tentd 0.0.1

data/spec/spec_helper.rb

@@ -0,0 +1,37 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'bundler/setup'
+require 'mocha_standalone'
+require 'rack/test'
+require 'tentd'
+require 'fabrication'
+require 'tentd/core_ext/hash/slice'
+require 'girl_friday'
+require 'tentd/notifications/girl_friday'
+
+Dir["#{File.dirname(__FILE__)}/support/*.rb"].each { |f| require f }
+
+ENV['RACK_ENV'] ||= 'test'
+
+require 'data_mapper'
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.include JsonRequest
+  config.mock_with :mocha
+
+  config.around do |suite|
+    with_constants "TentD::Notifications::NOTIFY_ENTITY_QUEUE" => [], "TentD::Notifications::TRIGGER_QUEUE" => [] do
+      suite.run
+    end
+  end
+
+  config.before(:suite) do
+    GirlFriday::WorkQueue.immediate!
+    # DataMapper::Logger.new(STDOUT, :debug)
+    DataMapper.setup(:default, ENV['TEST_DATABASE_URL'] || 'postgres://localhost/tent_server_test')
+    DataMapper.auto_migrate!
+    TentD::Model::User.current = TentD::Model::User.first_or_create
+  end
+end

data/spec/support/expect_server.rb

@@ -0,0 +1,3 @@
+def expect_server(env, url)
+  expect(env[:url].to_s).to match(url)
+end

data/spec/support/json_request.rb

@@ -0,0 +1,54 @@
+require 'json'
+
+module JsonRequest
+  def json_patch(path, data = {}, rack_env = {})
+    patch path, data.to_json,  { 'CONTENT_TYPE' => TentD::API::MEDIA_TYPE }.merge(rack_env)
+  end
+
+  def json_put(path, data = {}, rack_env= {})
+    put path, data.to_json, { 'CONTENT_TYPE' => TentD::API::MEDIA_TYPE }.merge(rack_env)
+  end
+
+  def json_post(path, data = {}, rack_env = {})
+    post path, data.to_json, { 'CONTENT_TYPE' => TentD::API::MEDIA_TYPE }.merge(rack_env)
+  end
+
+  def json_get(path, data = {}, rack_env = {})
+    get path, data, { 'HTTP_ACCEPT' => TentD::API::MEDIA_TYPE }.merge(rack_env)
+  end
+
+  def multipart_post(path, json, parts, rack_env = {})
+    body = build_json_part(json) + build_parts(parts) + "--#{Rack::Multipart::MULTIPART_BOUNDARY}--\r"
+    post path, body, { 'CONTENT_TYPE' => "multipart/form-data; boundary=#{Rack::Multipart::MULTIPART_BOUNDARY}",
+                       'HTTP_ACCEPT' =>  TentD::API::MEDIA_TYPE }.merge(rack_env)
+  end
+
+  def multipart_put(path, json, parts, rack_env = {})
+    body = build_json_part(json) + build_parts(parts) + "--#{Rack::Multipart::MULTIPART_BOUNDARY}--\r"
+    put path, body, { 'CONTENT_TYPE' => "multipart/form-data; boundary=#{Rack::Multipart::MULTIPART_BOUNDARY}",
+                       'HTTP_ACCEPT' =>  TentD::API::MEDIA_TYPE }.merge(rack_env)
+  end
+
+  private
+
+  def build_json_part(json)
+    build_part('post', :filename => 'post.json', :content_type => TentD::API::MEDIA_TYPE, :content => json.to_json)
+  end
+
+  def build_parts(parts)
+    parts.map do |k,v|
+      v.kind_of?(Array) ? v.each_with_index.map { |part,i| build_part("#{k}[#{i}]", part) } : build_part(k, v)
+    end.join
+  end
+
+  def build_part(name, data)
+<<-EOF
+--#{Rack::Multipart::MULTIPART_BOUNDARY}\r
+Content-Disposition: form-data; name="#{name}"; filename="#{Rack::Utils.escape(data[:filename])}"\r
+Content-Type: #{data[:content_type]}\r
+Content-Length: #{data[:content].size}\r
+\r
+#{data[:content]}\r
+EOF
+  end
+end

data/spec/support/with_constant.rb

@@ -0,0 +1,23 @@
+def split_constant_string(const_string)
+  parent_constant = const_string.to_s.split("::")[0..-2].inject(Object) { |o, c| o.const_get(c) }
+  child_constant = const_string.to_s.split("::").last
+  [parent_constant, child_constant]
+end
+
+def with_constants(constants, &block)
+  saved_constants = {}
+  constants.each_pair do |constant, val|
+    parent, child = split_constant_string(constant)
+    saved_constants[ constant ] = parent.const_get( child )
+    with_warnings(nil) { parent.const_set( child, val ) }
+  end
+
+  begin
+    block.call
+  ensure
+    constants.each_pair do |constant, val|
+      parent, child = split_constant_string(constant)
+      with_warnings(nil) { parent.const_set( child, saved_constants[ constant ] ) }
+    end
+  end
+end

