vines 0.4.9 → 0.4.10

data/lib/vines/stream/http/request.rb

@@ -25,13 +25,22 @@ module Vines
 
         attr_reader :stream, :body, :headers, :method, :path, :url, :query
 
+        # Create a new request parsed from an HTTP client connection. We'll try
+        # to keep this request open until there are stanzas available to send
+        # as a response.
+        #
+        # stream - The Stream::Http client connection that received the request.
+        # parser - The Http::Parser that parsed the HTTP request.
+        # body   - The String request body.
         def initialize(stream, parser, body)
-          @stream, @body = stream, body
+          uri       = URI(parser.request_url)
+          @stream   = stream
+          @body     = body
           @headers  = parser.headers
           @method   = parser.http_method
-          @path     = parser.request_path
           @url      = parser.request_url
-          @query    = parser.query_string
+          @path     = uri.path
+          @query    = uri.query
           @received = Time.now
         end
 
@@ -44,10 +53,12 @@ module Vines
         # directory. Take care to prevent directory traversal attacks with paths
         # like ../../../etc/passwd. Use the If-Modified-Since request header
         # to implement caching.
+        #
+        # Returns nothing.
         def reply_with_file(dir)
           path = File.expand_path(File.join(dir, @path))
 
-          # redirect requests missing a slash so relative links work
+          # Redirect requests missing a slash so relative links work.
           if File.directory?(path) && !@path.end_with?('/')
             send_status(301, MOVED, "Location: #{redirect_uri}")
             return
@@ -69,6 +80,8 @@ module Vines
 
         # Send an HTTP 200 OK response wrapping the XMPP node content back
         # to the client.
+        #
+        # Returns nothing.
         def reply(node, content_type)
           body = node.to_s
           header = [
@@ -90,6 +103,8 @@ module Vines
         # Send a 200 OK response, allowing any origin domain to connect to the
         # server, in response to CORS preflight OPTIONS requests. This allows
         # any web application using strophe.js to connect to our BOSH port.
+        #
+        # Returns nothing.
         def reply_to_options
           allow = @headers['Access-Control-Request-Headers']
           headers = [
@@ -107,6 +122,8 @@ module Vines
         # wasn't sent by the client, just return the relative path that
         # was requested. The Location response header must contain the fully
         # qualified URI, but most browsers will accept relative paths as well.
+        #
+        # Returns the String URL.
         def redirect_uri
           host = headers['Host']
           uri = "#{path}/"
@@ -137,6 +154,8 @@ module Vines
         # Stream the contents of the file to the client in a 200 OK response.
         # Send a Last-Modified response header so clients can send us an
         # If-Modified-Since request header for caching.
+        #
+        # Returns nothing.
         def send_file(path, status=200, message='OK')
           header = [
             "HTTP/1.1 #{status} #{message}",
@@ -162,6 +181,8 @@ module Vines
         # HTTP server. Reverse proxy servers (nginx/apache) can use this cookie
         # to implement sticky sessions. Return nil if vroute was not set in
         # config.rb and no cookie should be sent.
+        #
+        # Returns a String cookie value or nil if disabled.
         def vroute_cookie
           route = @stream.config[:http].vroute
           route ? "Set-Cookie: vroute=#{route}; path=/; HttpOnly" : nil
@@ -169,4 +190,4 @@ module Vines
       end
     end
   end
-end
+end

data/lib/vines/stream/http/session.rb

@@ -73,6 +73,10 @@ module Vines
 
         # Send an HTTP 200 OK response wrapping the XMPP node content back
         # to the client.
+        #
+        # node - The XML::Node to send to the client.
+        #
+        # Returns nothing.
         def reply(node)
           if request = @requests.shift
             request.reply(node, @content_type)
@@ -83,6 +87,10 @@ module Vines
         # Write the XMPP node to the client stream after wrapping it in a BOSH
         # body tag. If there's a waiting request, the node is written
         # immediately. If not, it's queued until the next request arrives.
+        #
+        # data - The XML String or XML::Node to send in the next HTTP response.
+        #
+        # Returns nothing.
         def write(node)
           if request = @requests.shift
             request.reply(wrap_body(node), @content_type)

data/lib/vines/stream/server.rb

@@ -125,23 +125,29 @@ module Vines
 
       private
 
-      # The +to+ and +from+ domain addresses set on the initial stream header
+      # The `to` and `from` domain addresses set on the initial stream header
       # must not change during stream restarts. This prevents a server from
       # authenticating as one domain, then sending stanzas from users in a
       # different domain.
+      #
+      # to   - The String domain the other server thinks we are.
+      # from - The String domain the other server is asserting as its identity.
+      #
+      # Returns true if the other server is misbehaving and its connection
+      #   should be closed.
       def domain_change?(to, from)
         to != @domain || from != @remote_domain
       end
 
       def send_stream_header
         attrs = {
-          'xmlns' => NAMESPACES[:server],
+          'xmlns'        => NAMESPACES[:server],
           'xmlns:stream' => NAMESPACES[:stream],
-          'xml:lang' => 'en',
-          'id' => Kit.uuid,
-          'from' => @domain,
-          'to' => @remote_domain,
-          'version' => '1.0'
+          'xml:lang'     => 'en',
+          'id'           => Kit.uuid,
+          'from'         => @domain,
+          'to'           => @remote_domain,
+          'version'      => '1.0'
         }
         write "<stream:stream %s>" % attrs.to_a.map{|k,v| "#{k}='#{v}'"}.join(' ')
       end

data/lib/vines/version.rb

@@ -1,5 +1,5 @@
 # encoding: UTF-8
 
 module Vines
-  VERSION = '0.4.9'
+  VERSION = '0.4.10'
 end

data/test/store_test.rb

@@ -3,96 +3,113 @@
 require 'test_helper'
 
 describe Vines::Store do
-  before do
-    dir = 'conf/certs'
-
-    domain, key = certificate('wonderland.lit')
-    File.open("#{dir}/wonderland.lit.crt", 'w') {|f| f.write(domain) }
-    File.open("#{dir}/wonderland.lit.key", 'w') {|f| f.write(key) }
-
-    wildcard, key = certificate('*.wonderland.lit')
-    File.open("#{dir}/wildcard.lit.crt", 'w') {|f| f.write(wildcard) }
-    File.open("#{dir}/wildcard.lit.key", 'w') {|f| f.write(key) }
+  let(:dir) { 'conf/certs' }
+  let(:domain_pair) { certificate('wonderland.lit') }
+  let(:wildcard_pair) { certificate('*.wonderland.lit') }
+  subject { Vines::Store.new(dir) }
 
-    @store = Vines::Store.new('conf/certs')
+  before do
+    @files =
+      save('wonderland.lit', domain_pair) +
+      save('wildcard.lit', wildcard_pair) +
+      save('duplicate.lit', domain_pair)
   end
 
   after do
-    %w[wonderland.lit.crt wonderland.lit.key wildcard.lit.crt wildcard.lit.key].each do |f|
-      name = "conf/certs/#{f}"
+    @files.each do |name|
       File.delete(name) if File.exists?(name)
     end
   end
 
-  it 'parses certificate files' do
-    refute @store.certs.empty?
-    assert_equal OpenSSL::X509::Certificate, @store.certs.first.class
-  end
+  describe 'creating a store' do
+    it 'parses certificate files' do
+      refute subject.certs.empty?
+      assert_equal OpenSSL::X509::Certificate, subject.certs.first.class
+    end
+
+    it 'ignores expired certificates' do
+      assert subject.certs.all? {|c| c.not_after > Time.new }
+    end
 
-  it 'ignores expired certificates' do
-    assert @store.certs.all? {|c| c.not_after > Time.new }
+    it 'does not raise an error for duplicate certificates' do
+      assert Vines::Store.new(dir)
+    end
   end
 
   describe 'files_for_domain' do
     it 'handles invalid input' do
-      assert_nil @store.files_for_domain(nil)
-      assert_nil @store.files_for_domain('')
+      assert_nil subject.files_for_domain(nil)
+      assert_nil subject.files_for_domain('')
     end
 
     it 'finds files by name' do
-      refute_nil @store.files_for_domain('wonderland.lit')
-      cert, key = @store.files_for_domain('wonderland.lit')
+      refute_nil subject.files_for_domain('wonderland.lit')
+      cert, key = subject.files_for_domain('wonderland.lit')
       assert_certificate_matches_key cert, key
       assert_equal 'wonderland.lit.crt', File.basename(cert)
       assert_equal 'wonderland.lit.key', File.basename(key)
     end
 
     it 'finds files for wildcard' do
-      refute_nil @store.files_for_domain('foo.wonderland.lit')
-      cert, key = @store.files_for_domain('foo.wonderland.lit')
+      refute_nil subject.files_for_domain('foo.wonderland.lit')
+      cert, key = subject.files_for_domain('foo.wonderland.lit')
       assert_certificate_matches_key cert, key
       assert_equal 'wildcard.lit.crt', File.basename(cert)
       assert_equal 'wildcard.lit.key', File.basename(key)
     end
   end
 
+  describe 'trusted?' do
+    it 'does not trust malformed certificates' do
+      refute subject.trusted?('bogus')
+    end
+
+    it 'does not trust unsigned certificates' do
+      pair = certificate('something.lit')
+      refute subject.trusted?(pair.cert)
+    end
+  end
+
   describe 'domain?' do
     it 'handles invalid input' do
-      cert, key = certificate('wonderland.lit')
-      refute @store.domain?(nil, nil)
-      refute @store.domain?(cert, nil)
-      refute @store.domain?(cert, '')
-      refute @store.domain?(nil, '')
-      assert @store.domain?(cert, 'wonderland.lit')
+      pair = certificate('wonderland.lit')
+      refute subject.domain?(nil, nil)
+      refute subject.domain?(pair.cert, nil)
+      refute subject.domain?(pair.cert, '')
+      refute subject.domain?(nil, '')
+      assert subject.domain?(pair.cert, 'wonderland.lit')
     end
 
     it 'verifies certificate subject domains' do
-      cert, key = certificate('wonderland.lit')
-      refute @store.domain?(cert, 'bogus')
-      refute @store.domain?(cert, 'www.wonderland.lit')
-      assert @store.domain?(cert, 'wonderland.lit')
+      pair = certificate('wonderland.lit')
+      refute subject.domain?(pair.cert, 'bogus')
+      refute subject.domain?(pair.cert, 'www.wonderland.lit')
+      assert subject.domain?(pair.cert, 'wonderland.lit')
     end
 
     it 'verifies certificate subject alt domains' do
-      cert, key = certificate('wonderland.lit', 'www.wonderland.lit')
-      refute @store.domain?(cert, 'bogus')
-      refute @store.domain?(cert, 'tea.wonderland.lit')
-      assert @store.domain?(cert, 'www.wonderland.lit')
-      assert @store.domain?(cert, 'wonderland.lit')
+      pair = certificate('wonderland.lit', 'www.wonderland.lit')
+      refute subject.domain?(pair.cert, 'bogus')
+      refute subject.domain?(pair.cert, 'tea.wonderland.lit')
+      assert subject.domain?(pair.cert, 'www.wonderland.lit')
+      assert subject.domain?(pair.cert, 'wonderland.lit')
     end
 
     it 'verifies certificate wildcard domains' do
-      cert, key = certificate('wonderland.lit', '*.wonderland.lit')
-      refute @store.domain?(cert, 'bogus')
-      refute @store.domain?(cert, 'one.two.wonderland.lit')
-      assert @store.domain?(cert, 'tea.wonderland.lit')
-      assert @store.domain?(cert, 'www.wonderland.lit')
-      assert @store.domain?(cert, 'wonderland.lit')
+      pair = certificate('wonderland.lit', '*.wonderland.lit')
+      refute subject.domain?(pair.cert, 'bogus')
+      refute subject.domain?(pair.cert, 'one.two.wonderland.lit')
+      assert subject.domain?(pair.cert, 'tea.wonderland.lit')
+      assert subject.domain?(pair.cert, 'www.wonderland.lit')
+      assert subject.domain?(pair.cert, 'wonderland.lit')
     end
   end
 
   private
 
+  # A public certificate + private key pair.
+  Pair = Struct.new(:cert, :key)
+
   def assert_certificate_matches_key(cert, key)
     refute_nil cert
     refute_nil key
@@ -102,7 +119,7 @@ describe Vines::Store do
   end
 
   def certificate(domain, altname=nil)
-    # use small key so tests are fast
+    # Use small key so tests are fast.
     key = OpenSSL::PKey::RSA.generate(256)
 
     name = OpenSSL::X509::Name.parse("/C=US/ST=Colorado/L=Denver/O=Test/CN=#{domain}")
@@ -125,6 +142,21 @@ describe Vines::Store do
       ].map {|k, v| factory.create_ext(k, v) }
     end
 
