shamu 0.0.1 → 0.0.2

data/spec/lib/shamu/rack/cookies_spec.rb

@@ -0,0 +1,43 @@
+require "spec_helper"
+require "shamu/rack"
+
+describe Shamu::Rack::Cookies do
+  let( :headers ) { {} }
+  let( :env )     { {} }
+  let( :cookies ) { Shamu::Rack::Cookies.new( env ) }
+
+  it "sets a cookie" do
+    cookies.set( :id, "123" )
+    expect( cookies.get( "id" ) ).to eq "123"
+  end
+
+  it "gets a cookie" do
+    env[ "HTTP_COOKIE" ] = "remember_me=true; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
+    expect( cookies.get( "remember_me" ) ).to eq "true"
+  end
+
+  it "overwrites existing cookie" do
+    env[ "HTTP_COOKIE" ] = "favorite=batman"
+    cookies.set( "favorite", "superman" )
+
+    expect( cookies.get( "favorite" ) ).to eq "superman"
+  end
+
+  describe "#apply" do
+    it "adds new cookies" do
+      cookies.set( "name", "phallguy" )
+      cookies.apply!( headers )
+
+      expect( headers[ "Set-Cookie" ] ).to match /phallguy/
+    end
+
+    it "removes old cookies" do
+      env[ "HTTP_COOKIE" ] = "remember_me=true"
+
+      cookies.delete( "remember_me" )
+      cookies.apply!( headers )
+
+      expect( headers[ "Set-Cookie" ] ).to match /remember_me=;/
+    end
+  end
+end

data/spec/lib/shamu/rack/query_params_middleware_spec.rb

@@ -0,0 +1,33 @@
+require "spec_helper"
+require "shamu/rack"
+
+module QueryParamsMiddlewareSpec
+  class App
+    include Scorpion::Rack
+    attr_accessor :next
+
+    def call( env )
+      @next ||= proc { [ 200, {}, [ "Sting!" ] ] }
+      @next.call( env, self )
+    end
+  end
+end
+
+describe Shamu::Rack::QueryParamsMiddleware do
+  let(:app)                     { QueryParamsMiddlewareSpec::App.new }
+  let(:scorpion_middleware)     { Scorpion::Rack::Middleware.new( query_parmas_middleware ) }
+  let(:query_parmas_middleware) { Shamu::Rack::QueryParamsMiddleware.new( app ) }
+  let(:request)                 { Rack::MockRequest.new( scorpion_middleware ) }
+  let(:response)                { request.get( "/" ) }
+
+  it "prepares it with the environment" do
+
+    app.next = proc do |env, app|
+      query_parmas = app.send( :scorpion, env ).fetch Shamu::Rack::QueryParams
+      expect( query_parmas ).to be_a Shamu::Rack::QueryParams
+      [ 200, {}, [ "Yum!" ] ]
+    end
+
+    request.get "/"
+  end
+end

data/spec/lib/shamu/rack/query_params_spec.rb

@@ -0,0 +1,23 @@
+require "spec_helper"
+require "shamu/rack"
+
+describe Shamu::Rack::QueryParams do
+  let( :headers )      { {} }
+  let( :env )          { { "rack.input" => StringIO.new } }
+  let( :query_params ) { Shamu::Rack::QueryParams.new( env ) }
+
+  it "gets a cookie" do
+    env[ "QUERY_STRING" ] = "toggles=yep"
+    expect( query_params.get( "toggles" ) ).to eq "yep"
+  end
+
+  it "handles array parameters" do
+    env[ "QUERY_STRING" ] = "level[]=one&level[]=two"
+    expect( query_params.get( "level" ) ).to eq [ "one", "two" ]
+  end
+
+  it "handles hash parameters" do
+    env[ "QUERY_STRING" ] = "option[save]=yes&option[method]=tail"
+    expect( query_params.get( "option" ) ).to eq "save" => "yes", "method" => "tail"
+  end
+end

