signed_form 0.1.2 → 0.2.0

data/lib/signed_form/digest_stores.rb

@@ -0,0 +1,7 @@
+require 'signed_form/digest_stores/null_store'
+
+module SignedForm
+  module DigestStores
+    autoload :MemoryStore, 'signed_form/digest_stores/memory_store'
+  end
+end

data/lib/signed_form/digest_stores/memory_store.rb

@@ -0,0 +1,7 @@
+require 'active_support'
+
+module SignedForm
+  module DigestStores
+    class MemoryStore < ActiveSupport::Cache::MemoryStore; end
+  end
+end

data/lib/signed_form/digest_stores/null_store.rb

@@ -0,0 +1,9 @@
+module SignedForm
+  module DigestStores
+    class NullStore
+      def fetch(key)
+        yield
+      end
+    end
+  end
+end

data/lib/signed_form/digestor.rb

@@ -0,0 +1,67 @@
+require 'set'
+
+module SignedForm
+  class Digestor
+    attr_accessor :view_paths
+
+    def initialize(template)
+      @view_paths = Set.new
+      @views  = Set.new
+      self << template
+    end
+
+    def <<(template)
+      virtual_path = get_virtual_path(template)
+      raise Errors::UnableToDigest, "Unable to get virtual path from template" unless virtual_path
+
+      @views << virtual_path
+      @view_paths += template.view_paths.map(&:to_s)
+      @digest = nil
+    rescue NoMethodError
+      raise Errors::UnableToDigest, "Unable get view paths from template"
+    end
+
+    def marshal_dump
+      [@views.to_a, to_s]
+    end
+
+    def marshal_load(input)
+      @views, @digest = input
+      @view_paths = []
+      @digest.taint
+    end
+
+    def to_s
+      @digest ||= SignedForm.digest_store.fetch(@views.sort.join(':')) { hash_files(glob_files) }
+    end
+    alias_method :digest, :to_s
+
+    def refresh
+      @digest = nil
+    end
+
+    private
+
+    def glob_files
+      globbed_files = []
+      view_paths.each do |path|
+        @views.each { |view| globbed_files += Dir["#{path}/#{view}.*"] }
+      end
+      globbed_files
+    end
+
+    def hash_files(files)
+      raise Errors::UnableToDigest, "No files to digest" if files.empty?
+
+      md5 = Digest::MD5.new
+      files.sort.each do |entry|
+        File.open(entry) { |f| md5 << f.read }
+      end
+      md5.to_s
+    end
+
+    def get_virtual_path(template)
+      template.respond_to?(:virtual_path) ? template.virtual_path : template.instance_variable_get(:@virtual_path)
+    end
+  end
+end

data/lib/signed_form/engine.rb

@@ -0,0 +1,5 @@
+module SignedForm
+  module Rails
+    class Engine < ::Rails::Engine; end
+  end
+end

data/lib/signed_form/errors.rb

@@ -1,7 +1,9 @@
 module SignedForm
   module Errors
-    class NoSecretKey < StandardError; end
+    class NoSecretKey      < StandardError; end
     class InvalidSignature < StandardError; end
-    class InvalidURL < StandardError; end
+    class InvalidURL       < StandardError; end
+    class UnableToDigest   < StandardError; end
+    class ExpiredForm      < StandardError; end
   end
 end

data/lib/signed_form/form_builder.rb

@@ -1,85 +1,99 @@
 module SignedForm
-  class FormBuilder < ::ActionView::Helpers::FormBuilder
+  module FormBuilder
+    FIELDS_TO_SIGN = [:select, :collection_select, :grouped_collection_select,
+                      :time_zone_select, :collection_radio_buttons, :collection_check_boxes,
+                      :date_select, :datetime_select, :time_select,
+                      :text_field, :password_field, :hidden_field,
+                      :file_field, :text_area, :check_box,
+                      :radio_button, :color_field,
+                      :telephone_field, :phone_field, :date_field,
+                      :time_field, :datetime_field, :datetime_local_field,
+                      :month_field, :week_field, :url_field,
+                      :email_field, :number_field, :range_field]
 
