wash-out 0.10.1

data/lib/wash_out/router.rb

@@ -0,0 +1,95 @@
+require 'nori'
+
+module WashOut
+  # This class is a Rack middleware used to route SOAP requests to a proper
+  # action of a given SOAP controller.
+  class Router
+    def initialize(controller_name)
+      @controller_name = "#{controller_name.to_s}_controller".camelize
+    end
+
+    def controller
+      @controller
+    end
+
+    def parse_soap_action(env)
+      return env['wash_out.soap_action'] if env['wash_out.soap_action']
+
+      soap_action = controller.soap_config.soap_action_routing ? env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
+                                                               : ''
+
+      if soap_action.blank?
+        parsed_soap_body = nori(controller.soap_config.snakecase_input).parse(soap_body env)
+        return nil if parsed_soap_body.blank?
+
+        soap_action = parsed_soap_body
+            .values_at(:envelope, :Envelope).compact.first
+            .values_at(:body, :Body).compact.first
+            .keys.first.to_s
+      end
+
+      # RUBY18 1.8 does not have force_encoding.
+      soap_action.force_encoding('UTF-8') if soap_action.respond_to? :force_encoding
+
+      if controller.soap_config.namespace
+        namespace = Regexp.escape controller.soap_config.namespace.to_s
+        soap_action.gsub!(/^(#{namespace}(\/|#)?)?([^"]*)$/, '\3')
+      end
+
+      env['wash_out.soap_action'] = soap_action
+    end
+
+    def nori(snakecase=false)
+      Nori.new(
+        :parser => controller.soap_config.parser,
+        :strip_namespaces => true,
+        :advanced_typecasting => true,
+        :convert_tags_to => (
+          snakecase ? lambda { |tag| tag.snakecase.to_sym }
+                    : lambda { |tag| tag.to_sym }
+        )
+      )
+    end
+
+    def soap_body(env)
+      body = env['rack.input']
+      body.rewind if body.respond_to? :rewind
+      body.respond_to?(:string) ? body.string : body.read
+    ensure
+      body.rewind if body.respond_to? :rewind
+    end
+
+    def parse_soap_parameters(env)
+      return env['wash_out.soap_data'] if env['wash_out.soap_data']
+
+      env['wash_out.soap_data'] = nori(controller.soap_config.snakecase_input).parse(soap_body env)
+      references = WashOut::Dispatcher.deep_select(env['wash_out.soap_data']){|k,v| v.is_a?(Hash) && v.has_key?(:@id)}
+
+      unless references.blank?
+        replaces = {}; references.each{|r| replaces['#'+r[:@id]] = r}
+        env['wash_out.soap_data'] = WashOut::Dispatcher.deep_replace_href(env['wash_out.soap_data'], replaces)
+      end
+
+      env['wash_out.soap_data']
+    end
+
+    def call(env)
+      @controller = @controller_name.constantize
+
+      soap_action     = parse_soap_action(env)
+      return [200, {}, ['OK']] if soap_action.blank?
+
+      soap_parameters = parse_soap_parameters(env)
+
+      action_spec = controller.soap_actions[soap_action]
+
+      if action_spec
+        action = action_spec[:to]
+      else
+        action = '_invalid_action'
+      end
+
+      controller.action(action).call(env)
+    end
+  end
+end