data/spec/support/with_warnings.rb

@@ -0,0 +1,6 @@
+def with_warnings(flag)
+  old_verbose, $VERBOSE = $VERBOSE, flag
+  yield
+ensure
+  $VERBOSE = old_verbose
+end

data/spec/unit/api/authentication_finalize_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe TentD::API::AuthenticationFinalize do
+  def app
+    TentD::API.new
+  end
+
+  it "should set current_auth" do
+    instance = stub(:mac_timestamp_delta => 1346171050)
+    env = Hashie::Mash.new({
+      "potential_auth" => instance,
+      'hmac' => { 'ts' => "1336363200", 'verified' => true }
+    })
+    described_class.new(app).call(env)
+    expect(env["current_auth"]).to eq(instance)
+  end
+
+  it "should set mac_timestamp_delta on current_auth" do
+    now = Time.now; Time.stubs(:now).returns(now)
+    delta = now.to_i - 1336363200
+    instance = stub(:mac_timestamp_delta => nil)
+    env = Hashie::Mash.new({
+      "potential_auth" => instance,
+      'hmac' => { 'ts' => "1336363200", 'verified' => true }
+    })
+    instance.expects(:update).with(:mac_timestamp_delta => delta).returns(true)
+    described_class.new(app).call(env)
+  end
+
+  it "should not set mac_timestamp_delta on current_auth if already set" do
+    instance = stub(:mac_timestamp_delta => 1346171050)
+    env = Hashie::Mash.new({
+      "potential_auth" => instance,
+      'hmac' => { 'ts' => "1336363200", 'verified' => true }
+    })
+    instance.expects(:update).never
+    described_class.new(app).call(env)
+  end
+
+  it 'should do nothing unless env.hmac.verified present' do
+    env = Hashie::Mash.new({ "potential_auth" => stub(:mac_timestamp_delta => 1346171050) })
+    described_class.new(app).call(env)
+    expect(env.current_auth).to be_nil
+  end
+end

data/spec/unit/api/authentication_lookup_spec.rb

@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe TentD::API::AuthenticationLookup do
+  def app
+    TentD::API.new
+  end
+
+  let(:env) { Hashie::Mash.new({}) }
+  let(:auth_header) { 'MAC id="%s:h480djs93hd8", ts="1336363200", nonce="dj83hs9s", mac="hqpo01mLJLSYDbxmfRgNMEw38Wg="' }
+
+  it 'should parse hmac authorization header' do
+    TentD::Model::Follower.all.destroy!
+    follow = Fabricate(:follower, :mac_key_id => "s:h480djs93hd8")
+    env['HTTP_AUTHORIZATION'] = auth_header % 's'
+    described_class.new(app).call(env)
+    expect(env['hmac']).to eq({
+      "algorithm" => "hmac-sha-256",
+      "id" => "s:h480djs93hd8",
+      "ts" => "1336363200",
+      "nonce" => "dj83hs9s",
+      "secret" => follow.mac_key,
+      "mac" => "hqpo01mLJLSYDbxmfRgNMEw38Wg="
+    })
+  end
+
+  it 'should lookup server authentication model' do
+    TentD::Model::Follower.all(:mac_key_id => "s:h480djs93hd8").destroy!
+    follow = Fabricate(:follower, :mac_key_id => "s:h480djs93hd8")
+    expect(follow.saved?).to be_true
+    env['HTTP_AUTHORIZATION'] = auth_header % 's'
+    described_class.new(app).call(env)
+    expect(env.potential_auth).to eq(follow.reload)
+    expect(env.hmac.secret).to eq(follow.mac_key)
+    expect(env.hmac.algorithm).to eq(follow.mac_algorithm)
+  end
+
+  it 'should lookup app authentication model' do
+    TentD::Model::App.all.destroy
+    authed_app = Fabricate(:app, :mac_key_id => "a:h480djs93hd8")
+    expect(authed_app.saved?).to be_true
+    env['HTTP_AUTHORIZATION'] = auth_header % 'a'
+    described_class.new(app).call(env)
+    expect(env.potential_auth).to eq(authed_app)
+    expect(env.hmac.secret).to eq(authed_app.mac_key)
+    expect(env.hmac.algorithm).to eq(authed_app.mac_algorithm)
+  end
+
+  it 'should lookup user authentication model' do
+    TentD::Model::AppAuthorization.all.destroy!
+    authed_user = TentD::Model::AppAuthorization.create(:mac_key_id => "u:h480djs93hd8",
+                                                             :app => Fabricate(:app))
+    expect(authed_user.saved?).to be_true
+    env['HTTP_AUTHORIZATION'] = auth_header % 'u'
+    described_class.new(app).call(env)
+    expect(env.potential_auth).to eq(authed_user)
+    expect(env.hmac.secret).to eq(authed_user.mac_key)
+    expect(env.hmac.algorithm).to eq(authed_user.mac_algorithm)
+  end
+
+  it 'should do nothing unless HTTP_AUTHORIZATION header' do
+    env = {}
+    described_class.new(app).call(env)
+    expect(env['hmac']).to be_nil
+  end
+end

