signed_form 0.0.1.pre1 → 0.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a3cc9c5608222124cd6ed26784e343bec0c7d8c0
-  data.tar.gz: bed58f01bae751fefee75375fc9584a0fec4ea44
+  metadata.gz: ddf93bef4e43341d61d7f414960eec2b5823eca9
+  data.tar.gz: a6e68f939dc46cb096fd6db9425ceca4559b682c
 SHA512:
-  metadata.gz: c2a685ab4786e2b6615f32d8431108fd1d4601cb180caeddb09c05de8b774e8f4f6a5066017fb59406b6687ac95baa5837350efa1560936ecb0986c512fa6eb3
-  data.tar.gz: fa2731445d7c927966bfb1177a11a120282a907e77c9e493527ec9ce75a9405183d0f6aa6084602ab27265c79d961dd89562a09006f2e85b8d68964f4e59a348
+  metadata.gz: 5665ef2bc0cf38caa6b908f3424c0b4f0a9fe5db124900556e457a7ca9891abec70be1fe75ed74311159ed3b89c85756fd45d0b9f639f16a913a54b815833a49
+  data.tar.gz: ecafd68f4aa85fbc3edb3321e4306c8603677ed30b6862c9b46e7dd4a72a5a193888e444d02dd4de2f10c8b27a303f199f550ba8c9ddf333c54685be163dc513

data/.travis.yml

@@ -1,3 +1,4 @@
+script: bundle exec rspec
 language: ruby
 before_install: gem install bundler
 
@@ -5,3 +6,9 @@ rvm:
   - 1.9.3
   - 2.0.0
 
+env:
+  - RAILS_VERSION=3-0-stable
+  - RAILS_VERSION=3-1-stable
+  - RAILS_VERSION=3-2-stable
+  - RAILS_VERSION=master
+

data/Gemfile

@@ -2,3 +2,19 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in signed_form.gemspec
 gemspec
+
+rails_version = ENV['RAILS_VERSION'] || 'master'
+
+case rails_version
+when /master/
+  gem "rails", github: "rails/rails"
+when /3-2-stable/
+  gem "rails", github: "rails/rails", branch: "3-2-stable"
+when /3-1-stable/
+  gem "rails", github: "rails/rails", branch: "3-1-stable"
+when /3-0-stable/
+  gem "rails", github: "rails/rails", branch: "3-0-stable"
+else
+  gem "rails", ENV['RAILS_VERSION']
+end
+

data/README.md

@@ -1,13 +1,17 @@
 # SignedForm
 
+[![Gem Version](https://badge.fury.io/rb/signed_form.png)](http://badge.fury.io/rb/signed_form)
+[![Build Status](https://travis-ci.org/erichmenge/signed_form.png?branch=master)](https://travis-ci.org/erichmenge/signed_form)
+[![Code Climate](https://codeclimate.com/github/erichmenge/signed_form.png)](https://codeclimate.com/github/erichmenge/signed_form)
+
 SignedForm brings new convenience and security to your Rails 4 or Rails 3 application.
 
 ## How It Works
 
-Traditionally, when you create a form with Rails you enter your fields using something like `f.input :name` and etc.
-Once you're done making your form you need to make sure that you've either set those parameters as accessible in the
-model (Rails 3) or use `permit` (Rails 4). This is redundant. Why would you make a form for a user to fill out and
-then not accept their input? Thus you need to always maintain this synchronization.
+Traditionally, when you create a form with Rails you enter your fields using something like `f.text_field :name` and so
+on.  Once you're done making your form you need to make sure that you've either set those parameters as accessible in
+the model (Rails 3) or use `permit` (Rails 4). This is redundant. Why would you make a form for a user to fill out and
+then not accept their input? You need to always maintain this synchronization.
 
