sbsm 1.4.9 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6aee853a34b97d3ab2ff7b4001c7e652d1e01c49
4
- data.tar.gz: 0b2c1aa161689b95b35c60a01e09274df57c9533
3
+ metadata.gz: 60e49c0bbf1c19f72b68e0ae0109d970f9e3849f
4
+ data.tar.gz: dee70d2c1510d16abf7a473a2bc7489a9bcce48d
5
5
  SHA512:
6
- metadata.gz: '097042df4c5dc65aae06155a75b52def17a5135d8b426ce0ebea531da3a5dcbbb510a01d3bc48ddc1f2d31c229d01394d7329753f71f9f30454ce4162b5763f7'
7
- data.tar.gz: cea64d66ef58aaefcf3e6246286f61260052f8bc258100896259a2db7c00aeac6a259c0ef006257982d23b037e674499324f7761d13eb0f775843ac5c781561d
6
+ metadata.gz: 8efe2e0d58360ce0823e8e9af80a370ddfe7586c709c4456c81022d89ae4bfc81337a2240e2813fc09db22fafa04dbaeb2a3f0b6f10950d3dc4305b70f609efa
7
+ data.tar.gz: 52eefccd90f9a08e6e73035489f911e554b02637e07c8f220e35a785294b9567858db6f3cb8ceabfd64ffd4046e101a62888319f226a685b55ecf767f25637ae
data/History.txt CHANGED
@@ -1,3 +1,9 @@
1
+ === 1.5.0 / 04.07.2017
2
+
3
+ * Correct handling nil/empty values in cookie
4
+ * Unescape cookie values before giving them back
5
+ * Fixed handling cookie_input
6
+
1
7
  === 1.4.9 / 28.06.2017
2
8
 
3
9
  * Fix is_crawler?
data/lib/sbsm/app.rb CHANGED
@@ -148,14 +148,14 @@ module SBSM
148
148
  response.status = result.last.to_i
149
149
  response.headers.delete(result.first)
150
150
  end
151
- session.cookie_input.each do |key, value|
152
- response.set_cookie(key, { :value => value, :path => '/' })
153
- end
154
- response.set_cookie(SESSION_ID, { :value => session_id, :path => '/' }) unless request.cookies[SESSION_ID]
155
- # response.set_cookie(SBSM::Session.get_cookie_name, session_id)
151
+ response.set_cookie(session.persistent_cookie_name,
152
+ { :value => session.cookie_pairs,
153
+ :path => "/",
154
+ :expires => (Time.now + (60 * 60 * 24 * 365 * 10))})
155
+ response.set_cookie(SESSION_ID, { :value => session_id, :path => '/' , :expires => (Time.now + (60 * 60 * 24 * 365 * 10)) })
156
156
  @@last_session = session
157
157
  if response.headers['Set-Cookie'].to_s.index(session_id)
158
- SBSM.debug "finish session_id.1 #{session_id}: matches response.headers['Set-Cookie']"
158
+ SBSM.debug "finish session_id.1 #{session_id}: matches response.headers['Set-Cookie'] #{response.headers['Set-Cookie']}"
159
159
  else
160
160
  SBSM.debug "finish session_id.2 #{session_id}: headers #{response.headers}"
161
161
  end
data/lib/sbsm/session.rb CHANGED
@@ -37,7 +37,7 @@ require 'delegate'
37
37
  module SBSM
38
38
  class Session
39
39
 
40
- attr_reader :user, :active_thread, :key, :cookie_input, :cookie_name, :post_content,
40
+ attr_reader :user, :active_thread, :key, :cookie_input, :persistent_cookie_name, :post_content,
41
41
  :server_name, :server_port, :request_params, :request_method, :request_origin,
42
42
  :unsafe_input, :valid_input, :request_path, :request_post, :cgi, :attended_states
43
43
  attr_accessor :validator, :trans_handler, :app
@@ -120,8 +120,8 @@ module SBSM
120
120
  fail "invalid validator #{@validator}" unless @validator.is_a?(SBSM::Validator)
121
121