data/lib/wash_out/soap.rb

@@ -0,0 +1,48 @@
+require 'active_support/concern'
+
+module WashOut
+  module SOAP
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      attr_accessor :soap_actions
+
+      # Define a SOAP action +action+. The function has two required +options+:
+      # :args and :return. Each is a type +definition+ of format described in
+      # WashOut::Param#parse_def.
+      #
+      # An optional option :to can be passed to allow for names of SOAP actions
+      # which are not valid Ruby function names.
+      def soap_action(action, options={})
+        if action.is_a?(Symbol)
+          if soap_config.camelize_wsdl.to_s == 'lower'
+            options[:to] ||= action.to_s
+            action         = action.to_s.camelize(:lower)
+          elsif soap_config.camelize_wsdl
+            options[:to] ||= action.to_s
+            action         = action.to_s.camelize
+          end
+
+        end
+
+        default_response_tag = soap_config.camelize_wsdl ? 'Response' : '_response'
+        default_response_tag = action+default_response_tag
+
+        self.soap_actions[action] = options.merge(
+          :in           => WashOut::Param.parse_def(soap_config, options[:args]),
+          :request_tag  => options[:as] || action,
+          :out          => WashOut::Param.parse_def(soap_config, options[:return]),
+          :to           => options[:to] || action,
+          :response_tag => options[:response_tag] || default_response_tag
+        )
+      end
+    end
+
+    included do
+      include WashOut::Configurable
+      include WashOut::Dispatcher
+      include WashOut::WsseParams
+      self.soap_actions = {}
+    end
+  end
+end

data/lib/wash_out/soap_config.rb

@@ -0,0 +1,93 @@
+module WashOut
+  require 'forwardable'
+  # Configuration options for {Client}, defaulting to values
+  # in {Default}
+  class SoapConfig
+    extend Forwardable
+    DEFAULT_CONFIG = {
+      parser: :rexml,
+      namespace: 'urn:WashOut',
+      wsdl_style: 'rpc',
+      snakecase_input: false,
+      camelize_wsdl: false,
+      catch_xml_errors: false,
+      wsse_username: nil,
+      wsse_password: nil,
+      wsse_auth_callback: nil,
+      soap_action_routing: true,
+    }
+
+    attr_reader :config
+    def_delegators :@config, :[], :[]=, :sort
+
+
+    # The keys allowed
+    def self.keys
+      @keys ||= config.keys
+    end
+
+    def self.config
+      DEFAULT_CONFIG
+    end
+
+    def self.soap_accessor(*syms)
+      syms.each do |sym|
+
+        unless sym =~ /^[_A-Za-z]\w*$/
+          raise NameError.new("invalid class attribute name: #{sym}")
+        end
+        class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+          unless defined? @#{sym}
+            @#{sym} = nil
+          end
+
+          def #{sym}
+            @#{sym}
+          end
+
+          def #{sym}=(obj)
+            @#{sym} = obj
+          end
+        EOS
+      end
+    end
+
+    soap_accessor(*WashOut::SoapConfig.keys)
+
+    def initialize(options = {})
+      @config = {}
+      options.reverse_merge!(engine_config) if engine_config
+      options.reverse_merge!(DEFAULT_CONFIG)
+      configure options
+    end
+
+    def default?
+      DEFAULT_CONFIG.sort == config.sort
+    end
+
+    def configure(options = {})
+      @config.merge! validate_config!(options)
+
+      config.each do |key,value|
+        send("#{key}=", value)
+      end
+    end
+
+    private
+
+      def engine_config
+        @engine_config ||= WashOut::Engine.config.wash_out
+      end
+
+      def validate_config!(options = {})
+        rejected_keys = options.keys.reject do |key|
+          WashOut::SoapConfig.keys.include?(key)
+        end
+
+        if rejected_keys.any?
+          raise "The following keys are not allows: #{rejected_keys}\n Did you intend for one of the following? #{WashOut::SoapConfig.keys}"
+        end
+        options
+      end
+  end
+end

data/lib/wash_out/type.rb

@@ -0,0 +1,29 @@
+module WashOut
+  class Type
+
+    def self.type_name(value)
+      @param_type_name = value.to_s
+    end
+
+    def self.map(value)
+      raise RuntimeError, "Wrong definition: #{value.inspect}" unless value.is_a?(Hash)
+      @param_map = value
+    end
+
+    def self.wash_out_param_map
+      @param_map
+    end
+
+    def self.wash_out_param_name(soap_config = nil)
+      soap_config ||= WashOut::SoapConfig.new({})
+      @param_type_name ||= name.underscore.gsub '/', '.'
+
+      if soap_config.camelize_wsdl.to_s == 'lower'
+        @param_type_name = @param_type_name.camelize(:lower)
+      elsif soap_config.camelize_wsdl
+        @param_type_name = @param_type_name.camelize
+      end
+      @param_type_name
+    end
+  end
+end

