rails-prg 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1b012c70c0e0c73ddad3f874e4e9da3530fa5ee4
+  data.tar.gz: b0ff3de2236d99c9df5806101d3d5761fd134da3
+SHA512:
+  metadata.gz: 6bc32193437e830f0120fcb49e1b2140b45b2918b248777515e13aec01fc808e22b1dbe03e190b704050db46e70b1e162d807481ce6d1d7b0540b75cb846cff7
+  data.tar.gz: 3928df8b355fe672b452f3dd5a1a7f0fc5682ab67410776e7ea15468f29e98a535ec48f31033892658499a5f7c368e2ed4bbdaccbfa5ebf610db4668ba2155d9

data/.cane

@@ -0,0 +1,4 @@
+--abc-max 10
+--gte coverage/covered_percent,100
+--no-style
+--color

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+spec/dummy/log
+spec/dummy/db/*.sqlite3

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--profile
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rails-prg.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Tom Meier
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,44 @@
+# Rails::Prg
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rails-prg'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rails-prg
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/rails-prg/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+
+## Note how to generate dummy rails app
+
+  * Command for dummy rails app
+  * Scaffolding request objects:
+    * `rails generate scaffold ExamplePrg subject:text:uniq body:text published:boolean`
+    * `rails generate scaffold ErrorDuplicator subject:text:uniq body:text published:boolean`
+
+## TODO
+  * Write up README
+  * Add steps to install chromedriver to readme
+  * When Open sourced:
+    * Add Travis-CI
+    * use sauce labs 'Open Sauce' to check in multiple browsers for result and remove 'selenium_display' (or only enable for manual local run, run script/ci for travis, script/spec for local)

data/Rakefile

@@ -0,0 +1,38 @@
+require "bundler/gem_tasks"
+
+require 'rspec/core/rake_task'
+require 'cane/rake_task'
+
+Dir.glob("lib/tasks/*.rake").all? do |rake_file|
+  load(rake_file)
+end
+
+RSpec::Core::RakeTask.new(:spec)
+
+namespace :spec do
+  desc "Run all unit specs"
+  RSpec::Core::RakeTask.new(:unit) do |t|
+    t.pattern = "spec/**/*_spec.rb"
+    t.rspec_opts = <<-SPEC_OPTS \
+      --require spec_helper    \
+      --format progress        \
+      --tag ~capybara_feature  \
+      --colour
+    SPEC_OPTS
+  end
+
+  desc "Run all feature specs"
+  RSpec::Core::RakeTask.new(:features) do |t|
+    t.pattern = "spec/**/*_spec.rb"
+    t.rspec_opts = <<-SPEC_OPTS \
+      --require spec_helper    \
+      --format documentation   \
+      --tag capybara_feature    \
+      --colour
+    SPEC_OPTS
+  end
+end
+
+task :default => :spec
+
+

data/lib/rails-prg.rb

@@ -0,0 +1,5 @@
+require "rails/prg/version"
+require "rails/prg"
+
+
+

data/lib/rails/prg.rb

@@ -0,0 +1,8 @@
+require "rails/prg/version"
+require "rails/prg/railtie"
+
+module Rails
+  module Prg
+    autoload :RedirectedObjectController, 'rails/prg/redirected_object_controller'
+  end
+end

data/lib/rails/prg/railtie.rb

@@ -0,0 +1,13 @@
+require 'rails/railtie'
+
+module Rails
+  module Prg
+    class Railtie < Rails::Railtie
+      initializer "rails-prg.action_controller" do
+        ActiveSupport.on_load(:action_controller) do
+          include Rails::Prg::RedirectedObjectController
+        end
+      end
+    end
+  end
+end