  @trans_handler = trans_handler || TransHandler.instance
122
122
  fail "invalid trans_handler #{@trans_handler}" unless @trans_handler.is_a?(SBSM::TransHandler)
123
- @cookie_name = cookie_name
124
- @cookie_name ||= self.class::PERSISTENT_COOKIE_NAME
123
+ @persistent_cookie_name = cookie_name
124
+ @persistent_cookie_name ||= self.class::PERSISTENT_COOKIE_NAME
125
125
  @attended_states = {}
126
126
  @persistent_user_input = {}
127
127
  touch()
@@ -135,9 +135,6 @@ module SBSM
135
135
  @active_thread = nil
136
136
  SBSM.debug "session initialized #{self} with @cgi #{@cgi} multi_threaded #{multi_threaded} app #{app.object_id} and user #{@user.class} @unknown_user #{@unknown_user.class}"
137
137
  end
138
- def self.get_cookie_name
139
- @cookie_name
140
- end
141
138
  def method_missing(symbol, *args, &block) # Replaces old dispatch to DRb
142
139
  @app.send(symbol, *args, &block)
143
140
  rescue => error
@@ -211,6 +208,7 @@ module SBSM
211
208
  @request_path ||= rack_request.path
212
209
  @rack_request = rack_request
213
210
  @post_content = nil
211
+
214
212
  if rack_request.request_method.eql?('POST')
215
213
  rack_request.params.each do |k, v|
216
214
  # needed to test POST requests generated by curl (first parameter) or ARC (second parameter)
@@ -251,8 +249,8 @@ module SBSM
251
249
  @request_params = rack_request.params
252
250
  logout unless @active_state
253
251
  validator.reset_errors() if validator && validator.respond_to?(:reset_errors)
254
- import_user_input(rack_request)
255
252
  import_cookies(rack_request)
253
+ import_user_input(rack_request)
256
254
  @state = active_state.trigger(event())
257
255
  SBSM.debug "active_state.trigger state #{@state.object_id} #{@state.class} remember #{persistent_user_input(:remember).inspect}"
258
256
  #FIXME: is there a better way to distinguish returning states?
@@ -313,15 +311,22 @@ module SBSM
313
311
  end
314
312
  def import_cookies(request)
315
313
  reset_cookie()
316
- if(cuki_str = request.cookies[self::class::PERSISTENT_COOKIE_NAME])
317
- SBSM.debug "cuki_str #{self::class::PERSISTENT_COOKIE_NAME} #{cuki_str}"
318
- request.cookies.each do |key, val|
319
- key_sym = key.intern
320
- valid = @validator.validate(key_sym, val)
321
- @cookie_input.store(key_sym, valid) if valid
322
- end
323
- SBSM.debug "@cookie_input now #{@cookie_input}"
314
+ if(cuki = request.cookies[@persistent_cookie_name])
315
+ cuki.split(';').each { |cuki_str|
316
+ CGI.parse(CGI.unescape(cuki_str)).each { |key, val|
317
+ key = key.intern
318
+ valid = @validator.validate(key, val.compact.last)
319
+ @cookie_input.store(key, valid)
320
+ }
321
+ }
324
322
  end
323
+ request.cookies.each do |key, value|
324
+ next if key.to_s.eql?(@persistent_cookie_name.to_s)
325
+ key = key.intern
326
+ valid = @validator.validate(key, value)
327
+ @cookie_input.store(key, valid)
328
+ end if false
329
+ SBSM.debug "@cookie_input now #{@cookie_input}"
325
330
  end
326
331
  # should matches stuff like "hash[1]"
327
332
  @@hash_ptrn = /([^\[]+)((\[[^\]]+\])+)/
@@ -437,8 +442,11 @@ module SBSM
