tynn 1.0.0.rc2 → 1.0.0.rc3

data/test/force_ssl_test.rb

@@ -0,0 +1,32 @@
+require_relative "../lib/tynn/force_ssl"
+
+setup do
+  Tynn::Test.new
+end
+
+test "redirects to https" do |app|
+  Tynn.helpers(Tynn::ForceSSL)
+
+  Tynn.define do
+  end
+
+  app.get("/")
+
+  assert_equal 301, app.res.status
+  assert_equal "https://example.org/", app.res.location
+end
+
+test "https request" do |app|
+  Tynn.helpers(Tynn::ForceSSL)
+
+  Tynn.define do
+    root do
+      res.write("secure")
+    end
+  end
+
+  app.get("/", {}, "HTTPS" => "on")
+
+  assert_equal 200, app.res.status
+  assert_equal "secure", app.res.body
+end

data/test/hmote_test.rb

@@ -0,0 +1,78 @@
+require_relative "../lib/tynn/hmote"
+
+setup do
+  Tynn.helpers(Tynn::HMote, views: File.expand_path("./test/views"))
+
+  Tynn::Test.new
+end
+
+test "partial" do |app|
+  Tynn.define do
+    on "partial" do
+      res.write(partial("partial", name: "mote"))
+    end
+  end
+
+  app.get("/partial")
+
+  assert_equal "mote", app.res.body.strip
+end
+
+test "view" do |app|
+  Tynn.define do
+    on "view" do
+      res.write(view("view", title: "tynn", name: "mote"))
+    end
+  end
+
+  app.get("/view")
+
+  assert_equal "tynn / mote", app.res.body.strip
+end
+
+test "render" do |app|
+  Tynn.define do
+    on "render" do
+      render("view", title: "tynn", name: "mote")
+    end
+  end
+
+  app.get("/render")
+
+  assert_equal 200, app.res.status
+  assert_equal "text/html", app.res.headers["Content-Type"]
+  assert_equal "tynn / mote", app.res.body.strip
+end
+
+test "404" do |app|
+  Tynn.define do
+    on "404" do
+      res.status = 404
+
+      render("view", title: "tynn", name: "mote")
+    end
+  end
+
+  app.get("/404")
+
+  assert_equal 404, app.res.status
+  assert_equal "text/html", app.res.headers["Content-Type"]
+  assert_equal "tynn / mote", app.res.body.strip
+end
+
+test "custom layout" do
+  class App < Tynn
+    set(:layout, "custom_layout")
+  end
+
+  App.define do
+    root do
+      render("view", title: "tynn", name: "mote")
+    end
+  end
+
+  app = Tynn::Test.new(App)
+  app.get("/")
+
+  assert_equal "custom / tynn / mote", app.res.body.strip
+end

data/test/hsts_test.rb

@@ -0,0 +1,29 @@
+require_relative "../lib/tynn/hsts"
+
+test "hsts header" do |app|
+  Tynn.helpers(Tynn::HSTS)
+
+  Tynn.define do
+  end
+
+  app = Tynn::Test.new
+  app.get("/", {})
+
+  header = app.res.headers["Strict-Transport-Security"]
+
+  assert_equal "max-age=15552000; includeSubdomains", header
+end
+
+test "hsts header options" do |app|
+  Tynn.helpers(Tynn::HSTS, expires: 1, subdomains: false, preload: true)
+
+  Tynn.define do
+  end
+
+  app = Tynn::Test.new
+  app.get("/", {})
+
+  header = app.res.headers["Strict-Transport-Security"]
+
+  assert_equal "max-age=1; preload", header
+end

data/test/protection_test.rb

@@ -1,18 +1,6 @@
 require_relative "../lib/tynn/protection"
 require_relative "../lib/tynn/session"
 
-test "includes secure headers" do
-  Tynn.helpers(Tynn::Protection)
-
-  assert Tynn.include?(Tynn::SecureHeaders)
-end
-
-test "includes ssl helper if ssl is true" do
-  Tynn.helpers(Tynn::Protection, ssl: true)
-
-  assert Tynn.include?(Tynn::SSL)
-end
-
 test "supports hsts options" do
   hsts = { expires: 100, subdomains: false, preload: true }
 
