secure_escrow 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+pkg/*
+log
+tmp

data/Gemfile

@@ -0,0 +1,21 @@
+source "http://rubygems.org"
+
+gemspec
+
+gem 'uuid'
+gem 'actionpack'
+
+group :development do
+  gem 'rspec', '>=2.6.0'
+  gem 'spork', '~> 0.9.0.rc9'
+  gem 'rake'
+  gem 'guard'
+  gem 'rb-fsevent'
+  gem 'growl_notify'
+  gem 'guard-rspec'
+  gem 'guard-spork'
+  gem 'pry'
+  gem 'pry-remote'
+  gem 'foreman'
+end
+

data/Gemfile.lock

@@ -0,0 +1,110 @@
+PATH
+  remote: .
+  specs:
+    secure_escrow (0.0.1)
+      redis
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionpack (3.1.1)
+      activemodel (= 3.1.1)
+      activesupport (= 3.1.1)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      i18n (~> 0.6)
+      rack (~> 1.3.2)
+      rack-cache (~> 1.1)
+      rack-mount (~> 0.8.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.0.2)
+    activemodel (3.1.1)
+      activesupport (= 3.1.1)
+      builder (~> 3.0.0)
+      i18n (~> 0.6)
+    activesupport (3.1.1)
+      multi_json (~> 1.0)
+    builder (3.0.0)
+    coderay (0.9.8)
+    diff-lcs (1.1.3)
+    erubis (2.7.0)
+    foreman (0.25.0)
+      term-ansicolor (~> 1.0.5)
+      thor (>= 0.13.6)
+    growl_notify (0.0.3)
+      rb-appscript
+    guard (0.8.8)
+      thor (~> 0.14.6)
+    guard-rspec (0.5.2)
+      guard (>= 0.8.4)
+    guard-spork (0.3.1)
+      guard (>= 0.8.4)
+      spork (>= 0.8.4)
+    hike (1.2.1)
+    i18n (0.6.0)
+    macaddr (1.5.0)
+      systemu (>= 2.4.0)
+    method_source (0.6.7)
+      ruby_parser (>= 2.3.1)
+    multi_json (1.0.3)
+    pry (0.9.7.4)
+      coderay (~> 0.9.8)
+      method_source (~> 0.6.7)
+      ruby_parser (>= 2.3.1)
+      slop (~> 2.1.0)
+    pry-remote (0.1.0)
+      pry (~> 0.9.6)
+      slop (~> 2.1)
+    rack (1.3.5)
+    rack-cache (1.1)
+      rack (>= 0.4)
+    rack-mount (0.8.3)
+      rack (>= 1.0.0)
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rake (0.9.2.2)
+    rb-appscript (0.6.1)
+    rb-fsevent (0.4.3.1)
+    redis (2.2.2)
+    rspec (2.7.0)
+      rspec-core (~> 2.7.0)
+      rspec-expectations (~> 2.7.0)
+      rspec-mocks (~> 2.7.0)
+    rspec-core (2.7.1)
+    rspec-expectations (2.7.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.7.0)
+    ruby_parser (2.3.1)
+      sexp_processor (~> 3.0)
+    sexp_processor (3.0.7)
+    slop (2.1.0)
+    spork (0.9.0.rc9)
+    sprockets (2.0.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    systemu (2.4.1)
+    term-ansicolor (1.0.7)
+    thor (0.14.6)
+    tilt (1.3.3)
+    uuid (2.3.4)
+      macaddr (~> 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionpack
+  foreman
+  growl_notify
+  guard
+  guard-rspec
+  guard-spork
+  pry
+  pry-remote
+  rake
+  rb-fsevent
+  rspec (>= 2.6.0)
+  secure_escrow!
+  spork (~> 0.9.0.rc9)
+  uuid

data/Guardfile

@@ -0,0 +1,33 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+#
+guard 'spork', :cucumber_env => { 'RAILS_ENV' => 'test' }, :rspec_env => { 'RAILS_ENV' => 'test' } do
+  watch('config/application.rb')
+  watch('config/environment.rb')
+  watch(%r{^config/environments/.+\.rb$})
+  watch(%r{^config/initializers/.+\.rb$})
+  watch('Gemfile')
+  watch('Gemfile.lock')
+  watch('spec/spec_helper.rb')
+  watch('test/test_helper.rb')
+end
+
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+  watch(%r{^spec/mock(_.+)\.rb$}) { "spec" }
+
+  # Rails example
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^app/(.+)\.rb$})                           { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^lib/(.+)\.rb$})                           { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch(%r{^app/controllers/(.+)_(controller)\.rb$})  { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
+  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
+  watch('spec/spec_helper.rb')                        { "spec" }
+  watch('config/routes.rb')                           { "spec/routing" }
+  watch('app/controllers/application_controller.rb')  { "spec/controllers" }
+  # Capybara request specs
+  watch(%r{^app/views/(.+)/.*\.(erb|haml)$})          { |m| "spec/requests/#{m[1]}_spec.rb" }
+end
+

data/License

@@ -0,0 +1,8 @@
+Copyright (c) 2011 Duncan Beevers - Dweebd LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/Procfile