-    # Base methods for form signing. Include this module in your own builders to get signatures for the base input
-    # helpers. Add fields to sign with #add_signed_fields
-    module Methods
-      FIELDS_TO_SIGN = [:select, :collection_select, :grouped_collection_select,
-                        :time_zone_select, :collection_radio_buttons, :collection_check_boxes,
-                        :date_select, :datetime_select, :time_select,
-                        :text_field, :password_field, :hidden_field,
-                        :file_field, :text_area, :check_box,
-                        :radio_button, :color_field, :search_field,
-                        :telephone_field, :phone_field, :date_field,
-                        :time_field, :datetime_field, :datetime_local_field,
-                        :month_field, :week_field, :url_field,
-                        :email_field, :number_field, :range_field]
+    FIELDS_TO_SIGN.delete_if { |e| !::ActionView::Helpers::FormBuilder.instance_methods.include?(e) }
+    FIELDS_TO_SIGN.freeze
 
-      FIELDS_TO_SIGN.delete_if { |e| !::ActionView::Helpers::FormBuilder.instance_methods.include?(e) }
-      FIELDS_TO_SIGN.freeze
-
-      FIELDS_TO_SIGN.each do |h|
-        define_method(h) do |field, *args|
-          add_signed_fields field
-          super(field, *args)
-        end
+    FIELDS_TO_SIGN.each do |h|
+      define_method(h) do |field, *args|
+        add_signed_fields field
+        super(field, *args)
       end
+    end
 
-      def initialize(*)
-        super
-        if options[:signed_attributes_object]
-          self.signed_attributes_object = options[:signed_attributes_object]
-        else
-          self.signed_attributes = { object_name => [] }
-          self.signed_attributes_object = signed_attributes[object_name]
-        end
+    BUILDERS = Hash.new do |h,k|
+      h[k] = Class.new(k) do
+        include FormBuilder
       end
+    end
 
-      def form_signature_tag
-        signed_attributes.each { |k,v| v.uniq! if v.is_a?(Array) }
-        signed_attributes[:__options__] = { method: options[:html][:method], url: options[:url] } if options[:sign_destination]
-        encoded_data = Base64.strict_encode64 Marshal.dump(signed_attributes)
-        signature = SignedForm::HMAC.create_hmac(encoded_data)
-        token = "#{encoded_data}--#{signature}"
-        %(<input type="hidden" name="form_signature" value="#{token}" />\n).html_safe
+    def initialize(*)
+      super
+      if options[:signed_attributes_context]
+        @signed_attributes_context = options[:signed_attributes_context]
+      else
+        @signed_attributes = { object_name => [] }
+        @signed_attributes_context = @signed_attributes[object_name]
+        prepare_signed_attributes_hash
       end
+    end
 
-      # Wrapper for Rails fields_for
-      #
-      # @see http://api.rubyonrails.org/classes/ActionView/Helpers/FormBuilder.html#method-i-fields_for
-      def fields_for(record_name, record_object = nil, fields_options = {}, &block)
-        hash  = {}
-        array = []
+    def form_signature_tag
+      @signed_attributes.each { |k,v| v.uniq! if v.is_a?(Array) }
+      encoded_data = Base64.strict_encode64 Marshal.dump(@signed_attributes)
 
-        if nested_attributes_association?(record_name)
-          hash["#{record_name}_attributes"] = fields_options[:signed_attributes_object] = array
-        else
-          hash[record_name] = fields_options[:signed_attributes_object] = array
-        end
+      hmac = SignedForm::HMAC.new(secret_key: SignedForm.secret_key)
+      signature = hmac.create(encoded_data)
+      token = "#{encoded_data}--#{signature}"
+      %(<input type="hidden" name="form_signature" value="#{token}" />\n).html_safe
+    end
 
-        add_signed_fields hash
+    # Wrapper for Rails fields_for
+    #
+    # @see http://api.rubyonrails.org/classes/ActionView/Helpers/FormBuilder.html#method-i-fields_for
+    def fields_for(record_name, record_object = nil, fields_options = {}, &block)
+      hash  = {}
+      array = []
 
-        content = super
-        array.uniq!
-        content
+      if nested_attributes_association?(record_name)
+        hash["#{record_name}_attributes"] = fields_options[:signed_attributes_context] = array
+      else
+        hash[record_name] = fields_options[:signed_attributes_context] = array
       end
 
-      # This method is used to add additional fields to sign. A usecase for this may be if you want to add fields later with javascript.
-      #
-      # @example
-      #   <%= signed_form_for(@user) do |f| %>
-      #     <% f.add_signed_fields :name, :address
-      #   <% end %>
-      #
-      def add_signed_fields(*fields)
-        signed_attributes_object.push(*fields)
-      end
+      add_signed_fields hash
 
-      private
+      content = super
+      array.uniq!
+      content
+    end
 
-      attr_accessor :signed_attributes, :signed_attributes_object
+    # This method is used to add additional fields to sign. A usecase for this may be if you want to add fields later with javascript.
+    #
+    # @example
+    #   <%= signed_form_for(@user) do |f| %>
+    #     <% f.add_signed_fields :name, :address
+    #   <% end %>
+    #
+    def add_signed_fields(*fields)
+      @signed_attributes_context.push(*fields)
+      options[:digest] << @template if options[:digest]
     end
 
-    include Methods
+    private
+
+    def prepare_signed_attributes_hash
+      @signed_attributes[:_options_] = {}
+
+      if options[:sign_destination]
+        @signed_attributes[:_options_][:method] = options[:html][:method]
+        @signed_attributes[:_options_][:url]    = options[:url]
+      end
+
+      if options[:digest]
+        @signed_attributes[:_options_][:digest] = options[:digest] = Digestor.new(@template)
+        @signed_attributes[:_options_][:digest_expiration] = Time.now + options[:digest_grace_period] if options[:digest_grace_period]
+      end
+    end
   end
 end

data/lib/signed_form/gate_keeper.rb

@@ -0,0 +1,50 @@
+module SignedForm
+  class GateKeeper
+    attr_reader :allowed_attributes
+
+    def initialize(controller)
+      @controller = controller
+      @params     = controller.params
+      @request    = controller.request
+
+      extract_and_verify_form_signature
+      verify_destination
+      verify_digest
+    end
+
+    def options
+      @options ||= {}
+    end
+
+    def extract_and_verify_form_signature
+      data, signature = @params['form_signature'].split('--', 2)
+      hmac = SignedForm::HMAC.new secret_key: SignedForm.secret_key
+
+      signature ||= ''
+
+      raise Errors::InvalidSignature, "Form signature is not valid" unless hmac.verify signature, data
+
+      @allowed_attributes = Marshal.load Base64.strict_decode64(data)
+      @options            = allowed_attributes.delete(:_options_)
+    end
+
+    def verify_destination
+      return unless options[:method] && options[:url]
+      raise Errors::InvalidURL if options[:method].to_s.casecmp(@request.request_method) != 0
+      url = @controller.url_for(options[:url])
+      raise Errors::InvalidURL if url != @request.fullpath && url != @request.url
+    end
+
+    def verify_digest
+      return unless options[:digest]
+
+      return if options[:digest_expiration] && Time.now < options[:digest_expiration]
+
+      digestor = options[:digest]
+      given_digest = digestor.to_s
+      digestor.view_paths = @controller.view_paths.map(&:to_s)
+      digestor.refresh
+      raise Errors::ExpiredForm unless given_digest == digestor.to_s
+    end
+  end
+end

data/lib/signed_form/hmac.rb

@@ -1,24 +1,22 @@
-require 'openssl'
+require "openssl"
 
 module SignedForm
-  module HMAC
-    extend self
-
+  class HMAC
     attr_accessor :secret_key
 
-    def create_hmac(data)
+    def initialize(options = {})
+      self.secret_key = options[:secret_key]
+
       if secret_key.nil? || secret_key.empty?
         raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
       end
+    end
 
+    def create(data)
       OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA1.new, secret_key, data
     end
 
-    def verify_hmac(signature, data)
-      if secret_key.nil? || secret_key.empty?
-        raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
-      end
-
+    def verify(signature, data)
       secure_compare OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret_key, data), signature
     end
 

data/lib/signed_form/test_helper.rb

@@ -0,0 +1,17 @@
+module SignedForm
+  module TestHelper
+    def permit_all_parameters
+      @controller.instance_eval do
+        def params
+          @permit_all_parameters ||= super.permit!
+        end
+      end
+
+      if block_given?
+        yield
+        @controller.remove_instance_variable :@permit_all_parameters
+        @controller.singleton_class.send :remove_method, :params
+      end
+    end
+  end
+end

data/lib/signed_form/version.rb

@@ -1,7 +1,7 @@
 module SignedForm
   MAJOR = 0
-  MINOR = 1
-  PATCH = 2
+  MINOR = 2
+  PATCH = 0
   PRE   = nil
 
   VERSION = [MAJOR, MINOR, PATCH, PRE].compact.join '.'

data/signed_form.gemspec

@@ -22,6 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec", "~> 2.13"
   spec.add_development_dependency "activemodel", ">= 3.1"
+  spec.add_development_dependency "coveralls"
 
   spec.add_dependency "actionpack", ">= 3.1"
 

data/spec/digestor_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+
+describe SignedForm::Digestor do
+  let(:view_paths) { [File.join(File.dirname(__FILE__), 'fixtures', 'views')] }
+  let(:template) { double(view_paths: view_paths) }
+
+  before do
+    def template.virtual_path=(path)
+      @virtual_path = path
+    end
+
+    template.virtual_path = 'form'
+  end
+
+  it "should raise if template doesn't have view_paths" do
+    template = double(view_paths: -> { raise NoMethodError })
+    expect { SignedForm::Digestor.new(template) }.to raise_error(SignedForm::Errors::UnableToDigest)
+  end
+
+  it "should raise if the template doesn't have a virtual path" do
+    template = double(view_paths: view_paths)
+    expect { SignedForm::Digestor.new(template) }.to raise_error(SignedForm::Errors::UnableToDigest)
+
+    template.instance_variable_set(:@virtual_path, 'form')
+    digestor = SignedForm::Digestor.new(template)
+    template.instance_variable_set(:@virtual_path, nil)
+    expect { digestor << template }.to raise_error(SignedForm::Errors::UnableToDigest)
+  end
+
+  it "should not marshal view paths" do
+    digestor = SignedForm::Digestor.new(template)
+
+    digestor.view_paths.should_not be_empty
+
+    data     = Marshal.dump digestor
+    digestor = Marshal.load data
+
+    digestor.view_paths.should be_empty
+  end
+
+  specify "#to_s should return the correct MD5 digest" do
+    digestor = SignedForm::Digestor.new(template)
+    digestor.to_s.should == "7a956713f33cabd57357c70025109e69"
+    template.virtual_path = "_fields"
+    digestor << template
+    digestor.to_s.should == "6a161ab9978322e8251d809b3558ab1a"
+  end
+
+  specify "The view order should not affect the digest" do
+    digestor = SignedForm::Digestor.new(template)
+    template.virtual_path = '_fields'
+    digestor << template
+
+    digestor2 = SignedForm::Digestor.new(template)
+    template.virtual_path = 'form'
+    digestor2 << template
+    digestor.to_s.should == digestor2.to_s
+  end
+
+  it "should marshal and taint the digest" do
+    digestor = SignedForm::Digestor.new(template)
+    data = Marshal.dump digestor
+    digestor = Marshal.load data
+    digestor.to_s.should be_tainted
+  end
+
+  it "should reset the digest if a template is added" do
+    digestor = SignedForm::Digestor.new(template)
+    first_digest = digestor.to_s
+    template.virtual_path = '_fields'
+    digestor << template
+    digestor.to_s.should_not == first_digest
+  end
+
+  it "should be idempotent" do
+    digestor = SignedForm::Digestor.new(template)
+    first_digest = digestor.to_s
+    digestor << template
+    digestor.to_s.should == first_digest
+  end
+end