data/spec/unit/api/authentication_verification_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe TentD::API::AuthenticationVerification do
+  def app
+    TentD::API.new
+  end
+
+  it 'should verify mac signature' do
+    env = Hashie::Mash.new({
+      'hmac' => {
+        "id" => "s:h480djs93hd8", "ts" => "1336363200", "nonce" => "dj83hs9s", "mac" => "hqpo01mLJLSYDbxmfRgNMEw38Wg=",
+        "secret" => '489dks293j39',
+        'algorithm' => 'hmac-sha-1',
+      },
+      'rack.input' => StringIO.new("asdf\nasdf"),
+      'REQUEST_METHOD' => 'POST',
+      'SCRIPT_NAME' => "/resource/1",
+      'QUERY_STRING' => "b=1&a=2",
+      'HTTP_HOST' => "example.com",
+      'SERVER_PORT' => "80"
+    })
+    described_class.new(app).call(env)
+    expect(env.hmac.verified).to be_true
+  end
+
+  it 'should respond 403 Unauthorized if signature fails verification' do
+    env = Hashie::Mash.new({
+      'hmac' => {
+        "id" => "s:h480djs93hd8", "ts" => "1336363200", "nonce" => "dj83hs9s", "mac" => "hqpo01mLJLSYDbxmfRgNMEw38Wg=",
+        "secret" => 'WRONG-KEY',
+        'algorithm' => 'hmac-sha-1',
+      },
+      'rack.input' => StringIO.new("asdf\nasdf"),
+      'REQUEST_METHOD' => 'POST',
+      'SCRIPT_NAME' => "/resource/1",
+      'QUERY_STRING' => "b=1&a=2",
+      'HTTP_HOST' => "example.com",
+      'SERVER_PORT' => "80"
+    })
+    env = described_class.new(app).call(env)
+    expect(env).to be_an(Array)
+    expect(env.first).to eq(403)
+  end
+
+  it 'should not do anything if no signature' do
+    env = Hashie::Mash.new({})
+    res = described_class.new(app).call(env)
+    expect(env.hmac).to be_nil
+  end
+end

data/spec/unit/api/authorizable_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+require 'hashie'
+
+describe TentD::API::Authorizable do
+  class TestMiddleware2
+    include TentD::API::Authorizable
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      authorize_env!(env, :read_posts)
+      @app.call(env)
+    end
+  end
+
+  class OtherTestMiddleware < TentD::API::Middleware
+    def action(env)
+      authorize_env!(env, :read_posts)
+      env
+    end
+  end
+
+  def app
+    TentD::API.new
+  end
+
+  let(:env) { Hashie::Mash.new }
+  let(:middleware) { TestMiddleware2.new(app) }
+
+  describe '#authorize_env!(env, scope)' do
+    it 'should raise Unauthorized unless env.authorized_scopes includes scope' do
+      expect( lambda { middleware.call(env) } ).to raise_error(described_class::Unauthorized)
+    end
+
+    it 'should do nothing if env.authorized_scopes includes scope' do
+      env.authorized_scopes = [:read_posts]
+      expect( lambda { middleware.call(env) } ).to_not raise_error
+    end
+
+    context 'when TentD::API::Middleware' do
+      it 'should respond 403 unless env.authorized_scopes includes scope' do
+        response = OtherTestMiddleware.new(app).call(env)
+        expect(response).to be_an(Array)
+        expect(response.first).to be(403)
+      end
+    end
+  end
+end

data/spec/unit/api/authorization_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+require 'hashie'
+
+describe TentD::API::Authorization do
+  def app
+    TentD::API.new
+  end
+
+  let(:env) { Hashie::Mash.new }
+
+  not_authorized = proc do
+    it 'should not authorize scopes' do
+      described_class.new(app).call(env)
+      expect(env.authorized_scopes).to eq([])
+    end
+  end
+
+  context 'without current_auth', &not_authorized
+
+  context 'with current_auth' do
+    context 'when Follower' do
+      before do
+        env.current_auth = Fabricate(:follower)
+      end
+
+      context '', &not_authorized
+    end
+
+    context 'when AppAuthorization' do
+      before do
+        env.current_auth = Fabricate(
+          :app_authorization,
+          :scopes => ['read_posts', 'write_posts'],
+          :app => Fabricate(:app)
+        )
+      end
+
+      it 'should lookup authorized scopes' do
+        described_class.new(app).call(env)
+        expect(env.authorized_scopes).to eq([:read_posts, :write_posts])
+      end
+    end
+  end
+end