@@ -0,0 +1,3 @@
+spork: bundle exec spork
+redis: redis-server
+

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+task default: :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new
+

data/Readme.md

@@ -0,0 +1,101 @@
+# SecureEscrow
+SecureEscrow proxies requests made to your application on a secure domain, stores the response, redirects the user to resources on an insecure domain, and serves the proxied response. It uses your preferred key-value store to hold responses between requests.
+
+## The Goals
+This tool was created for two purposes:
+
+- Secure authentication from an insecure page without a full-page refresh
+- Secure authentication from a 3rd party-domain
+
+## The Solution
+Your Rails application needs very little modification in order to support these secure actions.
+
+Say you have a <tt>#signin</tt> ajax action that is currently insecure. Secure Escrow first helps you generate the same form with its action pointing to a secure domain. Also, instead of submitting the form via XHR, an iframe is dynamically-created and the form's target is set to that iframe. When the submission is received by the Secure Escrow middleware, the request is forwarded along to your Rails application. The response from Rails is then cached and an alternate response is delivered to the client. The client is redirected to GET action on the insecure domain. This action is served by the Secure Escrow middleware, and contains the cached response from the Rails application, leaving your app totally unaware that a redirection has occurred. The response is then parsed and passed back to your registered AJAX handler.
+
+## Installation
+Add the following line to your <tt>Gemfile</tt>.
+
+````ruby
+gem 'secure_escrow'
+````
+
+Update your application's bundle.
+
+````
+$ bundle install
+````
+
+## Usage
+SecureEscrow has 5 integration points with a Rails application
+
+- Middleware surrounding your application
+- Domain information in application configuration
+- Routes declared as escrowed
+- JavaScript delivered via the asset pipeline
+- Forms generated by views
+
+### Install as Middleware
+Add the SecureEscrow::Middleware around your Rails application. It must be configured with access to a backing key-value store.
+In this example, the <tt>Awesome::Application.config.redis</tt> value is available after the <tt>environment</tt> file has been run.
+
+Example <tt>config.ru</tt>:
+
+````ruby
+# This file is used by Rack-based servers to start the application.
+require ::File.expand_path('../config/environment',  __FILE__)
+use SecureEscrow::Middleware, Awesome::Application.config.redis
+run Awesome::Application
+````
+
+### Configure Domain Information
+Ordinarily Rails simply uses the client-supplied request hostname to generate URLs.  SecureEscrow needs to redirect to a
+domain which may not be the same as the incoming request. Configuration is supplied on the Rails application instance, and
+may differ for various environments. For example, in <tt>development.rb</tt> you might have the following config.
+
+````ruby
+# = SecureEscrow config =
+config.secure_domain_name       = 'www.secure-awesome.devlocal'
+config.secure_domain_protocol   = 'http'
+config.secure_domain_port       = 3000
+config.insecure_domain_name     = 'www.insecure-awesome.devlocal'
+config.insecure_domain_protocol = 'http'
+config.insecure_domain_port     = 3000 
+`````
+
+### Declare Escrowed Routes
+In your Rails application's <tt>routes.rb</tt> file you can declare escrowed routes. Escrow only applies to POST actions.
+In the following example, I show replacing a <tt>post</tt> route with an <tt>escrow</tt> route.
+
+#### Before
+```` ruby
+get    'signin' => 'sessions#new',      as: :new_user_session
+post   'signin' => 'sessions#create',   as: :user_session
+get    'signout'=> 'sessions#destroy',  as: :destroy_user_session
+````
+
+#### After
+````ruby
+get    'signin' => 'sessions#new',      as: :new_user_session
+escrow 'signin' => 'sessions#create',   as: :user_session
+get    'signout'=> 'sessions#destroy',  as: :destroy_user_session
+````
+
+### Deliver JavaScript assets
+SecureEscrow integrates in the Rails asset pipeline. Just add the following to your <tt>application.js</tt>.
+
+````ruby
+// SecureEscrow
+// ======================
+//= require secure_escrow
+````
+
+ 
+### Generate forms that submit to the escrow
+View helpers are provided to generate forms that submit to the escrow.
+ 
+Replace <tt>form_for</tt> with <tt>escrow_form_for</tt> and <tt>form_tag</tt> with <tt>escrow_form_tag</tt>.
+
+## License
+
+MIT
+