 SignedForm generates a list of attributes that you have in your form and attaches them to be submitted with the form
 along with a HMAC-SHA1 signature of those attributes to protect them from tampering. That means no more `permit` and
@@ -17,6 +21,8 @@ What this looks like:
 
 ``` erb
 <%= signed_form_for(@user) do |f| %>
+  <% f.add_signed_fields :zipcode, :state # Optionally add additional fields to sign %>
+
   <%= f.text_field :name %>
   <%= f.text_field :address %>
   <%= f.submit %>
@@ -40,9 +46,7 @@ way you use standard forms.
 
 ## Alpha Quality Software
 
-Because of the security sensitive nature of this gem I'm releasing this as 0.0.1.pre1 until I can get some more eyeballs
-on the code. This software should not be considered production ready. At this time it is only suitable for
-experimentation.
+This software should not be considered production ready. At this time it is only suitable for experimentation.
 
 Now that I've made that disclaimer, you should know that SignedForm is functional.
 
@@ -57,7 +61,7 @@ SignedForm requires:
 
 Add this line to your application's Gemfile:
 
-    gem 'signed_form', '0.0.1.pre1'
+    gem 'signed_form', '~> 0.0.1'
 
 And then execute:
 
@@ -68,12 +72,27 @@ gem. Please set it up as instructed on the linked GitHub repo.
 
 If you're using Rails 4, it works out of the box.
 
+You'll need to include `SignedForm::ActionController::PermitSignedParams` in the controller(s) you want to use SignedForm with. This can
+be done application wide by adding the `include` to your ApplicationController.
+
+``` ruby
+ApplicationController < ActionController::Base
+  include SignedForm::ActionController::PermitSignedParams
+
+  # ...
+end
+```
+
 You'll also need to create an initializer:
 
     $ echo 'SignedForm::HMAC.secret_key = SecureRandom.hex(64)' > config/initializers/signed_form.rb
 
 **IMPORTANT** Please read below for information regarding this secret key.
 
+## Support for other Builders
+
+* [SimpleForm](https://github.com/erichmenge/signed_form-simple_form)
+
 ## Special Considerations
 
 If you're running only a single application server the above initializer should work great for you, with a couple of
@@ -83,12 +102,18 @@ remove a field someone could still access it using the old signature if some mal
 
 If you're running multiple application servers, the above initializer will not work. You'll need to keep the key in sync
 between all the servers. The security caveat with that is that if you ever remove a field from a form without updating
-that secret key, a malicious user could still access the field with the old signature. So you'll probably want to
-choose a new secret in the event you remove access to an attribute in a form.
+that secret key, a malicious user could still access the field with the old signature. So you'll probably want to choose
+a new secret in the event you remove access to an attribute in a form.
 
 My above initializer example errs on the side of caution, generating a new secret key every time the app starts up. Only
 you can decide what is right for you with respect to the secret key.
 
+### Caching
+
+Another consideration to be aware of is caching. If you cache a form, and then change the secret key that form will
+perpetually submit parameters that fail verification. So if you want to cache the form you should tie the cache key to
+something that will be changed whenever the secret key changes.
+
 ## Contributing
 
 1. Fork it

data/Rakefile

@@ -1 +1,13 @@
 require "bundler/gem_tasks"
+require "rdoc/task"
+
+desc 'Generate documentation.'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'SignedForm'
+
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+

data/lib/signed_form/action_controller/permit_signed_params.rb

@@ -1,23 +1,25 @@
 module SignedForm
-  module PermitSignedParams
-    def permit_signed_form_data
-      return if request.method == 'GET' || params['form_signature'].blank?
+  module ActionController
+    module PermitSignedParams
+      def self.included(base)
+        base.prepend_before_filter :permit_signed_form_data
+      end
+
+      def permit_signed_form_data
+        return if request.method == 'GET' || params['form_signature'].blank?
 
-      data, signature = params['form_signature'].split('--', 2)
+        data, signature = params['form_signature'].split('--', 2)
 
-      data      ||= ''
-      signature ||= ''
+        signature ||= ''
 
-      raise Errors::InvalidSignature, "Form signature is not valid" unless SignedForm::HMAC.verify_hmac signature, data
-      allowed_attributes = Marshal.load Base64.strict_decode64(data)
+        raise Errors::InvalidSignature, "Form signature is not valid" unless SignedForm::HMAC.verify_hmac signature, data
