strelka 0.0.1.pre177 → 0.0.1.pre184

data/lib/strelka/paramvalidator.rb

@@ -20,49 +20,43 @@ require 'strelka/app' unless defined?( Strelka::App )
 #
 #   require 'strelka/app/formvalidator'
 #
-#	# Profile specifies validation criteria for input
-#	profile = {
-#     :required		=> :name,
-#     :optional		=> [:email, :description],
-#     :filters		=> [:strip, :squeeze],
-#     :untaint_all_constraints => true,
-#     :descriptions	=> {
-#       :email          => "Customer Email",
-#       :description    => "Issue Description",
-#       :name           => "Customer Name",
-#     },
-#     :constraints  => {
-#       :email  => :email,
-#       :name   => /^[\x20-\x7f]+$/,
-#       :description => /^[\x20-\x7f]+$/,
-#     },
-#	}
-#
-#	# Create a validator object and pass in a hash of request parameters and the
-#	# profile hash.
 #   validator = Strelka::ParamValidator.new
-#	validator.validate( req_params, profile )
 #
-#	# Now if there weren't any errors, send the success page
+#	# Add validation criteria for input parameters
+#	validator.add( :name, /^(?<lastname>\S+), (?<firstname>\S+)$/, "Customer Name" )
+#	validator.add( :email, "Customer Email" )
+#	validator.add( :feedback, :printable, "Customer Feedback" )
+#
+#   # Untaint all parameter values which match their constraints
+#   validate.untaint_all_constraints = true
+#
+#	# Now pass in tainted values in a hash (e.g., from an HTML form)
+#	validator.validate( req.params )
+#
+#	# Now if there weren't any errors, use some form values to fill out the
+#   # success page template
 #	if validator.okay?
-#		return success_template
+#		tmpl = template :success
+#       tmpl.firstname = validator[:name][:firstname]
+#       tmpl.lastname  = validator[:name][:lastname]
+#       tmpl.email     = validator[:email]
+#       tmpl.feedback  = validator[:feedback]
+#       return tmpl
 #
 #	# Otherwise fill in the error template with auto-generated error messages
 #	# and return that instead.
 #	else
-#		failure_template.errors( validator.error_messages )
-#		return failure_template
+#       tmpl = template :feedback_form
+#		tmpl.errors = validator.error_messages
+#		return tmpl
 #	end
 #
 class Strelka::ParamValidator < ::FormValidator
 	extend Forwardable
 	include Strelka::Loggable
 
-
-	# Validation default config
-	DEFAULT_PROFILE = {
-		:descriptions => {},
-	}
+	# Options that are passed as Symbols to .param
+	FLAGS = [ :required, :untaint ]
 
 	#
 	# RFC822 Email Address Regex
@@ -110,6 +104,7 @@ class Strelka::ParamValidator < ::FormValidator
 
 	# The Hash of builtin constraints that are validated against a regular
 	# expression.
+	# :TODO: Document that these are the built-in constraints that can be used in a route
 	BUILTIN_CONSTRAINT_PATTERNS = {
 		:boolean      => /^(?<boolean>t(?:rue)?|y(?:es)?|[10]|no?|f(?:alse)?)$/i,
 		:integer      => /^(?<integer>[\-\+]?\d+)$/,
@@ -124,6 +119,11 @@ class Strelka::ParamValidator < ::FormValidator
 		:uri          => /^(?<uri>#{URI::URI_REF})$/,
 	}
 
+	# Pattern to use to strip binding operators from parameter patterns so they
+	# can be used in the middle of routing Regexps.
+	PARAMETER_PATTERN_STRIP_RE = Regexp.union( '^', '$', '\\A', '\\z', '\\Z' )
+
+
 
 	### Return a Regex for the built-in constraint associated with the given +name+. If
 	### the builtin constraint is not pattern-based, or there is no such constraint,
@@ -138,11 +138,19 @@ class Strelka::ParamValidator < ::FormValidator
 	#################################################################
 
 	### Create a new Strelka::ParamValidator object.
-	def initialize( profile, params=nil )
+	def initialize( profile={} )
+		@profile = {
+			descriptions:              {},
+			required:                  [],
+			optional:                  [],
+			descriptions:              {},
+			constraints:               {},
+			untaint_constraint_fields: [],
+		}.merge( profile )
+
 		@form                = {}
 		@raw_form            = {}
-		@profile             = DEFAULT_PROFILE.merge( profile )
-		@invalid_fields      = []
+		@invalid_fields      = {}
 		@missing_fields      = []
 		@unknown_fields      = []
 		@required_fields     = []
@@ -150,18 +158,22 @@ class Strelka::ParamValidator < ::FormValidator
 		@optional_fields     = []
 		@filters_array       = []
 		@untaint_fields      = []
+		@untaint_all         = false
 
 		@parsed_params       = nil
-
-		self.validate( params ) if params
 	end
 
 
 	### Copy constructor.
 	def initialize_copy( original )
+		super
+
+		@profile = original.profile.dup
+		@profile.each_key {|k| @profile[k] = @profile[k].clone }
+		self.log.debug "Copied validator profile: %p" % [ @profile ]
+
 		@form                = @form.clone
 		@raw_form            = @form.clone
-		@profile             = @profile.clone
 		@invalid_fields      = @invalid_fields.clone
 		@missing_fields      = @missing_fields.clone
 		@unknown_fields      = @unknown_fields.clone
@@ -170,6 +182,7 @@ class Strelka::ParamValidator < ::FormValidator
 		@optional_fields     = @optional_fields.clone
 		@filters_array       = @filters_array.clone
 		@untaint_fields      = @untaint_fields.clone
+		@untaint_all         = original.untaint_all?
 
 		@parsed_params       = @parsed_params.clone if @parsed_params
 	end
@@ -180,12 +193,103 @@ class Strelka::ParamValidator < ::FormValidator
 	public
 	######
 
+	# The profile hash
+	attr_reader :profile
+
 	# The raw form data Hash
 	attr_reader :raw_form
 
 	# The validated form data Hash
 	attr_reader :form
 
+	# Global untainting flag
+	attr_accessor :untaint_all
+	alias_method :untaint_all_constraints=, :untaint_all=
+	alias_method :untaint_all?, :untaint_all
+	alias_method :untaint_all_constraints, :untaint_all
+	alias_method :untaint_all_constraints?, :untaint_all
+
+
+
+	### Return the Array of declared parameter validations.
+	def param_names
+		return self.profile[:required] | self.profile[:optional]
+	end
+
+
+	### Fetch the constraint/s that apply to the parameter with the given
+	### +name+.
+	def constraint_for( name )
+		constraint = self.profile[:constraints][ name.to_sym ] or
+			raise ScriptError, "no parameter %p defined" % [ name ]
+		return constraint
+	end
+
+
+	### Fetch the constraint/s that apply to the parameter named +name+ as a
+	### Regexp, if possible.
+	def constraint_regexp_for( name )
+		self.log.debug "  searching for a constraint for %p" % [ name ]
+
+		# Munge the constraint into a Regexp
+		constraint = self.constraint_for( name )
+		re = case constraint
+			when Regexp
+				self.log.debug "  regex constraint is: %p" % [ constraint ]
+				constraint
+			when Array
+				sub_res = constraint.map( &self.method(:extract_route_from_constraint) )
+				Regexp.union( sub_res )
+			when Symbol
+				self.class.pattern_for_constraint( constraint ) or
+					raise ScriptError, "no pattern for built-in %p constraint" % [ constraint ]
+			else
+				raise ScriptError,
+					"can't route on a parameter with a %p constraint %p" % [ constraint.class ]
+			end
+
+		self.log.debug "  bounded constraint is: %p" % [ re ]
+
+		# Unbind the pattern from beginning or end of line.
+		# :TODO: This is pretty ugly. Find a better way of modifying the regex.
+		re_str = re.to_s.
+			sub( %r{\(\?[\-mix]+:(.*)\)}, '\\1' ).
+			gsub( PARAMETER_PATTERN_STRIP_RE, '' )
+		self.log.debug "  stripped constraint pattern down to: %p" % [ re_str ]
+
+		return Regexp.new( "(?<#{name}>#{re_str})", re.options )
+	end
+
+
+	### :call-seq:
+	###    param( name, *flags )
+	###    param( name, constraint, *flags )
+	###    param( name, description, *flags )
+	###    param( name, constraint, description, *flags )
+	###
+	### Add a validation for a parameter with the specified +name+. The +args+ can include
+	### a constraint, a description, and one or more flags.
+	def add( name, *args, &block )
+		name = name.to_sym
+		raise ArgumentError,
+			"parameter %p is already defined; perhaps you meant to use #override?" % [name] if
+			self.param_names.include?( name )
+
+		self.set_param( name, *args, &block )
+	end
+
+
+	### Replace the existing parameter with the specified +name+. The +args+ replace
+	### the existing description, constraints, and flags. See #add for details.
+	def override( name, *args, &block )
+		name = name.to_sym
+		raise ArgumentError,
+			"no parameter %p defined; perhaps you meant to use #add?" % [name] unless
+			self.param_names.include?( name )
+
+		self.set_param( name, *args, &block )
+	end
+
 
 	### Stringified description of the validator
 	def to_s
@@ -198,6 +302,26 @@ class Strelka::ParamValidator < ::FormValidator
 	end
 
 
+	### Return a human-readable representation of the validator, suitable for debugging.
+	def inspect
+		required = self.profile[:required].collect do |field|
+			"%s (%p)" % [ field, self.profile[:constraints][field] ]
+		end.join( ',' )
+		optional = self.profile[:optional].collect do |field|
+			"%s (%p)" % [ field, self.profile[:constraints][field] ]
+		end.join( ',' )
+
+		return "#<%p:0x%016x %s, profile: [required: %s, optional: %s] global untaint: %s>" % [
+			self.class,
+			self.object_id / 2,
+			self.to_s,
+			required.empty? ? "(none)" : required,
+			optional.empty? ? "(none)" : optional,
+			self.untaint_all? ? "enabled" : "disabled",
+		]
+	end
+
+
 	### Hash of field descriptions
 	def descriptions
 		return @profile[:descriptions]
@@ -212,19 +336,70 @@ class Strelka::ParamValidator < ::FormValidator
 
 	### Validate the input in +params+. If the optional +additional_profile+ is
 	### given, merge it with the validator's default profile before validating.
-	def validate( params, additional_profile=nil )
+	def validate( params=nil, additional_profile=nil )
+		params ||= {}
+
+		self.log.info "Validating request params: %p with profile: %p" %
+			[ params, @profile ]
 		@raw_form = params.dup
 		profile = @profile
 
 		if additional_profile
-			self.log.debug "Merging additional profile %p" % [additional_profile]
+			self.log.debug "  merging additional profile %p" % [ additional_profile ]
 			profile = @profile.merge( additional_profile )
 		end
 
+		self.log.debug "Calling superclass's validate: %p" % [ self ]
 		super( params, profile )
 	end
 
 
+	protected :convert_profile
+
+    # Load profile with a hash describing valid input.
+	def setup(form_data, profile)
+		@form    = form_data
+		@profile = self.convert_profile( @profile )
+	end
+
+
+	### Set the parameter +name+ in the profile to validate using the given +args+,
+	### which are the same as the ones passed to #add and #override.
+	def set_param( name, *args, &block )
+		args.unshift( block ) if block
+
+		# Custom validator -- either a callback or a regex
+		if args.first.is_a?( Regexp ) || args.first.respond_to?( :call )
+			self.profile[:constraints][ name ] = args.shift
+
+		# Builtin match validator, either explicit or implied by the name
+		else
+			constraint = args.shift if args.first.is_a?( Symbol ) && !FLAGS.include?( args.first )
+			constraint ||= name
+
+			raise ArgumentError, "no builtin %p validator" % [ constraint ] unless
+				self.respond_to?( "match_#{constraint}" )
+			self.profile[:constraints][ name ] = constraint
+		end
+
+		self.profile[:descriptions][ name ] = args.shift if args.first.is_a?( String )
+
+		if args.include?( :required )
+			self.profile[:required] |= [ name ]
+			self.profile[:optional].delete( name )
+		else
+			self.profile[:required].delete( name )
+			self.profile[:optional] |= [ name ]
+		end
+
+		if args.include?( :untaint )
+			self.profile[:untaint_constraint_fields] |= [ name ]
+		else
+			self.profile[:untaint_constraint_fields].delete( :name )
+		end
+	end
+
+
 	### Overridden to remove the check for extra keys.
 	def check_profile_syntax( profile )
 	end
@@ -273,28 +448,21 @@ class Strelka::ParamValidator < ::FormValidator
 	### Returns +true+ if the given +field+ is one that should be untainted.
 	def untaint?( field )
 		self.log.debug "Checking to see if %p should be untainted." % [field]
-		rval = ( @untaint_all ||
+		rval = ( self.untaint_all? ||
 			@untaint_fields.include?(field) ||
 			@untaint_fields.include?(field.to_sym) )
 
 		if rval
 			self.log.debug "  ...yep it should."
 		else
-			self.log.debug "  ...nope; untaint fields is: %p" % [ @untaint_fields ]
+			self.log.debug "  ...nope; untaint_all is: %p, untaint fields is: %p" %
+				[ @untaint_all, @untaint_fields ]
 		end
 
 		return rval
 	end
 
 
-	### Overridden so that the presence of :untaint_constraint_fields doesn't
-	### disable the :untaint_all_constraints flag.
-	def untaint_all_constraints
-		@untaint_all = @profile[:untaint_all_constraints] ? true : false
-	end
-
-
-
 	### Return an array of field names which had some kind of error associated
 	### with them.
 	def error_fields
@@ -412,8 +580,12 @@ class Strelka::ParamValidator < ::FormValidator
 	end
 
 
+	#########
+	protected
+	#########
+
 	#
-	# :section: Constraint methods
+	# :section: Builtin Match Constraints
 	#
 
 	### Try to match the specified +val+ using the built-in constraint pattern
@@ -521,9 +693,14 @@ class Strelka::ParamValidator < ::FormValidator
 	end
 
 
+	#
+	# :section: Constraint method
+	#
+
 	### Apply one or more +constraints+ to the field value/s corresponding to
 	### +key+.
 	def do_constraint( key, constraints )
+		self.log.debug "Applying constraints %p to field %p" % [ constraints, key ]
 		constraints.each do |constraint|
 			case constraint
 			when String
@@ -640,7 +817,7 @@ class Strelka::ParamValidator < ::FormValidator
 
 	### Set the form value for the given +key+. If +value+ is false, add it to
 	### the list of invalid fields with a description derived from the specified
-	### +constraint+.
+	### +constraint+. Called by constraint methods when they succeed.
 	def set_form_value( key, value, constraint )
 		key.untaint
 
@@ -680,30 +857,30 @@ class Strelka::ParamValidator < ::FormValidator
 	### The formvalidator filters method has a bug where he assumes an array
 	###	 when it is in fact a string for multiple values (ie anytime you have a
 	###	 text-area with newlines in it).
-	def filters
-		@filters_array = Array(@profile[:filters]) unless(@filters_array)
-		@filters_array.each do |filter|
-
-			if respond_to?( "filter_#{filter}" )
-				@form.keys.each do |field|
-					# If a key has multiple elements, apply filter to each element
-					@field_array = Array( @form[field] )
-
-					if @field_array.length > 1
-						@field_array.each_index do |i|
-							elem = @field_array[i]
-							@field_array[i] = self.send("filter_#{filter}", elem)
-						end
-					else
-						if not @form[field].to_s.empty?
-							@form[field] = self.send("filter_#{filter}", @form[field].to_s)
-						end
-					end
-				end
-			end
-		end
-		@form
-	end
+	# def filters
+	# 	@filters_array = Array(@profile[:filters]) unless(@filters_array)
+	# 	@filters_array.each do |filter|
+	# 
+	# 		if respond_to?( "filter_#{filter}" )
+	# 			@form.keys.each do |field|
+	# 				# If a key has multiple elements, apply filter to each element
+	# 				@field_array = Array( @form[field] )
+	# 
+	# 				if @field_array.length > 1
+	# 					@field_array.each_index do |i|
+	# 						elem = @field_array[i]
+	# 						@field_array[i] = self.send("filter_#{filter}", elem)
+	# 					end
+	# 				else
+	# 					if not @form[field].to_s.empty?
+	# 						@form[field] = self.send("filter_#{filter}", @form[field].to_s)
+	# 					end
+	# 				end
+	# 			end
+	# 		end
+	# 	end
+	# 	@form
+	# end
 
 
 	#######

data/lib/strelka/session/default.rb

@@ -76,7 +76,7 @@ class Strelka::Session::Default < Strelka::Session
 			id = $1.untaint if cookie.value =~ /^([[:xdigit:]]+)$/i
 		end
 
-		return id || SecureRandom.random_bytes.unpack( 'H*' ).join
+		return id || SecureRandom.hex
 	end
 
 

data/spec/strelka/app/auth_spec.rb

@@ -52,6 +52,7 @@ describe Strelka::App::Auth do
 		app = Class.new( Strelka::App ) do
 			plugins :auth
 		end
+		app.install_plugins
 
 		@request_factory.get( '/api/v1/verify' ).should respond_to( :authenticated? )
 	end
@@ -83,6 +84,10 @@ describe Strelka::App::Auth do
 			end
 		end
 
+		after( :each ) do
+			@app = nil
+		end
+
 
 		it "applies auth to every request by default" do
 			app = @app.new
@@ -111,6 +116,38 @@ describe Strelka::App::Auth do
 			req.authenticated_user.should == 'anonymous'
 		end
 
+		context "that has negative auth criteria for the root" do
+
+			before( :each ) do
+				@app.no_auth_for( '/' )
+			end
+
+			it "knows that it has auth criteria" do
+				@app.should have_auth_criteria()
+			end
+
+			it "doesn't pass a request for the root path through auth" do
+				req = @request_factory.get( '/api/v1/' )
+
+				app = @app.new
+				app.auth_provider.should_not_receive( :authenticate )
+				app.auth_provider.should_not_receive( :authorize )
+
+				app.handle( req )
+			end
+
+			it "passes a request for a path other than the root through auth" do
+				req = @request_factory.get( '/api/v1/console' )
+
+				app = @app.new
+				app.auth_provider.should_receive( :authenticate ).and_return( 'anonymous' )
+				app.auth_provider.should_receive( :authorize ).and_return( true )
+
+				app.handle( req )
+			end
+
+		end
+
 		context "that has negative auth criteria" do
 
 			before( :each ) do

data/spec/strelka/app/errors_spec.rb

@@ -42,14 +42,12 @@ describe Strelka::App::Errors do
 	describe "an including App" do
 
 		before( :each ) do
-			Strelka.log.debug "Creating a new Strelka::App"
 			@app = Class.new( Strelka::App ) do
 				plugin :errors, :routing
 				def initialize( appid='params-test', sspec=TEST_SEND_SPEC, rspec=TEST_RECV_SPEC )
 					super
 				end
 			end
-			Strelka.log.debug "  new instance is: %p" % [ @app ]
 		end
 
 		it "doesn't alter normal responses" do

data/spec/strelka/app/filters_spec.rb

@@ -48,7 +48,7 @@ describe Strelka::App::Filters do
 					super
 				end
 			end
-			Strelka.log.debug "  new instance is: %p, filters array: 0x%016x" %
+			Strelka.log.debug "  App class is: %p, filters array: 0x%016x" %
 				[ @app, @app.filters.object_id * 2 ]
 		end
 

data/spec/strelka/app/parameters_spec.rb

@@ -52,8 +52,8 @@ describe Strelka::App::Parameters do
 			@app = nil
 		end
 
-		it "has a parameters Hash" do
-			@app.parameters.should be_a( Hash )
+		it "has a ParamValidator" do
+			@app.paramvalidator.should be_a( Strelka::ParamValidator )
 		end
 
 		it "can declare a parameter with a validation pattern" do
@@ -61,95 +61,9 @@ describe Strelka::App::Parameters do
 				param :username, /\w+/i
 			end
 
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :username ].
-				should include( :constraint => /(?<username>(?i-mx:\w+))/ )
+			@app.paramvalidator.param_names.should == [ :username ]
 		end
 
-		it "can declare a parameter with an Array validation" do
-			@app.class_eval do
-				param :username, [:printable, lambda {|str| str.length <= 16 }]
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[:username][:constraint][0].should == :printable
-			@app.parameters[:username][:constraint][1].should be_an_instance_of( Proc )
-		end
-
-		it "can declare a parameter with a Hash validation" do
-			@app.class_eval do
-				param :username, {'ambrel' => 'A. Hotchgah'}
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :username ].
-				should include( :constraint => {'ambrel' => 'A. Hotchgah'} )
-		end
-
-		it "can declare a parameter with a matcher validation" do
-			@app.class_eval do
-				param :host, :hostname
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :host ].should include( :constraint => :hostname )
-		end
-
-		it "can declare a parameter with a validation pattern and a description" do
-			@app.class_eval do
-				param :username, /\w+/i, "The user's login"
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :username ].should include( :required => false )
-			@app.parameters[ :username ].should include( :constraint => /(?<username>(?i-mx:\w+))/ )
-			@app.parameters[ :username ].should include( :description => "The user's login" )
-		end
-
-		it "can declare a parameter with an Array validation and a description" do
-			@app.class_eval do
-				param :username, ['johnny5', 'ariel', 'hotah'], "The user's login"
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :username ].
-				should include( :constraint => ['johnny5', 'ariel', 'hotah'] )
-			@app.parameters[ :username ].should include( :description => "The user's login" )
-		end
-
-		it "can declare a parameter with just a description" do
-			@app.class_eval do
-				param :uuid, "UUID string"
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :uuid ].should include( :description => "UUID string" )
-			@app.parameters[ :uuid ].should include( :constraint => :uuid )
-		end
-
-		it "can declare a parameter with a validation pattern and a flag" do
-			@app.class_eval do
-				param :username, /\w+/i, :untaint
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :username ].should include( :required => false )
-			@app.parameters[ :username ].should include( :untaint => true )
-			@app.parameters[ :username ].should include( :constraint => /(?<username>(?i-mx:\w+))/ )
-			@app.parameters[ :username ].should include( :description => nil )
-		end
-
-		it "can declare a parameter with a validation Array and a flag" do
-			@app.class_eval do
-				param :username, ['amhel', 'hotah', 'aurelii'], :required
-			end
-
-			@app.parameters.should have( 1 ).member
-			@app.parameters[ :username ].should include( :required => true )
-			@app.parameters[ :username ].
-				should include( :constraint => ['amhel', 'hotah', 'aurelii'] )
-			@app.parameters[ :username ].should include( :description => nil )
-		end
 
 		it "inherits parameters from its superclass" do
 			@app.class_eval do
@@ -157,9 +71,7 @@ describe Strelka::App::Parameters do
 			end
 			subapp = Class.new( @app )
 
-			subapp.parameters.should have( 1 ).member
-			subapp.parameters[ :username ].
-				should include( :constraint => /(?<username>(?i-mx:\w+))/ )
+			subapp.paramvalidator.param_names.should == [ :username ]
 		end
 
 		describe "instance" do