data/lib/assets/javascripts/secure_escrow.js

@@ -0,0 +1,68 @@
+(function($, undefined) {
+  var framesCount = 0;
+
+  function handleRemoteEscrowSubmission(form) {
+    framesCount++;
+    var name = 'escrow_frame_' + framesCount;
+
+    // Create a hidden iframe to submit a form to
+    var iframe = $('<iframe>', { name: name, id: name }).
+      css({ display: 'none' }).
+      appendTo('body');
+
+    // onLoad handler attached to hidden iframe
+    // Consumes iframe content and bubbles it up as an ajax response
+    function onLoad() {
+      var payload_error,
+          innerText, json, response;
+
+      try {
+        innerText = iframe[0].contentWindow.document.body.innerText;
+        try {
+          json = JSON.parse(innerText);
+        } catch(_2) {
+          payload_error = 'Error parsing JSON response';
+        }
+      } catch(_1) {
+        payload_error = 'Error accessing response body';
+      }
+
+
+      response = {
+        responseText: innerText
+      };
+
+      if (payload_error) {
+        response.errorJSON = { error: payload_error };
+      } else {
+        response.responseJSON = json;
+      }
+ 
+      if (json && json.success) {
+        form.trigger('ajax:success', response);
+      } else {
+        form.trigger('ajax:error', response);
+      }
+      form.trigger('ajax:complete', response);
+    }
+
+    iframe.load(onLoad);
+    form.attr('target', name);
+  }
+
+  var formSubmitSelector = 'form';
+
+  $(formSubmitSelector).live('submit.secure_escrow', function(event) {
+    var form     = $(this),
+        escrow   = form.data('escrow'),
+        isEscrow = escrow !== undefined;
+
+    if (isEscrow) {
+      if ('iframe' === escrow) {
+        handleRemoteEscrowSubmission(form);
+      }
+    }
+
+  });
+
+}(jQuery));

data/lib/secure_escrow/engine.rb

@@ -0,0 +1,16 @@
+require 'rails'
+
+# Register as a Rails engine
+# in order to hook into asset pipeline
+module SecureEscrow
+  class Engine < ::Rails::Engine
+    initializer :setup_escrow do |app|
+      # Mix view helpers in through ActionController
+      ActionController::Base.helper SecureEscrow::Railtie::ActionViewHelper
+
+      # Mix routing helpers in through the Mapper class
+      ActionDispatch::Routing::Mapper.send :include, SecureEscrow::Railtie::Routing
+    end
+  end
+end
+

data/lib/secure_escrow/middleware.rb

@@ -0,0 +1,244 @@
+require "uuid"
+
+module SecureEscrow
+  module MiddlewareConstants
+    REQUEST_METHOD   = 'REQUEST_METHOD'
+    HTTP_COOKIE      = 'HTTP_COOKIE'
+    REQUEST_PATH     = 'REQUEST_PATH'
+    QUERY_STRING     = 'QUERY_STRING'
+    POST             = 'POST'
+    GET              = 'GET'
+    COOKIE_SEPARATOR = ';'
+    RAILS_ROUTES     = 'action_dispatch.routes'
+    LOCATION         = 'Location'
+    ESCROW_MATCH     = /^(.+)\.(.+)$/
+    TTL              = 180 # Seconds until proxied response expires
+    NONCE            = 'nonce'
+    RESPONSE         = 'response'
+    BAD_NONCE        = 'Bad nonce'
+    DATA_KEY         = 'secure_escrow'
+    REDIRECT_CODES   = 300..399
+  end
+
+  class Middleware
+    def initialize app, store
+      @app = app
+      @store = store
+    end
+
+    def call env
+      handle_presenter presenter(env)
+    end
+
+    def presenter env
+      Presenter.new @app, @store, env
+    end
+
+    def handle_presenter e
+      if e.serve_response_from_escrow?
+        e.serve_response_from_escrow!
+      elsif e.response_is_redirect?
+        e.redirect_to_response!
+      elsif e.store_response_in_escrow?
+        e.store_response_in_escrow_and_redirect!
+      else
+        e.serve_response_from_application!
+      end
+    end
+
+    class Presenter
+      include MiddlewareConstants
+
+      attr_reader :app, :store, :env
+
+      def initialize app, store, env
+        @app   = app
+        @store = store
+        @env   = env
+      end
+
+      def serve_response_from_escrow?
+        return false unless GET == env[REQUEST_METHOD]
+        return false unless escrow_id
+
+        store.exists escrow_key(escrow_id)
+      end
+
+      def response_is_redirect?
+        status, header, response = call_result
+        REDIRECT_CODES.include? status
+      end
+
+      def store_response_in_escrow?
+        method = env[REQUEST_METHOD]
+        return false unless POST == method
+        recognize_path[:escrow]
+      end
+
+      def serve_response_from_escrow!
+        key = escrow_key escrow_id
+        value = JSON.parse(store.get key)
+
+        if escrow_nonce == value[NONCE]
+          # Destroy the stored value
+          store.del key
+
+          return value[RESPONSE]
+        else
+          # HTTP Status Code 403 - Forbidden
+          return [ 403, {}, [ BAD_NONCE ] ]
+        end
+      end
+
+      def redirect_to_response!
+        status, header, response = call_result
+        rewrite_location_header! header
+        [ status, header, response ]
+      end
+
+      def store_response_in_escrow_and_redirect!
+        status, header, response = call_result
+        id, nonce = store_in_escrow status, header, response
+        token = "#{id}.#{nonce}"
+
+        response_headers = { LOCATION => redirect_to_location(token) }
+        set_cookie_token!(response_headers, token) if homogenous_host_names?
+
+        # HTTP Status Code 303 - See Other
+        return [ 303, response_headers, [ "Escrowed at #{token}" ] ]
+      end
+
+      def serve_response_from_application!
+        call_result
+      end
+
+      def escrow_id
+        @escrow_id ||= (escrow_id_and_nonce || [])[0]
+      end
+
+      def escrow_nonce
+        @escrow_nonce ||= (escrow_id_and_nonce || [])[1]
+      end
+
+      def escrow_key id
+        "escrow:#{id}"
+      end
+
+      # Take a Rack status, header, and response
+      # Serialize the response to a string
+      # Serialize the structure as JSON
+      # Generate a unique id for the data
+      # Generate a nonce for the data
+      # Store in Redis
+      def store_in_escrow status, header, response
+        id, nonce = generate_id_and_nonce
+
+        response_body = []
+        response.each { |content| response_body.push(content) }
+        response.close if response.respond_to? :close
+
+        rewrite_location_header! header
+
+        value = {
+          NONCE    => nonce,
+          RESPONSE => [ status, header, [ response_body.join ] ]
+        }
+
+        # Serialze the nonce and Rack response triplet,
+        # store in Redis, and set TTL
+        key = escrow_key id
+        store.setex key, value.to_json, TTL
+
+        [ id, nonce ]
+      end
+
+      def generate_id_and_nonce
+        [ UUID.generate, SecureRandom.hex(4) ]
+      end
+
+      private
+      def set_cookie_token! headers, token
+        Rack::Utils.set_cookie_header!(headers, DATA_KEY,
+          value: token,
+          httponly: true)
+      end
+
+      def redirect_to_location token = nil
+        routes = app.routes
+        config = app.config
+
+        redirect_to_options = {
+          protocol: config.insecure_domain_protocol,
+          host:     config.insecure_domain_name,
+          port:     config.insecure_domain_port
+        }
+
+        if token && !homogenous_host_names?
+          redirect_to_options.merge!(DATA_KEY => token)
+        end
+
+        routes.url_for(
+          recognize_path.merge(redirect_to_options))
+      end
+
+      def rewrite_location_header! header
+        return unless header[LOCATION]
+
+        config = app.config
+        routes = app.routes
+
+        # Rewrite redirect to secure domain
+        header[LOCATION] = routes.url_for(
+          routes.recognize_path(header[LOCATION]).merge(
+            host:     config.insecure_domain_name,
+            protocol: config.insecure_domain_protocol,
+            port:     config.insecure_domain_port
+          ))
+
+        header
+      end
+
+      def call_result
+        @call_result ||= app.call env
+      end
+
+      def rails_routes
+        @rails_routes ||= app.routes
+      end
+
+      # TODO: Examine the performance implications of parsing the
+      # Cookie / Query payload this early in the stack
+      def escrow_id_and_nonce
+        data = (homogenous_host_names? ?
+          Rack::Utils.parse_query(env[HTTP_COOKIE], COOKIE_SEPARATOR) :
+          Rack::Utils.parse_query(env[QUERY_STRING]))[DATA_KEY]
+
+        return unless data
+        match = data.match ESCROW_MATCH
+        return unless match
+
+        match[1..2]
+      end
+
+      def homogenous_host_names?
+        config = app.config
+        config.secure_domain_name == config.insecure_domain_name
+      end
+
+      def recognize_path
+        begin
+          rails_routes.recognize_path(
+            env[REQUEST_PATH],
+            method: env[REQUEST_METHOD]
+          )
+        rescue ActionController::RoutingError
+          {}
+        end
+      end
+
+    end
+
+  end
+
+end
+

data/lib/secure_escrow/railtie.rb

@@ -0,0 +1,58 @@
+require "action_dispatch"
+require "action_pack"
+
+module SecureEscrow
+  module Railtie
+    module Routing
+      def escrow options, &block
+        defaults = options[:defaults] || {}
+        defaults[:escrow] = true
+        post options.merge(defaults), &block
+      end
+    end
+
+    module ActionViewHelper
+      DATA_ESCROW = 'data-escrow'
+      IFRAME = 'iframe'
+      POST   = 'post'
+
+      def escrow_form_for record, options = {}, &proc
+        options[:html] ||= {}
+
+        stringy_record = String === record || Symbol === record
+        apply_form_for_options!(record, options) unless stringy_record
+
+
+        form_for record, escrow_options(options), &proc
+      end
+
+      def escrow_form_tag url_for_options = {}, options = {}, &block
+        form_tag url_for_options, escrow_options(options), &block
+      end
+
+      private
+      def escrow_options options
+        # Rewrite URL to point to secure domain
+        app = Rails.application
+        config = app.config
+
+        submission_url = controller.url_for(
+          app.routes.recognize_path(options[:url]).
+            merge(
+              host:     config.secure_domain_name,
+              protocol: config.secure_domain_protocol,
+              port:     config.secure_domain_port
+            ))
+
+        options[:url] = submission_url
+
+        # Add data-escrow attribute to the form element
+        html_options = options[:html] || {}
+
+        escrow_method = options.delete(:remote) ? IFRAME : POST
+        options.merge(html: html_options.merge(DATA_ESCROW => escrow_method))
+      end
+    end
+  end
+end
+

data/lib/secure_escrow/version.rb

@@ -0,0 +1,3 @@
+module SecureEscrow
+  VERSION = "0.0.1"
+end

data/lib/secure_escrow.rb

@@ -0,0 +1,13 @@
+# Attempt to provide engine to Rails
+require "secure_escrow/engine"
+
+require "secure_escrow/version"
+require "secure_escrow/railtie"
+require "secure_escrow/middleware"
+
+module SecureEscrow
+  def self.included base
+    base.extend ClassMethods
+  end
+end
+

data/secure_escrow.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "secure_escrow/version"
+
+Gem::Specification.new do |s|
+  s.name        = "secure_escrow"
+  s.version     = SecureEscrow::VERSION
+  s.authors     = ["Duncan Beevers"]
+  s.email       = ["duncan@dweebd.com"]
+  s.homepage    = ""
+  s.summary     = "Secure AJAX-style actions for Rails applications"
+  s.description = "SecureEscrow provides a content proxy for Rails applications allowing POSTing to secure actions from insecure domains without full-page refreshes"
+
+  s.rubyforge_project = "secure_escrow"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency 'rspec'
+end
+

data/spec/middleware_spec.rb

@@ -0,0 +1,439 @@
+require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
+include SecureEscrow::MiddlewareConstants
+
+describe 'SecureEscrow::Middleware' do
+  let(:app) { MockEngine.new }
+  let(:store) { MockRedis.new }
+  let(:middleware) { SecureEscrow::Middleware.new app, store }
+  let(:presenter) { SecureEscrow::Middleware::Presenter.new app, store, env }
+  let(:env) { {} }
+
+  context 'as a Rack application' do
+    it 'should be callable' do
+      middleware.should respond_to(:call).with(1).argument
+    end
+
+    it 'should handle_presenter with wrapped environment' do
+      middleware.should_receive(:presenter).with(env).
+        once.and_return(presenter)
+
+      middleware.should_receive(:handle_presenter).with(presenter).once
+
+      middleware.call(env)
+    end
+
+    context 'when handling the presenter' do
+      it 'should first serve a response from escrow' do
+        presenter.should_receive(:serve_response_from_escrow?).
+          with.once.and_return(true)
+
+        presenter.should_receive(:serve_response_from_escrow!).
+          with.once
+
+        presenter.should_not_receive(:redirect_to_response!)
+        presenter.should_not_receive(:store_response_in_escrow_and_redirect!)
+        presenter.should_not_receive(:serve_response_from_application!)
+
+        middleware.handle_presenter presenter
+      end
+
+      it 'should use the response redirect' do
+        presenter.should_receive(:serve_response_from_escrow?).
+          once.and_return(false)
+        presenter.should_receive(:response_is_redirect?).
+          once.and_return(true)
+        presenter.should_receive(:redirect_to_response!).once
+
+        presenter.should_not_receive(:store_response_in_escrow_and_redirect!)
+        presenter.should_not_receive(:serve_response_from_application!)
+
+        middleware.handle_presenter presenter
+      end
+
+      it 'should store a response in the escrow and redirect' do
+        presenter.should_receive(:serve_response_from_escrow?).
+          once.and_return(false)
+        presenter.should_receive(:response_is_redirect?).
+          once.and_return(false)
+        presenter.should_receive(:store_response_in_escrow?).
+          once.and_return(true)
+        presenter.should_receive(:store_response_in_escrow_and_redirect!).
+          once
+
+        presenter.should_not_receive(:serve_response_from_escrow!)
+        presenter.should_not_receive(:redirect_to_response!)
+        presenter.should_not_receive(:serve_response_from_application!)
+
+        middleware.handle_presenter presenter
+      end
+
+      it 'should pass-through other requests' do
+        presenter.should_receive(:serve_response_from_escrow?).
+          once.and_return(false)
+        presenter.should_receive(:response_is_redirect?).
+          once.and_return(false)
+        presenter.should_receive(:store_response_in_escrow?).
+          once.and_return(false)
+        presenter.should_receive(:serve_response_from_application!).
+          once
+
+        presenter.should_not_receive(:serve_response_from_escrow!)
+        presenter.should_not_receive(:redirect_to_response!)
+        presenter.should_not_receive(:store_response_in_escrow_and_redirect!)
+
+        middleware.handle_presenter presenter
+      end
+    end
+  end
+
+  context 'Presenter' do
+    describe 'serve_response_from_escrow?' do
+      it 'should not serve POSTs' do
+        presenter.env[REQUEST_METHOD] = POST
+        presenter.serve_response_from_escrow?.should be_false
+      end
+
+      it 'should not serve responses where the escrow key is not in the store' do
+        presenter.env[REQUEST_METHOD] = GET
+        set_escrow_cookie presenter, 'id'
+
+        presenter.serve_response_from_escrow?.should be_false
+      end
+
+      it 'should not check the backing store when no escrow param is present' do
+        presenter.env[REQUEST_METHOD] = GET
+
+        store.should_not_receive(:exists)
+        presenter.serve_response_from_escrow?
+      end
+
+      it 'should serve responses where the escrow key is in the store' do
+        presenter.env[REQUEST_METHOD] = GET
+        store_in_escrow store, 'id'
+
+        set_escrow_cookie presenter, 'id'
+        presenter.serve_response_from_escrow?.should be_true
+      end
+    end
+
+    describe 'response_is_redirect?' do
+      it 'should not include status codes less than 300' do
+        app.should_receive(:call).
+          once.with(env).and_return([ 299, {}, [ '' ] ])
+
+        presenter.response_is_redirect?.should be_false
+      end
+
+      it 'should not include status codes greater than 399' do
+        app.should_receive(:call).
+          once.with(env).and_return([ 400, {}, [ '' ] ])
+
+        presenter.response_is_redirect?.should be_false
+      end
+
+      it 'should include 304' do
+        app.should_receive(:call).
+          once.with(env).and_return([ 304, {}, [ '' ] ])
+
+        presenter.response_is_redirect?.should be_true
+      end
+    end
+
+    describe 'store_response_in_escrow?' do
+      it 'should not store GETs' do
+        presenter.env[REQUEST_METHOD] = GET
+        presenter.store_response_in_escrow?.should be_false
+      end
+
+      it 'should not store non-existent routes' do
+        presenter.env[REQUEST_METHOD] = POST
+
+        app.routes.should_receive(:recognize_path).
+          once.with(env[REQUEST_PATH], { method: POST }).
+          and_raise(
+            ActionController::RoutingError.new("No route matches #{env[REQUEST_PATH]}")
+          )
+
+        presenter.store_response_in_escrow?.should be_false
+      end
+
+      it 'should not store non-escrow routes' do
+        presenter.env[REQUEST_METHOD] = POST
+
+        app.routes.should_receive(:recognize_path).
+          once.with(env[REQUEST_PATH], { method: POST }).
+          and_return(controller: 'session', action: 'create')
+
+        presenter.store_response_in_escrow?.should be_false
+      end
+
+      it 'should store escrow routes' do
+        presenter.env[REQUEST_METHOD] = POST
+
+        app.routes.should_receive(:recognize_path).
+          once.with(env[REQUEST_PATH], { method: POST }).
+          and_return(controller: 'session', action: 'create', escrow: true)
+
+        presenter.store_response_in_escrow?.should be_true
+      end
+    end
+
+    describe 'serve_response_from_escrow!' do
+      it 'should return 403 - Forbidden when nonce does not match' do
+        store_in_escrow store, 'id', 'good-nonce', []
+
+        set_escrow_cookie presenter, 'id', 'bad-nonce'
+        presenter.serve_response_from_escrow![0].should eq 403
+      end
+
+      it 'should delete the key from the backing store' do
+        store_in_escrow store, 'id'
+        set_escrow_cookie presenter, 'id'
+
+        store.should_receive(:del).
+          once.with(presenter.escrow_key('id'))
+
+        presenter.serve_response_from_escrow!
+      end
+
+      it 'should return the escrowed response' do
+        response = [ 200, {}, [ 'text' ] ]
+        store_in_escrow store, 'id', 'nonce', response
+        set_escrow_cookie presenter, 'id', 'nonce'
+
+        presenter.serve_response_from_escrow!.should eq response
+      end
+    end
+
+    describe 'redirect_to_response!' do
+      it 'should use status code from application' do
+        response = [ 315, {}, [ '' ] ]
+        app.should_receive(:call).
+          once.with(env).and_return(response)
+
+        presenter.redirect_to_response!.should eq response
+      end
+
+      it 'should rewrite location' do
+        original_location = "%s://%s:%s/path/" % [
+          app.config.secure_domain_protocol,
+          app.config.secure_domain_name,
+          app.config.secure_domain_port
+        ]
+        expected_location = "%s://%s:%s/path/" % [
+          app.config.insecure_domain_protocol,
+          app.config.insecure_domain_name,
+          app.config.insecure_domain_port
+        ]
+
+        original_response = [ 315, { LOCATION => original_location }, [ '' ] ]
+        app.should_receive(:call).
+          once.with(env).and_return(original_response)
+
+        app.routes.should_receive(:recognize_path).
+          once.with(original_location).
+          and_return(controller: 'sessions', action: 'create')
+        app.routes.should_receive(:url_for).
+          once.with(
+            controller: 'sessions',
+            action:     'create',
+            host:       app.config.insecure_domain_name,
+            protocol:   app.config.insecure_domain_protocol,
+            port:       app.config.insecure_domain_port
+          ).and_return(expected_location)
+
+        presenter.redirect_to_response![1][LOCATION].should eq expected_location
+      end
+    end
+
+    describe 'store_response_in_escrow_and_redirect!' do
+      it 'should return 303 - See Other' do
+        presenter.stub!(:store_in_escrow).and_return([ 'id', 'nonce' ])
+        presenter.stub!(:redirect_to_location).and_return('/')
+
+        presenter.store_response_in_escrow_and_redirect![0].should eq 303
+      end
+
+      context 'when insecure_domain_name is different from secure_domain_name' do
+        let(:app) {
+          MockEngine.new(
+            secure_domain_name:   'www.ssl-example.com',
+            insecure_domain_name: 'www.example.com'
+          )
+        }
+      end
+      context 'when insecure_domain_name is the same as secure_domain_name' do
+        it 'should set cookie header with escrow token' do
+          presenter.stub!(:store_in_escrow).and_return([ 'id', 'nonce' ])
+          presenter.stub!(:redirect_to_location).and_return('/')
+
+          set_cookie_header = presenter.
+            store_response_in_escrow_and_redirect![1]['Set-Cookie']
+
