rad_core 0.0.25 → 0.0.26

data/spec/controller/http_spec.rb

@@ -1,6 +1,8 @@
 require "spec_helper"
 
 describe "Http" do
+  with_view_path "#{spec_dir}/views"
+  
   isolate :conveyors
   
   before do
@@ -18,6 +20,7 @@ describe "Http" do
       LocationSpec
       RequestMethod
       ForbidGetSpec
+      ViewVariablesSpec
     )
   end
   
@@ -97,7 +100,7 @@ describe "Http" do
     class ::RequestMethod
       inherit Rad::Controller::Http
       def action               
-        workspace.request.post?.should == true
+        request.post?.should == true
       end
     end
     
@@ -121,4 +124,18 @@ describe "Http" do
       wcall(ForbidGetSpec, :post_action, workspace, {})
     }.should raise_error(/not allowed/)
   end
+  
+  it "request and response must be availiable in view" do
+    class ::ViewVariablesSpec
+      inherit Rad::Controller::Http
+      
+      def action
+        @instance_variable = "iv value"
+      end
+    end
+    
+    wcall(ViewVariablesSpec, :action).should == %(\
+request: true
+response: true)
+  end
 end

data/spec/controller/render_spec.rb

@@ -182,19 +182,19 @@ describe "Controller render" do
     ccall(InlineRenderSpec, :action).should == "content"
   end
   
-  it ":inline option should render without layout" do
-    class ::InlineWithLayoutSpec
-      inherit Rad::Controller::Abstract
-      
-      layout '/layouts/app'
-      
-      def action
-        render inline: "content"
-      end
-    end
-    
-    ccall(InlineWithLayoutSpec, :action).should == "content"
-  end
+  # it ":inline option should render without layout" do
+  #   class ::InlineWithLayoutSpec
+  #     inherit Rad::Controller::Abstract
+  #     
+  #     layout '/layouts/app'
+  #     
+  #     def action
+  #       render inline: "content"
+  #     end
+  #   end
+  #   
+  #   ccall(InlineWithLayoutSpec, :action).should == "content"
+  # end
   
   it "should render correct action inside of special 'actions.xxx' template file" do
     class ::MultipleActions

data/spec/http/http_spec.rb

@@ -17,7 +17,7 @@ describe "Http basics" do
   it "http call" do    
     workspace = nil
 
-    rad.http.call rad.http.mock_environment do |c|      
+    rad.http.call Rad::Http::Request.stub_environment do |c|      
       c.call
       workspace = rad.workspace
     end

data/spec/router/integration_spec.rb

@@ -7,7 +7,7 @@ describe "Remote Basic" do
     end
   end  
   
-  isolate :conveyors
+  isolate :conveyors, :router
   
   after :all do
     remove_constants %w(AnRemote)
@@ -15,6 +15,9 @@ describe "Remote Basic" do
   
   before do
     rad.conveyors.web.use Rad::Router::Processors::Router, :class_variable, :method_variable
+    rad.router.routers = [
+      [:simple_router, Rad::Router::SimpleRouter.new]
+    ]
   end
   
   def call_router path, params 

data/spec/router/object_router_spec.rb

@@ -133,7 +133,7 @@ describe "ObjectRouter" do
     end
   end
   
-  describe "micelaneous check" do    
+  describe "miscellaneous check" do    
     before{@common_options = {default_class_name: 'Blogs'}}
     
