wash_out 0.11.0 → 0.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -28
- data/Appraisals +4 -1
- data/Gemfile +3 -1
- data/app/helpers/wash_out_helper.rb +4 -2
- data/gemfiles/rails_4.0.0.gemfile +2 -1
- data/gemfiles/rails_4.1.0.gemfile +2 -1
- data/gemfiles/rails_4.2.0.gemfile +2 -1
- data/gemfiles/rails_5.0.0.gemfile +2 -1
- data/gemfiles/rails_5.1.1.gemfile +20 -0
- data/lib/wash_out.rb +5 -3
- data/lib/wash_out/dispatcher.rb +6 -1
- data/lib/wash_out/engine.rb +1 -2
- data/lib/wash_out/router.rb +4 -1
- data/lib/wash_out/version.rb +1 -1
- data/lib/wash_out/wsse.rb +32 -27
- data/spec/dummy/app/controllers/application_controller.rb +1 -1
- data/spec/lib/wash_out_spec.rb +47 -3
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4fceeab03335d36c3f64b930cc9380f02f8ce364
|
4
|
+
data.tar.gz: c3001962354e7327d218defdc575d4a108c2a002
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: af7895f5b669386339ca1c26ff772764a3722e71ae9befeb759d4993be89a522c839c524682362d7c4d1250b46343cc3d5bf7847ed8c74c49d52278e909f4866
|
7
|
+
data.tar.gz: c8c62b42781fe3926f6680edddf50d87ab9f886a30f910815e32aff10527e134ea34d1e6b78535d961b49c5fa4adda4bc34cff4e4b94cf6ec9c0b15207d21d63
|
data/.travis.yml
CHANGED
@@ -1,38 +1,11 @@
|
|
1
1
|
script: bundle exec rspec
|
2
2
|
gemfile:
|
3
|
-
- gemfiles/rails_3.2.13.gemfile
|
4
3
|
- gemfiles/rails_4.0.0.gemfile
|
5
4
|
- gemfiles/rails_4.1.0.gemfile
|
6
5
|
- gemfiles/rails_4.2.0.gemfile
|
7
6
|
- gemfiles/rails_5.0.0.gemfile
|
7
|
+
- gemfiles/rails_5.1.1.gemfile
|
8
8
|
rvm:
|
9
|
-
- 1.9.3
|
10
|
-
- 2.0.0
|
11
|
-
- 2.1.8
|
12
|
-
- 2.2.4
|
13
9
|
- 2.3.0
|
14
|
-
- jruby
|
15
|
-
matrix:
|
16
|
-
exclude:
|
17
|
-
- rvm: 2.2.4
|
18
|
-
gemfile: gemfiles/rails_3.2.13.gemfile
|
19
|
-
- rvm: 2.3.0
|
20
|
-
gemfile: gemfiles/rails_3.2.13.gemfile
|
21
|
-
- rvm: 1.9.3
|
22
|
-
gemfile: gemfiles/rails_4.0.0.gemfile
|
23
|
-
- rvm: 1.9.3
|
24
|
-
gemfile: gemfiles/rails_4.2.0.gemfile
|
25
|
-
- rvm: jruby
|
26
|
-
gemfile: gemfiles/rails_4.2.0.gemfile
|
27
|
-
- rvm: 1.9.3
|
28
|
-
gemfile: gemfiles/rails_5.0.0.gemfile
|
29
|
-
- rvm: 2.0.0
|
30
|
-
gemfile: gemfiles/rails_5.0.0.gemfile
|
31
|
-
- rvm: 2.1.8
|
32
|
-
gemfile: gemfiles/rails_5.0.0.gemfile
|
33
|
-
- rvm: 2.2.4
|
34
|
-
gemfile: gemfiles/rails_5.0.0.gemfile
|
35
|
-
- rvm: jruby
|
36
|
-
gemfile: gemfiles/rails_5.0.0.gemfile
|
37
10
|
before_install:
|
38
11
|
- gem update bundler
|
data/Appraisals
CHANGED
data/Gemfile
CHANGED
@@ -3,13 +3,15 @@ module WashOutHelper
|
|
3
3
|
def wsdl_data_options(param)
|
4
4
|
case controller.soap_config.wsdl_style
|
5
5
|
when 'rpc'
|
6
|
-
if param.map.present? || param.value
|
6
|
+
if param.map.present? || !param.value.nil?