437
442
  end
438
443
  end
439
444
  end
445
+ def cookie_pairs
446
+ cookie_input.collect { |key, value| "#{key}=#{value ?CGI.escape(value) : ''}" }.join(';')
447
+ end
440
448
  def http_headers
441
- @state.http_headers
449
+ @state.http_headers
442
450
  rescue NameError, StandardError => err
443
451
  SBSM.info "NameError, StandardError: #@request_path"
444
452
  {'Content-Type' => 'text/plain'}
@@ -501,7 +509,7 @@ module SBSM
501
509
  end
502
510
  end
503
511
  def set_cookie_input(key, val)
504
- SBSM.debug "cookie_set_or_get #{key} #{val}"
512
+ SBSM.debug"set_cookie_input #{key} #{val}"
505
513
  @cookie_input.store(key, val)
506
514
  end
507
515
  def server_name
data/lib/sbsm/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SBSM
2
- VERSION = '1.4.9'
2
+ VERSION = '1.5.0'
3
3
  end
@@ -60,7 +60,8 @@ class AppTestSimple < Minitest::Test
60
60
  end
61
61
  def test_post_feedback
62
62
  set_cookie "_session_id=#{TEST_COOKIE_NAME}"
63
- set_cookie "#{SBSM::Session::PERSISTENT_COOKIE_NAME}=dummy"
63
+ params = { 'dummy' => 'value'}
64
+ set_cookie "#{SBSM::Session::PERSISTENT_COOKIE_NAME}"
64
65
  get '/de/page/feedback' do
65
66
  end
66
67
  # assert_match /anrede.*=.*value2/, CGI.unescape(last_response.headers['Set-Cookie'])
@@ -0,0 +1,186 @@
1
+ #!/usr/bin/env ruby
2
+ # encoding: utf-8
3
+ #--
4
+ #
5
+ # State Based Session Management
6
+ # Copyright (C) 2004 Hannes Wyss
7
+ #
8
+ # This library is free software; you can redistribute it and/or
9
+ # modify it under the terms of the GNU Lesser General Public
10
+ # License as published by the Free Software Foundation; either
11
+ # version 2.1 of the License, or (at your option) any later version.
12
+ #
13
+ # This library is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
+ # Lesser General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU Lesser General Public
19
+ # License along with this library; if not, write to the Free Software
20
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21
+ #
22
+ # ywesee - intellectual capital connected, Winterthurerstrasse 52, CH-8006 Zürich, Switzerland
23
+ # hwyss@ywesee.com
24
+ #
25
+ # TestSession -- sbsm -- 22.10.2002 -- hwyss@ywesee.com
26
+ #++
27
+
28
+ require 'minitest/autorun'
29
+ require 'sbsm/session'
30
+ require 'sbsm/validator'
31
+ require 'sbsm/trans_handler'
32
+ require 'sbsm/app'
33
+ require 'rack'
34
+ require 'rack/test'
35
+
36
+ begin
37
+ require 'pry'
38
+ rescue LoadError
39
+ end
40
+
41
+ class StubSessionSession < SBSM::Session
42
+ end
43
+ class StubSessionApp < SBSM::App
44
+ attr_accessor :trans_handler, :validator
45
+ SESSION = StubSessionSession
46
+ def initialize(args = {})
47
+ super()
48
+ end
49
+ def login(session)
50
+ false
51
+ end
52
+ def async(&block)
53
+ block.call
54
+ end
55
+ end
56
+ class StubSessionValidator < SBSM::Validator
57
+ def reset_errors; end
58
+ def validate(key, value, mandatory=false)
59
+ value
60
+ end
61
+ def valid_values(key)
62
+ if(key=='foo')
63
+ ['foo', 'bar']
64
+ end
65
+ end
66
+ def error?