-    [cert.to_pem, key.to_pem]
+    Pair.new(cert.to_pem, key.to_pem)
+  end
+
+  # Write the domain's certificate and private key files to the filesystem for
+  # the store to use.
+  #
+  # domain - The domain name String to use in the file name (e.g. wonderland.lit).
+  # pair   - The Pair containing the public certificate and private key data.
+  #
+  # Returns a String Array of file names that were written.
+  def save(domain, pair)
+    crt = File.expand_path("#{domain}.crt", dir)
+    key = File.expand_path("#{domain}.key", dir)
+    File.open(crt, 'w') {|f| f.write(pair.cert) }
+    File.open(key, 'w') {|f| f.write(pair.key) }
+    [crt, key]
   end
 end

data/test/stream/http/request_test.rb

@@ -3,20 +3,13 @@
 require 'test_helper'
 
 describe Vines::Stream::Http::Request do
-  PASSWORD = File.expand_path('../passwords')
-  INDEX    = File.expand_path('index.html')
+  PASSWORD = File.expand_path('../passwords').freeze
+  INDEX    = File.expand_path('index.html').freeze
 
   before do
     File.open(PASSWORD, 'w') {|f| f.puts '/etc/passwd contents' }
     File.open(INDEX, 'w') {|f| f.puts 'index.html contents' }
-
     @stream = MiniTest::Mock.new
-    @parser = MiniTest::Mock.new
-    @parser.expect(:headers, {'Content-Type' => 'text/html', 'Host' => 'wonderland.lit'})
-    @parser.expect(:http_method, 'GET')
-    @parser.expect(:request_path, '/blogs/12')
-    @parser.expect(:request_url, '/blogs/12?ok=true')
-    @parser.expect(:query_string, 'ok=true')
   end
 
   after do
@@ -26,21 +19,26 @@ describe Vines::Stream::Http::Request do
 
   describe 'initialize' do
     it 'copies request info from parser' do
-      request = Vines::Stream::Http::Request.new(@stream, @parser, '<html></html>')
-      assert_equal request.headers, {'Content-Type' => 'text/html', 'Host' => 'wonderland.lit'}
+      headers = ['Host: wonderland.lit', 'Content-Type: text/html']
+      parser = parser('GET', '/blogs/12?ok=true', headers)
+      request = Vines::Stream::Http::Request.new(@stream, parser, '<html></html>')
+
+      assert_equal request.headers, {'Host' => 'wonderland.lit', 'Content-Type' => 'text/html'}
       assert_equal request.method, 'GET'
       assert_equal request.path, '/blogs/12'
       assert_equal request.url, '/blogs/12?ok=true'
       assert_equal request.query, 'ok=true'
       assert_equal request.body, '<html></html>'
       assert @stream.verify
-      assert @parser.verify
     end
   end
 
   describe 'reply_with_file' do
     it 'returns 404 file not found' do
-      request = Vines::Stream::Http::Request.new(@stream, @parser, '<html></html>')
+      headers = ['Host: wonderland.lit', 'Content-Type: text/html']
+      parser = parser('GET', '/blogs/12?ok=true', headers)
+      request = Vines::Stream::Http::Request.new(@stream, parser, '<html></html>')
+
       headers = [
         "HTTP/1.1 404 Not Found",
         "Content-Length: 0"
@@ -50,17 +48,11 @@ describe Vines::Stream::Http::Request do
 
       request.reply_with_file(Dir.pwd)
       assert @stream.verify
-      assert @parser.verify
     end
 
     it 'prevents directory traversal with 404 response' do
-      parser = MiniTest::Mock.new
-      parser.expect(:headers, {'Content-Type' => 'text/html', 'Host' => 'wonderland.lit'})
-      parser.expect(:http_method, 'GET')
-      parser.expect(:request_path, '/../passwords')
-      parser.expect(:request_url, '/../passwords')
-      parser.expect(:query_string, '')
-
+      headers = ['Host: wonderland.lit', 'Content-Type: text/html']
+      parser = parser('GET', '/../passwords', headers)
       request = Vines::Stream::Http::Request.new(@stream, parser, '<html></html>')
 
       headers = [
@@ -72,17 +64,11 @@ describe Vines::Stream::Http::Request do
 
       request.reply_with_file(Dir.pwd)
       assert @stream.verify
-      assert parser.verify
     end
 
     it 'serves index.html for directory request' do
-      parser = MiniTest::Mock.new
-      parser.expect(:headers, {'Content-Type' => 'text/html', 'Host' => 'wonderland.lit'})
-      parser.expect(:http_method, 'GET')
-      parser.expect(:request_path, '/')
-      parser.expect(:request_url, '/?ok=true')
-      parser.expect(:query_string, 'ok=true')
-
+      headers = ['Host: wonderland.lit', 'Content-Type: text/html']
+      parser = parser('GET', '/?ok=true', headers)
       request = Vines::Stream::Http::Request.new(@stream, parser, '<html></html>')
 