data/lib/wash_out/version.rb

@@ -0,0 +1,3 @@
+module WashOut
+  VERSION = '0.10.1'.freeze
+end

data/lib/wash_out/wsse.rb

@@ -0,0 +1,101 @@
+module WashOut
+
+  module WsseParams
+    def wsse_username
+      if request.env['WSSE_TOKEN']
+        request.env['WSSE_TOKEN'].values_at(:username, :Username).compact.first
+      end
+    end
+  end
+
+  class Wsse
+    attr_reader :soap_config
+    def self.authenticate(soap_config, token)
+      wsse = self.new(soap_config, token)
+
+      unless wsse.eligible?
+        raise WashOut::Dispatcher::SOAPError, "Unauthorized"
+      end
+    end
+
+    def initialize(soap_config, token)
+      @soap_config = soap_config
+      if token.blank? && required?
+        raise WashOut::Dispatcher::SOAPError, "Missing required UsernameToken"
+      end
+      @username_token = token
+    end
+
+    def required?
+      !soap_config.wsse_username.blank? || auth_callback?
+    end
+
+    def auth_callback?
+      return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 2
+    end
+
+    def perform_auth_callback(user, password)
+      soap_config.wsse_auth_callback.call(user, password)
+    end
+
+    def expected_user
+      soap_config.wsse_username
+    end
+
+    def expected_password
+      soap_config.wsse_password
+    end
+
+    def matches_expected_digest?(password)
+      nonce     = @username_token.values_at(:nonce, :Nonce).compact.first
+      timestamp = @username_token.values_at(:created, :Created).compact.first
+      return false if nonce.nil? || timestamp.nil?
+      timestamp = timestamp.to_datetime
+
+      # Token should not be accepted if timestamp is older than 5 minutes ago
+      # http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
+      offset_in_minutes = ((DateTime.now - timestamp)* 24 * 60).to_i
+      return false if offset_in_minutes >= 5
+
+      # There are a few different implementations of the digest calculation
+
+      flavors = Array.new
+
+      # Ruby / Savon
+      token = nonce + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
+      flavors << Base64.encode64(Digest::SHA1.hexdigest(token)).chomp!
+
+      # Java
+      token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
+      flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
+
+      flavors.each do |f|
+        return true if f == password
+      end
+
+      return false
+    end
+
+    def eligible?
+      return true unless required?
+
+      user     = @username_token.values_at(:username, :Username).compact.first
+      password = @username_token.values_at(:password, :Password).compact.first
+
+      if (expected_user == user && matches_expected_digest?(password))
+        return true
+      end
+
+      if auth_callback?
+        return perform_auth_callback(user, password)
+      end
+
+      if (expected_user == user && expected_password == password)
+        return true
+      end
+
+      return false
+    end
+
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+
+Dummy::Application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag :all %>
+  <%= javascript_include_tag :defaults %>
+  <%= csrf_meta_tag %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/config/application.rb

@@ -0,0 +1,51 @@
+require File.expand_path('../boot', __FILE__)
+
+require "action_controller/railtie"
+require "rails/test_unit/railtie"
+
+if Rails::VERSION::MAJOR >= 4
+  # Ugly hack to make Rails 4 JRuby-compatible to escape Travis errors
+  Rails::Engine.class_eval do
+    def railties
+      @railties ||= self.class.const_get(:Railties).new
+    end
+  end
+end
+
+Bundler.require
+require "wash_out"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # JavaScript files you want as :defaults (application.js is always included).
+    # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+  end
+end