+        allowed_attributes = Marshal.load Base64.strict_decode64(data)
 
-      allowed_attributes.each do |k, v|
-        params[k] = params.require(k).permit(*v)
+        allowed_attributes.each do |k, v|
+          params[k] = params.require(k).permit(*v)
+        end
       end
     end
   end
 end
 
-ActionController::Base.send :include, SignedForm::PermitSignedParams
-ActionController::Base.prepend_before_filter :permit_signed_form_data
-

data/lib/signed_form/action_view/form_helper.rb

@@ -2,7 +2,7 @@ module SignedForm
   module ActionView
     module FormHelper
       def signed_form_for(record, options = {}, &block)
-        options[:builder] = SignedForm::FormBuilder
+        options[:builder] ||= SignedForm::FormBuilder
 
         form_for(record, options) do |f|
           output = capture(f, &block)

data/lib/signed_form/form_builder.rb

@@ -1,43 +1,61 @@
 module SignedForm
   class FormBuilder < ::ActionView::Helpers::FormBuilder
-    attr_accessor :signed_attributes, :signed_attributes_object
 
-    # Rails 3 uses strings, Rails 4 uses symbols
-    (field_helpers.map(&:to_s) - %w(label fields_for)).each do |h|
-      define_method(h) do |field, *args|
-        signed_attributes_object << field
-        super(field, *args)
+    # Base methods for form signing. Include this module in your own builders to get signatures for the base input
+    # helpers. Add fields to sign with #add_signed_fields
+    module Methods
+      (::ActionView::Helpers::FormBuilder.field_helpers.map(&:to_s) - %w(label fields_for button apply_form_for_options!)).each do |h|
+        define_method(h) do |field, *args|
+          add_signed_fields field
+          super(field, *args)
+        end
       end
-    end
 
-    def initialize(*)
-      super
-      if options[:signed_attributes_object]
-        self.signed_attributes_object = options[:signed_attributes_object]
-      else
-        self.signed_attributes = HashWithIndifferentAccess.new(object_name => [])
-        self.signed_attributes_object = signed_attributes[object_name]
+      def initialize(*) #:nodoc:#
+        super
+        if options[:signed_attributes_object]
+          self.signed_attributes_object = options[:signed_attributes_object]
+        else
+          self.signed_attributes = { object_name => [] }
+          self.signed_attributes_object = signed_attributes[object_name]
+        end
       end
-    end
 
-    def form_signature_tag
-      encoded_data = Base64.strict_encode64 Marshal.dump(signed_attributes)
-      signature = SignedForm::HMAC::create_hmac(encoded_data)
-      token = "#{encoded_data}--#{signature}"
-      %(<input type="hidden" name="form_signature" value="#{token}" />\n).html_safe
-    end
+      def form_signature_tag
+        signed_attributes.each { |k,v| v.uniq! if v.is_a?(Array) }
+        encoded_data = Base64.strict_encode64 Marshal.dump(signed_attributes)
+        signature = SignedForm::HMAC::create_hmac(encoded_data)
+        token = "#{encoded_data}--#{signature}"
+        %(<input type="hidden" name="form_signature" value="#{token}" />\n).html_safe
+      end
+
+      def fields_for(record_name, record_object = nil, fields_options = {}, &block)
+        hash  = {}
+        array = []
+
+        if nested_attributes_association?(record_name)
+          hash["#{record_name}_attributes"] = fields_options[:signed_attributes_object] = array
+        else
+          hash[record_name] = fields_options[:signed_attributes_object] = array
+        end
 
-    def fields_for(record_name, record_object = nil, fields_options = {}, &block)
-      hash = HashWithIndifferentAccess.new
-      if nested_attributes_association?(record_name)
-        hash["#{record_name}_attributes"] = fields_options[:signed_attributes_object] = []
-      else
-        hash[record_name] = fields_options[:signed_attributes_object] = []
+        add_signed_fields hash
+
+        content = super
+        array.uniq!
+        content
+      end
+
+      def add_signed_fields(*fields)
+        signed_attributes_object.push(*fields)
       end
 
-      signed_attributes_object << hash
-      super
+      private
+
+      attr_accessor :signed_attributes, :signed_attributes_object
     end
+
+    include Methods
   end
 end
 

data/lib/signed_form/hmac.rb

@@ -2,35 +2,35 @@ require 'openssl'
 
 module SignedForm
   module HMAC
-    class << self
-      attr_accessor :secret_key
+    extend self
 
-      def create_hmac(data)
-        if secret_key.nil? || secret_key.empty?
-          raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
-        end
+    attr_accessor :secret_key
 
-        OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA1.new, secret_key, data
+    def create_hmac(data)
+      if secret_key.nil? || secret_key.empty?
+        raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
       end
 
-      def verify_hmac(signature, data)
-        if secret_key.nil? || secret_key.empty?
-          raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
-        end
+      OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA1.new, secret_key, data
+    end
 
-        secure_compare OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret_key, data), signature
+    def verify_hmac(signature, data)
+      if secret_key.nil? || secret_key.empty?
+        raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
       end
 
-      # After the Rack implementation
-      def secure_compare(a, b)
-        return false unless a.bytesize == b.bytesize
+      secure_compare OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret_key, data), signature
+    end
+
+    # After the Rack implementation
+    def secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
 
-        l = a.unpack("C*")
+      l = a.unpack("C*")
 
-        r, i = 0, -1
-        b.each_byte { |v| r |= v ^ l[i+=1] }
-        r == 0
-      end
+      r, i = 0, -1
+      b.each_byte { |v| r |= v ^ l[i+=1] }
+      r == 0
     end
   end
 end

data/lib/signed_form/version.rb

@@ -2,7 +2,7 @@ module SignedForm
   MAJOR = 0
   MINOR = 0
   PATCH = 1
-  PRE   = 'pre1'
+  PRE   = nil
 
   VERSION = [MAJOR, MINOR, PATCH, PRE].compact.join '.'
 end

data/lib/signed_form.rb

@@ -1,3 +1,6 @@
+require "action_view"
+require "action_controller"
+
 require "signed_form/version"
 require "signed_form/errors"
 require "signed_form/form_builder"

data/signed_form.gemspec

@@ -21,6 +21,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec", "~> 2.13"
+  spec.add_development_dependency "activemodel", ">= 3.0"
 
   spec.add_dependency "actionpack", ">= 3.0"
 

data/spec/form_builder_spec.rb

@@ -0,0 +1,138 @@
+require 'spec_helper'
+
+class User
+  extend ActiveModel::Naming
+
+  attr_accessor :name, :widgets_attributes
+
+  def to_key
+    [1]
+  end
+end
+
+class Widget
+  extend ActiveModel::Naming
+
+  attr_accessor :name
+
+  def persisted?
+    false
+  end
+end
+
+describe SignedForm::FormBuilder do
+  include SignedFormViewHelper
+
+  before { SignedForm::HMAC.secret_key = "abc123" }
+  after  { SignedForm::HMAC.secret_key = nil }
+
+  let(:user) { User.new }
+  let(:widget) { Widget.new }
+
+  describe "signed_form_for" do
+    it "should build a form with signature" do
+      content = signed_form_for(User.new) do |f|
+        f.text_field :name
+      end
+
+      regex = '<form.*>.*<input type="hidden" name="form_signature" ' \
+              'value="BAh7BkkiCXVzZXIGOgZFRlsGOgluYW1l--e8f61481cb89382653c1f9de617e9a47e22c7da5".*/>.*' \
+              '<input.*name="user\[name\]".*/>.*' \
+              '</form>'
+
+      content.should =~ Regexp.new(regex, Regexp::MULTILINE)
+    end
+  end
+
+  describe "form inputs" do
+    (ActionView::Helpers::FormBuilder.field_helpers.map(&:to_s) - %w(label fields_for button radio_button apply_form_for_options!)).each do |field|
+      it "should add to the allowed attributes when #{field} is used" do
+        content = signed_form_for(User.new) do |f|
+          f.send field, :name
+        end
+
+        data = get_data_from_form(content)
+        data['user'].size.should == 1
+        data['user'].should include(:name)
+      end
+    end
+
+    it "should add to the allowed attributes when radio_button is used" do
+      content = signed_form_for(User.new) do |f|
+        f.radio_button :name, ['bar']
+      end
+
+      data = get_data_from_form(content)
+      data['user'].size.should == 1
+      data['user'].should include(:name)
+    end
+  end
+
+  describe "add_signed_fields" do
+    it "should add fields to the marshaled data" do
+      content = signed_form_for(User.new) do |f|
+        f.add_signed_fields :name, :address
+      end
+
+      data = get_data_from_form(content)
+      data['user'].should include(:name, :address)
+      data['user'].size.should == 2
+    end
+  end
+
+  describe "fields_for" do
+    it "should nest attributes" do
+      user.stub(widgets: [widget])
+
+      content = signed_form_for(user) do |f|
+        f.fields_for :widgets do |ff|
+          ff.text_field :name
+        end
+      end
+
+      data = get_data_from_form(content)
+      data['user'].should include("widgets_attributes" => [:name])
+    end
+
+    it "should deeply nest attributes" do
+      content = signed_form_for(:author, url: '/') do |f|
+        f.fields_for :books do |ff|
+          ff.text_field :name
+          ff.check_box :hardcover
+          ff.fields_for :pages do |fff|
+            fff.text_field :number
+          end
+        end
+      end
+
+      data = get_data_from_form(content)
+
+      data.should include(:author)
+      data[:author].first.should include(:books)
+      data[:author].first[:books].should include(:name, :hardcover, { pages: [:number] })
+    end
+
+    specify "nested arrays should not have duplicates" do
+      content = signed_form_for(:author, url: '/') do |f|
+        f.fields_for :books do |ff|
+          ff.text_field :name
+          ff.text_field :name
+        end
+      end
+
+      data = get_data_from_form(content)
+      data[:author].first[:books].size.should == 1
+    end
+
+    specify "attribute arrays should not have duplicates" do
+      content = signed_form_for(:author, url: '/') do |f|
+        f.text_field :name
+        f.text_field :name
+      end
+
+      data = get_data_from_form(content)
+      data[:author].size.should == 1
+    end
+  end
+end
+

data/spec/permit_signed_params_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+class Controller < ActionController::Base
+  include SignedForm::ActionController::PermitSignedParams
+end
+
+describe SignedForm::ActionController::PermitSignedParams do
+  let(:controller) { Controller.new }
+
+  before do
+    SignedForm::HMAC.secret_key = "abc123"
+
+    Controller.any_instance.stub(request: double('request', method: 'POST'))
+    Controller.any_instance.stub(params: { "user" => { name: "Erich Menge", occupation: 'developer' } })
+  end
+
+  after  { SignedForm::HMAC.secret_key = nil }
+
+  it "should raise if signature isn't valid" do
+    controller.params['form_signature'] = "bad signature"
+    expect { controller.permit_signed_form_data }.to raise_error(SignedForm::Errors::InvalidSignature)
+  end
+
+  it "should permit attributes that are allowed" do
+    params = controller.params
+
+    data      = Base64.strict_encode64(Marshal.dump("user" => [:name]))
+    signature = SignedForm::HMAC.create_hmac(data)
+
+    params['form_signature'] = "#{data}--#{signature}"
+
+    params.should_receive(:require).with('user').and_return(params)
+    params.should_receive(:permit).with(:name).and_return(params)
+    controller.permit_signed_form_data
+  end
+end

data/spec/spec_helper.rb

@@ -1,11 +1,62 @@
 require 'action_view'
+require 'action_view/template'
+require 'action_controller'
+require 'active_model'
 require 'action_controller'
 require 'signed_form'
 
+require 'active_support/core_ext'
+
+module SignedFormViewHelper
+  include ActionView::Helpers::FormHelper
+
+  if defined?(ActionView::RecordIdentifier)
+    include ActionView::RecordIdentifier
+  elsif defined?(ActionController::RecordIdentifier)
+    include ActionController::RecordIdentifier
+  end
+
+  include ActionView::Context if defined?(ActionView::Context)
+  include SignedForm::ActionView::FormHelper
+
+  def self.included(base)
+    base.class_eval do
+      attr_accessor :output_buffer
+    end
+  end
+
+  def protect_against_forgery?
+    false
+  end
+
+  def user_path(*)
+    '/'
+  end
+
+  def polymorphic_path(*)
+    '/'
+  end
+
+  def _routes(*)
+    double('routes', url_for: '')
+  end
+
+  def controller(*)
+    double('controller')
+  end
+
+  def default_url_options
+    {}
+  end
+
+  def get_data_from_form(content)
+    Marshal.load Base64.strict_decode64(content.match(/name="form_signature" value="(.*)--/)[1])
+  end
+end
+
 RSpec.configure do |config|
   config.treat_symbols_as_metadata_keys_with_true_values = true
   config.run_all_when_everything_filtered = true
-  config.filter_run :focus
 
   config.order = 'random'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: signed_form
 version: !ruby/object:Gem::Version
-  version: 0.0.1.pre1
+  version: 0.0.1
 platform: ruby
 authors:
 - Erich Menge
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-21 00:00:00.000000000 Z
+date: 2013-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,6 +52,20 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.13'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -88,7 +102,9 @@ files:
 - lib/signed_form/hmac.rb
 - lib/signed_form/version.rb
 - signed_form.gemspec
-- spec/signed_form/hmac_spec.rb
+- spec/form_builder_spec.rb
+- spec/hmac_spec.rb
+- spec/permit_signed_params_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/erichmenge/signed_form
 licenses:
@@ -105,9 +121,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.0.0
@@ -115,5 +131,7 @@ signing_key:
 specification_version: 4
 summary: Rails signed form security
 test_files:
-- spec/signed_form/hmac_spec.rb
+- spec/form_builder_spec.rb
+- spec/hmac_spec.rb
+- spec/permit_signed_params_spec.rb
 - spec/spec_helper.rb