strelka 0.0.1.pre148 → 0.0.1.pre177

data/lib/strelka/session/db.rb

@@ -0,0 +1,115 @@
+# -*- ruby -*-
+# vim: set nosta noet ts=4 sw=4:
+
+require 'securerandom'
+require 'forwardable'
+require 'sequel'
+require 'yaml'
+
+require 'strelka' unless defined?( Strelka )
+require 'strelka/app' unless defined?( Strelka::App )
+require 'strelka/session/default'
+
+# Database session class -- this class offers persistent session data using
+# any database that Sequel supports.  It defaults to non-persistent, in memory Sqlite.
+#
+class Strelka::Session::Db < Strelka::Session::Default
+	include Strelka::Loggable
+	extend Forwardable
+
+	# Class-instance variables
+	@table_name   = :sessions
+	@db           = nil
+	@dataset      = nil
+	@cookie_options = {
+		:name => 'strelka-session'
+	}
+
+	class << self
+		# The Sequel dataset connection
+		attr_reader :db
+
+		# The Sequel dataset for the sessions table
+		attr_reader :dataset
+
+		# The configured session cookie parameters
+		attr_accessor :cookie_options
+	end
+
+
+	########################################################################
+	### C L A S S   M E T H O D S
+	########################################################################
+
+	### Configure the session class with the given +options+, which should be a
+	### Hash or an object that has a Hash-like interface.
+	###
+	### Valid options:
+	###    cookie     -> A hash that contains valid Strelka::Cookie options
+	###    connect    -> The Sequel connection string
+	###    table_name -> The name of the sessions table
+	def self::configure( options={} )
+		options ||= {}
+
+		self.cookie_options.merge!( options[:cookie] ) if options[:cookie]
+		@table_name      = options[:table_name]  || :sessions
+
+		@db = options[ :connect ].nil? ?
+			 Mongrel2::Config.in_memory_db :
+			 Sequel.connect( options[:connect] )
+		@db.logger = Strelka.logger
+
+		self.initialize_sessions_table
+	end
+
+
+	### Create the initial DB sessions schema if needed, setting the +sessions+
+	### attribute to a Sequel dataset on the configured DB table.
+	###
+	def self::initialize_sessions_table
+		if self.db.table_exists?( @table_name )
+			Strelka.log.debug "Using existing sessions table for %p" % [ db ]
+
+		else
+			Strelka.log.debug "Creating new sessions table for %p" % [ db ]
+			self.db.create_table( @table_name ) do
+				text :session_id, :index => true
+				text :session
+				timestamp :created
+
+				primary_key :session_id
+			end
+		end
+
+		@dataset = self.db[ @table_name ]
+	end
+
+
+	### Load a session instance from storage using the given +session_id+.
+	def self::load( session_id )
+		session_row = self.dataset.filter( :session_id => session_id ).first
+		session = session_row.nil? ? {} : YAML.load( session_row[:session] )
+		return new( session_id, session )
+	end
+
+
+	### Save the given +data+ associated with the +session_id+ to the DB.
+	def self::save_session_data( session_id, data )
+		self.db.transaction do
+			self.delete_session_data( session_id.to_s )
+			self.dataset.insert(
+				:session_id => session_id,
+				:session    => data.to_yaml,
+				:created    => Time.now.utc.to_s
+			)
+		end
+	end
+
+
+	### Delete the data associated with the given +session_id+ from the DB.
+	def self::delete_session_data( session_id )
+		self.dataset.filter( :session_id => session_id ).delete
+	end
+
+end # class Strelka::Session::Db
+

data/lib/strelka/session/default.rb

@@ -6,6 +6,7 @@ require 'forwardable'
 
 require 'strelka' unless defined?( Strelka )
 require 'strelka/app' unless defined?( Strelka::App )
+require 'strelka/cookie'
 require 'strelka/session'
 require 'strelka/mixins'
 
@@ -14,53 +15,40 @@ require 'strelka/mixins'
 # == Hash Interface
 #
 # The following methods are delegated to the inner Hash via the #namespaced_hash method:
-# #&, #==, #[], #[]=, #assoc, #case, #clear, #compare_by_identity,
-# #compare_by_identity?, #default, # #default=, #default_proc, #default_proc=,
-# #delete, #delete_if, #each, #each_key, #each_pair, #each_value,
-# #empty?, #eql?, #fetch, #flatten, #has_key?, #has_value?, #hash, #include?,
-# #index, #inspect, #invert, #keep_if, #key, #key?, #keys, #length, #member?,
-# #merge, #merge!, #pretty_print, #pretty_print_cycle, #rassoc, #rehash, #reject,
-# #reject!, #replace, #select, #select!, #shift, #size, #sql_expr, #sql_negate,
-# #sql_or, #store, #to_a, #to_hash, #to_s, #update, #value?, #values, #values_at,
-# #|, #~
+# #[], #[]=, #delete, #key?
 class Strelka::Session::Default < Strelka::Session
 	extend Forwardable,
 	       Strelka::Delegation
-	include Enumerable,
-	        Strelka::Loggable,
+	include Strelka::Loggable,
 			Strelka::DataUtilities
 
-
-	# The default name of the cookie that stores the session ID
-	DEFAULT_COOKIE_NAME = 'strelka-sessionid'
-
 	# Class-instance variables
 	@sessions = {}
-	@cookie_name = DEFAULT_COOKIE_NAME
+	@cookie_options = {
+		:name => 'strelka-session'
+	}
 
 	class << self
 		# Persist sessions in memory
 		attr_reader :sessions
 
-		# The name of the cookie that stores the session ID
-		attr_accessor :cookie_name
+		# The configured session cookie parameters
+		attr_accessor :cookie_options
 	end
 
 
 	### Configure the session class with the given +options+, which should be a
-	### Hash or an object that has a Hash-like interface. Sets the cookie name
-	### the session ID is stored in in responses if the +:cookie_name+ key
-	### is set.
+	### Hash or an object that has a Hash-like interface. Sets cookie options
+	### for the session if the +:cookie+ key is set.
 	def self::configure( options )
 		if options
-			self.cookie_name = options[:cookie_name] if options[:cookie_name]
+			self.cookie_options.merge!( options[:cookie] ) if options[:cookie]
 		end
 	end
 
 
 	### Load a session instance from storage using the given +session_id+ and return
-	### it. Returns +nil+ if no session could be loaded. You should probably override
-	### this, as the default just returns +nil+.
+	### it. Returns +nil+ if no session could be loaded.
 	def self::load_session_data( session_id )
 		return Strelka::DataUtilities.deep_copy( self.sessions[session_id] )
 	end
@@ -79,16 +67,13 @@ class Strelka::Session::Default < Strelka::Session
 
 
 	### Fetch the session ID from the given +request+, or create a new one if the
-	### request doesn't have the necessary attributes. You should override this,
-	### as the default implementation just returns +nil+.
+	### request doesn't have the necessary attributes.
 	def self::get_session_id( request=nil )
 		id = nil
 
 		# Fetch and untaint the existing ID if it exists and looks valid
-		if request && (cookie = request.cookies[ self.cookie_name ])
-			Strelka.log.debug "Cookie value: %p" % [ cookie.value ]
+		if request && (cookie = request.cookies[ self.cookie_options[:name] ])
 			id = $1.untaint if cookie.value =~ /^([[:xdigit:]]+)$/i
-			Strelka.log.debug "Hmm?  %p" % [ $1 ]
 		end
 
 		return id || SecureRandom.random_bytes.unpack( 'H*' ).join
@@ -99,8 +84,7 @@ class Strelka::Session::Default < Strelka::Session
 	###	I N S T A N C E   M E T H O D S
 	#################################################################
 
-	### Create a new Mongrel2::Table using the given +hash+ for initial
-	### values.
+	### Create a new session store using the given +hash+ for initial values.
 	def initialize( session_id=nil, initial_values={} )
 		session_id ||= self.class.get_session_id
 
@@ -134,7 +118,7 @@ class Strelka::Session::Default < Strelka::Session
 	attr_reader :namespace
 
 	# Delegate Hash methods to whichever Hash is the current namespace
-	def_method_delegators :namespaced_hash, *Hash.instance_methods( false )
+	def_method_delegators :namespaced_hash, :[], :[]=, :delete, :key?
 
 
 	### Set the current namespace for session values to +namespace+. Setting
@@ -150,7 +134,28 @@ class Strelka::Session::Default < Strelka::Session
 		self.log.debug "Saving session %s" % [ self.session_id ]
 		self.class.save_session_data( self.session_id, @hash )
 		self.log.debug "Adding session cookie to the request."
-		response.cookies[ self.class.cookie_name ] = self.session_id
+
+		session_cookie = Strelka::Cookie.new(
+			self.class.cookie_options[ :name ],
+			self.session_id,
+			self.class.cookie_options
+		)
+
+		response.cookies << session_cookie
+	end
+
+
+	### Return the Hash that corresponds with the current namespace's storage. If no
+	### namespace is currently set, returns the entire session store as a Hash of Hashes
+	### keyed by namespaces as Symbols.
+	def namespaced_hash
+		if @namespace
+			self.log.debug "Returning namespaced hash: %p" % [ @namespace ]
+			return @hash[ @namespace ]
+		else
+			self.log.debug "Returning toplevel namespace"
+			return @hash
+		end
 	end
 
 
@@ -169,10 +174,8 @@ class Strelka::Session::Default < Strelka::Session
 
 		method_body = nil
 		if assignment
-			self.log.debug "Makin' a setter for %p" % [ key ]
 			method_body = self.make_setter( key )
 		else
-			self.log.debug "Makin' a getter for %p" % [ key ]
 			method_body = self.make_getter( key )
 		end
 
@@ -192,18 +195,4 @@ class Strelka::Session::Default < Strelka::Session
 		return Proc.new { self.namespaced_hash[key.to_sym] }
 	end
 
-
-	### Return the Hash that corresponds with the current namespace's storage. If no
-	### namespace is currently set, returns the entire session store as a Hash of Hashes
-	### keyed by namespaces as Symbols.
-	def namespaced_hash
-		if @namespace
-			self.log.debug "Returning namespaced hash: %p" % [ @namespace ]
-			return @hash[ @namespace ]
-		else
-			self.log.debug "Returning toplevel namespace"
-			return @hash
-		end
-	end
-
 end # class Strelka::Session::Default

data/lib/strelka/session.rb

@@ -1,4 +1,4 @@
-#! -*- ruby -*-
+# -*- ruby -*-
 # vim: set nosta noet ts=4 sw=4:
 
 require 'digest/sha1'

data/lib/strelka.rb

@@ -12,13 +12,16 @@ require 'configurability/config'
 #
 # * Michael Granger <ged@FaerieMUD.org>
 #
+# :title: Strelka Web Application Framework
+# :main: README.rdoc
+#
 module Strelka
 
 	# Library version constant
 	VERSION = '0.0.1'
 
 	# Version-control revision constant
-	REVISION = %q$Revision: fa6133ac407d $
+	REVISION = %q$Revision: 28465ed81190 $
 
 
 	require 'strelka/logging'

data/spec/lib/helpers.rb

@@ -113,9 +113,9 @@ module Strelka::SpecHelpers
 	end
 
 	### Set up a Mongrel2 configuration database according to the specified +dbspec+.
-	def setup_config_db( dbspec=':memory:' )
-		Mongrel2::Config.configure( :configdb => dbspec ) unless
-			Mongrel2::Config.db.uri[ %r{sqlite:/(.*)}, 1 ] == dbspec
+	### Set up a Mongrel2 configuration database in memory.
+	def setup_config_db
+		Mongrel2::Config.db ||= Mongrel2::Config.in_memory_db
 		Mongrel2::Config.init_database
 		Mongrel2::Config.db.tables.collect {|t| Mongrel2::Config.db[t] }.each( &:truncate )
 	end
@@ -126,6 +126,11 @@ module Strelka::SpecHelpers
 		return {:action => name.to_sym}
 	end
 
+
+	#
+	# Matchers
+	#
+
 	# Route matcher
 	RSpec::Matchers.define( :match_route ) do |routename|
 		match do |route|

data/spec/strelka/app/auth_spec.rb

@@ -0,0 +1,367 @@
+#!/usr/bin/env ruby
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent.parent.parent
+	$LOAD_PATH.unshift( basedir ) unless $LOAD_PATH.include?( basedir )
+}
+
+require 'rspec'
+require 'rspec/mocks'
+
+require 'spec/lib/helpers'
+
+require 'strelka'
+require 'strelka/app/plugins'
+require 'strelka/app/auth'
+require 'strelka/authprovider'
+
+require 'strelka/behavior/plugin'
+
+
+#####################################################################
+###	C O N T E X T S
+#####################################################################
+
+describe Strelka::App::Auth do
+
+	before( :all ) do
+		setup_logging( :fatal )
+		@request_factory = Mongrel2::RequestFactory.new( route: '/api/v1' )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	it_should_behave_like( "A Strelka::App Plugin" )
+
+
+	it "gives including apps a default authprovider" do
+		app = Class.new( Strelka::App ) do
+			plugins :auth
+		end
+
+		app.auth_provider.should be_a( Class )
+		app.auth_provider.should < Strelka::AuthProvider
+	end
+
+
+	it "adds the Auth mixin to the request class" do
+		app = Class.new( Strelka::App ) do
+			plugins :auth
+		end
+
+		@request_factory.get( '/api/v1/verify' ).should respond_to( :authenticated? )
+	end
+
+
+	describe "an including App" do
+
+		before( :each ) do
+			@app = Class.new( Strelka::App ) do
+				plugins :auth
+
+				# Stand in for a real AuthProvider
+				@auth_provider = RSpec::Mocks::Mock
+
+				def initialize( appid='auth-test', sspec=TEST_SEND_SPEC, rspec=TEST_RECV_SPEC )
+					super
+				end
+
+				def handle_request( req )
+					super do
+						res = req.response
+						res.status = HTTP::OK
+						res.content_type = 'text/plain'
+						res.puts "Ran successfully."
+
+						res
+					end
+				end
+			end
+		end
+
+
+		it "applies auth to every request by default" do
+			app = @app.new
+			req = @request_factory.get( '/api/v1' )
+
+			app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+			app.auth_provider.should_receive( :authorize ).and_return( true )
+
+			res = app.handle( req )
+
+			res.status.should == HTTP::OK
+		end
+
+		it "doesn't have any auth criteria by default" do
+			@app.should_not have_auth_criteria()
+		end
+
+		it "sets the authenticated_user attribute of the request to the credentials of the authenticating user" do
+			app = @app.new
+			req = @request_factory.get( '/api/v1' )
+
+			app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+			app.auth_provider.should_receive( :authorize ).and_return( true )
+
+			app.handle( req )
+			req.authenticated_user.should == 'anonymous'
+		end
+
+		context "that has negative auth criteria" do
+
+			before( :each ) do
+				@app.no_auth_for( '/login' )
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "doesn't pass a request that matches through auth" do
+				req = @request_factory.get( '/api/v1/login' )
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+
+			it "passes a request that doesn't match through auth" do
+				req = @request_factory.get( '/api/v1/console' )
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+		end
+
+		context "that has a negative auth criteria block" do
+
+			before( :each ) do
+				@app.no_auth_for do |req|
+					req.notes[:skip_auth]
+				end
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "doesn't pass a request for which the block returns true through auth" do
+				req = @request_factory.get( '/api/v1/login' )
+				req.notes[:skip_auth] = true
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+
+			it "passes a request for which the block returns false through auth" do
+				req = @request_factory.get( '/api/v1/login' )
+				req.notes[:skip_auth] = false
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+		end
+
+
+		context "that has a negative auth criteria with both a pattern and a block" do
+
+			before( :each ) do
+				@app.no_auth_for( %r{^/login/(?<username>\w+)} ) do |req, match|
+					match[:username] != 'validuser'
+				end
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "doesn't pass a request through auth if the path matches and the block returns true" do
+				req = @request_factory.get( '/api/v1/login/lyssa' )
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+
+			it "passes a request through auth if the path doesn't match" do
+				req = @request_factory.get( '/api/v1/console' )
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+			it "passes a request through auth if the path matches, but the the block returns false" do
+				req = @request_factory.get( '/api/v1/login/validuser' )
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+		end
+
+
+		context "that has positive auth criteria" do
+
+			before( :each ) do
+				@app.require_auth_for( '/login' )
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "passes requests that match through auth" do
+				req = @request_factory.get( '/api/v1/login' )
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+			it "doesn't pass requests that don't match through auth" do
+				req = @request_factory.get( '/api/v1/console' )
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+		end
+
+
+		context "that has a positive auth criteria block" do
+
+			before( :each ) do
+				@app.require_auth_for do |req|
+					req.notes[:require_auth]
+				end
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "passes requests for which the block returns true through auth" do
+				req = @request_factory.get( '/api/v1/login' )
+				req.notes[:require_auth] = true
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+			it "doesn't pass requests for which the block returns false through auth" do
+				req = @request_factory.get( '/api/v1/console' )
+				req.notes[:require_auth] = false
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+		end
+
+
+		context "that has a positive auth criteria with both a pattern and a block" do
+
+			before( :each ) do
+				@app.require_auth_for( %r{^/login/(?<username>\w+)} ) do |req, match|
+					match[:username] != 'guest'
+				end
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "passes a request through auth if the path matches and the block returns true" do
+				req = @request_factory.get( '/api/v1/login/lyssa' )
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'lyssa' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+			it "doesn't pass a request through auth if the path doesn't match" do
+				req = @request_factory.get( '/api/v1/console' )
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+
+			it "doesn't pass a request through auth if the path matches, but the the block returns false" do
+				req = @request_factory.get( '/api/v1/login/guest' )
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+
+		end
+
+
+		it "can register an authorization callback with a block" do
+			@app.authz_callback { :authz }
+			@app.authz_callback.should be_a( Proc )
+		end
+
+		it "can register an authorization callback with a callable object" do
+			callback = Proc.new { :authz }
+			@app.authz_callback( callback )
+			@app.authz_callback.should == callback
+		end
+
+
+		context "that has an authz callback" do
+
+			before( :each ) do
+				@app.authz_callback {  }
+			end
+
+			it "yields authorization to the callback if authentication succeeds"
+			it "responds with a 403 Forbidden response if the block doesn't return true"
+
+		end
+
+	end
+
+end
+