67
+ false
68
+ end
69
+ end
70
+ class StubSessionRequest < Rack::Request
71
+ def initialize(path='', params = {})
72
+ super(Rack::MockRequest.env_for("http://example.com:8080/#{path}", params))
73
+ end
74
+ end
75
+ class StubSessionView
76
+ def initialize(foo, bar)
77
+ end
78
+ def http_headers
79
+ { "foo" => "bar" }
80
+ end
81
+ def to_html(context)
82
+ '0123456789' * 3
83
+ end
84
+ end
85
+ class StubSessionBarState < SBSM::State
86
+ EVENT_MAP = {
87
+ :foobar => StubSessionBarState,
88
+ }
89
+ end
90
+ class StubSessionBarfoosState < SBSM::State
91
+ DIRECT_EVENT = :barfoos
92
+ end
93
+ class StubSessionFooState < SBSM::State
94
+ EVENT_MAP = {
95
+ :bar => StubSessionBarState
96
+ }
97
+ end
98
+ class StubSessionState < SBSM::State
99
+ VIEW = StubSessionView
100
+ attr_accessor :volatile
101
+ def foo
102
+ @foo ||= StubSessionFooState.new(@session,@model)
103
+ end
104
+ end
105
+ class StubVolatileState < SBSM::State
106
+ VOLATILE = true
107
+ end
108
+ class StubSessionWithView < SBSM::Session
109
+ DEFAULT_STATE = StubSessionState
110
+ CAP_MAX_THRESHOLD = 3
111
+ MAX_STATES = 3
112
+ DEFAULT_FLAVOR = 'gcc'
113
+ attr_accessor :user, :state
114
+ attr_accessor :attended_states, :cached_states, :cookie_input
115
+ attr_writer :lookandfeel, :persistent_user_input
116
+ attr_writer :active_state
117
+ public :active_state
118
+ def initialize(args)
119
+ args[:app] ||= StubSessionApp.new
120
+ args[:validator] ||= StubSessionValidator.new
121
+ super(args)
122
+ persistent_user_input = {}
123
+ end
124
+ end
125
+ class StubSessionSession < SBSM::Session
126
+ attr_accessor :lookandfeel
127
+ attr_accessor :persistent_user_input
128
+ DEFAULT_FLAVOR = 'gcc'
129
+ LF_FACTORY = {
130
+ 'gcc' => 'ccg',
131
+ 'sbb' => 'bbs',
132
+ }
133
+ def initialize(app:)
134
+ super(app: app, validator: StubSessionValidator.new)
135
+ persistent_user_input = {}
136
+ end
137
+ def persistent_user_input(key)
138
+ super
139
+ end
140
+ end
141
+
142
+ class TestSession < Minitest::Test
143
+ include Rack::Test::Methods
144
+ def setup
145
+ @app = StubSessionApp.new(validator: StubSessionValidator.new)
146
+ @session = StubSessionWithView.new(app: @app, validator: StubSessionValidator.new)
147
+ @request = StubSessionRequest.new
148
+ @state = StubSessionState.new(@session, nil)
149
+ end
150
+
151
+ def app
152
+ @app
153
+ end
154
+
155
+ def test_cookies
156
+ by_persistent_name = '63488f94c90813200f29e1a60de9a479ad52e71758f48e612e9f6390f80c7b7c'
157
+ @session.cookie_input = { 'remember' => '63488f94c90813200f29e1a60de9a479ad52e71758f48e612e9f6390f80c7b7c',
158
+ 'name' => 'juerg@davaz.com',
159
+ 'language' => 'en'}
160
+ @request.cookies[:remember] = 'my_remember_value'
161
+ @request.cookies[:language] = 'en'
162
+ @request.cookies['_session_id'] = '10e524151d7f0da819f4222ecc1'
163
+ @request.cookies[@session.persistent_cookie_name] = @session.cookie_pairs
164
+ @session.cookie_input = {}
165
+ assert_equal({}, @session.cookie_input)
166
+ assert_nil(@session.persistent_user_input(:language))
167
+ @session.process_rack(rack_request: @request)
168
+ assert_equal([:remember, :name, :language], @session.cookie_input.keys)
169
+ assert_equal('en', @session.cookie_input[:language])
170
+ assert_equal(by_persistent_name, @session.cookie_input[:remember])
171
+ end
172
+ def test_cookie_pairs
173
+ @session.cookie_input = { 'name_last' => 'Müller', 'name_first' => 'Cécile',
