ramaze 2010.06.18 → 2011.01

data/spec/ramaze/helper/csrf.rb

@@ -0,0 +1,109 @@
+require File.expand_path('../../../../spec/helper', __FILE__)
+require 'ramaze/helper/csrf'
+
+##
+# A quick note on this controller.
+# I decided to user global variables ($foo) instead of sending
+# certain data to the "browser", this makes it much easier to compare
+# certain values.
+#
+# - Yorick Peterse
+#
+class SpecHelperCSRF < Ramaze::Controller
+  
+  engine :none
+  helper :csrf
+  
+  before_all do
+    csrf_protection :check_post, :protect_me do
+      respond("The specified CSRF token is incorrect.", 401)
+    end
+  end
+
+  # Generate a new csrf token
+  def index
+    generate_csrf_token
+  end
+  
+  # Retrieve the current value of the CSRF token
+  def get
+    return get_csrf_token
+  end
+  
+  # Check if the token isn't regenerated
+  def dont_regenerate
+    $token_sess   = session[:_csrf][:token]
+    $token_method = get_csrf_token
+  end
+  
+  # Check the TTL
+  def check_ttl
+    generate_csrf_token :ttl => 3
+    $old_token = get_csrf_token
+    sleep 4
+    $new_token = get_csrf_token
+  end
+  
+  # Check if the before_all block works
+  def check_post
+    "POST allowed."
+  end
+  
+end
+
+describe Ramaze::Helper::CSRF do
+  behaves_like :rack_test
+  
+  # ------------------------------------------------
+  # General validation
+  
+  it 'Generate a new CSRF token' do
+    got = get '/'
+    
+    got.status.should.equal 200
+    got.body.should.equal ''
+  end
+  
+  it 'Retrieve the current CSRF token' do
+    got = get '/get'
+    
+    got.status.should.equal 200
+    got.body.length.should.equal 128
+  end
+  
+  # ------------------------------------------------
+  # Validate the token expiration
+  
+  it 'Check if the token is regenerated (it shouldn\'t)' do
+    got = get '/dont_regenerate'
+    
+    got.status.should.equal 200
+    $token_sess.should.equal $token_method
+  end
+  
+  it 'Check if the token successfully expires after 3 seconds' do
+    got = get '/check_ttl'
+    
+    got.status.should.equal 200
+    $old_token.should.not.equal $new_token
+  end
+  
+  # ------------------------------------------------
+  # Validate all HTTP requests (GET, POST, etc)     
+  
+  it 'Validate all HTTP requests (GET, POST, etc)' do
+    methods = [:get, :post, :put, :delete]
+    
+    methods.each do |method|
+      got_invalid = self.send(method, '/check_post', :name => "Yorick Peterse")
+      got_valid   = self.send(method, '/check_post', :csrf_token => $new_token)
+
+      got_invalid.status.should.equal 401
+      got_invalid.body.should.equal "The specified CSRF token is incorrect."
+      
+      got_valid.status.should.equal 200
+      got_valid.body.should.equal "POST allowed."
+    end
+  end
+  
+end

data/spec/ramaze/helper/httpdigest.rb

@@ -60,17 +60,19 @@ describe Ramaze::Helper::HttpDigest do
 
     it 'sends out all the required header information' do
       get '/authenticate'
-      www_authenticate = last_response.headers['WWW-Authenticate']
-      authorization = Rack::Auth::Digest::Params.parse(www_authenticate)
+      www_authenticate  = last_response.headers['WWW-Authenticate']
+      authorization     = Rack::Auth::Digest::Params.parse(www_authenticate)
+      
       authorization["opaque"].should.not.be.empty
       authorization["nonce"].should.not.be.empty
-      authorization["realm"].should == REALM
-      authorization["qop"].should == "auth,auth-int"
+      authorization["realm"].should.equal REALM
+      authorization["qop"].should.equal "auth,auth-int"
 
       digest_authorize 'foo', 'oof'
       get '/authenticate'
+      
       last_response.headers.should.satisfy do |headers|
-        !headers.has_key?( "WWW-Authenticate" )
+        !headers.has_key? "WWW-Authenticate" 
       end
     end
   end
@@ -83,13 +85,13 @@ describe Ramaze::Helper::HttpDigest do
       digest_authorize nil, nil
 
       get '/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
 
       digest_authorize 'foo', 'oof'
       get '/authenticate'
-      last_response.status.should == 200
-      last_response.body.should == "Hello foo"
+      last_response.status.should.equal 200
+      last_response.body.should.equal "Hello foo"
     end
 
     it 'fails to authenticate an incorrect password with a block' do
@@ -97,13 +99,13 @@ describe Ramaze::Helper::HttpDigest do
       digest_authorize nil, nil
 
       get '/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
 
       digest_authorize 'foo', 'bar'
       get '/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
     end
   end
 
