wash_out 0.9.0 → 0.11.0.beta.1

data/lib/wash_out/dispatcher.rb

@@ -5,13 +5,19 @@ module WashOut
   module Dispatcher
     # A SOAPError exception can be raised to return a correct SOAP error
     # response.
-    class SOAPError < Exception; end
+    class SOAPError < Exception
+      attr_accessor :code
+      def initialize(message, code=nil)
+        super(message)
+        @code = code
+      end
+    end
+
     class ProgrammerError < Exception; end
 
     def _authenticate_wsse
-
       begin
-        xml_security   = env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
+        xml_security   = request.env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
         xml_security   = xml_security.values_at(:header, :Header).compact.first
         xml_security   = xml_security.values_at(:security, :Security).compact.first
         username_token = xml_security.values_at(:username_token, :UsernameToken).compact.first
@@ -25,32 +31,27 @@ module WashOut
     end
 
     def _map_soap_parameters
+      @_params = _load_params action_spec[:in],
+        _strip_empty_nodes(action_spec[:in], xml_data)
+    end
 
-      soap_action = request.env['wash_out.soap_action']
-      action_spec = self.class.soap_actions[soap_action]
-
-      xml_data = env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
-      xml_data = xml_data.values_at(:body, :Body).compact.first
-      xml_data = xml_data.values_at(soap_action.underscore.to_sym,
-                                    soap_action.to_sym).compact.first || {}
+    def _strip_empty_nodes(params, hash)
+      hash.keys.each do |key|
+        param = params.detect { |a| a.raw_name.to_s == key.to_s }
+        next if !(param && hash[key].is_a?(Hash))
 
-      strip_empty_nodes = lambda{|hash|
-        hash.keys.each do |key|
-          if hash[key].is_a? Hash
-            value = hash[key].delete_if{|k, v| key.to_s[0] == '@'}
+        value = hash[key].delete_if do |k, _|
+          k.to_s[0] == '@' && !param.map.detect { |a| a.raw_name.to_s == k.to_s }
+        end
 
-            if value.length > 0
-              hash[key] = strip_empty_nodes.call(value)
-            else
-              hash[key] = nil
-            end
-          end
+        if value.length > 0
+          hash[key] = _strip_empty_nodes param.map, value
+        else
+          hash[key] = nil
         end
+      end
 
-        hash
-      }
-      xml_data = strip_empty_nodes.call(xml_data)
-      @_params = _load_params(action_spec[:in], xml_data)
+      hash
     end
 
     # Creates the final parameter hash based on the request spec and xml_data from the request
@@ -67,12 +68,11 @@ module WashOut
 
     # This action generates the WSDL for defined SOAP methods.
     def _generate_wsdl
-
       @map       = self.class.soap_actions
       @namespace = soap_config.namespace
-      @name      = controller_path.gsub('/', '_')
+      @name      = controller_path
 
-      render :template => "wash_with_soap/#{soap_config.wsdl_style}/wsdl", :layout => false,
+      render :template => "wash_out/#{soap_config.wsdl_style}/wsdl", :layout => false,
              :content_type => 'text/xml'
     end
 
@@ -127,7 +127,7 @@ module WashOut
         return result_spec
       }
 
-      render :template => "wash_with_soap/#{soap_config.wsdl_style}/response",
+      render :template => "wash_out/#{soap_config.wsdl_style}/response",
              :layout => false,
              :locals => { :result => inject.call(result, @action_spec[:out]) },
              :content_type => 'text/xml'
@@ -138,49 +138,95 @@ module WashOut
       render_soap_error("Cannot find SOAP action mapping for #{request.env['wash_out.soap_action']}")
     end
 
-    def _render_soap_exception(error)
-      render_soap_error(error.message)
+    def _invalid_request
+      render_soap_error("Invalid SOAP request")
+    end
+
+    def _catch_soap_errors
+      yield
+    rescue SOAPError => error
+      render_soap_error(error.message, error.code)
     end
 
     # Render a SOAP error response.
     #
     # Rails do not support sequental rescue_from handling, that is, rescuing an
     # exception from a rescue_from handler. Hence this function is a public API.
-    def render_soap_error(message)
-      render :template => "wash_with_soap/#{soap_config.wsdl_style}/error", :status => 500,
+    def render_soap_error(message, code=nil)
+      render :template => "wash_out/#{soap_config.wsdl_style}/error", :status => 500,
              :layout => false,
-             :locals => { :error_message => message },
+             :locals => { :error_message => message, :error_code => (code || 'Server') },
              :content_type => 'text/xml'
     end
 
     def self.included(controller)
-      controller.send :rescue_from, SOAPError, :with => :_render_soap_exception
+      entity = if defined?(Rails::VERSION::MAJOR) && (Rails::VERSION::MAJOR >= 4)
+        'action'
+      else
+        'filter' 
+      end
+
+      controller.send :"around_#{entity}", :_catch_soap_errors
       controller.send :helper, :wash_out
-      controller.send :before_filter, :_authenticate_wsse,     :except => [
-        :_generate_wsdl, :_invalid_action ]
-      controller.send :before_filter, :_map_soap_parameters,   :except => [
-        :_generate_wsdl, :_invalid_action ]
-      controller.send :skip_before_filter, :verify_authenticity_token
+      controller.send :"before_#{entity}", :_authenticate_wsse,   :if => :soap_action?
+      controller.send :"before_#{entity}", :_map_soap_parameters, :if => :soap_action?
+      controller.send :"skip_before_#{entity}", :verify_authenticity_token
     end
 
-    def self.deep_select(hash, result=[], &blk)
-      result += Hash[hash.select(&blk)].values
+    def self.deep_select(collection, result=[], &blk)
+      values = collection.respond_to?(:values) ? collection.values : collection
+      result += values.select(&blk)
 
-      hash.each do |key, value|
-        result = deep_select(value, result, &blk) if value.is_a? Hash
+      values.each do |value|
+        if value.is_a?(Hash) || value.is_a?(Array)
+          result = deep_select(value, result, &blk)
+        end
       end
 
       result
     end
 
-    def self.deep_replace_href(hash, replace)
-      return replace[hash[:@href]] if hash.has_key?(:@href)
+    def self.deep_replace_href(element, replace)
+      return element unless element.is_a?(Array) || element.is_a?(Hash)
 
-      hash.keys.each do |key, value|
-        hash[key] = deep_replace_href(hash[key], replace) if hash[key].is_a?(Hash)
+      if element.is_a?(Array) # Traverse arrays
+        return element.map{|x| deep_replace_href(x, replace)}
       end
 
-      hash
+      if element.has_key?(:@href) # Replace needle and traverse replacement
+        return deep_replace_href(replace[element[:@href]], replace)
+      end
+
+      element.each do |key, value| # Traverse hashes
+        element[key] = deep_replace_href(value, replace)
+      end
+
+      element
+    end
+
+    private
+    def soap_action?
+      soap_action.present?
     end
+
+    def action_spec
+      self.class.soap_actions[soap_action]
+    end
+
+    def request_input_tag
+      action_spec[:request_tag]
+    end
+
+    def soap_action
+      request.env['wash_out.soap_action']
+    end
+
+    def xml_data
+      xml_data = request.env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
+      xml_data = xml_data.values_at(:body, :Body).compact.first || {}
+      return xml_data if soap_config.wsdl_style == "document"
+      xml_data = xml_data.values_at(soap_action.underscore.to_sym, soap_action.to_sym, request_input_tag.to_sym).compact.first || {}
+    end
+
   end
 end

data/lib/wash_out/model.rb

@@ -22,7 +22,7 @@ module WashOut
       map
     end
 
-    def wash_out_param_name
+    def wash_out_param_name(*args)
       return name.underscore
     end
   end

data/lib/wash_out/param.rb

@@ -7,6 +7,7 @@ module WashOut
     attr_accessor :multiplied
     attr_accessor :value
     attr_accessor :source_class
+    attr_accessor :soap_config
 
     # Defines a WSDL parameter with name +name+ and type specifier +type+.
     # The type specifier format is described in #parse_def.
@@ -63,6 +64,7 @@ module WashOut
         operation = case type
           when 'string';       :to_s
           when 'integer';      :to_i
+          when 'long';         :to_i
           when 'double';       :to_f
           when 'boolean';      lambda{|dat| dat === "0" ? false : !!dat}
           when 'date';         :to_date
@@ -160,9 +162,19 @@ module WashOut
     def flat_copy
       copy = self.class.new(@soap_config, @name, @type.to_sym, @multiplied)
       copy.raw_name = raw_name
+      copy.source_class = source_class
       copy
     end
 
+    def attribute?
+      name[0] == "@"
+    end
+
+    def attr_name
+      raise 'Not attribute' unless attribute?
+      name[1..-1]
+    end
+
     private
 
     # Used to load an entire structure.
@@ -177,7 +189,8 @@ module WashOut
       # RUBY18 Enumerable#each_with_object is better, but 1.9 only.
       @map.map do |param|
         if data.has_key? param.raw_name
-          struct[param.raw_name] = yield param, data, param.raw_name
+          param_name = param.attribute? ? param.attr_name : param.raw_name
+          struct[param_name] = yield param, data, param.raw_name
         end
       end
 

data/lib/wash_out/router.rb

@@ -4,6 +4,26 @@ module WashOut
   # This class is a Rack middleware used to route SOAP requests to a proper
   # action of a given SOAP controller.
   class Router
+    def self.url(request, controller_name)
+      route = Rails.application.routes.routes.select do |x|
+        defaults = x.defaults
+        defaults = defaults[:defaults] if defaults.include?(:defaults) # Rails 5
+        defaults[:controller] == controller_name && defaults[:action] == 'soap'
+      end.first
+
+      path = if route.respond_to?(:optimized_path)      # Rails 4
+        route.optimized_path
+      elsif route.path.respond_to?(:build_formatter)    # Rails 5
+        route.path.build_formatter.evaluate(nil)
+      else
+        route.format({})                                # Rails 3.2
+      end
+
+      path = path.join('') if path.is_a?(Array)
+
+      request.protocol + request.host_with_port + path
+    end
+
     def initialize(controller_name)
       @controller_name = "#{controller_name.to_s}_controller".camelize
     end
@@ -15,13 +35,15 @@ module WashOut
     def parse_soap_action(env)
       return env['wash_out.soap_action'] if env['wash_out.soap_action']
 
-      soap_action = env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
-
+      soap_action = controller.soap_config.soap_action_routing ? env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
+                                                               : ''
       if soap_action.blank?
-        soap_action = nori.parse(soap_body env)
-            .values_at(:envelope, :Envelope).compact.first
-            .values_at(:body, :Body).compact.first
-            .keys.first.to_s
+        parsed_soap_body = nori(controller.soap_config.snakecase_input).parse(soap_body env)
+        return nil if parsed_soap_body.blank?
+
+        soap_action = parsed_soap_body.values_at(:envelope, :Envelope).try(:compact).try(:first)
+        soap_action = soap_action.values_at(:body, :Body).try(:compact).try(:first) if soap_action
+        soap_action = soap_action.keys.first.to_s if soap_action
       end
 
       # RUBY18 1.8 does not have force_encoding.
@@ -41,22 +63,24 @@ module WashOut
         :strip_namespaces => true,
         :advanced_typecasting => true,
         :convert_tags_to => (
-          snakecase ? lambda { |tag| tag.snakecase.to_sym } 
+          snakecase ? lambda { |tag| tag.snakecase.to_sym }
                     : lambda { |tag| tag.to_sym }
         )
       )
     end
 
     def soap_body(env)
-      env['rack.input'].respond_to?(:string) ? env['rack.input'].string
-                                             : env['rack.input'].read
+      body = env['rack.input']
+      body.rewind if body.respond_to? :rewind
+      body.respond_to?(:string) ? body.string : body.read
+    ensure
+      body.rewind if body.respond_to? :rewind
     end
 
     def parse_soap_parameters(env)
       return env['wash_out.soap_data'] if env['wash_out.soap_data']
-
       env['wash_out.soap_data'] = nori(controller.soap_config.snakecase_input).parse(soap_body env)
-      references = WashOut::Dispatcher.deep_select(env['wash_out.soap_data']){|k,v| v.is_a?(Hash) && v.has_key?(:@id)}
+      references = WashOut::Dispatcher.deep_select(env['wash_out.soap_data']){|v| v.is_a?(Hash) && v.has_key?(:@id)}
 
       unless references.blank?
         replaces = {}; references.each{|r| replaces['#'+r[:@id]] = r}
@@ -69,15 +93,19 @@ module WashOut
     def call(env)
       @controller = @controller_name.constantize
 
-      soap_action     = parse_soap_action(env)
-      soap_parameters = parse_soap_parameters(env)
-
-      action_spec = controller.soap_actions[soap_action]
+      soap_action = parse_soap_action(env)
 
-      if action_spec
-        action = action_spec[:to]
+      action = if soap_action.blank?
+        '_invalid_request'
       else
-        action = '_invalid_action'
+        soap_parameters = parse_soap_parameters(env)
+        action_spec     = controller.soap_actions[soap_action]
+
+        if action_spec
+          action_spec[:to]
+        else
+          '_invalid_action'
+        end
       end
 
       controller.action(action).call(env)

data/lib/wash_out/soap.rb

@@ -26,20 +26,22 @@ module WashOut
         end
 
         default_response_tag = soap_config.camelize_wsdl ? 'Response' : '_response'
-        default_response_tag = "tns:#{action}#{default_response_tag}"
+        default_response_tag = action+default_response_tag
 
-        self.soap_actions[action] = {
+        self.soap_actions[action] = options.merge(
           :in           => WashOut::Param.parse_def(soap_config, options[:args]),
+          :request_tag  => options[:as] || action,
           :out          => WashOut::Param.parse_def(soap_config, options[:return]),
           :to           => options[:to] || action,
           :response_tag => options[:response_tag] || default_response_tag
-        }
+        )
       end
     end
 
     included do
       include WashOut::Configurable
       include WashOut::Dispatcher
+      include WashOut::WsseParams
       self.soap_actions = {}
     end
   end

data/lib/wash_out/soap_config.rb

@@ -13,6 +13,8 @@ module WashOut
       catch_xml_errors: false,
       wsse_username: nil,
       wsse_password: nil,
+      wsse_auth_callback: nil,
+      soap_action_routing: true,
     }
 
     attr_reader :config

data/lib/wash_out/version.rb

@@ -1,3 +1,3 @@
 module WashOut
-  VERSION = "0.9.0"
+  VERSION = "0.11.0.beta.1"
 end

data/lib/wash_out/wsse.rb

@@ -1,4 +1,13 @@
 module WashOut
+
+  module WsseParams
+    def wsse_username
+      if request.env['WSSE_TOKEN']
+        request.env['WSSE_TOKEN'].values_at(:username, :Username).compact.first
+      end
+    end
+  end
+
   class Wsse
     attr_reader :soap_config
     def self.authenticate(soap_config, token)
@@ -18,7 +27,15 @@ module WashOut
     end
 
     def required?
-      !soap_config.wsse_username.blank?
+      !soap_config.wsse_username.blank? || auth_callback?
+    end
+
+    def auth_callback?
+      return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 2
+    end
+
+    def perform_auth_callback(user, password)
+      soap_config.wsse_auth_callback.call(user, password)
     end
 
     def expected_user
@@ -32,8 +49,8 @@ module WashOut
     def matches_expected_digest?(password)
       nonce     = @username_token.values_at(:nonce, :Nonce).compact.first
       timestamp = @username_token.values_at(:created, :Created).compact.first
-
       return false if nonce.nil? || timestamp.nil?
+      timestamp = timestamp.to_datetime
 
       # Token should not be accepted if timestamp is older than 5 minutes ago
       # http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
@@ -45,11 +62,11 @@ module WashOut
       flavors = Array.new
 
       # Ruby / Savon
-      token = nonce + timestamp.to_s + expected_password
+      token = nonce + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
       flavors << Base64.encode64(Digest::SHA1.hexdigest(token)).chomp!
 
       # Java
-      token = Base64.decode64(nonce) + timestamp.to_s + expected_password
+      token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
       flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
 
       flavors.each do |f|
@@ -65,11 +82,15 @@ module WashOut
       user     = @username_token.values_at(:username, :Username).compact.first
       password = @username_token.values_at(:password, :Password).compact.first
 
-      if (expected_user == user && expected_password == password)
+      if (expected_user == user && matches_expected_digest?(password))
         return true
       end
 
-      if (expected_user == user && matches_expected_digest?(password))
+      if auth_callback?
+        return perform_auth_callback(user, password)
+      end
+
+      if (expected_user == user && expected_password == password)
         return true
       end
 

data/lib/wash_out.rb

@@ -11,15 +11,28 @@ require 'wash_out/model'
 require 'wash_out/wsse'
 require 'wash_out/middleware'
 
+module WashOut
+  def self.root
+    File.expand_path '../..', __FILE__
+  end
+end
+
 module ActionDispatch::Routing
   class Mapper
     # Adds the routes for a SOAP endpoint at +controller+.
     def wash_out(controller_name, options={})
-      options.reverse_merge!(@scope) if @scope
-      controller_class_name = [options[:module], controller_name].compact.join("/")
+      if @scope
+        scope_frame = @scope.respond_to?(:frame) ? @scope.frame : @scope
+        options.each{ |key, value|  scope_frame[key] = value }
+      end
 
-      match "#{controller_name}/wsdl"   => "#{controller_name}#_generate_wsdl", :via => :get, :format => false
-      match "#{controller_name}/action" => WashOut::Router.new(controller_class_name), :via => [:get, :post], :defaults => { :controller => controller_class_name, :action => '_action' }, :format => false
+      controller_class_name = [scope_frame[:module], controller_name].compact.join("/").underscore
+
+      match "#{controller_name}/wsdl"   => "#{controller_name}#_generate_wsdl", :via => :get, :format => false,
+        :as => "#{controller_class_name}_wsdl"
+      match "#{controller_name}/action" => WashOut::Router.new(controller_class_name), :via => [:get, :post],
+        :defaults => { :controller => controller_class_name, :action => 'soap' }, :format => false,
+        :as => "#{controller_class_name}_soap"
     end
   end
 end
@@ -44,4 +57,4 @@ ActionController::Base.class_eval do
     include WashOut::SOAP
     self.soap_config = options
   end
-end
+end

data/spec/dummy/config/environments/test.rb

@@ -26,4 +26,5 @@ Dummy::Application.configure do
 
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
+  config.active_support.test_order = :random
 end

data/spec/fixtures/nested_refs_to_arrays.xml

@@ -0,0 +1,19 @@
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
+  <s:Body s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <parent href="#id1" />
+    <q2:child id="id1" xsi:type="q2:child" xmlns:q2="urn:FakeService">
+      <first_list href="#id2" />
+      <second_list href="#id3" />
+    </q2:child>
+    <q3:Array id="id2" q3:arrayType="xsd:int[1]" xmlns:q3="http://schemas.xmlsoap.org/soap/encoding/">
+      <Item>1</Item>
+      <Item>2</Item>
+    </q3:Array>
+    <q4:Array id="id3" q4:arrayType="xsd:int[1]" xmlns:q4="http://schemas.xmlsoap.org/soap/encoding/">
+      <Item>11</Item>
+      <Item>22</Item>
+    </q4:Array>
+  </s:Body>
+</s:Envelope>

data/spec/fixtures/ref_to_one_array.xml

@@ -0,0 +1,11 @@
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
+  <s:Body s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <list href="#id1" />
+    <q1:Array id="id1" q1:arrayType="xsd:int[1]" xmlns:q1="http://schemas.xmlsoap.org/soap/encoding/">
+      <Item>1</Item>
+      <Item>2</Item>
+    </q1:Array>
+  </s:Body>
+</s:Envelope>

data/spec/fixtures/refs_to_arrays.xml

@@ -0,0 +1,16 @@
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
+  <s:Body s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <first_list href="#id1" />
+    <second_list href="#id2" />
+    <q1:Array id="id1" q1:arrayType="xsd:int[1]" xmlns:q1="http://schemas.xmlsoap.org/soap/encoding/">
+      <Item>1</Item>
+      <Item>2</Item>
+    </q1:Array>
+    <q2:Array id="id2" q2:arrayType="xsd:int[1]" xmlns:q2="http://schemas.xmlsoap.org/soap/encoding/">
+      <Item>11</Item>
+      <Item>22</Item>
+    </q2:Array>
+  </s:Body>
+</s:Envelope>