174
+ 'nil_value' => nil, 'empty_string' => ''}
175
+ assert_equal('name_last=M%C3%BCller;name_first=C%C3%A9cile;nil_value=;empty_string=', @session.cookie_pairs)
176
+ @request.cookies[@session.persistent_cookie_name] = @session.cookie_pairs
177
+ @session.cookie_input = {}
178
+ assert_equal({}, @session.cookie_input)
179
+ @session.process_rack(rack_request: @request)
180
+ assert_equal([:name_last, :name_first, :nil_value, :empty_string], @session.cookie_input.keys)
181
+ assert_equal('Müller', @session.cookie_input[:name_last])
182
+ assert_equal('Cécile', @session.cookie_input[:name_first])
183
+ assert_equal('', @session.cookie_input[:nil_value])
184
+ assert_equal('', @session.cookie_input[:empty_string])
185
+ end
186
+ end
data/test/test_session.rb CHANGED
@@ -43,7 +43,7 @@ end
43
43
  class StubSessionSession < SBSM::Session
44
44
  end
45
45
  class StubSessionApp < SBSM::App
46
- attr_accessor :trans_handler, :validator
46
+ attr_accessor :trans_handler, :validator, :cookie_input
47
47
  SESSION = StubSessionSession
48
48
  def initialize(args = {})
49
49
  super()
@@ -133,7 +133,7 @@ class StubSessionSession < SBSM::Session
133
133
  'gcc' => 'ccg',
134
134
  'sbb' => 'bbs',
135
135
  }
136
- def initialize(app: app)
136
+ def initialize(app: )
137
137
  super(app: app, validator: StubSessionValidator.new)
138
138
  persistent_user_input = {}
139
139
  end
@@ -152,20 +152,6 @@ class TestSession < Minitest::Test
152
152
  @state = StubSessionState.new(@session, nil)
153
153
  end
154
154
 
155
- def test_cookies
156
- c_name = SBSM::Session::PERSISTENT_COOKIE_NAME
157
- c_value = "remember=63488f94c90813200f29e1a60de9a479ad52e71758f48e612e9f6390f80c7b7c\nname=juerg%40davaz.com\nlanguage=en"
158
- @request.cookies[:remember] = 'my_remember_value'
159
- @request.cookies[:language] = 'en'
160
- @request.cookies['_session_id'] = '10e524151d7f0da819f4222ecc1'
161
- @request.cookies[c_name] = 'my_cookie_id'
162
- @request.set_header('Set-Cookie', c_value)
163
- @session.process_rack(rack_request: @request)
164
- assert_equal([:remember, :language, :_session_id, c_name.to_sym], @session.cookie_input.keys)
165
- skip "Don't know how to test persistent_user_input"
166
- assert_equal('@session.valid_input', @session.persistent_user_input(:language))
167
- assert_equal('@session.valid_input', @session.valid_input)
168
- end
169
155
  def test_server_name
170
156
  @session.process_rack(rack_request: @request)
171
157
  assert_equal('example.com', @session.server_name)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sbsm
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.9
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Masaomi Hatakeyama, Zeno R.R. Davatz
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-27 00:00:00.000000000 Z
11
+ date: 2017-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -302,6 +302,7 @@ files:
302
302
  - test/test_index.rb
303
303
  - test/test_logger.rb
304
304
  - test/test_lookandfeel.rb
305
+ - test/test_rack_app.rb
305
306
  - test/test_redirect.rb
306
307
  - test/test_session.rb
307
308
  - test/test_state.rb
@@ -346,6 +347,7 @@ test_files:
346
347
  - test/test_index.rb
347
348
  - test/test_logger.rb
348
349
  - test/test_lookandfeel.rb
350
+ - test/test_rack_app.rb
349
351
  - test/test_redirect.rb
350
352
  - test/test_session.rb
351
353
  - test/test_state.rb