sbsm 1.4.4 → 1.4.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1db395aa1ea70e2bc31c7d76d63358c12f5058ed
-  data.tar.gz: de51fc22ab70cc86a8698d794b1e2427ed16ce2f
+  metadata.gz: c931f28d24233cb0c46c2f1e6341a8a451037918
+  data.tar.gz: abfdbcc5d3464f7ae2eeab161eaf02319f70e568
 SHA512:
-  metadata.gz: 815d1782d4ddeea0dede3453ad15aa43976f744ca6dd2888000f1a726d0d8ae95861779dada55ac8638387cce3b6f5ede94745c2d10bb11253cc795e744d22d2
-  data.tar.gz: 6737ce7a30a88ed7538097f58ed3e5729e8683ab98def7407a270b57291be555b9a72cbfbffb12272d8afebb5f13f40e7dc5a1252cc68335f8ebb805014582cf
+  metadata.gz: c7f94a54e9f0e73fd5ad64747720302448c12717665a94f8c769f041a987b8a86ef1ce9967ef9932f1a758aedfec4d30fea6a3d1bff94cd93b18d378469fc918
+  data.tar.gz: 57e179ccda3ea1eb5053992b71311f939aee63a72db164d761ff128ac13823d1d1c90140461454974399e00f1ddad4734cfc1533bbc145ea95ab82321a5a7b36

data/History.txt

@@ -1,3 +1,9 @@
+=== 1.4.5 / 13.06.2017
+
+* Fix unknown_user if passing a class and not an instance of it
+* Fix using pass_thru for oddb.org
+* Fix setting unknown_user
+
 === 1.4.4 / 12.06.2017
 
 * Fix remote_ip for POST processing in xmlconf

data/lib/sbsm/app.rb

@@ -117,9 +117,24 @@ module SBSM
       session = Thread.current.thread_variable_get(:session)
       SBSM.debug "starting session_id #{session_id}  session #{session.class} #{request.path}: cookies #{@cookie_name} are #{request.cookies} @cgi #{@cgi.class}"
       res = session.process_rack(rack_request: request)
-      response.write res
-      response.headers['Content-Type'] ||= 'text/html; charset=utf-8'
-      response.headers.merge!(session.http_headers)
+      thru = session.get_passthru
+      if thru.size > 0
+        file_name = thru.first.untaint
+        response.set_header('Content-Type', MimeMagic.by_extension(File.extname(file_name)).type)
+        response.headers['Content-Disposition'] = "#{thru.last}; filename=#{File.basename(file_name)}"
+        response.headers['Content-Length'] =  File.size(file_name).to_s
+        begin
+          response.write(File.open(file_name, File::RDONLY){|file| file.read})
+        rescue Errno::ENOENT, IOError => err
+          SBSM.error("#{err.message} #{thru.first}")
+          return [404, {}, []]
+        end
+      else
+        response.write res
+        response.headers['Content-Type'] ||= 'text/html; charset=utf-8'
+        response.headers.merge!(session.http_headers)
+      end
+
       if (result = response.headers.find { |k,v| /status/i.match(k) })
         response.status = result.last.to_i
         response.headers.delete(result.first)