data/spec/lib/shamu/rails/controller_spec.rb

@@ -0,0 +1,74 @@
+require "rails_helper"
+
+module ControllerSpec
+
+  class Service < Shamu::Services::Service
+  end
+
+  class SecureService < Shamu::Services::Service
+    include Shamu::Security::Support
+  end
+end
+
+describe Shamu::Rails::Controller, type: :controller do
+  controller ActionController::Base do
+    service :example_service, ControllerSpec::Service
+    service :secure_service, ControllerSpec::SecureService
+
+    public :services, :secure_services, :permit?
+
+    def show
+      render text: ""
+    end
+  end
+
+  describe ".service" do
+    it "makes the service available" do
+      expect( controller.respond_to?( :example_service, true ) ).to be_truthy
+      expect( controller.send( :example_service ) ).to be_a ControllerSpec::Service
+    end
+  end
+
+  describe "#services" do
+    it "includes all the services" do
+      expect( controller.services ).to include kind_of( ControllerSpec::Service )
+      expect( controller.services ).to include kind_of( ControllerSpec::SecureService )
+    end
+  end
+
+  describe "#secure_services" do
+    it "includes only the secure services" do
+      expect( controller.secure_services ).not_to include kind_of( ControllerSpec::Service )
+      expect( controller.secure_services ).to include kind_of( ControllerSpec::SecureService )
+    end
+
+    it "gets security context from current_user" do
+      expect( controller ).to receive( :current_user ).at_least( :once ).and_return( OpenStruct.new( id: 945 ) )
+
+      expect( controller ).to receive( :show ) do
+        expect( scorpion.fetch( Shamu::Security::Principal ).user_id ).to eq 945
+        controller.render( text: "" )
+      end
+
+      get :show, id: 5
+    end
+  end
+
+  describe ".services" do
+    it "includes all the service names" do
+      expect( controller.class.services ).to match [ :example_service, :secure_service ]
+    end
+  end
+
+  describe "#permit?" do
+    it "is true if any of the secure_services permit the requested behavior" do
+      expect( controller.send( :secure_service ) ).to receive( :permit? ).and_return :yes
+      expect( controller ).to be_permitted_to :read, :something
+    end
+
+    it "is false if none of the secure_services permit the requested behavior" do
+      expect( controller.send( :secure_service ) ).to receive( :permit? ).and_return false
+      expect( controller ).not_to be_permitted_to :read, :something
+    end
+  end
+end

data/spec/lib/shamu/rails/entity_spec.rb

@@ -0,0 +1,150 @@
+require "rails_helper"
+
+module LoadEntitySpec
+  class Service < Shamu::Services::Service
+    include Shamu::Security::Support
+    include Shamu::Services::RequestSupport
+
+    def find( id )
+      scorpion.fetch ExampleEntity, { id: id }, {}
+    end
+
+    def list( params = nil )
+      Shamu::Entities::List.new [ find( 1 ) ]
+    end
+
+    def authorize!( * )
+    end
+
+
+  end
+
+  class ExampleEntity < Shamu::Entities::Entity
+    attribute :id
+  end
+
+  module Request
+    class Change < Shamu::Services::Request
+      attribute :id
+    end
+  end
+end
+
+describe Shamu::Rails::Entity, type: :controller do
+  hunt( :example_service, LoadEntitySpec::Service ) { scorpion.new LoadEntitySpec::Service }
+
+  controller ActionController::Base do
+    service :example_service, LoadEntitySpec::Service
+    entity LoadEntitySpec::ExampleEntity
+
+    def show
+      render text: ""
+    end
+
+    def index
+      render text: ""
+    end
+
+    def new
+      example_request
+      render text: ""
+    end
+
+  end
+
+  before( :each ) do
+    controller.params[:action] = "show"
+  end
+
+  it "adds an #example method" do
+    expect( controller.respond_to?( :example, true ) ).to be_truthy
+  end
+
+  it "loads the entity from the service" do
+    expect( example_service ).to receive( :find )
+    controller.send :example
+  end
+
+  it "adds an #example_request method" do
+    expect( controller.respond_to?( :example_request, true ) ).to be_truthy
+  end
+
+  it "builds a request from the service" do
+    expect( example_service ).to receive( :request_for )
+    controller.send :example_request
+  end
+
+  it "gets params from example_params" do
+    expect( example_service ).to receive( :request_for ).and_return Shamu::Services::Request.new
+    expect( controller ).to receive( :example_params )
+
+    controller.send :example_request
+  end
+
+  it "loads the entity before the request" do
+    expect( controller ).to receive( :example ).and_call_original
+    get :show, id: 1
+  end
+
+  it "invokes list for index types" do
+    expect( controller ).to receive( :examples ).and_call_original
+    get :index
+  end
+
+  it "authorizes action for entity request" do
+    expect( example_service ).to receive( :authorize! )
+
+    get :new
+  end
+
+  context "only some actions" do
+    controller ActionController::Base do
+      service :example_service, LoadEntitySpec::Service
+      entity LoadEntitySpec::ExampleEntity, only: :show
+
+      def show
+        render text: ""
+      end
+
+      def new
+        render text: ""
+      end
+    end
+
+    it "loads on show" do
+      expect( controller ).to receive( :example )
+      get :show, id: 1
+    end
+
+    it "doesn't load on new" do
+      expect( controller ).not_to receive( :example )
+      get :new
+    end
+  end
+
+  context "except some actions" do
+    controller ActionController::Base do
+      service :example_service, LoadEntitySpec::Service
+      entity LoadEntitySpec::ExampleEntity, except: :show
+
+      def show
+        render text: ""
+      end
+
+      def new
+        render text: ""
+      end
+    end
+
+    it "loads on show" do
+      expect( controller ).not_to receive( :example )
+      get :show, id: 1
+    end
+
+    it "doesn't load on new" do
+      expect( controller ).to receive( :example )
+      get :new
+    end
+  end
+
+end