|
7
7
|
{ :"xsi:type" => param.namespaced_type }
|
8
8
|
else
|
9
9
|
{ :"xsi:nil" => true }
|
10
10
|
end
|
11
11
|
when 'document'
|
12
|
-
{
|
12
|
+
{}
|
13
|
+
else
|
14
|
+
{}
|
13
15
|
end
|
14
16
|
end
|
15
17
|
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# This file was generated by Appraisal
|
2
|
+
|
3
|
+
source "http://rubygems.org"
|
4
|
+
|
5
|
+
gem "wasabi"
|
6
|
+
gem "savon", ">= 2.0.0"
|
7
|
+
gem "httpi"
|
8
|
+
gem "rspec-rails"
|
9
|
+
gem "guard"
|
10
|
+
gem "guard-rspec"
|
11
|
+
gem "rb-fsevent"
|
12
|
+
gem "appraisal"
|
13
|
+
gem "tzinfo"
|
14
|
+
gem "pry"
|
15
|
+
gem "simplecov"
|
16
|
+
gem "simplecov-summary"
|
17
|
+
gem "rails", "5.1.1"
|
18
|
+
gem "railties", "5.1.1"
|
19
|
+
|
20
|
+
gemspec path: "../"
|
data/lib/wash_out.rb
CHANGED
@@ -60,9 +60,11 @@ ActionController::Metal.class_eval do
|
|
60
60
|
end
|
61
61
|
|
62
62
|
if Rails::VERSION::MAJOR >= 5
|
63
|
-
|
64
|
-
module
|
65
|
-
|
63
|
+
if defined?(ActionView::Rendering)
|
64
|
+
module ActionController
|
65
|
+
module ApiRendering
|
66
|
+
include ActionView::Rendering
|
67
|
+
end
|
66
68
|
end
|
67
69
|
end
|
68
70
|
|
data/lib/wash_out/dispatcher.rb
CHANGED
@@ -192,7 +192,12 @@ module WashOut
|
|
192
192
|
controller.send :"before_#{entity}", :_authenticate_wsse, :if => :soap_action?
|
193
193
|
controller.send :"before_#{entity}", :_map_soap_parameters, :if => :soap_action?
|
194
194
|
controller.send :"before_#{entity}", :_map_soap_headers, :if => :soap_action?
|
195
|
-
|
195
|
+
|
196
|
+
if defined?(Rails::VERSION::MAJOR) && (Rails::VERSION::MAJOR >= 5)
|
197
|
+
controller.send :"skip_before_#{entity}", :verify_authenticity_token, :raise => false
|
198
|
+
else
|
199
|
+
controller.send :"skip_before_#{entity}", :verify_authenticity_token
|
200
|
+
end
|
196
201
|
end
|
197
202
|
|
198
203
|
def self.deep_select(collection, result=[], &blk)
|
data/lib/wash_out/engine.rb
CHANGED
@@ -1,10 +1,9 @@
|
|
1
|
-
|
2
1
|
module WashOut
|
3
2
|
class Engine < ::Rails::Engine
|
4
3
|
config.wash_out = ActiveSupport::OrderedOptions.new
|
5
4
|
initializer "wash_out.configuration" do |app|
|
6
5
|
if app.config.wash_out[:catch_xml_errors]
|
7
|
-
app.config.middleware.insert_after
|
6
|
+
app.config.middleware.insert_after(ActionDispatch::ShowExceptions, WashOut::Middleware)
|
8
7
|
end
|
9
8
|
end
|
10
9
|
|
data/lib/wash_out/router.rb
CHANGED
@@ -14,7 +14,7 @@ module WashOut
|
|
14
14
|
|
15
15
|
app = x.app
|
16
16
|
app = app.app if app.respond_to?(:app)
|
17
|
-
if app.respond_to?(:routes)
|
17
|
+
if app.respond_to?(:routes) && app.routes.respond_to?(:routes)
|
18
18
|
lookup_soap_routes(controller_name, app.routes.routes, path+[x], &block)
|
19
19
|
end
|
20
20
|
end
|
@@ -31,6 +31,9 @@ module WashOut
|
|
31
31
|
routes.map{|x| x.format({})} # Rails 3.2
|
32
32
|
end
|
33
33
|
|
34
|
+
if Rails.application.config.relative_url_root.present?
|
35
|
+
path.prepend Rails.application.config.relative_url_root
|
36
|
+
end
|
34
37
|
return request.protocol + request.host_with_port + path.flatten.join('')
|
35
38
|
end
|
36
39
|
end
|
data/lib/wash_out/version.rb
CHANGED
data/lib/wash_out/wsse.rb
CHANGED
@@ -31,11 +31,11 @@ module WashOut
|
|
31
31
|
end
|
32
32
|
|
33
33
|
def auth_callback?
|
34
|
-
return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity ==
|
34
|
+
return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 4
|
35
35
|
end
|
36
36
|
|
37
|
-
def perform_auth_callback(user, password)
|
38
|
-
soap_config.wsse_auth_callback.call(user, password)
|
37
|
+
def perform_auth_callback(user, password, nonce, timestamp)
|
38
|
+
soap_config.wsse_auth_callback.call(user, password, nonce, timestamp)
|
39
39
|
end
|
40
40
|
|
41
41
|
def expected_user
|
@@ -46,10 +46,33 @@ module WashOut
|
|
46
46
|
soap_config.wsse_password
|
47
47
|
end
|
48
48
|
|
49
|
-
def
|
50
|
-
|
49
|
+
def eligible?
|
50
|
+
return true unless required?
|
51
|
+
|
52
|
+
user = @username_token.values_at(:username, :Username).compact.first
|
53
|
+
password = @username_token.values_at(:password, :Password).compact.first
|
54
|
+
|
55
|
+
nonce = @username_token.values_at(:nonce, :Nonce).compact.first
|
51
56
|
timestamp = @username_token.values_at(:created, :Created).compact.first
|
57
|
+
|
58
|
+
if (expected_user == user && self.class.matches_expected_digest?(expected_password, password, nonce, timestamp))
|
59
|
+
return true
|
60
|
+
end
|
61
|
+
|
62
|
+
if auth_callback?
|
63
|
+
return perform_auth_callback(user, password, nonce, timestamp)
|
64
|
+
end
|
65
|
+
|
66
|
+
if (expected_user == user && expected_password == password)
|
67
|
+
return true
|
68
|
+
end
|
69
|
+
|
70
|
+
return false
|
71
|
+
end
|
72
|
+
|
73
|
+
def self.matches_expected_digest?(expected_password, password, nonce, timestamp)
|
52
74
|
return false if nonce.nil? || timestamp.nil?
|
75
|
+
|
53
76
|
timestamp = timestamp.to_datetime
|
54
77
|
|
55
78
|
# Token should not be accepted if timestamp is older than 5 minutes ago
|
@@ -69,33 +92,15 @@ module WashOut
|
|
69
92
|
token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
|
70
93
|
flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
|
71
94
|
|
95
|
+
# SoapUI
|
96
|
+
token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%S.%3NZ") + expected_password
|
97
|
+
flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
|
98
|
+
|
72
99
|
flavors.each do |f|
|
73
100
|
return true if f == password
|
74
101
|
end
|
75
102
|
|
76
103
|
return false
|
77
104
|
end
|
78
|
-
|
79
|
-
def eligible?
|
80
|
-
return true unless required?
|
81
|
-
|
82
|
-
user = @username_token.values_at(:username, :Username).compact.first
|
83
|
-
password = @username_token.values_at(:password, :Password).compact.first
|
84
|
-
|
85
|
-
if (expected_user == user && matches_expected_digest?(password))
|
86
|
-
return true
|
87
|
-
end
|
88
|
-
|
89
|
-
if auth_callback?
