wash_out 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 82173ea05524c819f835867ecc6c49b2e5264be4
-  data.tar.gz: c539a9c5a8793bb884c575f03624aec4f78dad09
+  metadata.gz: 4fceeab03335d36c3f64b930cc9380f02f8ce364
+  data.tar.gz: c3001962354e7327d218defdc575d4a108c2a002
 SHA512:
-  metadata.gz: f95800e511ef556fcd9be44eb3f15ce7c8a95ed9f90cf9bc35d2870f89c4cd7357059d914bc2f0c81eef0119adf092c6fad0cb803e4bc097c03cdcc25a01d8ab
-  data.tar.gz: e0aee07a1f29c56a175b4bbb764fffb086e515084783a305db61697efe287080aee785ed6cf165b58f285a615df3c93cd13dfafedc865c724fc82a14e4e3d13c
+  metadata.gz: af7895f5b669386339ca1c26ff772764a3722e71ae9befeb759d4993be89a522c839c524682362d7c4d1250b46343cc3d5bf7847ed8c74c49d52278e909f4866
+  data.tar.gz: c8c62b42781fe3926f6680edddf50d87ab9f886a30f910815e32aff10527e134ea34d1e6b78535d961b49c5fa4adda4bc34cff4e4b94cf6ec9c0b15207d21d63

data/.travis.yml

@@ -1,38 +1,11 @@
 script: bundle exec rspec
 gemfile:
-  - gemfiles/rails_3.2.13.gemfile
   - gemfiles/rails_4.0.0.gemfile
   - gemfiles/rails_4.1.0.gemfile
   - gemfiles/rails_4.2.0.gemfile
   - gemfiles/rails_5.0.0.gemfile
+  - gemfiles/rails_5.1.1.gemfile
 rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.8
-  - 2.2.4
   - 2.3.0
-  - jruby
-matrix:
-  exclude:
-    - rvm: 2.2.4
-      gemfile: gemfiles/rails_3.2.13.gemfile
-    - rvm: 2.3.0
-      gemfile: gemfiles/rails_3.2.13.gemfile
-    - rvm: 1.9.3
-      gemfile: gemfiles/rails_4.0.0.gemfile
-    - rvm: 1.9.3
-      gemfile: gemfiles/rails_4.2.0.gemfile
-    - rvm: jruby
-      gemfile: gemfiles/rails_4.2.0.gemfile
-    - rvm: 1.9.3
-      gemfile: gemfiles/rails_5.0.0.gemfile
-    - rvm: 2.0.0
-      gemfile: gemfiles/rails_5.0.0.gemfile
-    - rvm: 2.1.8
-      gemfile: gemfiles/rails_5.0.0.gemfile
-    - rvm: 2.2.4
-      gemfile: gemfiles/rails_5.0.0.gemfile
-    - rvm: jruby
-      gemfile: gemfiles/rails_5.0.0.gemfile
 before_install:
   - gem update bundler

data/Appraisals

@@ -13,7 +13,10 @@ appraise "rails-4.2.0" do
   gem "listen", "< 3.1.0"
 end
 
-
 appraise "rails-5.0.0" do
   gem "rails", "5.0.0"
 end
+
+appraise "rails-5.1.1" do
+  gem "rails", "5.1.1"
+end

data/Gemfile

@@ -14,4 +14,6 @@ gem 'appraisal'
 gem 'tzinfo'
 gem 'pry'
 gem 'simplecov'
-gem 'simplecov-summary'
+gem 'simplecov-summary'
+
+gem 'minitest', '<5.10.0'

data/app/helpers/wash_out_helper.rb

@@ -3,13 +3,15 @@ module WashOutHelper
   def wsdl_data_options(param)
     case controller.soap_config.wsdl_style
     when 'rpc'
-      if param.map.present? || param.value
+      if param.map.present? || !param.value.nil?
         { :"xsi:type" => param.namespaced_type }
       else
         { :"xsi:nil" => true }
       end
     when 'document'
-      { }
+      {}
+    else
+      {}
     end
   end
 

data/gemfiles/rails_4.0.0.gemfile

@@ -14,7 +14,8 @@ gem "tzinfo"
 gem "pry"
 gem "simplecov"
 gem "simplecov-summary"
+gem "minitest", "<5.10.0"
 gem "rails", "4.0.0"
 gem "listen", "< 3.1.0"
 
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_4.1.0.gemfile

@@ -14,7 +14,8 @@ gem "tzinfo"
 gem "pry"
 gem "simplecov"
 gem "simplecov-summary"
+gem "minitest", "<5.10.0"
 gem "rails", "4.1.0"
 gem "listen", "< 3.1.0"
 
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_4.2.0.gemfile

@@ -14,7 +14,8 @@ gem "tzinfo"
 gem "pry"
 gem "simplecov"
 gem "simplecov-summary"
+gem "minitest", "<5.10.0"
 gem "rails", "4.2.0"
 gem "listen", "< 3.1.0"
 
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_5.0.0.gemfile

@@ -14,6 +14,7 @@ gem "tzinfo"
 gem "pry"
 gem "simplecov"
 gem "simplecov-summary"
+gem "minitest", "<5.10.0"
 gem "rails", "5.0.0"
 
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_5.1.1.gemfile

@@ -0,0 +1,20 @@
+# This file was generated by Appraisal
+
+source "http://rubygems.org"
+
+gem "wasabi"
+gem "savon", ">= 2.0.0"
+gem "httpi"
+gem "rspec-rails"
+gem "guard"
+gem "guard-rspec"
+gem "rb-fsevent"
+gem "appraisal"
+gem "tzinfo"
+gem "pry"
+gem "simplecov"
+gem "simplecov-summary"
+gem "rails", "5.1.1"
+gem "railties", "5.1.1"
+
+gemspec path: "../"

data/lib/wash_out.rb

@@ -60,9 +60,11 @@ ActionController::Metal.class_eval do
 end
 
 if Rails::VERSION::MAJOR >= 5
-  module ActionController
-    module ApiRendering
-      include ActionView::Rendering
+  if defined?(ActionView::Rendering)
+    module ActionController
+      module ApiRendering
+        include ActionView::Rendering
+      end
     end
   end
 

data/lib/wash_out/dispatcher.rb

@@ -192,7 +192,12 @@ module WashOut
       controller.send :"before_#{entity}", :_authenticate_wsse,   :if => :soap_action?
       controller.send :"before_#{entity}", :_map_soap_parameters, :if => :soap_action?
       controller.send :"before_#{entity}", :_map_soap_headers, :if => :soap_action?
-      controller.send :"skip_before_#{entity}", :verify_authenticity_token, :raise => false
+
+      if defined?(Rails::VERSION::MAJOR) && (Rails::VERSION::MAJOR >= 5)
+        controller.send :"skip_before_#{entity}", :verify_authenticity_token, :raise => false
+      else
+        controller.send :"skip_before_#{entity}", :verify_authenticity_token
+      end
     end
 
     def self.deep_select(collection, result=[], &blk)

data/lib/wash_out/engine.rb

@@ -1,10 +1,9 @@
-
 module WashOut
   class Engine < ::Rails::Engine
     config.wash_out = ActiveSupport::OrderedOptions.new
     initializer "wash_out.configuration" do |app|
       if app.config.wash_out[:catch_xml_errors]
-        app.config.middleware.insert_after 'ActionDispatch::ShowExceptions', WashOut::Middleware
+        app.config.middleware.insert_after(ActionDispatch::ShowExceptions, WashOut::Middleware)
       end
     end
 

data/lib/wash_out/router.rb

@@ -14,7 +14,7 @@ module WashOut
 
         app = x.app
         app = app.app if app.respond_to?(:app)
-        if app.respond_to?(:routes)
+        if app.respond_to?(:routes) && app.routes.respond_to?(:routes)
           lookup_soap_routes(controller_name, app.routes.routes, path+[x], &block)
         end
       end
@@ -31,6 +31,9 @@ module WashOut
           routes.map{|x| x.format({})}                           # Rails 3.2
         end
 
+        if Rails.application.config.relative_url_root.present?
+          path.prepend Rails.application.config.relative_url_root
+        end
         return request.protocol + request.host_with_port + path.flatten.join('')
       end
     end

data/lib/wash_out/version.rb

@@ -1,3 +1,3 @@
 module WashOut
-  VERSION = "0.11.0"
+  VERSION = "0.12.0"
 end

data/lib/wash_out/wsse.rb

@@ -31,11 +31,11 @@ module WashOut
     end
 
     def auth_callback?
-      return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 2
+      return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 4
     end
 
-    def perform_auth_callback(user, password)
-      soap_config.wsse_auth_callback.call(user, password)
+    def perform_auth_callback(user, password, nonce, timestamp)
+      soap_config.wsse_auth_callback.call(user, password, nonce, timestamp)
     end
 
     def expected_user
@@ -46,10 +46,33 @@ module WashOut
       soap_config.wsse_password
     end
 
-    def matches_expected_digest?(password)
-      nonce     = @username_token.values_at(:nonce, :Nonce).compact.first
+    def eligible?
+      return true unless required?
+
+      user     = @username_token.values_at(:username, :Username).compact.first
+      password = @username_token.values_at(:password, :Password).compact.first
+
+      nonce = @username_token.values_at(:nonce, :Nonce).compact.first
       timestamp = @username_token.values_at(:created, :Created).compact.first
+
+      if (expected_user == user && self.class.matches_expected_digest?(expected_password, password, nonce, timestamp))
+        return true
+      end
+
+      if auth_callback?
+        return perform_auth_callback(user, password, nonce, timestamp)
+      end
+
+      if (expected_user == user && expected_password == password)
+        return true
+      end
+
+      return false
+    end
+
+    def self.matches_expected_digest?(expected_password, password, nonce, timestamp)
       return false if nonce.nil? || timestamp.nil?
+
       timestamp = timestamp.to_datetime
 
       # Token should not be accepted if timestamp is older than 5 minutes ago
@@ -69,33 +92,15 @@ module WashOut
       token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + expected_password
       flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
 
+      # SoapUI
+      token = Base64.decode64(nonce) + timestamp.strftime("%Y-%m-%dT%H:%M:%S.%3NZ") + expected_password
+      flavors << Base64.encode64(Digest::SHA1.digest(token)).chomp!
+
       flavors.each do |f|
         return true if f == password
       end
 
       return false
     end
-
-    def eligible?
-      return true unless required?
-
-      user     = @username_token.values_at(:username, :Username).compact.first
-      password = @username_token.values_at(:password, :Password).compact.first
-
-      if (expected_user == user && matches_expected_digest?(password))
-        return true
-      end
-
-      if auth_callback?
-        return perform_auth_callback(user, password)
-      end
-
-      if (expected_user == user && expected_password == password)
-        return true
-      end
-
-      return false
-    end
-
   end
 end

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,3 +1,3 @@
 class ApplicationController < ActionController::Base
-  protect_from_forgery
+  protect_from_forgery with: :exception
 end

data/spec/lib/wash_out_spec.rb

@@ -2,6 +2,29 @@
 
 require 'spec_helper'
 
+SIMPLE_REQUEST_XML = <<-SIMPLE_REQUEST_XML_HEREDOC
+<?xml version="1.0" encoding="UTF-8"?>
+<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="false" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
+  <env:Body>
+    <tns:answer>
+      <value>42</value>
+    </tns:answer>
+  </env:Body>
+</env:Envelope>
+SIMPLE_REQUEST_XML_HEREDOC
+
+SIMPLE_RESPONSE_XML = <<-SIMPLE_RESPONSE_XML_HEREDOC
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="false">
+  <soap:Body>
+    <tns:answerResponse>
+      <Value xsi:type="xsd:int">42</Value>
+    </tns:answerResponse>
+  </soap:Body>
+</soap:Envelope>
+SIMPLE_RESPONSE_XML_HEREDOC
+
+
 describe WashOut do
 
   let :nori do
@@ -161,6 +184,25 @@ describe WashOut do
         XML
       end
 
+      it "succeeds when protect_from_forgery is enabled" do
+
+        # Enable allow_forgery_protection (affects all subsequent specs)
+        # Alternatively, assign in spec/dummy/config/environments/test.rb
+        Rails.application.config.after_initialize do
+          ActionController::Base.allow_forgery_protection = true
+        end
+
+        mock_controller do
+          soap_action "answer", :args => nil, :return => :int
+          def answer
+            render :soap => "42"
+          end
+        end
+
+        expect(HTTPI.post("http://app/route/api/action", SIMPLE_REQUEST_XML).body).to eq SIMPLE_RESPONSE_XML
+
+      end
+
       it "accept no parameters" do
         mock_controller do
           soap_action "answer", :args => nil, :return => :int
@@ -961,8 +1003,10 @@ describe WashOut do
 
     it "handles auth callback" do
       mock_controller(
-        wsse_auth_callback: lambda {|user, password|
-          return user == "gorilla" && password == "secret"
+        wsse_auth_callback: lambda {|user, password, nonce, timestamp|
+          authenticated = nonce ? WashOut::Wsse.matches_expected_digest?("secret", password, nonce, timestamp) : password == "secret"
+
+          return user == "gorilla" && authenticated
         }
       ) do
         soap_action "checkAuth", :args => :integer, :return => :boolean, :to => 'check_auth'
@@ -977,7 +1021,7 @@ describe WashOut do
 
       # correct digest auth
       expect { savon(:check_auth, 42){ wsse_auth "gorilla", "secret", :digest } }.
-        to raise_exception(Savon::SOAPFault)
+        not_to raise_exception
 
       # wrong user
       expect { savon(:check_auth, 42){ wsse_auth "chimpanzee", "secret", :digest } }.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wash_out
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Boris Staal
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-09 00:00:00.000000000 Z
+date: 2017-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nori
@@ -54,6 +54,7 @@ files:
 - gemfiles/rails_4.2.0.gemfile
 - gemfiles/rails_5.0.0.beta2.gemfile
 - gemfiles/rails_5.0.0.gemfile
+- gemfiles/rails_5.1.1.gemfile
 - init.rb
 - lib/wash_out.rb
 - lib/wash_out/configurable.rb