+          cookies = Rack::Utils.parse_query(set_cookie_header)
+          cookies[SecureEscrow::MiddlewareConstants::DATA_KEY].should eq 'id.nonce'
+        end
+      end
+    end
+
+    describe 'serve_response_from_application!' do
+      it 'should serve response from application' do
+        response = [ 200, {}, [ '' ] ]
+        app.should_receive(:call).
+          once.with(env).and_return(response)
+        presenter.serve_response_from_application!.should eq response
+      end
+    end
+
+    describe 'generate_id_and_nonce' do
+      it 'should generate id with UUID and nonce with SecureRandom' do
+        UUID.should_receive(:generate).and_return('id')
+        SecureRandom.should_receive(:hex).once.with(4).and_return('nonce')
+        presenter.generate_id_and_nonce
+      end
+    end
+
+    describe 'store_in_escrow' do
+      it 'should return generated id and nonce' do
+        presenter.should_receive(:generate_id_and_nonce).
+          once.with.and_return([ 'id', 'nonce' ])
+
+        presenter.stub! :rewrite_location_header!
+
+        id, nonce = presenter.store_in_escrow(200, {}, [])
+        id.should eq 'id'
+        nonce.should eq 'nonce'
+      end
+
+      it 'should store serialized response and set expiration' do
+        presenter.should_receive(:generate_id_and_nonce).
+          once.and_return([ 'id', 'nonce'])
+
+        key = presenter.escrow_key 'id'
+        response = [ 200, {}, [ '' ] ]
+        expected_stored_value = {
+          NONCE    => 'nonce',
+          RESPONSE => response
+        }.to_json
+
+        store.should_receive(:set).once.with(key, expected_stored_value)
+        store.should_receive(:expire).
+          once.with(key, SecureEscrow::MiddlewareConstants::TTL)
+
+        presenter.store_in_escrow(*response)
+      end
+
+      context 'when insecure_domain_name is different from secure_domain_name' do
+        it 'should not add Location header when none was present' do
+          presenter.should_receive(:generate_id_and_nonce).
+            once.with.and_return([ 'id', 'nonce' ])
+
+          presenter.store_in_escrow 200, {}, []
+        end
+
+        it 'should rewrite domain of redirect to secure domain' do
+          original_redirect_url = "%s://%s:%s" % [
+            app.config.secure_domain_protocol,
+            app.config.secure_domain_name,
+            app.config.secure_domain_port
+          ]
+          rewritten_redirect_url = 'boo'
+
+          # This is a fairly large area of interactivity
+          # with ActionDispatch::Routing::RouteSet
+          presenter.should_receive(:generate_id_and_nonce).
+            once.with.and_return([ 'id', 'nonce'])
+
+          app.routes.should_receive(:recognize_path).
+            once.with(original_redirect_url).
+            and_return(controller: 'sessions', action: 'create')
+
+          app.routes.should_receive(:url_for).
+            once.with(
+              controller: 'sessions', action: 'create',
+              host:     app.config.insecure_domain_name,
+              protocol: app.config.insecure_domain_protocol,
+              port:     app.config.insecure_domain_port
+            ).and_return(rewritten_redirect_url)
+
+          expected_stored_value = {
+            NONCE    => 'nonce',
+            RESPONSE => [ 303, { LOCATION => rewritten_redirect_url }, [ '' ] ]
+          }.to_json
+
+          key = presenter.escrow_key 'id'
+          store.should_receive(:set).
+            once.with(key, expected_stored_value)
+
+          presenter.store_in_escrow(
+            303,
+            { LOCATION => original_redirect_url },
+            [ '' ]
+          )
+        end
+      end
+    end
+
+    describe 'escrow_id and escrow_nonce' do
+      context 'when insecure_domain_name is different from secure_domain_name' do
+        let(:app) {
+          MockEngine.new(
+            secure_domain_name:   'www.ssl-example.com',
+            insecure_domain_name: 'www.example.com'
+          )
+        }
+
+        it 'should recognize escrow id and nonce from query string' do
+          set_escrow_query_string presenter, 'id', 'nonce'
+
+          presenter.escrow_id.should    eq 'id'
+          presenter.escrow_nonce.should eq 'nonce'
+        end
+      end
+
+      context 'when insecure_domain_name is the same as secure_domain_name' do
+        let(:app) {
+          MockEngine.new(
+            secure_domain_name:   'www.example.com',
+            insecure_domain_name: 'www.example.com'
+          )
+        }
+
+        it 'should recognize escrow id and nonce from cookie' do
+          set_escrow_cookie presenter, 'id', 'nonce'
+
+          presenter.escrow_id.should    eq 'id'
+          presenter.escrow_nonce.should eq 'nonce'
+        end
+      end
+
+    end
+  end
+
+end
+
+def set_escrow_query_string presenter, id = 'id', nonce = 'nonce'
+  set_escrow_env QUERY_STRING, presenter, id, nonce
+end
+
+def set_escrow_cookie presenter, id = 'id', nonce = 'nonce'
+  set_escrow_env HTTP_COOKIE, presenter, id, nonce
+end
+
+def set_escrow_env key, presenter, id, nonce
+  presenter.env[key] = "%s=%s.%s" % [
+    SecureEscrow::MiddlewareConstants::DATA_KEY,
+    id, nonce
+  ]
+end
+
+def store_in_escrow store, id = 'id', nonce = 'nonce', response = []
+  store.set(
+    presenter.escrow_key(id),
+    ActiveSupport::JSON.encode(
+      NONCE    => nonce,
+      RESPONSE => response
+    )
+  )
+end
+