       mtime = File.mtime(INDEX).utc.strftime('%a, %d %b %Y %H:%M:%S GMT')
@@ -98,17 +84,11 @@ describe Vines::Stream::Http::Request do
 
       request.reply_with_file(Dir.pwd)
       assert @stream.verify
-      assert parser.verify
     end
 
     it 'redirects for missing trailing slash' do
-      parser = MiniTest::Mock.new
-      parser.expect(:headers, {'Content-Type' => 'text/html', 'Host' => 'wonderland.lit'})
-      parser.expect(:http_method, 'GET')
-      parser.expect(:request_path, '/http')
-      parser.expect(:request_url, '/http?ok=true')
-      parser.expect(:query_string, 'ok=true')
-
+      headers = ['Host: wonderland.lit', 'Content-Type: text/html']
+      parser = parser('GET', '/http?ok=true', headers)
       request = Vines::Stream::Http::Request.new(@stream, parser, '<html></html>')
 
       headers = [
@@ -121,23 +101,18 @@ describe Vines::Stream::Http::Request do
       # so the /http url above will work
       request.reply_with_file(File.expand_path('../../', __FILE__))
       assert @stream.verify
-      assert parser.verify
     end
   end
 
   describe 'reply_to_options' do
     it 'returns cors headers' do
-      parser = MiniTest::Mock.new
-      parser.expect(:headers, {
-        'Content-Type' => 'text/xml',
-        'Host' => 'wonderland.lit',
-        'Origin' => 'remote.wonderland.lit',
-        'Access-Control-Request-Headers' => 'Content-Type, Origin'})
-      parser.expect(:http_method, 'OPTIONS')
-      parser.expect(:request_path, '/xmpp')
-      parser.expect(:request_url, '/xmpp')
-      parser.expect(:query_string, '')
-
+      headers = [
+        'Content-Type: text/xml',
+        'Host: wonderland.lit',
+        'Origin: remote.wonderland.lit',
+        'Access-Control-Request-Headers: Content-Type, Origin'
+      ]
+      parser = parser('OPTIONS', '/xmpp', headers)
       request = Vines::Stream::Http::Request.new(@stream, parser, '')
 
       headers = [
@@ -152,7 +127,6 @@ describe Vines::Stream::Http::Request do
       @stream.expect(:stream_write, nil, ["#{headers}\r\n\r\n"])
       request.reply_to_options
       assert @stream.verify
-      assert parser.verify
     end
   end
 
@@ -168,6 +142,21 @@ describe Vines::Stream::Http::Request do
 
   private
 
+  # Create a parser that has completed one valid HTTP request.
+  #
+  # method  - The HTTP method String (e.g. 'GET', 'POST').
+  # url     - The request URL String (e.g. '/blogs/12?ok=true').
+  # headers - The optional Array of request headers.
+  #
+  # Returns an Http::Parser.
+  def parser(method, url, headers = [])
+    head = ["#{method} #{url} HTTP/1.1"].concat(headers).join("\r\n")
+    body = '<html></html>'
+    Http::Parser.new.tap do |parser|
+      parser << "%s\r\n\r\n%s" % [head, body]
+    end
+  end
+
   def reply_with_cookie(cookie)
     config = Vines::Config.new do
       host 'wonderland.lit' do
@@ -178,15 +167,12 @@ describe Vines::Stream::Http::Request do
       end
     end
 
-    parser = MiniTest::Mock.new
-    parser.expect(:headers, {
-      'Content-Type' => 'text/xml',
-      'Host' => 'wonderland.lit',
-      'Origin' => 'remote.wonderland.lit'})
-    parser.expect(:http_method, 'POST')
-    parser.expect(:request_path, '/xmpp')
-    parser.expect(:request_url, '/xmpp')
-    parser.expect(:query_string, '')
+    headers = [
+      'Content-Type: text/xml',
+      'Host: wonderland.lit',
+      'Origin: remote.wonderland.lit'
+    ]
+    parser = parser('POST', '/xmpp', headers)
 
     request = Vines::Stream::Http::Request.new(@stream, parser, '')
     message = '<message>hello</message>'
@@ -204,6 +190,5 @@ describe Vines::Stream::Http::Request do
     @stream.expect(:config, config)
     request.reply(message, 'application/xml')
     assert @stream.verify
-    assert parser.verify
   end
 end