data/spec/unit/api/caching_headers_spec.rb

@@ -0,0 +1,121 @@
+require 'spec_helper'
+
+describe TentD::API::Router::CachingHeaders do
+  let(:app) { lambda { |env| [200, {}, ''] } }
+  let(:middleware) { TentD::API::Router::CachingHeaders.new(app) }
+  let(:env) { Hashie::Mash.new('REQUEST_METHOD' => 'GET') }
+
+  shared_examples 'conditional get' do
+    it 'should respond with a 304 when cached' do
+      status, headers, body = middleware.call env.merge('response' => response,
+                                                        'HTTP_IF_MODIFIED_SINCE' => Time.now.httpdate)
+      expect(status).to eq(304)
+      expect(body).to be_nil
+    end
+
+    it 'should not 304 when not cached' do
+      status, headers, body = middleware.call env.merge('response' => response,
+                                                        'HTTP_IF_MODIFIED_SINCE' => (Time.now - 60).httpdate)
+      expect(status).to eq(200)
+      expect(headers['Last-Modified']).to_not be_nil
+    end
+  end
+
+  shared_examples 'public response' do
+    it 'should set Cache-Control to public' do
+      expect(middleware.call(env.merge('response' => response))[1]['Cache-Control']).to eq('public')
+    end
+  end
+
+  shared_examples 'private response' do
+    it 'should set Cache-Control to private' do
+      expect(middleware.call(env.merge('response' => response))[1]['Cache-Control']).to eq('private')
+    end
+  end
+
+  context 'object instance with #updated_at' do
+    let(:response) { stub(:updated_at => Time.now-1) }
+    it_behaves_like 'conditional get'
+  end
+
+  context 'hash with "updated_at"' do
+    let(:response) { { 'updated_at' => Time.now-1 } }
+    it_behaves_like 'conditional get'
+  end
+
+  context 'object array with #updated_at' do
+    let(:response) { [stub(:updated_at => Time.now-1), stub(:updated_at => Time.now-90)] }
+    it_behaves_like 'conditional get'
+  end
+
+  context 'hash array with "updated_at"' do
+    let(:response) { [{ "updated_at" => Time.now-1 }, { "updated_at" => Time.now-90 }] }
+    it_behaves_like 'conditional get'
+  end
+
+  context "object that doesn't respond to #updated_at" do
+    it "should return without changes" do
+      expect(middleware.call(env.merge('response' => stub)).first).to eq(200)
+    end
+  end
+
+  context "object that is #public" do
+    let(:response) { stub(:public => true) }
+    it_behaves_like 'public response'
+  end
+
+  context "object that is not #public" do
+    let(:response) { stub(:public => false) }
+    it_behaves_like 'private response'
+  end
+
+  context "array of #public objects" do
+    let(:response) { [stub(:public => true)] * 2 }
+    it_behaves_like 'public response'
+  end
+
+  context "array of public and private objects" do
+    let(:response) { [stub(:public => true), stub(:public => false)] }
+    it_behaves_like 'private response'
+  end
+
+  context 'hash that is "public"' do
+    let(:response) { { "public" => true } }
+    it_behaves_like 'public response'
+  end
+
+  context 'hash that is not "public"' do
+    let(:response) { { "public" => false } }
+    it_behaves_like 'private response'
+  end
+
+  context 'array of hashes that are "public"' do
+    let(:response) { [{ "public" => true }]*2 }
+    it_behaves_like 'public response'
+  end
+
+  context 'array of hashes that are not "public"' do
+    let(:response) { [{ "public" => false }]*2 }
+    it_behaves_like 'private response'
+  end
+
+  context 'hash that has public set on permissions' do
+    let(:response) { { "permissions" => { "public" => true } } }
+    it_behaves_like 'public response'
+  end
+
+  context 'hash that has public set to false on permissions' do
+    let(:response) { { "permissions" => { "public" => false } } }
+    it_behaves_like 'private response'
+  end
+
+  context 'array of hashes that have public set on permissions' do
+    let(:response) { [{ "permissions" => { "public" => true } }]*2 }
+    it_behaves_like 'public response'
+  end
+
+  context 'array of hashes that have public set to false on permissions' do
+    let(:response) { [{ "permissions" => { "public" => false } }]*2 }
+    it_behaves_like 'private response'
+  end
+end