data/lib/sbsm/session.rb

@@ -36,7 +36,7 @@ require 'delegate'
 module SBSM
   class	Session
 
-		attr_reader :user, :active_thread, :key, :cookie_input, :cookie_name,
+		attr_reader :user, :active_thread, :key, :cookie_input, :cookie_name, :post_content,
         :server_name, :server_port, :request_params, :request_method, :request_origin,
 			:unsafe_input, :valid_input, :request_path, :request_post, :cgi, :attended_states
     attr_accessor :validator, :trans_handler, :app
@@ -108,12 +108,12 @@ module SBSM
     def initialize(app:,
                    trans_handler: nil,
                    validator: nil,
-                    unknown_user: nil,
+                    unknown_user: SBSM::UnknownUser.new,
                   cookie_name: nil,
                    multi_threaded: false)
-      SBSM.info "initialize th #{trans_handler} validator #{validator} app #{app.class}"
+      SBSM.info "initialize th #{trans_handler} validator #{validator} app #{app.class} multi_threaded #{multi_threaded}"
       @app = app
-      @unknown_user = SBSM::UnknownUser.new
+      @unknown_user = unknown_user.is_a?(Class) ? unknown_user.new : unknown_user
       @validator = validator if validator.is_a?(SBSM::Validator)
       @validator ||= (validator && validator.new) || Validator.new
       fail "invalid validator #{@validator}" unless @validator.is_a?(SBSM::Validator)
@@ -146,6 +146,8 @@ module SBSM
     end
     def unknown_user
       @unknown_user || SBSM::UnknownUser.new
+      puts "unknown_user set to #{@unknown_user} class #{ @unknown_user.is_a?(Class)}"
+      @unknown_user = @unknown_user.new if @unknown_user.is_a?(Class)
     end
     def age(now=Time.now)
       now - @mtime
@@ -203,7 +205,31 @@ module SBSM
 		end
     def process_rack(rack_request:)
       start = Time.now
+      @passthru = false
+      @disposition = false
       @request_path ||= rack_request.path
+      @rack_request = rack_request
+      @post_content = nil
+      if rack_request.request_method.eql?('POST')
+         rack_request.params.each do |k, v|
+           # needed to test POST requests generated by curl (first parameter) or ARC (second parameter)
+          if /xml/i.match(k)
+            @post_content = "#{k} #{v}"
+            break
+          end
+        end
+        begin
+          # needed for request generated by https://github.com/wiztools/rest-client
+          rack_request.body.rewind # just to be sure
+          @post_content = rack_request.body.read
+        end unless @post_content
+        if @post_content
+          SBSM.debug "@post_content is #{@post_content}"
+        else
+          SBSM.debug "rack_request is #{rack_request}"
+        end
+      end
+
       rack_request.params.each { |key, val| @cgi.params.store(key, val) }
       @trans_handler.translate_uri(rack_request)
       html = @mutex.synchronize do
@@ -381,7 +407,7 @@ module SBSM
 		end
 		def logout
 			__checkout
-      @user = SBSM::UnknownUser.new
+      @user = @unknown_user
       @active_state = @state = self::class::DEFAULT_STATE.new(self, @user)
       SBSM.debug "logout #{request_path.inspect} setting @state #{@state.object_id} #{@state.class} remember #{persistent_user_input(:remember).inspect} #{@user.class}"
       @state.init
@@ -430,8 +456,14 @@ module SBSM
 		def navigation
 			@user.navigation
 		end
-		def passthru(*args)
-			@request.passthru(*args)
+    def get_passthru
+      @passthru ? [@passthru, @disposition] : []
+    end
+		def passthru(path, disposition='attachment')
+      # the variable @passthru is set by a trusted source
+      @passthru    = path.untaint
+      @disposition = disposition
+      ''
 		end
 		def persistent_user_input(key)
 			if(value = user_input(key))

data/lib/sbsm/session_store.rb

@@ -55,7 +55,7 @@ module SBSM
                    session_class: nil,
                    validator: nil,
                    cookie_name: nil,
-                   unknown_user: nil,
+                   unknown_user: UNKNOWN_USER.new,
                    multi_threaded: nil)
       fail "You must specify an app!" unless app
       @sessions = {}
@@ -69,8 +69,8 @@ module SBSM
       @trans_handler ||= TransHandler.instance
       @session_class = session_class
       @session_class ||= SBSM::Session
-      @unknown_user = unknown_user
-      @unknown_user ||= UNKNOWN_USER
+      @unknown_user = unknown_user.is_a?(Class) ? unknown_user.new : unknown_user
+      @unknown_user ||= UnknownUser.new
       @validator = validator
     end
     def cap_max_sessions(now = Time.now)

data/lib/sbsm/user.rb

@@ -22,7 +22,7 @@
 # ywesee - intellectual capital connected, Winterthurerstrasse 52, CH-8006 Zürich, Switzerland
 # hwyss@ywesee.com
 #
-# User -- sbsm -- 20.11.2002 -- hwyss@ywesee.com 
+# User -- sbsm -- 20.11.2002 -- hwyss@ywesee.com
 #++
 
 module SBSM

data/lib/sbsm/version.rb

@@ -1,3 +1,3 @@
 module SBSM
-  VERSION = '1.4.4'
+  VERSION = '1.4.5'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sbsm
 version: !ruby/object:Gem::Version
-  version: 1.4.4
+  version: 1.4.5
 platform: ruby
 authors:
 - Masaomi Hatakeyama, Zeno R.R. Davatz
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-12 00:00:00.000000000 Z
+date: 2017-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack