sbsm 1.4.9 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6aee853a34b97d3ab2ff7b4001c7e652d1e01c49
-  data.tar.gz: 0b2c1aa161689b95b35c60a01e09274df57c9533
+  metadata.gz: 60e49c0bbf1c19f72b68e0ae0109d970f9e3849f
+  data.tar.gz: dee70d2c1510d16abf7a473a2bc7489a9bcce48d
 SHA512:
-  metadata.gz: '097042df4c5dc65aae06155a75b52def17a5135d8b426ce0ebea531da3a5dcbbb510a01d3bc48ddc1f2d31c229d01394d7329753f71f9f30454ce4162b5763f7'
-  data.tar.gz: cea64d66ef58aaefcf3e6246286f61260052f8bc258100896259a2db7c00aeac6a259c0ef006257982d23b037e674499324f7761d13eb0f775843ac5c781561d
+  metadata.gz: 8efe2e0d58360ce0823e8e9af80a370ddfe7586c709c4456c81022d89ae4bfc81337a2240e2813fc09db22fafa04dbaeb2a3f0b6f10950d3dc4305b70f609efa
+  data.tar.gz: 52eefccd90f9a08e6e73035489f911e554b02637e07c8f220e35a785294b9567858db6f3cb8ceabfd64ffd4046e101a62888319f226a685b55ecf767f25637ae

data/History.txt

@@ -1,3 +1,9 @@
+=== 1.5.0 / 04.07.2017
+
+* Correct handling nil/empty values in cookie
+* Unescape cookie values before giving them back
+* Fixed handling cookie_input
+
 === 1.4.9 / 28.06.2017
 
 * Fix is_crawler?

data/lib/sbsm/app.rb

@@ -148,14 +148,14 @@ module SBSM
         response.status = result.last.to_i
         response.headers.delete(result.first)
       end
-      session.cookie_input.each do |key, value|
-        response.set_cookie(key,  { :value => value, :path => '/' })
-      end
-      response.set_cookie(SESSION_ID, { :value => session_id, :path => '/' }) unless request.cookies[SESSION_ID]
-      # response.set_cookie(SBSM::Session.get_cookie_name, session_id)
+      response.set_cookie(session.persistent_cookie_name,
+                          { :value    => session.cookie_pairs,
+                            :path     => "/",
+                            :expires  => (Time.now + (60 * 60 * 24 * 365 * 10))})
+      response.set_cookie(SESSION_ID, { :value => session_id, :path => '/' ,  :expires => (Time.now + (60 * 60 * 24 * 365 * 10)) })
       @@last_session = session
       if response.headers['Set-Cookie'].to_s.index(session_id)
-        SBSM.debug "finish session_id.1 #{session_id}: matches response.headers['Set-Cookie']"
+        SBSM.debug "finish session_id.1 #{session_id}: matches response.headers['Set-Cookie'] #{response.headers['Set-Cookie']}"
       else
         SBSM.debug "finish session_id.2 #{session_id}: headers #{response.headers}"
       end

data/lib/sbsm/session.rb

@@ -37,7 +37,7 @@ require 'delegate'
 module SBSM
   class	Session
 
-		attr_reader :user, :active_thread, :key, :cookie_input, :cookie_name, :post_content,
+		attr_reader :user, :active_thread, :key, :cookie_input, :persistent_cookie_name, :post_content,
         :server_name, :server_port, :request_params, :request_method, :request_origin,
 			:unsafe_input, :valid_input, :request_path, :request_post, :cgi, :attended_states
     attr_accessor :validator, :trans_handler, :app
@@ -120,8 +120,8 @@ module SBSM
       fail "invalid validator #{@validator}" unless @validator.is_a?(SBSM::Validator)
       @trans_handler = trans_handler || TransHandler.instance
       fail "invalid trans_handler #{@trans_handler}" unless @trans_handler.is_a?(SBSM::TransHandler)
-      @cookie_name =  cookie_name
-      @cookie_name ||= self.class::PERSISTENT_COOKIE_NAME
+      @persistent_cookie_name =  cookie_name
+      @persistent_cookie_name ||= self.class::PERSISTENT_COOKIE_NAME
       @attended_states = {}
       @persistent_user_input = {}
       touch()
@@ -135,9 +135,6 @@ module SBSM
       @active_thread = nil
       SBSM.debug "session initialized #{self} with @cgi #{@cgi} multi_threaded #{multi_threaded} app #{app.object_id} and user #{@user.class} @unknown_user #{@unknown_user.class}"
     end
-    def self.get_cookie_name
-      @cookie_name
-    end
     def method_missing(symbol, *args, &block) # Replaces old dispatch to DRb
       @app.send(symbol, *args, &block)
     rescue => error
@@ -211,6 +208,7 @@ module SBSM
       @request_path ||= rack_request.path
       @rack_request = rack_request
       @post_content = nil
+
       if rack_request.request_method.eql?('POST')
          rack_request.params.each do |k, v|
            # needed to test POST requests generated by curl (first parameter) or ARC (second parameter)
@@ -251,8 +249,8 @@ module SBSM
           @request_params = rack_request.params
           logout unless @active_state
           validator.reset_errors() if validator && validator.respond_to?(:reset_errors)
-          import_user_input(rack_request)
           import_cookies(rack_request)
+          import_user_input(rack_request)
           @state = active_state.trigger(event())
           SBSM.debug "active_state.trigger state #{@state.object_id} #{@state.class} remember #{persistent_user_input(:remember).inspect}"
           #FIXME: is there a better way to distinguish returning states?
@@ -313,15 +311,22 @@ module SBSM
 		end
 		def import_cookies(request)
 			reset_cookie()
-      if(cuki_str = request.cookies[self::class::PERSISTENT_COOKIE_NAME])
-        SBSM.debug "cuki_str #{self::class::PERSISTENT_COOKIE_NAME} #{cuki_str}"
-        request.cookies.each do |key, val|
-          key_sym = key.intern
-          valid = @validator.validate(key_sym, val)
-          @cookie_input.store(key_sym, valid) if valid
-        end
-        SBSM.debug "@cookie_input now #{@cookie_input}"
+      if(cuki = request.cookies[@persistent_cookie_name])
+        cuki.split(';').each { |cuki_str|
+          CGI.parse(CGI.unescape(cuki_str)).each { |key, val|
+            key = key.intern
+            valid = @validator.validate(key, val.compact.last)
+            @cookie_input.store(key, valid)
+          }
+        }
       end
+      request.cookies.each do |key, value|
+        next if key.to_s.eql?(@persistent_cookie_name.to_s)
+        key = key.intern
+        valid = @validator.validate(key, value)
+        @cookie_input.store(key, valid)
+      end if false
+      SBSM.debug "@cookie_input now #{@cookie_input}"
 		end
     # should matches stuff like  "hash[1]"
     @@hash_ptrn = /([^\[]+)((\[[^\]]+\])+)/
@@ -437,8 +442,11 @@ module SBSM
 				end
 			end
 		end
+    def cookie_pairs
+      cookie_input.collect { |key, value| "#{key}=#{value ?CGI.escape(value) : ''}" }.join(';')
+    end
 		def http_headers
-			@state.http_headers
+        @state.http_headers
 		rescue NameError, StandardError => err
       SBSM.info "NameError, StandardError: #@request_path"
 			{'Content-Type' => 'text/plain'}
@@ -501,7 +509,7 @@ module SBSM
 			end
 		end
 		def set_cookie_input(key, val)
-      SBSM.debug "cookie_set_or_get #{key} #{val}"
+      SBSM.debug"set_cookie_input #{key} #{val}"
 			@cookie_input.store(key, val)
 		end
 		def server_name

data/lib/sbsm/version.rb

@@ -1,3 +1,3 @@
 module SBSM
-  VERSION = '1.4.9'
+  VERSION = '1.5.0'
 end

data/test/test_application.rb

@@ -60,7 +60,8 @@ class AppTestSimple < Minitest::Test
   end
   def test_post_feedback
     set_cookie "_session_id=#{TEST_COOKIE_NAME}"
-    set_cookie "#{SBSM::Session::PERSISTENT_COOKIE_NAME}=dummy"
+    params = { 'dummy' => 'value'}
+    set_cookie "#{SBSM::Session::PERSISTENT_COOKIE_NAME}"
     get '/de/page/feedback' do
     end
     # assert_match /anrede.*=.*value2/, CGI.unescape(last_response.headers['Set-Cookie'])

data/test/test_rack_app.rb

@@ -0,0 +1,186 @@
+#!/usr/bin/env ruby
+# encoding: utf-8
+#--
+#
+# State Based Session Management
+# Copyright (C) 2004 Hannes Wyss
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# ywesee - intellectual capital connected, Winterthurerstrasse 52, CH-8006 Zürich, Switzerland
+# hwyss@ywesee.com
+#
+# TestSession -- sbsm -- 22.10.2002 -- hwyss@ywesee.com
+#++
+
+require 'minitest/autorun'
+require 'sbsm/session'
+require 'sbsm/validator'
+require 'sbsm/trans_handler'
+require 'sbsm/app'
+require 'rack'
+require 'rack/test'
+
+begin
+  require 'pry'
+rescue LoadError
+end
+
+class StubSessionSession < SBSM::Session
+end
+class StubSessionApp < SBSM::App
+  attr_accessor :trans_handler, :validator
+  SESSION = StubSessionSession
+  def initialize(args = {})
+    super()
+  end
+  def login(session)
+    false
+  end
+  def async(&block)
+    block.call
+  end
+end
+class StubSessionValidator < SBSM::Validator
+	def reset_errors; end
+	def validate(key, value, mandatory=false)
+		value
+	end
+	def valid_values(key)
+		if(key=='foo')
+			['foo', 'bar']
+		end
+	end
+	def error?
+		false
+	end
+end
+class StubSessionRequest < Rack::Request
+  def initialize(path='', params = {})
+    super(Rack::MockRequest.env_for("http://example.com:8080/#{path}", params))
+  end
+end
+class StubSessionView
+	def initialize(foo, bar)
+	end
+  def http_headers
+    { "foo"   =>      "bar" }
+  end
+	def to_html(context)
+		'0123456789' * 3
+	end
+end
+class StubSessionBarState < SBSM::State
+	EVENT_MAP = {
+		:foobar	=>	StubSessionBarState,
+	}
+end
+class StubSessionBarfoosState < SBSM::State
+	DIRECT_EVENT = :barfoos
+end
+class StubSessionFooState < SBSM::State
+	EVENT_MAP = {
+		:bar	=>	StubSessionBarState
+	}
+end
+class StubSessionState < SBSM::State
+	VIEW = StubSessionView
+	attr_accessor :volatile
+	def foo
+		@foo ||= StubSessionFooState.new(@session,@model)
+	end
+end
+class StubVolatileState < SBSM::State
+	VOLATILE = true
+end
+class StubSessionWithView < SBSM::Session
+	DEFAULT_STATE = StubSessionState
+	CAP_MAX_THRESHOLD = 3
+	MAX_STATES = 3
+	DEFAULT_FLAVOR = 'gcc'
+	attr_accessor :user, :state
+	attr_accessor :attended_states, :cached_states, :cookie_input
+	attr_writer :lookandfeel, :persistent_user_input
+	attr_writer :active_state
+	public :active_state
+  def initialize(args)
+    args[:app]       ||= StubSessionApp.new
+    args[:validator] ||= StubSessionValidator.new
+    super(args)
+    persistent_user_input = {}
+  end
+end
+class StubSessionSession < SBSM::Session
+	attr_accessor :lookandfeel
+  attr_accessor :persistent_user_input
+	DEFAULT_FLAVOR = 'gcc'
+	LF_FACTORY = {
+		'gcc'	=>	'ccg',
+		'sbb'	=>	'bbs',
+	}
+	def initialize(app:)
+    super(app: app, validator:  StubSessionValidator.new)
+		persistent_user_input = {}
+	end
+	def persistent_user_input(key)
+		super
+	end
+end
+
+class TestSession < Minitest::Test
+  include Rack::Test::Methods
+	def setup
+    @app = StubSessionApp.new(validator: StubSessionValidator.new)
+    @session = StubSessionWithView.new(app: @app, validator: StubSessionValidator.new)
+    @request = StubSessionRequest.new
+		@state = StubSessionState.new(@session, nil)
+	end
+
+  def app
+    @app
+  end
+
+  def test_cookies
+    by_persistent_name =  '63488f94c90813200f29e1a60de9a479ad52e71758f48e612e9f6390f80c7b7c'
+    @session.cookie_input = { 'remember' => '63488f94c90813200f29e1a60de9a479ad52e71758f48e612e9f6390f80c7b7c',
+               'name' => 'juerg@davaz.com',
+               'language' => 'en'}
+    @request.cookies[:remember] = 'my_remember_value'
+    @request.cookies[:language] = 'en'
+    @request.cookies['_session_id'] = '10e524151d7f0da819f4222ecc1'
+    @request.cookies[@session.persistent_cookie_name] = @session.cookie_pairs
+    @session.cookie_input = {}
+    assert_equal({}, @session.cookie_input)
+    assert_nil(@session.persistent_user_input(:language))
+    @session.process_rack(rack_request: @request)
+    assert_equal([:remember, :name, :language], @session.cookie_input.keys)
+    assert_equal('en', @session.cookie_input[:language])
+    assert_equal(by_persistent_name, @session.cookie_input[:remember])
+  end
+  def test_cookie_pairs
+    @session.cookie_input = { 'name_last' => 'Müller', 'name_first' => 'Cécile',
+                              'nil_value' => nil, 'empty_string' => ''}
+    assert_equal('name_last=M%C3%BCller;name_first=C%C3%A9cile;nil_value=;empty_string=',  @session.cookie_pairs)
+    @request.cookies[@session.persistent_cookie_name] = @session.cookie_pairs
+    @session.cookie_input = {}
+    assert_equal({}, @session.cookie_input)
+    @session.process_rack(rack_request: @request)
+    assert_equal([:name_last, :name_first, :nil_value, :empty_string], @session.cookie_input.keys)
+    assert_equal('Müller', @session.cookie_input[:name_last])
+    assert_equal('Cécile', @session.cookie_input[:name_first])
+    assert_equal('', @session.cookie_input[:nil_value])
+    assert_equal('', @session.cookie_input[:empty_string])
+  end
+end

data/test/test_session.rb

@@ -43,7 +43,7 @@ end
 class StubSessionSession < SBSM::Session
 end
 class StubSessionApp < SBSM::App
-  attr_accessor :trans_handler, :validator
+  attr_accessor :trans_handler, :validator, :cookie_input
   SESSION = StubSessionSession
   def initialize(args = {})
     super()
@@ -133,7 +133,7 @@ class StubSessionSession < SBSM::Session
 		'gcc'	=>	'ccg',
 		'sbb'	=>	'bbs',
 	}
-	def initialize(app: app)
+	def initialize(app: )
     super(app: app, validator:  StubSessionValidator.new)
 		persistent_user_input = {}
 	end
@@ -152,20 +152,6 @@ class TestSession < Minitest::Test
 		@state = StubSessionState.new(@session, nil)
 	end
 
-  def test_cookies
-    c_name =  SBSM::Session::PERSISTENT_COOKIE_NAME
-    c_value = "remember=63488f94c90813200f29e1a60de9a479ad52e71758f48e612e9f6390f80c7b7c\nname=juerg%40davaz.com\nlanguage=en"
-    @request.cookies[:remember] = 'my_remember_value'
-    @request.cookies[:language] = 'en'
-    @request.cookies['_session_id'] = '10e524151d7f0da819f4222ecc1'
-    @request.cookies[c_name] = 'my_cookie_id'
-    @request.set_header('Set-Cookie', c_value)
-    @session.process_rack(rack_request: @request)
-    assert_equal([:remember, :language, :_session_id, c_name.to_sym], @session.cookie_input.keys)
-    skip "Don't know how to test persistent_user_input"
-    assert_equal('@session.valid_input', @session.persistent_user_input(:language))
-    assert_equal('@session.valid_input', @session.valid_input)
-  end
   def test_server_name
     @session.process_rack(rack_request: @request)
     assert_equal('example.com', @session.server_name)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sbsm
 version: !ruby/object:Gem::Version
-  version: 1.4.9
+  version: 1.5.0
 platform: ruby
 authors:
 - Masaomi Hatakeyama, Zeno R.R. Davatz
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-27 00:00:00.000000000 Z
+date: 2017-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -302,6 +302,7 @@ files:
 - test/test_index.rb
 - test/test_logger.rb
 - test/test_lookandfeel.rb
+- test/test_rack_app.rb
 - test/test_redirect.rb
 - test/test_session.rb
 - test/test_state.rb
@@ -346,6 +347,7 @@ test_files:
 - test/test_index.rb
 - test/test_logger.rb
 - test/test_lookandfeel.rb
+- test/test_rack_app.rb
 - test/test_redirect.rb
 - test/test_session.rb
 - test/test_state.rb