|
90
|
-
return perform_auth_callback(user, password)
|
91
|
-
end
|
92
|
-
|
93
|
-
if (expected_user == user && expected_password == password)
|
94
|
-
return true
|
95
|
-
end
|
96
|
-
|
97
|
-
return false
|
98
|
-
end
|
99
|
-
|
100
105
|
end
|
101
106
|
end
|
data/spec/lib/wash_out_spec.rb
CHANGED
@@ -2,6 +2,29 @@
|
|
2
2
|
|
3
3
|
require 'spec_helper'
|
4
4
|
|
5
|
+
SIMPLE_REQUEST_XML = <<-SIMPLE_REQUEST_XML_HEREDOC
|
6
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
7
|
+
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="false" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
|
8
|
+
<env:Body>
|
9
|
+
<tns:answer>
|
10
|
+
<value>42</value>
|
11
|
+
</tns:answer>
|
12
|
+
</env:Body>
|
13
|
+
</env:Envelope>
|
14
|
+
SIMPLE_REQUEST_XML_HEREDOC
|
15
|
+
|
16
|
+
SIMPLE_RESPONSE_XML = <<-SIMPLE_RESPONSE_XML_HEREDOC
|
17
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
18
|
+
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="false">
|
19
|
+
<soap:Body>
|
20
|
+
<tns:answerResponse>
|
21
|
+
<Value xsi:type="xsd:int">42</Value>
|
22
|
+
</tns:answerResponse>
|
23
|
+
</soap:Body>
|
24
|
+
</soap:Envelope>
|
25
|
+
SIMPLE_RESPONSE_XML_HEREDOC
|
26
|
+
|
27
|
+
|
5
28
|
describe WashOut do
|
6
29
|
|
7
30
|
let :nori do
|
@@ -161,6 +184,25 @@ describe WashOut do
|
|
161
184
|
XML
|
162
185
|
end
|
163
186
|
|
187
|
+
it "succeeds when protect_from_forgery is enabled" do
|
188
|
+
|
189
|
+
# Enable allow_forgery_protection (affects all subsequent specs)
|
190
|
+
# Alternatively, assign in spec/dummy/config/environments/test.rb
|
191
|
+
Rails.application.config.after_initialize do
|
192
|
+
ActionController::Base.allow_forgery_protection = true
|
193
|
+
end
|
194
|
+
|
195
|
+
mock_controller do
|
196
|
+
soap_action "answer", :args => nil, :return => :int
|
197
|
+
def answer
|
198
|
+
render :soap => "42"
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
202
|
+
expect(HTTPI.post("http://app/route/api/action", SIMPLE_REQUEST_XML).body).to eq SIMPLE_RESPONSE_XML
|
203
|
+
|
204
|
+
end
|
205
|
+
|
164
206
|
it "accept no parameters" do
|
165
207
|
mock_controller do
|
166
208
|
soap_action "answer", :args => nil, :return => :int
|
@@ -961,8 +1003,10 @@ describe WashOut do
|
|
961
1003
|
|
962
1004
|
it "handles auth callback" do
|
963
1005
|
mock_controller(
|
964
|
-
wsse_auth_callback: lambda {|user, password|
|
965
|
-
|
1006
|
+
wsse_auth_callback: lambda {|user, password, nonce, timestamp|
|
1007
|
+
authenticated = nonce ? WashOut::Wsse.matches_expected_digest?("secret", password, nonce, timestamp) : password == "secret"
|
1008
|
+
|
1009
|
+
return user == "gorilla" && authenticated
|
966
1010
|
}
|
967
1011
|
) do
|
968
1012
|
soap_action "checkAuth", :args => :integer, :return => :boolean, :to => 'check_auth'
|
@@ -977,7 +1021,7 @@ describe WashOut do
|
|
977
1021
|
|
978
1022
|
# correct digest auth
|
979
1023
|
expect { savon(:check_auth, 42){ wsse_auth "gorilla", "secret", :digest } }.
|
980
|
-
|
1024
|
+
not_to raise_exception
|
981
1025
|
|
982
1026
|
# wrong user
|
983
1027
|
expect { savon(:check_auth, 42){ wsse_auth "chimpanzee", "secret", :digest } }.
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wash_out
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Boris Staal
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2017-10-16 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: nori
|
@@ -54,6 +54,7 @@ files:
|
|
54
54
|
- gemfiles/rails_4.2.0.gemfile
|
55
55
|
- gemfiles/rails_5.0.0.beta2.gemfile
|
56
56
|
- gemfiles/rails_5.0.0.gemfile
|
57
|
+
- gemfiles/rails_5.1.1.gemfile
|
57
58
|
- init.rb
|
58
59
|
- lib/wash_out.rb
|
59
60
|
- lib/wash_out/configurable.rb
|