@@ -115,13 +117,13 @@ describe Ramaze::Helper::HttpDigest do
       digest_authorize nil, nil
 
       get '/plaintext/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == 'Unauthorized'
+      last_response.status.should.equal 401
+      last_response.body.should.equal 'Unauthorized'
 
       digest_authorize 'foo', 'oof'
       get '/plaintext/authenticate'
-      last_response.status.should == 200
-      last_response.body.should == "Hello foo"
+      last_response.status.should.equal 200
+      last_response.body.should.equal "Hello foo"
     end
 
     it 'fails to authenticate an incorrect password with the plaintext method' do
@@ -129,13 +131,13 @@ describe Ramaze::Helper::HttpDigest do
       digest_authorize nil, nil
 
       get '/plaintext/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
 
       digest_authorize 'foo', 'bar'
       get '/plaintext/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
     end
   end
 
@@ -147,13 +149,13 @@ describe Ramaze::Helper::HttpDigest do
       digest_authorize nil, nil
 
       get '/lookup/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
 
       digest_authorize 'foo', 'oof'
       get '/lookup/authenticate'
-      last_response.status.should == 200
-      last_response.body.should == "Hello foo"
+      last_response.status.should.equal 200
+      last_response.body.should.equal "Hello foo"
     end
 
     it 'fails to authenticate an incorrect password with the password lookup method' do
@@ -161,13 +163,13 @@ describe Ramaze::Helper::HttpDigest do
       digest_authorize nil, nil
 
       get '/lookup/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
 
       digest_authorize 'foo', 'bar'
       get '/lookup/authenticate'
-      last_response.status.should == 401
-      last_response.body.should == "Unauthorized"
+      last_response.status.should.equal 401
+      last_response.body.should.equal "Unauthorized"
     end
   end
 

data/spec/ramaze/helper/user.rb

@@ -54,7 +54,7 @@ class SpecUserHelperCallback < SpecUserHelper
   end
 end
 
-describe Ramaze::Helper::User do
+describe Ramaze::Helper::UserHelper do
   behaves_like :rack_test
 
   should 'login' do

data/spec/ramaze/helper/xhtml.rb

@@ -18,6 +18,16 @@ describe Ramaze::Helper::XHTML do
       should == '<link href="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js" media="screen" rel="stylesheet" type="text/css" />'
   end
 
+  should 'answer with <link> on #css with optional prefix' do
+    css(:foo, 'screen', :prefix => 'bar').
+      should == '<link href="/bar/foo.css" media="screen" rel="stylesheet" type="text/css" />'
+  end
+
+  should 'answer with <link> on #css with options hash as second argument' do
+    css(:foo, :prefix => 'bar/baz').
+      should == '<link href="/bar/baz/foo.css" media="screen" rel="stylesheet" type="text/css" />'
+  end
+
   should 'answer with <script> on #js' do
     js(:foo).
       should == '<script src="/js/foo.js" type="text/javascript"></script>'
@@ -25,6 +35,13 @@ describe Ramaze::Helper::XHTML do
       should == '<script src="http://example.com/foo.js" type="text/javascript"></script>'
   end
 
+  should 'answer with <script> on #js with optional prefix' do
+    js(:foo, :prefix => 'bar').
+      should == '<script src="/bar/foo.js" type="text/javascript"></script>'
+    js(:foo, :prefix => 'javascripts/deeply/nested').
+      should == '<script src="/javascripts/deeply/nested/foo.js" type="text/javascript"></script>'
+  end
+
   should 'answer with multiple <link> on #css_for' do
     css_for(:foo, :bar).
       should == "<link href=\"/css/foo.css\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />\n<link href=\"/css/bar.css\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"

data/spec/ramaze/log/growl.rb

@@ -0,0 +1,34 @@
+require File.expand_path('../../../../spec/helper', __FILE__)
+
+spec_precondition 'ruby-growl is installed' do
+  require 'ruby-growl'
+end
+
+require 'ramaze/log/growl'
+
+# Configure Growl, make sure your growl server matches
+# these settings.
+Ramaze::Logger::Growl.trait[:defaults][:name]     = 'ramaze'
+Ramaze::Logger::Growl.trait[:defaults][:password] = 'ramaze'
+
+describe Ramaze::Logger::Growl do
+  it 'Create a new instance of the Growl logger' do
+    growl = Ramaze::Logger::Growl.new
+
+    growl.should.respond_to? :log
+  end
+
+  it 'Send a growl notification' do
+    growl = Ramaze::Logger::Growl.new
+    growl.log(:info, 'Hello, Ramaze!')
+
+    # The Growl library doesn't seem to return anything,
+    # let's ask the user if the notification was sent
+    print "Did you see the the notification? (y/n) "
+    response = gets.strip
+
+    response.should.satisfy do |object|
+      object === 'y' or object === 'yes'
+    end
+  end
+end

data/spec/ramaze/log/informer.rb

@@ -3,6 +3,7 @@
 
 require File.expand_path('../../../../spec/helper', __FILE__)
 require 'ramaze/log/informer'
+require 'stringio'
 
 describe 'Informer' do
   @out = []

data/spec/ramaze/view/erector.rb

@@ -1,90 +1,68 @@
-#          Copyright (c) 2009 Michael Fellinger m.fellinger@gmail.com
-# All files in this distribution are subject to the terms of the Ruby license.
-
 require File.expand_path('../../../../spec/helper', __FILE__)
 spec_require 'erector'
 
-Ramaze::App.options.views = 'erector'
+# Define what view and layout we'll need to load
+Ramaze::App.options.views   = 'erector'
 Ramaze::App.options.layouts = 'erector'
 
+##
+# Core spec class for the test.
+# This class is nothing more than a regular controller but is called using Bacon instead of a browser.
+#
 class SpecErector < Ramaze::Controller
+  # Map the controller to the root of the server.
   map '/'
-  engine :Erector
-  helper :erector
+  
+  # Set the engine to Erector. We can't test Erector if we're not using it can we?
+  engine :erector
+  helper :erector, :thread
   layout :layout
-
-  def invoke_helper_method 
-  end
-
+  
+  # The index method loads a very basic view in a layout.
   def index
-    erector { h1 "Erector Index" }
   end
-
-  def links
-    erector {
-      ul {
-        li { a(:href => r(:index)) { text "Index page" } }
-        li { a(:href => r(:internal)){ text "Internal template" } }
-        li { a(:href => r(:external)){ text "External template" } }
-      }
-    }
+  
+  # The tables method loads a view that contains a html table.
+  def tables
+    @users = [{:name => 'Yorick Peterse', :age => 18}, {:name => 'Chuck Norris', :age => 9000}, {:name => 'Bob Ross', :age => 53}]
   end
-
-  def strict_xhtml
-  end
-
-  def ie_if
-    erector {
-      ie_if("lt IE 8") {
-        css "ie.css"
-        css "test2.css", :media => 'screen'
-      }
-    }
-  end
-
-  def css
-    erector {
-      css "test.css", :media => 'screen'
-    }
-  end
-
-  def sum(num1, num2)
-    @num1, @num2 = num1.to_i, num2.to_i
+  
+  # Render a view inside a view
+  def view
   end
+  
 end
 
+# Testing time!
 describe Ramaze::View::Erector do
+  # The test type is a basic Rack based test.
   behaves_like :rack_test
-
-  should 'use erector methods' do
-    get('/').body.should == '<div><h1>Erector Index</h1></div>'
+  
+  # Render the index view. This is a basic view wrapped in a layout
+  it 'Render a basic layout and view' do
+    got = get '/'
+
+    got.status.should.equal 200
+    got['Content-Type'].should.equal 'text/html'
+    got.body.strip.should.equal '<html><head><title>erector</title></head><body><p>paragraph text</p></body></html>'
   end
-
-  should 'use other helper methods' do
-    get('/links').body.should == '<div><ul><li><a href="/index">Index page</a></li><li><a href="/internal">Internal template</a></li><li><a href="/external">External template</a></li></ul></div>'
-  end
-
-  should 'render external template' do
-    get('/external').body.should == "<div><h1>External Erector View Template</h1></div>"
+  
+  # Render the tables view
+  it 'Render a view with an HTML table' do
+    got = get '/tables'
+    
+    got.status.should.equal 200
+    got['Content-Type'].should.equal 'text/html'
+    got.body.strip.should.equal '<html><head><title>erector</title></head><body><table><thead><tr><th>Name</th><th>Age</th></tr></thead><tbody><tr><td>Yorick Peterse</td><td>18</td></tr><tr><td>Chuck Norris</td><td>9000</td></tr><tr><td>Bob Ross</td><td>53</td></tr></tbody></table></body></html>'
   end
-
-  should 'render external template with instance variables' do
-    get('/sum/1/2').body.should == '<div><p>3</p></div>'
+  
+  # Render a view inside a view
+  it 'Render a view inside a view' do
+    got = get '/view'
+    
+    got.status.should.equal 200
+    got['Content-Type'].should.equal 'text/html'
+    got.body.strip.should.equal '<html><head><title>erector</title></head><body><h2>Hello, view!</h2><p>view body.</p></body></html>'
   end
-
-  should 'render external strict xhtml template' do
-    get('/strict_xhtml').body.should == "<div><?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"DTD/xhtml1-strict.dtd\"><html lang=\"en\" xml:lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\"><p>STRICT!</p></html></div>"
-  end
-
-  should 'render css link with merged options' do
-    get('/css').body.should == "<div><link href=\"test.css\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" /></div>"
-  end
-
-  should 'render ie conditional' do
-    get('/ie_if').body.should == "<div><!--[if lt IE 8]><link href=\"ie.css\" rel=\"stylesheet\" type=\"text/css\" /><link href=\"test2.css\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" /><![endif]--></div>"
-  end
-
-  should 'invoke helper methods from external template'  do
-    get('/invoke_helper_method').body.should == "<div><a href=\"/index\">Index page</a></div>"
-  end
-end
+  
+end