vigetlabs-garb 0.2.2 → 0.2.3

data/README.md

@@ -8,7 +8,7 @@ garb
 Changes
 =======
 
-  Version 0.2.0 makes major changes to the way garb is used to build reports.
+  Version 0.2.0 makes major changes (compared to 0.1.0) to the way garb is used to build reports.
   There is now both a module that gets included for generating defined classes.
   As well as, slight changes to the way that the Report class can be used.
 
@@ -131,6 +131,19 @@ Filtering
   
     report.filters << {:request_uri.eql => '/extend/effectively-using-git-with-subversion/'}
 
+SSL
+---
+
+  Version 0.2.3 includes support for real ssl encryption for authentication. First do:
+
+    Garb::Session.login(username, password, :secure => true)
+
+  Next, be sure to download http://curl.haxx.se/ca/cacert.pem into your application somewhere.
+  Then, define a constant CA_CERT_FILE and point to that file.
+
+  For whatever reason, simply create a new certificate store and setting the defaults would
+  not validate the google ssl certificate as authentic.
+
 TODOS
 -----
 

data/lib/garb/authentication_request.rb

@@ -23,31 +23,30 @@ module Garb
       URI.parse(URL)
     end
     
-    def send_request      
+    def send_request(ssl_mode)
       http = Net::HTTP.new(uri.host, uri.port)
       http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-      http.cert_store = cert_store
+      http.verify_mode = ssl_mode
+
+      if ssl_mode == OpenSSL::SSL::VERIFY_PEER
+        http.ca_file = CA_CERT_FILE
+      end
+
       http.request(build_request) do |response|
         raise AuthError unless response.is_a?(Net::HTTPOK)
       end
     end
 
-    def cert_store
-      store = OpenSSL::X509::Store.new
-      store.set_default_paths
-      store
-    end
-
     def build_request
       post = Net::HTTP::Post.new(uri.path)
       post.set_form_data(parameters)
       post
     end
     
-    def auth_token
-      send_request.body.match(/^Auth=(.*)$/)[1]
+    def auth_token(opts={})
+      ssl_mode = opts[:secure] ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
+      send_request(ssl_mode).body.match(/^Auth=(.*)$/)[1]
     end
-    
+
   end
 end

data/lib/garb/session.rb

@@ -1,16 +1,16 @@
 module Garb
   class Session
     
-    def self.login(email, password)
+    def self.login(email, password, opts={})
       @email = email
       auth_request = AuthenticationRequest.new(email, password)
-      @auth_token = auth_request.auth_token
+      @auth_token = auth_request.auth_token(opts)
     end
-    
+
     def self.auth_token
       @auth_token
     end
-    
+
     def self.email
       @email
     end

data/lib/garb/version.rb

@@ -3,7 +3,7 @@ module Garb
 
     MAJOR = 0
     MINOR = 2
-    TINY  = 2
+    TINY  = 3
 
     def self.to_s # :nodoc:
       [MAJOR, MINOR, TINY].join('.')

data/test/fixtures/cacert.pem

@@ -0,0 +1,67 @@
+##
+## cacert.pem-foo -- Bundle of CA Root Certificates
+##
+## Converted at: Thu Mar 26 21:23:06 2009 UTC
+##
+## This is a bundle of X.509 certificates of public Certificate Authorities
+## (CA). These were automatically extracted from Mozilla's root certificates
+## file (certdata.txt).  This file can be found in the mozilla source tree:
+## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'
+##
+## It contains the certificates in PEM format and therefore
+## can be directly used with curl / libcurl / php_curl, or with
+## an Apache+mod_ssl webserver for SSL client authentication.
+## Just configure this file as the SSLCACertificateFile.
+##
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+# @(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $
+
+Verisign/RSA Secure Server CA
+=============================
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx
+IDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVow
+XzELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQL
+EyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
+A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII0haGN1Xp
+sSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphIuR2nKRoTLkoRWZweFdVJ
+VCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZIhvcNAQECBQADfgBl3X7hsuyw4jrg7HFG
+mhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2
+qUtN8iD3zV9/ZHuO3ABc1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----

data/test/unit/authentication_request_test.rb

@@ -1,5 +1,7 @@
 require File.join(File.dirname(__FILE__), '..', '/test_helper')
 
+CA_CERT_FILE = File.join(File.dirname(__FILE__), '..', '/cacert.pem')
+
 module Garb
   class AuthenticationRequestTest < Test::Unit::TestCase
     
@@ -25,22 +27,37 @@ module Garb
         assert_equal URI.parse('https://www.google.com/accounts/ClientLogin'), @request.uri
       end
 