@@ -46,21 +34,3 @@ test "adds secure flag to session cookie" do
 
   assert(/;\s*secure\s*(;|$)/i === session)
 end
-
-test "if session uses secure flag" do
-  Tynn.helpers(Tynn::Protection, ssl: true)
-  Tynn.helpers(Tynn::Session, secret: "_this_must_be_random_", secure: true)
-
-  Tynn.define do
-    root do
-      session[:foo] = "foo"
-    end
-  end
-
-  app = Tynn::Test.new
-  app.get("/", {}, "HTTPS" => "on")
-
-  session, _ = app.res.headers["Set-Cookie"].split("\n")
-
-  assert(/;\s*secure\s*(;|$)/i === session)
-end

data/test/render_test.rb

@@ -1,4 +1,4 @@
-require "erb"
+require "erubis"
 require_relative "../lib/tynn/render"
 
 setup do
@@ -77,3 +77,16 @@ test "custom layout" do
 
   assert_equal "custom / tynn / erb", app.res.body.strip
 end
+
+test "escapes by default" do
+  Tynn.define do
+    root do
+      res.write(partial("partial", name: "<a></a>"))
+    end
+  end
+
+  app = Tynn::Test.new
+  app.get("/")
+
+  assert_equal "&lt;a&gt;&lt;/a&gt;", app.res.body.strip
+end

data/test/secure_headers_test.rb

@@ -12,9 +12,16 @@ test "secure headers" do
   app = Tynn::Test.new
   app.get("/")
 
+  secure_headers = {
+    "X-Content-Type-Options" => "nosniff",
+    "X-Frame-Options" => "SAMEORIGIN",
+    "X-Permitted-Cross-Domain-Policies" => "none",
+    "X-XSS-Protection" => "1; mode=block"
+  }
+
   headers = app.res.headers
 
-  Tynn::SecureHeaders::HEADERS.each do |header, value|
+  secure_headers.each do |header, value|
     assert_equal(value, headers[header])
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tynn
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc2
+  version: 1.0.0.rc3
 platform: ruby
 authors:
 - Francesco Rodríguez
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-21 00:00:00.000000000 Z
+date: 2015-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -24,20 +24,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
-- !ruby/object:Gem::Dependency
-  name: seteable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: syro
   requirement: !ruby/object:Gem::Requirement
@@ -134,7 +120,9 @@ files:
 - lib/tynn.rb
 - lib/tynn/all_methods.rb
 - lib/tynn/environment.rb
-- lib/tynn/erubis.rb
+- lib/tynn/force_ssl.rb
+- lib/tynn/hmote.rb
+- lib/tynn/hsts.rb
 - lib/tynn/json.rb
 - lib/tynn/matchers.rb
 - lib/tynn/not_found.rb
@@ -144,15 +132,18 @@ files:
 - lib/tynn/response.rb
 - lib/tynn/secure_headers.rb
 - lib/tynn/session.rb
-- lib/tynn/ssl.rb
+- lib/tynn/settings.rb
 - lib/tynn/static.rb
 - lib/tynn/test.rb
 - lib/tynn/version.rb
 - test/all_methods_test.rb
 - test/core_test.rb
+- test/default_headers_test.rb
 - test/environment_test.rb
-- test/erubis_test.rb
+- test/force_ssl_test.rb
 - test/helper.rb
+- test/hmote_test.rb
+- test/hsts_test.rb
 - test/json_test.rb
 - test/matchers_test.rb
 - test/middleware_test.rb
@@ -161,7 +152,6 @@ files:
 - test/render_test.rb
 - test/secure_headers_test.rb
 - test/session_test.rb
-- test/ssl_test.rb
 - test/static_test.rb
 homepage: https://github.com/frodsan/tynn
 licenses:
@@ -190,9 +180,12 @@ summary: Thin library to create web applications
 test_files:
 - test/all_methods_test.rb
 - test/core_test.rb
+- test/default_headers_test.rb
 - test/environment_test.rb
-- test/erubis_test.rb
+- test/force_ssl_test.rb
 - test/helper.rb
+- test/hmote_test.rb
+- test/hsts_test.rb
 - test/json_test.rb
 - test/matchers_test.rb
 - test/middleware_test.rb
@@ -201,5 +194,5 @@ test_files:
 - test/render_test.rb
 - test/secure_headers_test.rb
 - test/session_test.rb
-- test/ssl_test.rb
 - test/static_test.rb
+has_rdoc: 

data/lib/tynn/erubis.rb

@@ -1,17 +0,0 @@
-require "erubis"
-require_relative "render"
-
-class Tynn
-  module Erubis
-    def self.setup(app, options = {}) # :nodoc:
-      options = options.dup
-
-      options[:options] ||= {}
-      options[:options] = {
-        escape_html: true
-      }.merge!(options[:options])
-
-      app.helpers(Tynn::Render, options)
-    end
-  end
-end