data/spec/lib/shamu/rails/features.yml

@@ -0,0 +1,13 @@
+---
+shopping:
+  nux:
+    retire_at: 2055-10-1
+    type: release
+    select:
+      - percentage: 100
+
+  discounts:
+    retire_at: 2055-10-1
+    type: release
+    select:
+      - percentage: 0

data/spec/lib/shamu/rails/features_spec.rb

@@ -0,0 +1,45 @@
+require "rails_helper"
+
+describe Shamu::Rails::Features, type: :controller do
+  controller ActionController::Base do
+
+    public :feature_enabled?
+
+    def show
+      render text: ""
+    end
+  end
+
+  hunt( :features_service, Shamu::Features::FeaturesService ) do
+    scorpion.new Shamu::Features::FeaturesService, File.expand_path( "../features.yml", __FILE__ ), {}
+  end
+
+  hunt( :session_store, Shamu::Sessions::CookieStore )
+
+  it "resolves toggles" do
+    expect( session_store ).to receive( :fetch ).and_return nil
+    allow( session_store ).to receive( :set )
+
+    expect( controller ).to receive( :show ) do
+      expect( controller.feature_enabled?( "shopping/nux" ) ).to be_truthy
+      controller.render text: ""
+    end
+
+    get :show, id: 1
+  end
+
+  it "allows toggles to be overridden by query param" do
+    expect( session_store ).to receive( :fetch ).and_return nil
+    allow( session_store ).to receive( :set )
+
+    override = features_service.toggle_codec.pack( "shopping/discounts" => true )
+
+    expect( controller ).to receive( :show ) do
+      expect( controller.feature_enabled?( "shopping/discounts" ) ).to be_truthy
+      controller.render text: ""
+    end
+
+    get :show, id: 1, Shamu::Features::EnvStore::RACK_PARAMS_KEY => override
+  end
+
+end

data/spec/lib/shamu/security/active_record_policy_spec.rb

@@ -0,0 +1,38 @@
+require "spec_helper"
+require "shamu/active_record"
+
+describe Shamu::Security::ActiveRecordPolicy do
+  use_active_record
+
+  let( :policy ) { Shamu::Security::ActiveRecordPolicy.new }
+
+  describe "#refine_relation" do
+    before( :each ) do
+      ActiveRecordSpec::Favorite.create! name: "Example"
+    end
+
+    it "returns empty relation if there are no refinements" do
+      relation = policy.refine_relation( :read, ActiveRecordSpec::Favorite.all )
+      expect( relation ).to be_empty
+    end
+
+    it "applies matching refinements" do
+      refinement = double( Shamu::Security::PolicyRefinement )
+      allow( policy ).to receive( :refinements ).and_return [ refinement ]
+
+      expect( refinement ).to receive( :match? ).and_return true
+      expect( refinement ).to receive( :apply ).and_return ActiveRecordSpec::Favorite.all
+
+      relation = policy.refine_relation( :read, ActiveRecordSpec::Favorite.all )
+      expect( relation ).not_to be_empty
+    end
+  end
+
+  describe "#refine" do
+    it "adds a new refinement" do
+      expect do
+        policy.send( :refine, :read, ActiveRecordSpec::Favorite )
+      end.to change { policy.send( :refinements ).length }
+    end
+  end
+end

data/spec/lib/shamu/security/hashed_value_spec.rb

@@ -0,0 +1,41 @@
+require "spec_helper"
+
+module HashedValueSpec
+  class Codec
+    include Shamu::Security::HashedValue
+
+    def initialize( private_key )
+      @private_key = private_key
+    end
+
+    public :hash_value, :verify_hash
+  end
+end
+
+describe Shamu::Security::HashedValue do
+  let( :codec ) { HashedValueSpec::Codec.new( SecureRandom.random_bytes( 64 ) ) }
+
+  describe "#pack" do
+    subject { codec.hash_value( "example" ) }
+
+    it { is_expected.to match /$/ }
+    it { is_expected.to match /example/ }
+  end
+
+  describe "#unpack" do
+    it "gets original value" do
+      hashed = codec.hash_value( "example" )
+      expect( codec.verify_hash( hashed ) ).to eq "example"
+    end
+
+    it "handles an empty feature value" do
+      hashed = codec.hash_value( "" )
+      expect( codec.verify_hash( hashed ) ).to eq ""
+    end
+
+    it "handles an nil feature hash" do
+      hashed = codec.hash_value( nil )
+      expect( codec.verify_hash( hashed ) ).to eq nil
+    end
+  end
+end

data/spec/lib/shamu/security/policy_refinement_spec.rb

@@ -0,0 +1,61 @@
+require "spec_helper"
+require "shamu/active_record"
+
+describe Shamu::Security::PolicyRefinement do
+  use_active_record
+
+  describe "#match?" do
+    let( :relation ) { ActiveRecordSpec::Favorite.all }
+    let( :refinement ) do
+      Shamu::Security::PolicyRefinement.new( [ :read ], ActiveRecordSpec::Favorite, nil )
+    end
+
+    it "is true for matching action" do
+      expect( refinement ).to be_match :read, relation, nil
+    end
+
+    it "is false for mismatched action" do
+      expect( refinement ).not_to be_match :update, relation, nil
+    end
+
+    it "is true for matching relation" do
+      expect( refinement ).to be_match :read, relation, nil
+    end
+
+    it "is false for mismatched relation" do
+      klass = Class.new( ActiveRecord::Base )
+      expect( refinement ).not_to be_match :read, klass.all, nil
+    end
+  end
+
+  describe "#apply" do
+    it "returns block result" do
+      refinement = Shamu::Security::PolicyRefinement.new(
+        [ :read ],
+        ActiveRecordSpec::Favorite,
+        ->( _, _ ) { :refined }
+      )
+      expect( refinement.apply( :read, ActiveRecordSpec::Favorite.all ) ).to eq :refined
+    end
+
+    it "returns original if no block" do
+      refinement = Shamu::Security::PolicyRefinement.new(
+        [ :read ],
+        ActiveRecordSpec::Favorite,
+        nil
+      )
+      relation = ActiveRecordSpec::Favorite.all
+      expect( refinement.apply( relation, nil ) ).to be relation
+    end
+
+    it "returns original if block returns falsy value" do
+      refinement = Shamu::Security::PolicyRefinement.new(
+        [ :read ],
+        ActiveRecordSpec::Favorite,
+        ->( _, _ ) {}
+      )
+      relation = ActiveRecordSpec::Favorite.all
+      expect( refinement.apply( relation, nil ) ).to be relation
+    end
+  end
+end

data/spec/lib/shamu/security/policy_rule_spec.rb

@@ -0,0 +1,60 @@
+require "spec_helper"
+
+describe Shamu::Security::PolicyRule do
+  describe "#match?" do
+    let( :klass )    { Class.new }
+    let( :instance ) { klass.new }
+
+    let( :rule ) do
+      Shamu::Security::PolicyRule.new( [ :read, :write ], klass, :yes, nil )
+    end
+
+    it "is true for matching action" do
+      expect( rule ).to be_match :read, instance, nil
+    end
+
+    it "is false for unmatched action" do
+      expect( rule ).not_to be_match :examine, instance, nil
+    end
+
+    it "is true for Class match" do
+      expect( rule ).to be_match :read, klass, nil
+    end
+
+    it "is true for instance of Class match" do
+      expect( rule ).to be_match :read, instance, nil
+    end
+
+    it "is true for instance match" do
+      rule = Shamu::Security::PolicyRule.new( [ :read, :write ], instance, :yes, nil )
+      expect( rule ).to be_match :read, instance, nil
+    end
+
+    it "is false for Class mismatch" do
+      expect( rule ).not_to be_match :read, Class.new, nil
+    end
+
+    it "is false for instance of Class mismatch" do
+      expect( rule ).not_to be_match :read, Class.new.new, nil
+    end
+
+    it "is false for instance mismatch" do
+      rule = Shamu::Security::PolicyRule.new( [ :read, :write ], instance, :yes, nil )
+      expect( rule ).not_to be_match :read, klass.new, nil
+    end
+
+    context "with block" do
+      it "invokes block if present" do
+        expect do |b|
+          Shamu::Security::PolicyRule.new( [ :read, :write ], klass, :yes, b.to_proc ).match?( :read, instance, nil )
+        end.to yield_control
+      end
+
+      it "does not invoke block if resource is a Module" do
+        expect do |b|
+          Shamu::Security::PolicyRule.new( [ :read, :write ], klass, :yes, b.to_proc ).match?( :read, klass, nil )
+        end.not_to yield_control
+      end
+    end
+  end
+end