-      should "be able to send a request to the GAAPI service" do        
+      should "be able to send a request to the GAAPI service with proper ssl" do        
         @request.expects(:build_request).returns('post')
-        @request.stubs(:cert_store).returns('cert_store')
 
         response = mock {|m| m.expects(:is_a?).with(Net::HTTPOK).returns(true) }
 
         http = mock do |m|
           m.expects(:use_ssl=).with(true)
           m.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
-          m.expects(:cert_store=).with('cert_store')
+          m.expects(:ca_file=).with(CA_CERT_FILE)
+          m.expects(:request).with('post').yields(response)
+        end
+        
+        Net::HTTP.expects(:new).with('www.google.com', 443).returns(http)
+
+        @request.send_request(OpenSSL::SSL::VERIFY_PEER)
+      end
+
+      should "be able to send a request to the GAAPI service with ignoring ssl" do        
+        @request.expects(:build_request).returns('post')
+
+        response = mock {|m| m.expects(:is_a?).with(Net::HTTPOK).returns(true) }
+
+        http = mock do |m|
+          m.expects(:use_ssl=).with(true)
+          m.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
           m.expects(:request).with('post').yields(response)
         end
         
         Net::HTTP.expects(:new).with('www.google.com', 443).returns(http)
 
-        @request.send_request
+        @request.send_request(OpenSSL::SSL::VERIFY_NONE)
       end
       
       should "be able to build a request for the GAAPI service" do
@@ -54,42 +71,45 @@ module Garb
 
         @request.build_request
       end
-
-      should "have a cert store" do
-        cert_store = mock(:set_default_paths)
-        OpenSSL::X509::Store.expects(:new).returns(cert_store)
-        assert_equal cert_store, @request.cert_store
-      end
       
       should "be able to retrieve an auth_token from the body" do
         response_data =
           "SID=mysid\n" +
           "LSID=mylsid\n" +
           "Auth=auth_token\n"
-          
-        @request.expects(:send_request).with().returns(stub(:body => response_data))
-        
+
+        @request.expects(:send_request).with(OpenSSL::SSL::VERIFY_NONE).returns(stub(:body => response_data))
+
         assert_equal 'auth_token', @request.auth_token
       end
+
+      should "use VERIFY_PEER if auth_token needs to be secure" do
+        response_data =
+          "SID=mysid\n" +
+          "LSID=mylsid\n" +
+          "Auth=auth_token\n"
+
+        @request.expects(:send_request).with(OpenSSL::SSL::VERIFY_PEER).returns(stub(:body => response_data))
+
+        assert_equal 'auth_token', @request.auth_token(:secure => true)
+      end
       
       should "raise an exception when requesting an auth_token when the authorization fails" do
         @request.stubs(:build_request)
-        @request.stubs(:cert_store)
         response = mock do |m|
           m.expects(:is_a?).with(Net::HTTPOK).returns(false)
         end
-        
+
         http = stub do |s|
           s.stubs(:use_ssl=)
           s.stubs(:verify_mode=)
-          s.stubs(:cert_store=)
           s.stubs(:request).yields(response)
         end
-        
+
         Net::HTTP.stubs(:new).with('www.google.com', 443).returns(http)
         
         assert_raise(Garb::AuthenticationRequest::AuthError) do
-          @request.send_request
+          @request.send_request(OpenSSL::SSL::VERIFY_NONE)
         end
       end
       

data/test/unit/session_test.rb

@@ -6,12 +6,20 @@ module Garb
     context "The Session class" do
       
       should "be able retrieve an auth_token for a user" do
-        auth_request = mock {|m| m.expects(:auth_token).with().returns('toke') }
+        auth_request = mock {|m| m.expects(:auth_token).with({}).returns('toke') }
         AuthenticationRequest.expects(:new).with('email', 'password').returns(auth_request)
-        
+
         Session.login('email', 'password')
         assert_equal 'toke', Session.auth_token
       end
+
+      should "be able retrieve an auth_token for a user with secure ssl" do
+        auth_request = mock {|m| m.expects(:auth_token).with({:secure => true}).returns('toke') }
+        AuthenticationRequest.expects(:new).with('email', 'password').returns(auth_request)
+
+        Session.login('email', 'password', :secure => true)
+        assert_equal 'toke', Session.auth_token
+      end
       
       should "retain the email address for this session" do
         AuthenticationRequest.stubs(:new).returns(stub(:auth_token => 'toke'))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: vigetlabs-garb
 version: !ruby/object:Gem::Version 
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors: 
 - Tony Pitale
@@ -53,6 +53,7 @@ files:
 - lib/garb/version.rb
 - lib/garb.rb
 - test/fixtures
+- test/fixtures/cacert.pem
 - test/fixtures/profile_feed.xml
 - test/fixtures/report_feed.xml
 - test/test_helper.rb
@@ -98,6 +99,7 @@ specification_version: 2
 summary: Google Analytics API Ruby Wrapper
 test_files: 
 - test/fixtures
+- test/fixtures/cacert.pem
 - test/fixtures/profile_feed.xml
 - test/fixtures/report_feed.xml
 - test/test_helper.rb