data/spec/mock_engine.rb

@@ -0,0 +1,37 @@
+require 'ostruct'
+
+class MockEngine
+  SUCCESS = 200
+
+  def initialize extra_config = {}
+    config extra_config
+  end
+
+  def call env
+    [ SUCCESS, {}, [ 'nada' ] ]
+  end
+
+  def config extra_config = {}
+    @config ||= Config.new(
+      {
+        secure_domain_name:       'www.example.com',
+        secure_domain_protocol:   'https',
+        secure_domain_port:       443,
+        insecure_domain_name:     'www.example.com',
+        insecure_domain_protocol: 'http',
+        insecure_domain_port:     80
+      }.merge extra_config
+    )
+  end
+
+  def routes
+    @routes ||= Routes.new
+  end
+
+  class Config < OpenStruct
+  end
+
+  class Routes
+  end
+end
+

data/spec/mock_redis.rb

@@ -0,0 +1,31 @@
+class MockRedis
+  def setex key, value, ttl
+    set key, value
+    expire key, ttl
+  end
+
+  def set key, value
+    values[key] = value
+  end
+
+  def get key
+    values[key]
+  end
+
+  def exists key
+    values.has_key? key
+  end
+
+  def del key
+    values.delete key
+  end
+
+  def expire key, ttl
+  end
+
+  private
+  def values
+    @values ||= {}
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,20 @@
+require 'spork'
+
+Spork.prefork do
+  require 'rspec'
+  require 'pry-remote'
+  require 'active_support/json'
+  require 'action_controller'
+
+  RSpec.configure do |config|
+  end
+end
+
+Spork.each_run do
+  require 'secure_escrow'
+
+  # Load mocks
+  require 'mock_engine'
+  require 'mock_redis'
+end
+

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: secure_escrow
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Duncan Beevers
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-11-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70248523590320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70248523590320
+description: SecureEscrow provides a content proxy for Rails applications allowing
+  POSTing to secure actions from insecure domains without full-page refreshes
+email:
+- duncan@dweebd.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- License
+- Procfile
+- Rakefile
+- Readme.md
+- lib/assets/javascripts/secure_escrow.js
+- lib/secure_escrow.rb
+- lib/secure_escrow/engine.rb
+- lib/secure_escrow/middleware.rb
+- lib/secure_escrow/railtie.rb
+- lib/secure_escrow/version.rb
+- secure_escrow.gemspec
+- spec/middleware_spec.rb
+- spec/mock_engine.rb
+- spec/mock_redis.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: secure_escrow
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Secure AJAX-style actions for Rails applications
+test_files:
+- spec/middleware_spec.rb
+- spec/mock_engine.rb
+- spec/mock_redis.rb
+- spec/spec_helper.rb