipulation middleware.
-module RackSessionManipulation
-  # Various utility methods that will be module level functions for the parent
-  # namespace module.
-  module Utilities
-    # Helper method for decoding the session state into a standard Ruby hash.
-    # This data is exposed as JSON, and is parsed as such.
-    #
-    # @param [String] encoded_data JSON encoded session data
-    # @return [Hash] Hash version of the session data
-    def decode(encoded_data)
-      JSON.parse(encoded_data)
-    end
-
-    # Helper method for encoding modified session state for the middleware. The
-    # middleware expects JSON so this is just a thin wrapper for encoding to
-    # JSON.
-    #
-    # @param [Hash] obj An object that can be serialized using JSON, generally
-    #   this is a hash.
-    # @return [String] The encoded data.
-    def encode(obj)
-      JSON.generate(obj)
-    end
-
-    # SecureRandom raises a NotImplementedError if no random device is
-    # available in that case fallback on Kernel.rand. Shamelessly stolen from
-    # the Sinatra session secret generation code.
-    #
-    # @return [String]
-    def random_path_prefix
-      num = begin
-        require 'securerandom'
-        SecureRandom.random_number(2**128 - 1)
-      rescue LoadError, NotImplementedError
-        Kernel.rand(2**128 - 1)
-      end
-      format('/%032x', num)
-    end
-  end
-end