     # it "should raise if :id and not default class " do

data/spec/router/persistent_params_spec.rb

@@ -34,7 +34,7 @@ describe "Persistent Params" do
     end
   end
   
-  describe "Micelaneous checks" do
+  describe "Miscellaneous checks" do
     it "should not persist special params" do
       @params.merge! _method: 'get'
       

data/spec/router/restful_router_spec.rb

@@ -78,7 +78,7 @@ describe "RestfulRouter" do
     end
   end
   
-  describe "micelaneous check" do    
+  describe "miscellaneous check" do    
     it "should allow only plural form in resource definition" do      
       lambda{@router.add :blog, class_name: 'BlogController'}.should raise_error(/plural/)
       @router.add :blogs, class_name: 'BlogController'

data/spec/web/basic_spec.rb

@@ -2,10 +2,14 @@ require 'spec_helper'
 
 describe "Core" do  
   with_load_path spec_dir
-  isolate :conveyors, before: :all
+  isolate :conveyors, :router, before: :all
   
   before :all do
-    load 'rad/profiles/web.rb'
+    rad.web
+    
+    rad.router.routers = [
+      [:simple_router, Rad::Router::SimpleRouter.new]
+    ]
   end
   
   after :all do        
@@ -79,8 +83,8 @@ describe "Core" do
       def action
         workspace.should_not == nil
         workspace.env.should_not == nil
-        workspace.request.should_not == nil
-        workspace.request.session.should_not == nil        
+        request.should_not == nil
+        request.session.should_not == nil        
         
         self.class.request_and_session_passed = true
         

data/spec/web/controller_routing_helper_spec.rb

@@ -1,12 +1,13 @@
 require 'spec_helper'
 
-describe "UrlHelper" do  
+describe "UrlHelper" do
+  isolate :conveyors, :router, before: :all
+  
   before :all do
     rad.web
-    rad.reset :conveyors
     
     class ControllerStub
-      inherit Rad::ControllerRoutingHelper, Rad::ControllerMicelaneousHelper
+      inherit Rad::ControllerRoutingHelper, Rad::ControllerMiscellaneousHelper
     
       def url_for *args
         args.first

data/spec/web/flash_spec.rb

@@ -4,12 +4,11 @@ require 'html/spec_helper'
 describe "Flash" do
   with_prepare_params
   
-  isolate :conveyors, before: :all
+  isolate :conveyors, :router, before: :all
   
   before :all do
     rad.mode = :development, true
     rad.web
-    rad.reset :conveyors
     
     class MockFlashContext < Rad::MockTemplateContext
       include Rad::Html::FlashHelper, Rad::ControllerRoutingHelper
@@ -66,7 +65,7 @@ describe "Flash" do
   
   def check_flash opt            
     workspace = nil 
-    result = rad.http.call(rad.http.mock_environment, check_flash: opt.to_openobject) do |c|
+    result = rad.http.call(Rad::Http::Request.stub_environment, check_flash: opt.to_openobject) do |c|
       c.call
       workspace = rad.workspace
     end

