wash_out 0.9.0 → 0.12.0

data/gemfiles/rails_5.0.0.beta2.gemfile

@@ -0,0 +1,19 @@
+# This file was generated by Appraisal
+
+source "http://rubygems.org"
+
+gem "wasabi"
+gem "savon", ">= 2.0.0"
+gem "httpi"
+gem "rspec-rails"
+gem "guard"
+gem "guard-rspec"
+gem "rb-fsevent"
+gem "appraisal"
+gem "tzinfo"
+gem "pry"
+gem "simplecov"
+gem "simplecov-summary"
+gem "rails", "5.0.0.beta2"
+
+gemspec :path => "../"

data/gemfiles/rails_5.0.0.gemfile

@@ -0,0 +1,20 @@
+# This file was generated by Appraisal
+
+source "http://rubygems.org"
+
+gem "wasabi"
+gem "savon", ">= 2.0.0"
+gem "httpi"
+gem "rspec-rails"
+gem "guard"
+gem "guard-rspec"
+gem "rb-fsevent"
+gem "appraisal"
+gem "tzinfo"
+gem "pry"
+gem "simplecov"
+gem "simplecov-summary"
+gem "minitest", "<5.10.0"
+gem "rails", "5.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.1.gemfile

@@ -0,0 +1,20 @@
+# This file was generated by Appraisal
+
+source "http://rubygems.org"
+
+gem "wasabi"
+gem "savon", ">= 2.0.0"
+gem "httpi"
+gem "rspec-rails"
+gem "guard"
+gem "guard-rspec"
+gem "rb-fsevent"
+gem "appraisal"
+gem "tzinfo"
+gem "pry"
+gem "simplecov"
+gem "simplecov-summary"
+gem "rails", "5.1.1"
+gem "railties", "5.1.1"
+
+gemspec path: "../"

data/lib/wash_out/dispatcher.rb

@@ -5,13 +5,19 @@ module WashOut
   module Dispatcher
     # A SOAPError exception can be raised to return a correct SOAP error
     # response.
-    class SOAPError < Exception; end
+    class SOAPError < Exception
+      attr_accessor :code
+      def initialize(message, code=nil)
+        super(message)
+        @code = code
+      end
+    end
+
     class ProgrammerError < Exception; end
 
     def _authenticate_wsse
-
       begin
-        xml_security   = env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
+        xml_security   = request.env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
         xml_security   = xml_security.values_at(:header, :Header).compact.first
         xml_security   = xml_security.values_at(:security, :Security).compact.first
         username_token = xml_security.values_at(:username_token, :UsernameToken).compact.first
@@ -25,32 +31,31 @@ module WashOut
     end
 
     def _map_soap_parameters
+      self.params = _load_params action_spec[:in],
+        _strip_empty_nodes(action_spec[:in], xml_data)
+    end
 
-      soap_action = request.env['wash_out.soap_action']
-      action_spec = self.class.soap_actions[soap_action]
+    def _map_soap_headers
+      @_soap_headers = xml_header_data
+    end
 
-      xml_data = env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
-      xml_data = xml_data.values_at(:body, :Body).compact.first
-      xml_data = xml_data.values_at(soap_action.underscore.to_sym,
-                                    soap_action.to_sym).compact.first || {}
+    def _strip_empty_nodes(params, hash)
+      hash.keys.each do |key|
+        param = params.detect { |a| a.raw_name.to_s == key.to_s }
+        next if !(param && hash[key].is_a?(Hash))
 
-      strip_empty_nodes = lambda{|hash|
-        hash.keys.each do |key|
-          if hash[key].is_a? Hash
-            value = hash[key].delete_if{|k, v| key.to_s[0] == '@'}
+        value = hash[key].delete_if do |k, _|
+          k.to_s[0] == '@' && !param.map.detect { |a| a.raw_name.to_s == k.to_s }
+        end
 
-            if value.length > 0
-              hash[key] = strip_empty_nodes.call(value)
-            else
-              hash[key] = nil
-            end
-          end
+        if value.length > 0
+          hash[key] = _strip_empty_nodes param.map, value
+        else
+          hash[key] = nil
         end
+      end
 
-        hash
-      }
-      xml_data = strip_empty_nodes.call(xml_data)
-      @_params = _load_params(action_spec[:in], xml_data)
+      hash
     end
 
     # Creates the final parameter hash based on the request spec and xml_data from the request
@@ -67,12 +72,11 @@ module WashOut
 
     # This action generates the WSDL for defined SOAP methods.
     def _generate_wsdl
-
       @map       = self.class.soap_actions
       @namespace = soap_config.namespace
-      @name      = controller_path.gsub('/', '_')
+      @name      = controller_path
 
-      render :template => "wash_with_soap/#{soap_config.wsdl_style}/wsdl", :layout => false,
+      render :template => "wash_out/#{soap_config.wsdl_style}/wsdl", :layout => false,
              :content_type => 'text/xml'
     end
 
@@ -127,9 +131,19 @@ module WashOut
         return result_spec
       }
 
-      render :template => "wash_with_soap/#{soap_config.wsdl_style}/response",
+      header = options[:header]
+      if header.present?
+        header = { 'value' => header } unless header.is_a? Hash
+        header = HashWithIndifferentAccess.new(header)
+      end
+
+      render :template => "wash_out/#{soap_config.wsdl_style}/response",
              :layout => false,
-             :locals => { :result => inject.call(result, @action_spec[:out]) },
+             :locals => {
+               :header => header.present? ? inject.call(header, @action_spec[:header_out])
+                                      : nil,
+               :result => inject.call(result, @action_spec[:out])
+             },
              :content_type => 'text/xml'
     end
 
@@ -138,49 +152,113 @@ module WashOut
       render_soap_error("Cannot find SOAP action mapping for #{request.env['wash_out.soap_action']}")
     end
 
-    def _render_soap_exception(error)
-      render_soap_error(error.message)
+    def _invalid_request
+      render_soap_error("Invalid SOAP request")
+    end
+
+    def _catch_soap_errors
+      yield
+    rescue SOAPError => error
+      render_soap_error(error.message, error.code)
     end
 
     # Render a SOAP error response.
     #
     # Rails do not support sequental rescue_from handling, that is, rescuing an
     # exception from a rescue_from handler. Hence this function is a public API.
-    def render_soap_error(message)
-      render :template => "wash_with_soap/#{soap_config.wsdl_style}/error", :status => 500,
+    def render_soap_error(message, code=nil)
+      render :template => "wash_out/#{soap_config.wsdl_style}/error", :status => 500,
              :layout => false,
-             :locals => { :error_message => message },
+             :locals => { :error_message => message, :error_code => (code || 'Server') },
              :content_type => 'text/xml'
     end
 
+    def soap_request
+      OpenStruct.new({
+        params: @_params,
+        headers: @_soap_headers
+      })
+    end
+
     def self.included(controller)
-      controller.send :rescue_from, SOAPError, :with => :_render_soap_exception
+      entity = if defined?(Rails::VERSION::MAJOR) && (Rails::VERSION::MAJOR >= 4)
+        'action'
+      else
+        'filter'
+      end
+
+      controller.send :"around_#{entity}", :_catch_soap_errors
       controller.send :helper, :wash_out
-      controller.send :before_filter, :_authenticate_wsse,     :except => [
-        :_generate_wsdl, :_invalid_action ]
-      controller.send :before_filter, :_map_soap_parameters,   :except => [
-        :_generate_wsdl, :_invalid_action ]
-      controller.send :skip_before_filter, :verify_authenticity_token
+      controller.send :"before_#{entity}", :_authenticate_wsse,   :if => :soap_action?
+      controller.send :"before_#{entity}", :_map_soap_parameters, :if => :soap_action?
+      controller.send :"before_#{entity}", :_map_soap_headers, :if => :soap_action?
+
+      if defined?(Rails::VERSION::MAJOR) && (Rails::VERSION::MAJOR >= 5)
+        controller.send :"skip_before_#{entity}", :verify_authenticity_token, :raise => false
+      else
+        controller.send :"skip_before_#{entity}", :verify_authenticity_token
+      end
     end
 
-    def self.deep_select(hash, result=[], &blk)
-      result += Hash[hash.select(&blk)].values
+    def self.deep_select(collection, result=[], &blk)
+      values = collection.respond_to?(:values) ? collection.values : collection
+      result += values.select(&blk)
 
-      hash.each do |key, value|
-        result = deep_select(value, result, &blk) if value.is_a? Hash
+      values.each do |value|
+        if value.is_a?(Hash) || value.is_a?(Array)
+          result = deep_select(value, result, &blk)
+        end
       end
 
       result
     end
 
-    def self.deep_replace_href(hash, replace)
-      return replace[hash[:@href]] if hash.has_key?(:@href)
+    def self.deep_replace_href(element, replace)
+      return element unless element.is_a?(Array) || element.is_a?(Hash)
 
-      hash.keys.each do |key, value|
-        hash[key] = deep_replace_href(hash[key], replace) if hash[key].is_a?(Hash)
+      if element.is_a?(Array) # Traverse arrays
+        return element.map{|x| deep_replace_href(x, replace)}
       end
 
-      hash
+      if element.has_key?(:@href) # Replace needle and traverse replacement
+        return deep_replace_href(replace[element[:@href]], replace)
+      end
+
+      element.each do |key, value| # Traverse hashes
+        element[key] = deep_replace_href(value, replace)
+      end
+
+      element
     end
+
+    private
+    def soap_action?
+      soap_action.present?
+    end
+
+    def action_spec
+      self.class.soap_actions[soap_action]
+    end
+
+    def request_input_tag
+      action_spec[:request_tag]
+    end
+
+    def soap_action
+      request.env['wash_out.soap_action']
+    end
+
+    def xml_data
+      envelope = request.env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
+      xml_data = envelope.values_at(:body, :Body).compact.first || {}
+      return xml_data if soap_config.wsdl_style == "document"
+      xml_data = xml_data.values_at(soap_action.underscore.to_sym, soap_action.to_sym, request_input_tag.to_sym).compact.first || {}
+    end
+
+    def xml_header_data
+      envelope = request.env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
+      header_data = envelope.values_at(:header, :Header).compact.first || {}
+    end
+
   end
 end

data/lib/wash_out/engine.rb

@@ -1,10 +1,9 @@
-
 module WashOut
   class Engine < ::Rails::Engine
     config.wash_out = ActiveSupport::OrderedOptions.new
     initializer "wash_out.configuration" do |app|
       if app.config.wash_out[:catch_xml_errors]
-        app.config.middleware.insert_after 'ActionDispatch::ShowExceptions', WashOut::Middleware
+        app.config.middleware.insert_after(ActionDispatch::ShowExceptions, WashOut::Middleware)
       end
     end
 

data/lib/wash_out/model.rb

@@ -22,7 +22,7 @@ module WashOut
       map
     end
 
-    def wash_out_param_name
+    def wash_out_param_name(*args)
       return name.underscore
     end
   end

data/lib/wash_out/param.rb

@@ -7,6 +7,7 @@ module WashOut
     attr_accessor :multiplied
     attr_accessor :value
     attr_accessor :source_class
+    attr_accessor :soap_config
 
     # Defines a WSDL parameter with name +name+ and type specifier +type+.
     # The type specifier format is described in #parse_def.
@@ -63,6 +64,7 @@ module WashOut
         operation = case type
           when 'string';       :to_s
           when 'integer';      :to_i
+          when 'long';         :to_i
           when 'double';       :to_f
           when 'boolean';      lambda{|dat| dat === "0" ? false : !!dat}
           when 'date';         :to_date
@@ -160,9 +162,19 @@ module WashOut
     def flat_copy
       copy = self.class.new(@soap_config, @name, @type.to_sym, @multiplied)
       copy.raw_name = raw_name
+      copy.source_class = source_class
       copy
     end
 
+    def attribute?
+      name[0] == "@"
+    end
+
+    def attr_name
+      raise 'Not attribute' unless attribute?
+      name[1..-1]
+    end
+
     private
 
     # Used to load an entire structure.
@@ -177,7 +189,8 @@ module WashOut
       # RUBY18 Enumerable#each_with_object is better, but 1.9 only.
       @map.map do |param|
         if data.has_key? param.raw_name
-          struct[param.raw_name] = yield param, data, param.raw_name
+          param_name = param.attribute? ? param.attr_name : param.raw_name
+          struct[param_name] = yield param, data, param.raw_name
         end
       end
 

data/lib/wash_out/router.rb

@@ -4,6 +4,40 @@ module WashOut
   # This class is a Rack middleware used to route SOAP requests to a proper
   # action of a given SOAP controller.
   class Router
+    def self.lookup_soap_routes(controller_name, routes, path=[], &block)
+      routes.each do |x|
+        defaults = x.defaults
+        defaults = defaults[:defaults] if defaults.include?(:defaults) # Rails 5
+        if defaults[:controller] == controller_name && defaults[:action] == 'soap'
+          yield path+[x]
+        end
+
+        app = x.app
+        app = app.app if app.respond_to?(:app)
+        if app.respond_to?(:routes) && app.routes.respond_to?(:routes)
+          lookup_soap_routes(controller_name, app.routes.routes, path+[x], &block)
+        end
+      end
+    end
+
+    def self.url(request, controller_name)
+      lookup_soap_routes(controller_name, Rails.application.routes.routes) do |routes|
+
+        path = if routes.first.respond_to?(:optimized_path)      # Rails 4
+          routes.map(&:optimized_path)
+        elsif routes.first.path.respond_to?(:build_formatter)    # Rails 5
+          routes.map{|x| x.path.build_formatter.evaluate(nil)}
+        else
+          routes.map{|x| x.format({})}                           # Rails 3.2
+        end
+
+        if Rails.application.config.relative_url_root.present?
+          path.prepend Rails.application.config.relative_url_root
+        end
+        return request.protocol + request.host_with_port + path.flatten.join('')
+      end
+    end
+
     def initialize(controller_name)
       @controller_name = "#{controller_name.to_s}_controller".camelize
     end
@@ -15,13 +49,15 @@ module WashOut
     def parse_soap_action(env)
       return env['wash_out.soap_action'] if env['wash_out.soap_action']
 
-      soap_action = env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
-
+      soap_action = controller.soap_config.soap_action_routing ? env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
+                                                               : ''
       if soap_action.blank?
-        soap_action = nori.parse(soap_body env)
-            .values_at(:envelope, :Envelope).compact.first
-            .values_at(:body, :Body).compact.first
-            .keys.first.to_s
+        parsed_soap_body = nori(controller.soap_config.snakecase_input).parse(soap_body env)
+        return nil if parsed_soap_body.blank?
+
+        soap_action = parsed_soap_body.values_at(:envelope, :Envelope).try(:compact).try(:first)
+        soap_action = soap_action.values_at(:body, :Body).try(:compact).try(:first) if soap_action
+        soap_action = soap_action.keys.first.to_s if soap_action
       end
 
       # RUBY18 1.8 does not have force_encoding.
@@ -41,22 +77,24 @@ module WashOut
         :strip_namespaces => true,
         :advanced_typecasting => true,
         :convert_tags_to => (
-          snakecase ? lambda { |tag| tag.snakecase.to_sym } 
+          snakecase ? lambda { |tag| tag.snakecase.to_sym }
                     : lambda { |tag| tag.to_sym }
         )
       )
     end
 
     def soap_body(env)
-      env['rack.input'].respond_to?(:string) ? env['rack.input'].string
-                                             : env['rack.input'].read
+      body = env['rack.input']
+      body.rewind if body.respond_to? :rewind
+      body.respond_to?(:string) ? body.string : body.read
+    ensure
+      body.rewind if body.respond_to? :rewind
     end
 
     def parse_soap_parameters(env)
       return env['wash_out.soap_data'] if env['wash_out.soap_data']
-
       env['wash_out.soap_data'] = nori(controller.soap_config.snakecase_input).parse(soap_body env)
-      references = WashOut::Dispatcher.deep_select(env['wash_out.soap_data']){|k,v| v.is_a?(Hash) && v.has_key?(:@id)}
+      references = WashOut::Dispatcher.deep_select(env['wash_out.soap_data']){|v| v.is_a?(Hash) && v.has_key?(:@id)}
 
       unless references.blank?
         replaces = {}; references.each{|r| replaces['#'+r[:@id]] = r}
@@ -69,17 +107,21 @@ module WashOut
     def call(env)
       @controller = @controller_name.constantize
 
-      soap_action     = parse_soap_action(env)
-      soap_parameters = parse_soap_parameters(env)
+      soap_action = parse_soap_action(env)
 
-      action_spec = controller.soap_actions[soap_action]
-
-      if action_spec
-        action = action_spec[:to]
+      action = if soap_action.blank?
+        '_invalid_request'
       else
-        action = '_invalid_action'
+        soap_parameters = parse_soap_parameters(env)
+        action_spec     = controller.soap_actions[soap_action]
+
+        if action_spec
+          action_spec[:to]
+        else
+          '_invalid_action'
+        end
       end
-
+      env["action_dispatch.request.content_type"] = Mime[:soap]
       controller.action(action).call(env)
     end
   end

data/lib/wash_out/soap.rb

@@ -13,7 +13,15 @@ module WashOut
       #
       # An optional option :to can be passed to allow for names of SOAP actions
       # which are not valid Ruby function names.
+      # There is also an optional :header_return option to specify the format of the
+      # SOAP response's header tag (<env:Header></env:Header>). If unspecified, there will
+      # be no header tag in the response.
       def soap_action(action, options={})
+        if options[:as].present?
+          options[:to] ||= action
+          action = options[:as]
+        end
+
         if action.is_a?(Symbol)
           if soap_config.camelize_wsdl.to_s == 'lower'
             options[:to] ||= action.to_s
@@ -26,20 +34,24 @@ module WashOut
         end
 
         default_response_tag = soap_config.camelize_wsdl ? 'Response' : '_response'
-        default_response_tag = "tns:#{action}#{default_response_tag}"
+        default_response_tag = action+default_response_tag
+
 
-        self.soap_actions[action] = {
+        self.soap_actions[action] = options.merge(
           :in           => WashOut::Param.parse_def(soap_config, options[:args]),
+          :request_tag  => options[:as] || action,
           :out          => WashOut::Param.parse_def(soap_config, options[:return]),
+          :header_out   => options[:header_return].present? ? WashOut::Param.parse_def(soap_config, options[:header_return]) : nil,
           :to           => options[:to] || action,
           :response_tag => options[:response_tag] || default_response_tag
-        }
+        )
       end
     end
 
     included do
       include WashOut::Configurable
       include WashOut::Dispatcher
+      include WashOut::WsseParams
       self.soap_actions = {}
     end
   end

data/lib/wash_out/soap_config.rb

@@ -13,6 +13,8 @@ module WashOut
       catch_xml_errors: false,
       wsse_username: nil,
       wsse_password: nil,
+      wsse_auth_callback: nil,
+      soap_action_routing: true,
     }
 
     attr_reader :config

data/lib/wash_out/version.rb

@@ -1,3 +1,3 @@
 module WashOut
-  VERSION = "0.9.0"
+  VERSION = "0.12.0"
 end

data/lib/wash_out/wsse.rb

@@ -1,4 +1,13 @@
 module WashOut
+
+  module WsseParams
+    def wsse_username
+      if request.env['WSSE_TOKEN']
+        request.env['WSSE_TOKEN'].values_at(:username, :Username).compact.first
+      end
+    end
+  end
+
   class Wsse
     attr_reader :soap_config
     def self.authenticate(soap_config, token)
@@ -18,7 +27,15 @@ module WashOut
     end
 
     def required?
-      !soap_config.wsse_username.blank?
+      !soap_config.wsse_username.blank? || auth_callback?
+    end
+
+    def auth_callback?
+      return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 4
+    end
+
+    def perform_auth_callback(user, password, nonce, timestamp)
+      soap_config.wsse_auth_callback.call(user, password, nonce, timestamp)
     end
 
     def expected_user
@@ -29,12 +46,35 @@ module WashOut
       soap_config.wsse_password
     end
 
-    def matches_expected_digest?(password)
-      nonce     = @username_token.values_at(:nonce, :Nonce).compact.first
+    def eligible?
+      return true unless required?
+
+      user     = @username_token.values_at(:username, :Username).compact.first
+      password = @username_token.values_at(:password, :Password).compact.first
+
+      nonce = @username_token.values_at(:nonce, :Nonce).compact.first
       timestamp = @username_token.values_at(:created, :Created).compact.first
 
+      if (expected_user == user && self.class.matches_expected_digest?(expected_password, password, nonce, timestamp))
+        return true
+      end
+
+      if auth_callback?
+        return perform_auth_callback(user, password, nonce, timestamp)
+      end
+
+      if (expected_user == user && expected_password == password)
+        return true
+      end
+
+      return false
+    end
+
+    def self.matches_expected_digest?(expected_password, password, nonce, timestamp)
       return false if nonce.nil? || timestamp.nil?
 
+      timestamp = timestamp.to_datetime
+
       # Token should not be accepted if timestamp is older than 5 minutes ago
       # http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
       offset_in_minutes = ((DateTime.now - timestamp)* 24 * 60).to_i
@@ -45,11 +85,15 @@ module WashOut
       flavors = Array.new
 
       # Ruby / Savon
-      token = nonce + timestamp.to_s + expected_password
+      token = nonce + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
       flavors << Base64.encode64(Digest::SHA1.hexdigest(token)).chomp!
 
       # Java
-      token = Base64.decode64(nonce) + timestamp.to_s + expected_password
+      token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
+      flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
+
+      # SoapUI
+      token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%S.%3NZ") + expected_password
       flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
 
       flavors.each do |f|
@@ -58,23 +102,5 @@ module WashOut
 
       return false
     end
-
-    def eligible?
-      return true unless required?
-
-      user     = @username_token.values_at(:username, :Username).compact.first
-      password = @username_token.values_at(:password, :Password).compact.first
-
-      if (expected_user == user && expected_password == password)
-        return true
-      end
-
-      if (expected_user == user && matches_expected_digest?(password))
-        return true
-      end
-
-      return false
-    end
-
   end
 end