data/lib/tynn/ssl.rb

@@ -1,73 +0,0 @@
-class Tynn
-  module SSL
-    def self.setup(app, hsts: {}) # :nodoc:
-      app.use(Tynn::SSL::Middleware, hsts: hsts)
-    end
-
-    class Middleware # :nodoc:
-      def initialize(app, hsts: {})
-        @app = app
-        @hsts_header = build_hsts_header(hsts)
-      end
-
-      def call(env)
-        request = Rack::Request.new(env)
-
-        unless request.ssl?
-          return [301, redirect_headers(request), []]
-        end
-
-        result = @app.call(env)
-
-        set_hsts_header(result[1])
-        set_cookies_as_secure(result[1])
-
-        return result
-      end
-
-      private
-
-      HSTS_HEADER = "Strict-Transport-Security".freeze
-      HSTS_EXPIRE = 15_552_000 # 180 days
-
-      def build_hsts_header(options)
-        header = sprintf("max-age=%i", options.fetch(:expires, HSTS_EXPIRE))
-        header << "; includeSubdomains" if options.fetch(:subdomains, true)
-        header << "; preload" if options[:preload]
-
-        return header
-      end
-
-      def redirect_headers(request)
-        return {
-          "Content-Type" => "text/html",
-          "Location" => https_location(request)
-        }
-      end
-
-      HTTPS_LOCATION = "https://%s%s".freeze
-
-      def https_location(request)
-        return sprintf(HTTPS_LOCATION, request.host, request.fullpath)
-      end
-
-      def set_hsts_header(headers)
-        headers[HSTS_HEADER] = @hsts_header
-      end
-
-      COOKIE_HEADER = "Set-Cookie".freeze
-      COOKIE_SEPARATOR = "\n".freeze
-      COOKIE_REGEXP = /;\s*secure\s*(;|$)/i
-
-      def set_cookies_as_secure(headers)
-        return unless cookies = headers[COOKIE_HEADER]
-
-        cookies = cookies.split(COOKIE_SEPARATOR).map do |cookie|
-          (cookie !~ COOKIE_REGEXP) ?  "#{ cookie }; secure" : cookie
-        end
-
-        headers[COOKIE_HEADER] = cookies.join(COOKIE_SEPARATOR)
-      end
-    end
-  end
-end

data/test/erubis_test.rb

@@ -1,20 +0,0 @@
-require_relative "../lib/tynn/erubis"
-
-setup do
-  Tynn.helpers(Tynn::Erubis, views: File.expand_path("./test/views"))
-
-  Tynn::Test.new
-end
-
-test "escapes" do |app|
-  Tynn.define do
-    root do
-      res.write(partial("partial", name: "<a></a>"))
-    end
-  end
-
-  app = Tynn::Test.new
-  app.get("/")
-
-  assert_equal "&lt;a&gt;&lt;/a&gt;", app.res.body.strip
-end

data/test/ssl_test.rb

@@ -1,82 +0,0 @@
-require_relative "../lib/tynn/ssl"
-
-setup do
-  Tynn::Test.new
-end
-
-test "redirects to https" do |app|
-  Tynn.helpers(Tynn::SSL)
-
-  Tynn.define do
-  end
-
-  app.get("/")
-
-  assert_equal 301, app.res.status
-  assert_equal "https://example.org/", app.res.location
-end
-
-test "https request" do |app|
-  Tynn.helpers(Tynn::SSL)
-
-  Tynn.define do
-    root do
-      res.write("secure")
-    end
-  end
-
-  app.get("/", {}, "HTTPS" => "on")
-
-  assert_equal "secure", app.res.body
-end
-
-test "hsts header" do |app|
-  Tynn.helpers(Tynn::SSL)
-
-  Tynn.define do
-  end
-
-  app = Tynn::Test.new
-  app.get("/", {}, "HTTPS" => "on")
-
-  header = app.res.headers["Strict-Transport-Security"]
-
-  assert_equal "max-age=15552000; includeSubdomains", header
-end
-
-test "hsts header options" do |app|
-  Tynn.helpers(Tynn::SSL, hsts: {
-    expires: 1,
-    subdomains: false,
-    preload: true
-  })
-
-  Tynn.define do
-  end
-
-  app = Tynn::Test.new
-  app.get("/", {}, "HTTPS" => "on")
-
-  header = app.res.headers["Strict-Transport-Security"]
-
-  assert_equal "max-age=1; preload", header
-end
-
-test "secure cookies" do |app|
-  Tynn.helpers(Tynn::SSL)
-
-  Tynn.define do
-    get do
-      res.set_cookie("first", "cookie")
-      res.set_cookie("other", "cookie")
-    end
-  end
-
-  app = Tynn::Test.new
-  app.get("/", {}, "HTTPS" => "on")
-
-  first, other = app.res.headers["Set-Cookie"].split("\n")
-
-  assert_equal "first=cookie; secure", first
-  assert_equal "other=cookie; secure", other
-end