data/spec/web/protect_from_forgery_spec.rb

@@ -0,0 +1,187 @@
+require "spec_helper"
+
+describe "Forgery protection" do        
+  with_prepare_params
+    
+  isolate :conveyors, :router, before: :all
+
+  before :all do
+    rad.web
+    
+    class ForgerySpecHelper < Rad::Conveyors::Processor
+      def call
+        block = workspace.check_forgery.before_request
+        block.call workspace if block
+        workspace.before_request_done = true
+
+        next_processor.call
+
+        block = workspace.check_forgery.after_request
+        block.call workspace if block
+        workspace.after_request_done = true    
+      end
+    end        
+
+    class ::TheController
+      inherit Rad::Controller::Http
+      
+      protect_from_forgery_without_test only: :protected_method
+      
+      def protected_method
+        render inline: 'protected result'
+      end
+      
+      def method_without_protection
+        render inline: 'result'
+      end
+      
+      def dumb_method; end
+    end
+  end
+  
+  after :all do    
+    remove_constants %w(TheController ForgerySpecHelper)
+  end
+  
+  before do
+    rad.http.stub(:session).and_return({'key' => 'session_id'})
+    
+    rad.delete :conveyors
+    rad.conveyors.web do |web|
+      web.use Rad::Http::Processors::PrepareParams
+      web.use Rad::Http::Processors::EvaluateFormat
+      web.use ForgerySpecHelper
+      web.use Rad::Web::Processors::PrepareAutenticityToken
+      web.use Rad::Controller::Processors::ControllerCaller
+    end
+  end
+  
+  def check_forgery opt    
+    workspace = nil 
+    
+    result = rad.http.call(Rad::Http::Request.stub_environment, check_forgery: opt.to_openobject) do |c|
+      c.call
+      workspace = rad[:workspace]
+    end
+        
+    workspace.before_request_done.should be_true
+    workspace.after_request_done.should be_true
+    workspace
+  end
+  
+  it "should set :authenticity_token only for :get and 'html' request" do
+    check_forgery(
+      before_request: lambda{|workspace|
+        workspace.env['REQUEST_METHOD'] = 'GET'        
+        workspace.env['CONTENT_TYPE'] = 'text/html'
+        workspace.class = TheController
+        workspace.method_name = :dumb_method
+      },
+      after_request: lambda{|workspace|
+        workspace.request.session['authenticity_token'].should_not be_blank
+      }
+    )
+    
+    # post
+    check_forgery(
+      before_request: lambda{|workspace|        
+        workspace.env['REQUEST_METHOD'] = 'POST'        
+        workspace.env['CONTENT_TYPE'] = 'text/html'
+        workspace.class = TheController
+        workspace.method_name = :dumb_method
+      },
+      after_request: lambda{|workspace|
+        workspace.request.session['authenticity_token'].should be_blank
+      }
+    )
+  end
+  
+  it "should check any non :get request with browser's formats for :authenticity_token" do
+    lambda{
+      check_forgery(
+        before_request: lambda{|workspace|        
+          workspace.env['REQUEST_METHOD'] = 'POST'        
+          workspace.env['CONTENT_TYPE'] = 'text/html'
+          workspace.class = TheController
+          workspace.method_name = 'protected_method'
+        }
+      )
+    }.should raise_error(/invalid authenticity token/)
+  end
+    
+  it "should pass request with correct authenticity_token" do
+    check_forgery(
+      before_request: lambda{|workspace|
+        workspace.env['REQUEST_METHOD'] = 'POST'        
+        workspace.env['CONTENT_TYPE'] = 'text/html'
+        workspace.request.session['authenticity_token'] = 'secure token'
+        workspace.params['authenticity_token'] = 'secure token'
+        workspace.class = TheController
+        workspace.method_name = 'protected_method'
+      },
+      after_request: lambda{|workspace|
+        workspace.content.should == "protected result"
+      }
+    )
+  end
+    
+  it "should not check request with non-browser content type" do
+    check_forgery(
+      before_request: lambda{|workspace|
+        workspace.env['REQUEST_METHOD'] = 'POST'        
+        workspace.env['CONTENT_TYPE'] = 'non-browser-format'
+        workspace.class = TheController
+        workspace.method_name = 'protected_method'
+      },
+      after_request: lambda{|workspace|
+        workspace.content.should == "protected result"
+      }
+    )
+  end
+    
+  # it "should not check request with non-browser format" do
+  #   check_forgery(
+  #     before_request: lambda{|workspace|
+  #       workspace.env['REQUEST_METHOD'] = 'POST'        
+  #       workspace.env['CONTENT_TYPE'] = 'text/html'
+  #       workspace.params['format'] = 'json'
+  #       workspace.class = TheController
+  #       workspace.method_name = 'protected_method'
+  #     },
+  #     after_request: lambda{|workspace|
+  #       workspace.content.should == "protected result"
+  #     }
+  #   )
+  # end
+  
+  it "should not protect non protected methods" do
+    check_forgery(
+      before_request: lambda{|workspace|        
+        workspace.env['REQUEST_METHOD'] = 'POST'        
+        workspace.env['CONTENT_TYPE'] = 'text/html'
+        workspace.class = TheController
+        workspace.method_name = 'method_without_protection'
+      },
+      after_request: lambda{|workspace|
+        workspace.content.should == "result"
+      }
+    )    
+  end
+  
+  # it "OUTDATED should use :session_authenticity_token from params (for flash support)" do
+  #   check_forgery(
+  #     before_request: lambda{|workspace|
+  #       workspace.env['REQUEST_METHOD'] = 'POST'        
+  #       workspace.params.format = 'text/html'
+  #       # workspace.params['session_authenticity_token'] = 'secure token'
+  #       workspace.params['authenticity_token'] = 'secure token'
+  #       workspace.class = TheController
+  #       workspace.method_name = 'protected_method'
+  #     },
+  #     after_request: lambda{|workspace|
+  #       workspace.content.should == "protected result"
+  #     }
+  #   )
+  # end
+
+end

data/spec/web/spec_helper_spec.rb

@@ -1,12 +1,10 @@
 require "spec_helper"
 
 describe "spec helper" do
-  isolate :router, :conveyors
+  isolate :conveyors, :router, before: :all
   
   before do
     rad.web
-    rad.reset :conveyors
-    
     load 'rad/profiles/web.rb'
     
     class ::Planes
@@ -23,8 +21,14 @@ describe "spec helper" do
   end
       
   describe 'wcall' do
-    it "basic usage" do
-      wcall(Planes, :fly).should =~ /all right/
+    before do
+      rad.router.routers = [
+        [:simple_router, Rad::Router::SimpleRouter.new]
+      ]
+    end
+    
+    it "basic usage" do      
+      wcall(Planes, :fly).should =~ /all right/      
       wcall('/planes/fly').should =~ /all right/
     end 
     

data/spec/web/view_routing_helper_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 require 'html/spec_helper'
 
 describe "UrlHelper" do 
-  isolate :conveyors
+  isolate :conveyors, :router, before: :all
    
   before :all do
     rad.web

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: rad_core
 version: !ruby/object:Gem::Version 
-  version: 0.0.25
+  version: 0.0.26
   prerelease: 
 platform: ruby
 authors: 
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-07-05 00:00:00 +04:00
+date: 2011-07-29 00:00:00 +04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -234,9 +234,11 @@ files:
 - Rakefile
 - readme.md
 - lib/components/config.rb
+- lib/components/configurators.rb
 - lib/components/controller.rb
 - lib/components/controller.yml
 - lib/components/conveyors.rb
+- lib/components/environment.production.yml
 - lib/components/environment.rb
 - lib/components/environment.yml
 - lib/components/flash.rb
@@ -258,7 +260,7 @@ files:
 - lib/rad/_support/active_support/locales/ru/actionview.yml
 - lib/rad/_support/active_support/locales/ru/activesupport.yml
 - lib/rad/_support/active_support/locales/ru/datetime.yml
-- lib/rad/_support/active_support/micelaneous.rb
+- lib/rad/_support/active_support/miscellaneous.rb
 - lib/rad/_support/active_support/time.rb
 - lib/rad/_support/active_support.rb
 - lib/rad/_support/addressable.rb
@@ -275,7 +277,12 @@ files:
 - lib/rad/_support/rson.rb
 - lib/rad/_support/ruby_ext_with_active_support.rb
 - lib/rad/_support/string.rb
-- lib/rad/controller/_abstract/micelaneous.rb
+- lib/rad/cli/helper.rb
+- lib/rad/configurators/_require.rb
+- lib/rad/configurators/abstract.rb
+- lib/rad/configurators/runtime.rb
+- lib/rad/configurators/web.rb
+- lib/rad/controller/_abstract/miscellaneous.rb
 - lib/rad/controller/_abstract/render.rb
 - lib/rad/controller/_abstract/responder.rb
 - lib/rad/controller/_abstract.rb
@@ -300,11 +307,6 @@ files:
 - lib/rad/conveyors/processors/conveyor_logger.rb
 - lib/rad/conveyors/workspace.rb
 - lib/rad/conveyors.rb
-- lib/rad/core_web/_controller_micelaneous_helper.rb
-- lib/rad/core_web/_require.rb
-- lib/rad/core_web/_router/abstract_routing_helper.rb
-- lib/rad/core_web/_router/controller_routing_helper.rb
-- lib/rad/core_web/_router/view_routing_helper.rb
 - lib/rad/environment/_config.rb
 - lib/rad/environment/_environment.rb
 - lib/rad/environment/_files_helper.rb
@@ -367,7 +369,7 @@ files:
 - lib/rad/router/abstract_router.rb
 - lib/rad/router/alias_router.rb
 - lib/rad/router/configurator.rb
-- lib/rad/router/micelaneous_router.rb
+- lib/rad/router/miscellaneous_router.rb
 - lib/rad/router/object_router.rb
 - lib/rad/router/processors/router.rb
 - lib/rad/router/restful_router.rb
@@ -381,8 +383,10 @@ files:
 - lib/rad/spec/remote.rb
 - lib/rad/spec/router.rb
 - lib/rad/spec/template.rb
+- lib/rad/spec/web.rb
 - lib/rad/spec/xhtml.rb
 - lib/rad/spec.rb
+- lib/rad/tasks.rb
 - lib/rad/template/_context.rb
 - lib/rad/template/_relative_path_resolver.rb
 - lib/rad/template/_require.rb
@@ -391,6 +395,14 @@ files:
 - lib/rad/template/_template.rb
 - lib/rad/template/template_context.rb
 - lib/rad/template.rb
+- lib/rad/web/_ajax_helper.rb
+- lib/rad/web/_controller_miscellaneous_helper.rb
+- lib/rad/web/_ensure_no_www.rb
+- lib/rad/web/_protect_from_forgery.rb
+- lib/rad/web/_require.rb
+- lib/rad/web/_router/abstract_routing_helper.rb
+- lib/rad/web/_router/controller_routing_helper.rb
+- lib/rad/web/_router/view_routing_helper.rb
 - lib/rad.rb
 - spec/controller/abstract_spec/views/OperationsOrderSpec/action.erb
 - spec/controller/abstract_spec/views/ViewVariablesSpec/action.erb
@@ -410,6 +422,7 @@ files:
 - spec/controller/helper_spec/views/HelperMethodSpec/action.erb
 - spec/controller/helper_spec/views/HelperSpec/action.erb
 - spec/controller/helper_spec.rb
+- spec/controller/http_spec/views/ViewVariablesSpec/action.erb
 - spec/controller/http_spec.rb
 - spec/controller/render_spec/views/already_rendered_spec/action.erb
 - spec/controller/render_spec/views/already_rendered_spec/custom_template.erb
@@ -452,7 +465,7 @@ files:
 - spec/html/scoped_params_spec.rb
 - spec/html/spec_helper.rb
 - spec/http/http_spec.rb
-- spec/http/micelaneous_spec.rb
+- spec/http/miscellaneous_spec.rb
 - spec/mailer/mail_controller_spec/views/body_template_spec/signup.erb
 - spec/mailer/mail_controller_spec.rb
 - spec/mailer/spec_helper.rb
@@ -525,8 +538,10 @@ files:
 - spec/web/basic_spec.rb
 - spec/web/controller_routing_helper_spec.rb
 - spec/web/flash_spec.rb
+- spec/web/protect_from_forgery_spec.rb
 - spec/web/spec_helper_spec.rb
 - spec/web/view_routing_helper_spec.rb
+- bin/rad
 has_rdoc: true
 homepage: http://github.com/alexeypetrushin/rad_core
 licenses: []
@@ -554,6 +569,6 @@ rubyforge_project:
 rubygems_version: 1.5.1
 signing_key: 
 specification_version: 3
-summary: General purposed Web/App Framework
+summary: Simple and highly customizable Web Framework encouraging to build an app as a set of low-coupled components instead of monolith
 test_files: []