data/lib/rails/prg/redirected_object_controller.rb

@@ -0,0 +1,84 @@
+module Rails
+  # Post-Redirect-Get
+  module Prg
+    # Allow full POST-REDIRECT-GET pattern, instead of rendering an error, on change of object
+    # redirect back and load errors on to object. This prevents issues with a fully
+    # secure browser environment (no-cache, no-store), when the user clicks back
+    # Note: The filter *must* be loaded after the object instance is loaded for dynamic
+    # lookup without having to find it again.
+    # eg:
+    # class ObjectController
+    #   before_filter :find_object,               only: [:edit,:update]
+    #   before_filter :load_redirected_objects!,  only: [:edit]
+    #   def update
+    #     if errors;
+    #       set_redirected_object!('@object', @object, clean_params)
+    #       redirect_to edit_object_path(@object)
+    module RedirectedObjectController
+      extend ActiveSupport::Concern
+
+      # Load any redirected objects present in flash
+      # Loaded on any view where an error redirect has occured
+      def load_redirected_objects!
+        if flash[:redirected_objects]
+          flash[:redirected_objects].each do |instance_reference, attributes|
+            object_instance = instance_variable_get(instance_reference)
+            # Apply errors to instance
+            set_errors_to_redirected_instance(object_instance, attributes[:errors])
+            # Apply any params (ie: changed form fields to be corrected)
+            set_params_to_redirected_instance(object_instance, attributes[:params])
+          end
+        end
+      ensure
+        flash.delete(:redirected_objects)
+      end
+
+      # Allow Post-Redirect-Get on errors & submitted details
+      # passing details to redirected page for display
+      def set_redirected_object!(instance_reference, instance, instance_params)
+        ensure_redirected_params_are_safe!(instance_params)
+
+        flash[:redirected_objects] ||= {}
+        flash[:redirected_objects][instance_reference] = {
+          errors: instance.errors.messages,
+          params: instance_params
+        }
+      end
+
+      private
+
+      # Compare passed params for redirected object
+      #  - raise error if not strong parameters or not marked as safe
+      def ensure_redirected_params_are_safe!(passed_params)
+        unless passed_params.is_a?(ActionController::Parameters) && passed_params.permitted?
+          error_message = if passed_params.is_a?(ActionController::Parameters)
+            unsafe_parameters = passed_params.send(:unpermitted_keys, params)
+            "[Rails::Prg] Error - Must use permitted strong parameters. Unsafe: #{unsafe_parameters.join(', ')}"
+          else
+            "[Rails::Prg] Error - Must pass strong parameters."
+          end
+          raise error_message
+        end
+      end
+
+      # Assign any errors to redirected instance
+      def set_errors_to_redirected_instance(instance, error_hash = {})
+        error_hash.each do |attribute, errors|
+          errors.each do |error_for_attribute|
+            instance.errors.add(attribute, error_for_attribute)
+          end
+        end
+      end
+
+      # Assign any provided params to redirected instance
+      # - Only clean params should be passed through
+      def set_params_to_redirected_instance(instance, instance_params)
+        ensure_redirected_params_are_safe!(instance_params)
+
+        instance_params.each do |attribute, value|
+          instance.public_send("#{attribute}=", value)
+        end
+      end
+    end
+  end
+end

data/lib/rails/prg/version.rb

@@ -0,0 +1,5 @@
+module Rails
+  module Prg
+    VERSION = "0.1.0"
+  end
+end

data/lib/tasks/quality.rake

@@ -0,0 +1,15 @@
+if defined? RSpec
+  namespace :spec do
+    begin
+      require 'cane/rake_task'
+
+      desc "Run cane to check quality metrics"
+      Cane::RakeTask.new(:quality) do |cane|
+        cane.canefile = ".cane"
+        cane.add_threshold 'coverage/covered_percent', :>=, 100
+      end
+    rescue LoadError
+      warn "cane not available, quality task not provided."
+    end
+  end
+end

data/rails-prg.gemspec

@@ -0,0 +1,43 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "rails/prg/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "rails-prg"
+  spec.version       = Rails::Prg::VERSION
+  spec.authors       = ["Tom Meier"]
+  spec.email         = ["tom@venombytes.com"]
+  spec.summary       = %q{Allow Rails to use full POST-REDIRECT-GET pattern on errors.}
+  spec.description   = %q{
+    Secure applications must not use browser history or cache, this can cause problems
+    with some browsers when following standard Rails pattern for POST -> Error -> Render -> Success -> Redirect.
+    For full protection from ERR_CACHE_MISS (in Chrome with no-cache, no-store),
+    Rails should redirect on errors as well as on success,
+    always following full POST-REDIRECT-GET pattern.
+    This way the browser will always have a consistent back-button history to traverse without
+    triggering browser errors unable to display form submission pages.
+  }
+  spec.homepage      = "https://github.com/tommeier/rails-prg"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "actionpack"
+  spec.add_dependency "railties"
+
+  spec.add_development_dependency "activerecord"
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "cane"
+  spec.add_development_dependency "capybara"
+  spec.add_development_dependency "database_cleaner"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec-rails"
+  spec.add_development_dependency "selenium-webdriver"
+  spec.add_development_dependency "simplecov"
+  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "sprockets-rails"
+end

data/script/spec

@@ -0,0 +1,22 @@
+#!/bin/sh -xe
+
+# Install packages.
+bundle --quiet --binstubs
+
+DUMMY_APP_PATH="spec/dummy"
+
+# Prep dummy app db
+pushd "$DUMMY_APP_PATH"
+  rake db:drop db:setup
+  rake db:test:load
+popd
+
+rm -rf coverage
+
+# Enable to check spec coverage - only 'elses' should be uncovered
+export CHECK_SPEC_COVERAGE=${CHECK_SPEC_COVERAGE:-false}
+
+COVERAGE_GROUP="unit-tests" bin/rake "spec:unit"
+COVERAGE_GROUP="firefox-features" BROWSER=firefox bin/rake "spec:features"
+COVERAGE_GROUP="chrome-features" BROWSER=chrome bin/rake "spec:features"
+bin/rake "spec:quality"

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/javascripts/error_duplicator.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/spec/dummy/app/assets/javascripts/error_duplicators.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/spec/dummy/app/assets/javascripts/example_prgs.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/spec/dummy/app/assets/javascripts/post_redirect_gets.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/spec/dummy/app/assets/javascripts/test_objects.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */