strelka 0.0.1.pre148 → 0.0.1.pre177

data/spec/strelka/authprovider/basic_spec.rb

@@ -0,0 +1,192 @@
+# -*- rspec -*-
+# vim: set nosta noet ts=4 sw=4:
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent.parent.parent
+	$LOAD_PATH.unshift( basedir ) unless $LOAD_PATH.include?( basedir )
+}
+
+require 'rspec'
+require 'ipaddr'
+
+require 'spec/lib/helpers'
+
+require 'strelka'
+require 'strelka/authprovider/basic'
+
+
+#####################################################################
+###	C O N T E X T S
+#####################################################################
+
+describe Strelka::AuthProvider::Basic do
+
+	before( :all ) do
+		@request_factory = Mongrel2::RequestFactory.new( route: '/admin' )
+		setup_logging( :fatal )
+	end
+
+	before( :each ) do
+		@app = stub( "Strelka::App", :conn => stub("Connection", :app_id => 'test-app') )
+		@provider = Strelka::AuthProvider.create( :basic, @app )
+		@config = {
+			'realm' => 'Pern',
+			'users' => {
+				"lessa" => "8wiomemUvH/+CX8UJv3Yhu+X26k=",
+				"f'lar" => "NSeXAe7J5TTtJUE9epdaE6ojSYk=",
+			}
+		}
+	end
+
+	after( :each ) do
+		described_class.users = {}
+		described_class.realm = nil
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	#
+	# Helpers
+	#
+
+	# Make a valid basic authorization header field
+	def make_authorization_header( username, password )
+		creds = [ username, password ].join( ':' )
+		return "Basic %s" % [ creds ].pack( 'm' )
+	end
+
+
+	#
+	# Examples
+	#
+
+	it "uses the app ID as the basic auth realm if none is explicitly configured" do
+		described_class.realm.should == @app.conn.app_id
+	end
+
+	it "can be configured via the Configurability API" do
+		described_class.configure( @config )
+		described_class.realm.should == @config['realm']
+		described_class.users.should == @config['users']
+	end
+
+
+	context "unconfigured" do
+
+		before( :each ) do
+			@expected_info = {
+				status: 401,
+				message: "Requires authentication.",
+				headers: {
+					www_authenticate: "Basic realm=test-app"
+				}
+			}
+		end
+
+		it "rejects a request with no Authorization header" do
+			req = @request_factory.get( '/admin/console' )
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "rejects a request with credentials" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = make_authorization_header( 'lessa', 'ramoth' )
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+	end
+
+
+	context "configured with at least one user" do
+
+		before( :each ) do
+			@expected_info = {
+				status: 401,
+				message: "Requires authentication.",
+				headers: {
+					www_authenticate: "Basic realm=Pern"
+				}
+			}
+			described_class.configure( @config )
+		end
+
+		it "rejects a request with no Authorization header" do
+			req = @request_factory.get( '/admin/console' )
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "rejects a request with an authorization header for some other auth scheme" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = %{Digest username="Mufasa",
+			  realm="testrealm@host.com",
+			  nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+			  uri="/dir/index.html",
+			  qop=auth,
+			  nc=00000001,
+			  cnonce="0a4f113b",
+			  response="6629fae49393a05397450978507c4ef1",
+			  opaque="5ccc069c403ebaf9f0171e9517f40e41"}
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "rejects a request with malformed credentials (no ':')" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = "Basic %s" % ['fax'].pack('m')
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "rejects a request with malformed credentials (invalid base64)" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = "Basic \x06\x06\x18\x08\x36\x18\x02\x00"
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "rejects a request with non-existant user credentials" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = make_authorization_header( 'kendyl', 'charnoth' )
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "rejects a request with a valid user, but the wrong password" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = make_authorization_header( 'lessa', 'charnoth' )
+
+			expect {
+				@provider.authenticate( req )
+			}.to throw_symbol( :finish, @expected_info )
+		end
+
+		it "accepts a request with valid credentials" do
+			req = @request_factory.get( '/admin/console' )
+			req.header.authorization = make_authorization_header( 'lessa', 'ramoth' )
+
+			@provider.authenticate( req ).should be_true()
+		end
+	end
+
+end
+

data/spec/strelka/authprovider/hostaccess_spec.rb

@@ -0,0 +1,70 @@
+# -*- rspec -*-
+# vim: set nosta noet ts=4 sw=4:
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent.parent.parent
+	$LOAD_PATH.unshift( basedir ) unless $LOAD_PATH.include?( basedir )
+}
+
+require 'rspec'
+require 'ipaddr'
+
+require 'spec/lib/helpers'
+
+require 'strelka'
+require 'strelka/authprovider/hostaccess'
+
+
+#####################################################################
+###	C O N T E X T S
+#####################################################################
+
+describe Strelka::AuthProvider::HostAccess do
+
+	before( :all ) do
+		@request_factory = Mongrel2::RequestFactory.new( route: '/admin' )
+		setup_logging( :fatal )
+	end
+
+	before( :each ) do
+		@app = stub( "Strelka::App" )
+		@provider = Strelka::AuthProvider.create( :hostaccess, @app )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	it "knows what its allowed netblocks are" do
+		@provider.allowed_netblocks.should be_an( Array )
+		@provider.allowed_netblocks.should include( IPAddr.new('127.0.0.0/8') )
+	end
+
+	it "allows its netblocks to be set" do
+		@provider.allowed_netblocks = %w[10.5.2.0/22 10.6.2.0/24]
+		@provider.allowed_netblocks.should have( 2 ).members
+		@provider.allowed_netblocks.should include( IPAddr.new('10.5.2.0/22'), IPAddr.new('10.6.2.0/24') )
+	end
+
+	it "can be configured via the Configurability API" do
+		@provider.configure( 'allowed_netblocks' => %w[10.5.2.0/22 10.6.2.0/24] )
+		@provider.allowed_netblocks.should include( IPAddr.new('10.5.2.0/22'), IPAddr.new('10.6.2.0/24') )
+	end
+
+
+	it "allows a request that originates from one of its allowed netblocks" do
+		req = @request_factory.get( '/admin/console', :x_forwarded_for => '127.0.0.1' )
+		@provider.authorize( nil, req ).should be_true()
+	end
+
+
+	it "doesn't allow a request which is not from one of its allowed netblocks" do
+		req = @request_factory.get( '/admin/console', :x_forwarded_for => '8.8.8.8' )
+		@provider.authorize( nil, req ).should be_false()
+	end
+
+
+end
+

data/spec/strelka/authprovider_spec.rb

@@ -0,0 +1,99 @@
+# -*- rspec -*-
+# vim: set nosta noet ts=4 sw=4:
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent.parent
+	$LOAD_PATH.unshift( basedir ) unless $LOAD_PATH.include?( basedir )
+}
+
+require 'rspec'
+
+require 'spec/lib/helpers'
+
+require 'strelka'
+require 'strelka/authprovider'
+
+
+#####################################################################
+###	C O N T E X T S
+#####################################################################
+
+describe Strelka::AuthProvider do
+
+	before( :all ) do
+		@request_factory = Mongrel2::RequestFactory.new( route: '/admin' )
+		setup_logging( :fatal )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	it "looks for plugins under strelka/authprovider" do
+		described_class.derivative_dirs.should include( 'strelka/authprovider' )
+	end
+
+
+	it "is abstract" do
+		expect {
+			described_class.new
+		}.to raise_error( /private method/i )
+	end
+
+
+	describe "a subclass" do
+
+		before( :each ) do
+			@subclass = Class.new( described_class )
+			@app = mock( "Application" )
+			@provider = @subclass.new( @app )
+		end
+
+
+		context "Authentication" do
+
+			it "returns 'anonymous' as credentials if asked to authenticate" do
+				req = @request_factory.get( '/admin/console' )
+				@provider.authenticate( req ).should == 'anonymous'
+			end
+
+		end
+
+
+		context "Authorization" do
+
+			it "doesn't fail if the application doesn't provide an authz callback" do
+				req = @request_factory.get( '/admin/console' )
+				expect {
+					@provider.authorize( 'anonymous', req )
+				}.to_not throw_symbol()
+			end
+
+			it "doesn't fail if the application's authz callback returns true" do
+				req = @request_factory.get( '/admin/console' )
+				expect {
+					@provider.authorize( 'anonymous', req ) { true }
+				}.to_not throw_symbol()
+			end
+
+			it "fails with a 403 (Forbidden) if the app's authz callback returns false" do
+				expected_info = {
+					status:  403,
+					message: "You are not authorized to access this resource.",
+					headers: {}
+				}
+				req = @request_factory.get( '/admin/console' )
+
+				expect {
+					@provider.authorize( 'anonymous', req ) { false }
+				}.to throw_symbol( :finish, expected_info )
+			end
+
+		end
+
+	end
+
+end
+

data/spec/strelka/cookie_spec.rb

@@ -171,7 +171,7 @@ describe Strelka::Cookie do
 
 		it "stringifies with an expires date if one is set" do
 			@cookie.expires = Time.at( 1331761184 )
-			@cookie.to_s.should == 'by_rickirac=9917eb; Expires=Wed, 14-Mar-2012 21:39:44 GMT'
+			@cookie.to_s.should == 'by_rickirac=9917eb; Expires=Wed, 14 Mar 2012 21:39:44 GMT'
 		end
 
 		it "hashes the same as another cookie with the same name, regardless of value" do

data/spec/strelka/httprequest/auth_spec.rb

@@ -0,0 +1,55 @@
+# -*- rspec -*-
+# vim: set nosta noet ts=4 sw=4:
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent.parent.parent
+
+	libdir = basedir + "lib"
+
+	$LOAD_PATH.unshift( basedir ) unless $LOAD_PATH.include?( basedir )
+	$LOAD_PATH.unshift( libdir ) unless $LOAD_PATH.include?( libdir )
+}
+
+require 'rspec'
+
+require 'spec/lib/helpers'
+
+require 'strelka'
+require 'strelka/httprequest/auth'
+
+
+#####################################################################
+###	C O N T E X T S
+#####################################################################
+
+describe Strelka::HTTPRequest::Auth do
+
+	before( :all ) do
+		setup_logging( :fatal )
+		@request_factory = Mongrel2::RequestFactory.new( route: '/service/user' )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+	before( :each ) do
+		@req = @request_factory.get( '/service/user/estark' )
+		@req.extend( described_class )
+	end
+
+
+	it "adds an authenticated? predicate" do
+		@req.should_not be_authenticated()
+		@req.authenticated_user = 'anonymous'
+		@req.should be_authenticated()
+	end
+
+	it "adds an authenticated_user attribute" do
+		@req.authenticated_user.should be_nil()
+		@req.authenticated_user = 'someone'
+		@req.authenticated_user.should == 'someone'
+	end
+
+end

data/spec/strelka/httprequest/session_spec.rb

@@ -16,7 +16,9 @@ require 'rspec'
 require 'spec/lib/helpers'
 
 require 'strelka'
+require 'strelka/app/sessions'
 require 'strelka/httprequest/session'
+require 'strelka/session/default'
 
 
 #####################################################################
@@ -28,16 +30,74 @@ describe Strelka::HTTPRequest::Session do
 	before( :all ) do
 		setup_logging( :fatal )
 		@request_factory = Mongrel2::RequestFactory.new( route: '/service/user' )
+		Strelka::App::Sessions.configure( session_class: 'default' )
+	end
+
+	before( :each ) do
+		@req = @request_factory.get( '/service/user/estark' )
+		Strelka.log.debug "Extending request %p" % [ @req ]
+		@req.extend( described_class )
+	end
+
+	after( :each ) do
+		Strelka::Session::Default.sessions.clear
 	end
 
 	after( :all ) do
 		reset_logging()
 	end
 
-	before( :each ) do
-		@req = @request_factory.get( '/service/user/estark' )
-		@req.extend( described_class )
+
+	describe "an HTTPRequest with no session loaded" do
+
+		it "has a session_namespace attribute" do
+			@req.should respond_to( :session_namespace )
+		end
+
+		it "knows whether or not it has loaded a session" do
+			@req.session?.should be_false()
+		end
+
+		it "doesn't load the session when the session namespace is set" do
+			@req.session_namespace = 'an_appid'
+			@req.session?.should be_false()
+		end
+
+		it "loads the session as soon as it's accessed" do
+			@req.session.should be_a( Strelka::Session::Default )
+		end
+
+		it "sets the session's namespace when it's loaded" do
+			@req.session_namespace = 'an_appid'
+			@req.session.namespace.should == :an_appid
+		end
+
+		it "sets a session's namespace when it's set directly" do
+			@req.should respond_to( :session_namespace= )
+			@req.session_namespace = 'the_appid'
+
+			session = mock( "session object" )
+			session.should_receive( :namespace= ).with( 'the_appid' )
+
+			@req.session = session
+		end
+
 	end
 
 
+	describe "an HTTPRequest with a session loaded" do
+
+		before( :each ) do
+			@req.session_namespace = 'other_appid'
+			@req.session
+		end
+
+		it "sets its session's namespace when its session_namespace attribute is set" do
+			@req.session.namespace.should == :other_appid
+			@req.session_namespace = 'an_appid'
+			@req.session.namespace.should == :an_appid
+		end
+
+	end
+
 end

data/spec/strelka/session/db_spec.rb

@@ -0,0 +1,85 @@
+# -*- rspec -*-
+# vim: set nosta noet ts=4 sw=4:
+
+BEGIN {
+	require 'pathname'
+	basedir = Pathname.new( __FILE__ ).dirname.parent.parent.parent
+	$LOAD_PATH.unshift( basedir ) unless $LOAD_PATH.include?( basedir )
+}
+
+require 'rspec'
+
+require 'spec/lib/helpers'
+
+require 'strelka'
+require 'strelka/session/db'
+
+
+#####################################################################
+###	C O N T E X T S
+#####################################################################
+
+describe Strelka::Session::Db do
+
+	before( :all ) do
+		@request_factory = Mongrel2::RequestFactory.new( route: '/frothy' )
+		setup_logging( :fatal )
+
+		@session_id   = 'f9df9436f02f9b6d099a3dc95614fdb4'
+		@session_data = {
+			:namespace => {
+				:hurrrg => true
+			}
+		}
+	end
+
+	before( :each ) do
+		@cookie_name = described_class.cookie_options[:name]
+		described_class.configure
+	end
+
+	after( :each ) do
+		described_class.db.drop_table( :sessions ) if
+			described_class.db.table_exists?( :sessions )
+	end
+
+	after( :all ) do
+		reset_logging()
+	end
+
+
+	it "creates the database if needed" do
+		described_class.db.table_exists?( :sessions ).should be_true()
+	end
+
+
+	it "can change the default table name" do
+		described_class.configure( :table_name => :brothy )
+		described_class.db.table_exists?( :brothy ).should be_true()
+		described_class.db.drop_table( :brothy )
+	end
+
+
+	it "can load an existing session from the sessions table" do
+		described_class.dataset.insert(
+			:session_id => @session_id,
+			:session    => @session_data.to_yaml )
+
+		session = described_class.load( @session_id )
+		session.namespaced_hash.should == @session_data
+	end
+
+
+	it "can save session data to the database" do
+		req = @request_factory.get( '/frothy/broth' )
+		response = req.response
+		session = described_class.new( @session_id, @session_data )
+		session.save( response )
+
+		row = session.class.dataset.filter( :session_id => @session_id ).first
+		row[ :session_id ].should   == @session_id
+		row[ :session ].should      =~ /hurrrg: true/
+		row[ :created ].to_s.should =~ /\d{4}-\d{2}-\d{2}/
+		response.header_data.should =~ /Set-Cookie: #{@cookie_name}=#{@session_id}/i
+	end
+end

data/spec/strelka/session/default_spec.rb

@@ -27,7 +27,7 @@ describe Strelka::Session::Default do
 	end
 
 	before( :each ) do
-		described_class.cookie_name = described_class::DEFAULT_COOKIE_NAME
+		@cookie_name = described_class.cookie_options[:name]
 	end
 
 	after( :each ) do
@@ -47,8 +47,8 @@ describe Strelka::Session::Default do
 
 
 	it "can be configured to store its session ID in a different cookie" do
-		described_class.configure( :cookie_name => 'buh-mahlon' )
-		described_class.cookie_name.should == 'buh-mahlon'
+		described_class.configure( :cookie => {:name => 'buh-mahlon'} )
+		described_class.cookie_options[:name].should == 'buh-mahlon'
 	end
 
 	it "can load sessions from and save sessions to its in-memory store" do
@@ -73,7 +73,7 @@ describe Strelka::Session::Default do
 
 	it "accepts and reuses an existing valid session-id" do
 		session_id = '3422067061a5790be374c81118d9ed3f'
-		session_cookie = "strelka-sessionid=%s" % [ session_id ]
+		session_cookie = "buh-mahlon=%s" % [ session_id ]
 		req = @request_factory.get( '/hungry/what-is-in-a-fruit-bowl?', :cookie => session_cookie )
 		described_class.get_session_id( req ).should == session_id
 	end
@@ -89,7 +89,7 @@ describe Strelka::Session::Default do
 		session.save( response )
 
 		described_class.sessions.should == { session_id => session_data }
-		response.header_data.should =~ /Set-Cookie: #{described_class::DEFAULT_COOKIE_NAME}=#{session_id}/i
+		response.header_data.should =~ /Set-Cookie: #{@cookie_name}=#{session_id}/i
 	end
 
 	describe "with no namespace set (the 'nil' namespace)" do
@@ -113,9 +113,6 @@ describe Strelka::Session::Default do
 
 			subject.namespace = nil
 
-			subject.keys.should have( 2 ).members
-			subject.keys.should include( :foo, :bar )
-			subject.values.should all_be_a( Hash )
 			subject[:foo][:number].should == 18
 			subject[:bar][:number].should == 28
 		end
@@ -131,23 +128,6 @@ describe Strelka::Session::Default do
 			subject.greet[ :testkey ].should be_true
 			subject.pork[ :testkey ].should be_nil
 		end
-
-		it "is Enumerable (over the hash of namespaces)" do
-			subject.namespace = :meta
-			subject.create_me = :yes
-			subject.namespace = :tetra
-			subject.create_me = :yes
-			subject.namespace = nil
-
-			subject.map {|k,v| k }.should include( :meta, :tetra )
-		end
-
-		it "can merge namespaces into the session" do
-			subject.merge!( :app1 => {:foom => 88}, :app2 => {:foom => 188} )
-			subject.app1[:foom].should == 88
-			subject.app2[:foom].should == 188
-		end
-
 	end
 
 
@@ -168,8 +148,6 @@ describe Strelka::Session::Default do
 			subject[:number] = 18
 			subject[:not_a_number] = 'woo'
 
-			subject.keys.should have( 2 ).members
-			subject.keys.should include( :number, :not_a_number )
 			subject[:number].should == 18
 			subject[:not_a_number].should == 'woo'
 		end
@@ -180,30 +158,6 @@ describe Strelka::Session::Default do
 			subject.testkey.should be_true
 			subject.i_do_not_exist.should be_nil
 		end
-
-		it "is Enumerable (over the namespaced hash)" do
-			subject.namespace = :meta
-			subject.create_me = :yes
-			subject.destroy_me = :yes
-			subject.whip_me = :definitely
-			subject.beat_me = :indubitably
-
-			banner = subject.each_with_object('Hey!') do |(k,v),accum|
-				accum << "#{k} "
-			end
-
-			banner.should =~ /create_me/
-			banner.should =~ /destroy_me/
-			banner.should =~ /whip_me/
-			banner.should =~ /beat_me/
-		end
-
-		it "can merge a hash into the namespace" do
-			subject.merge!( :app1 => {:foom => 88}, :app2 => {:foom => 188} )
-			subject.app1[:foom].should == 88
-			subject.app2[:foom].should == 188
-		end
-
 	end
 
 end