wash_out 0.9.0 → 0.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fb290b5f2914d741a1cc5ba218d0eab0b87415fc
-  data.tar.gz: 336edc510428d18429908b002c22d8c84ab5ec41
+  metadata.gz: 9149b2f9a1a04ad8d6ba859ef68f2dbf9db6d585
+  data.tar.gz: 55936871f904cf8d45517312b4479a39a5a5e5d5
 SHA512:
-  metadata.gz: 2a06e7e53d7b0ed436951a97dbd29cb7592d1ee39743c4bb60c194e347435f6514368744540d9fafd413c906bf0337271ff897ffb7c158280c16dbe30156b32f
-  data.tar.gz: 658031ea5d90bec54848b5ceebdf03b65ecdc3ecf46a6312f5b8adf0e523944332e81ebb5c7e4ce03c47c8cb3e948b7d550cb49170cde363ec9bab896eb3632d
+  metadata.gz: 5e2798c550e16322bb72de0dfa08c0e3a18ec3d292b481fc905d36f72d4b51a60bd889a583b723fc54081a484520c260a07e8b28dab1bb9babfa10f115e76e4b
+  data.tar.gz: 08821de12b76c9fc9f4c79ddc381279ebddfa7c42d6a197e9a7b7528f94044b46927edffab4bf9bb7dfcb090e4678effe80ef1e61cfd4cdee6c339dd0ed64090

data/.gitignore

@@ -2,6 +2,8 @@
 .bundle/
 *.gem
 .idea/
+.ruby-gemset
+.ruby-version
 .rvmrc
 *.swp
 log/*.log

data/.travis.yml

@@ -4,3 +4,4 @@ rvm:
   - 1.9.3
   - jruby-19mode
   - 2.0.0
+  - 2.1.0

data/Appraisals

@@ -12,4 +12,12 @@ end
 
 appraise "rails-4.0.0" do
   gem "rails", "4.0.0"
-end
+end
+
+appraise "rails-4.1.0" do
+  gem "rails", "4.1.0"
+end
+
+appraise "rails-4.2.0" do
+  gem "rails", "4.2.0"
+end

data/Gemfile

@@ -4,7 +4,7 @@ gemspec
 
 gem 'wasabi'
 gem 'savon', '>= 2.0.0'
-gem 'httpi', :git => 'git://github.com/savonrb/httpi.git'
+gem 'httpi'
 
 gem 'rspec-rails'
 gem 'guard'

data/README.md

@@ -94,7 +94,7 @@ WashOutSample::Application.routes.draw do
 end
 ```
 
-In such a setup, the generated WSDL may be queried at path `/api/wsdl`. So, with a
+In such a setup, the generated WSDL may be queried at path `/rumbas/wsdl`. So, with a
 gem like Savon, a request can be done using this path:
 
 ```ruby
@@ -137,6 +137,32 @@ To use defined type inside your inline declaration, pass the class instead of ty
 Note that WashOut extends the `ActiveRecord` so every model you use is already a WashOut::Type and can be used
 inside your interface declarations.
 
+## WSSE Authentication
+
+WashOut provides two mechanism for WSSE Authentication. 
+
+### Static Authentication
+
+You can configure the service to validate against a username and password with the following configuration:
+
+```ruby
+soap_service namespace: "wash_out", wsse_username: "username", wsse_password: "password"
+```
+
+With this mechanism, all the actions in the controller will be authenticated against the specified username and password. If you need to authenticate different users, you can use the dynamic mechanism described below.
+
+### Dynamic Authentication
+
+Dynamic authentication allows you to process the username and password any way you want, with the most common case being authenticating against a database. The configuration option for this mechanism is called `wsse_auth_callback`:
+
+```ruby
+soap_service namespace: "wash_out", wsse_auth_callback: ->(username, password) {
+  return !User.find_by(username: username).authenticate(password).blank?
+}
+```
+
+Keep in mind that the password may already be hashed by the SOAP client, so you would have to check against that condition too as per [spec](http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf)
+
 ## Configuration
 
 Use `config.wash_out...` inside your environment configuration to setup WashOut globally.

data/app/views/wash_with_soap/document/error.builder

@@ -2,7 +2,7 @@ xml.instruct!
 xml.tag! "soap:Envelope", "xmlns:soap" => 'http://schemas.xmlsoap.org/soap/envelope/' do
   xml.tag! "soap:Body" do
     xml.tag! "soap:Fault" do
-      xml.faultcode "soap:Server"
+      xml.faultcode error_code
       xml.faultstring error_message
     end
   end

data/app/views/wash_with_soap/document/response.builder

@@ -3,9 +3,7 @@ xml.tag! "soap:Envelope", "xmlns:soap" => 'http://schemas.xmlsoap.org/soap/envel
                           "xmlns:xsd" => 'http://www.w3.org/2001/XMLSchema',
                           "xmlns:tns" => @namespace do
   xml.tag! "soap:Body" do
-    key = "tns:#{@operation}#{controller.soap_config.camelize_wsdl ? 'Response' : '_response'}"
-
-    xml.tag! @action_spec[:response_tag] do
+    xml.tag! "tns:#{@action_spec[:response_tag]}" do
       wsdl_data xml, result
     end
   end

data/app/views/wash_with_soap/document/wsdl.builder

@@ -20,10 +20,10 @@ xml.definitions 'xmlns' => 'http://schemas.xmlsoap.org/wsdl/',
   end
 
   xml.portType :name => "#{@name}_port" do
-    @map.keys.each do |operation|
+    @map.each do |operation, formats|
       xml.operation :name => operation do
         xml.input :message => "tns:#{operation}"
-        xml.output :message => "tns:#{operation}#{controller.soap_config.camelize_wsdl ? 'Response' : '_response'}"
+        xml.output :message => "tns:#{formats[:response_tag]}"
       end
     end
   end
@@ -59,7 +59,7 @@ xml.definitions 'xmlns' => 'http://schemas.xmlsoap.org/wsdl/',
         xml.part wsdl_occurence(p, false, :name => p.name, :type => p.namespaced_type)
       end
     end
-    xml.message :name => "#{operation}#{controller.soap_config.camelize_wsdl ? 'Response' : '_response'}" do
+    xml.message :name => formats[:response_tag] do
       formats[:out].each do |p|
         xml.part wsdl_occurence(p, false, :name => p.name, :type => p.namespaced_type)
       end

data/app/views/wash_with_soap/rpc/error.builder

@@ -3,7 +3,7 @@ xml.tag! "soap:Envelope", "xmlns:soap" => 'http://schemas.xmlsoap.org/soap/envel
                           "xmlns:xsi" => 'http://www.w3.org/2001/XMLSchema-instance' do
   xml.tag! "soap:Body" do
     xml.tag! "soap:Fault", :encodingStyle => 'http://schemas.xmlsoap.org/soap/encoding/' do
-      xml.faultcode "Server", 'xsi:type' => 'xsd:QName'
+      xml.faultcode error_code, 'xsi:type' => 'xsd:QName'
       xml.faultstring error_message, 'xsi:type' => 'xsd:string'
     end
   end

data/app/views/wash_with_soap/rpc/response.builder

@@ -4,9 +4,7 @@ xml.tag! "soap:Envelope", "xmlns:soap" => 'http://schemas.xmlsoap.org/soap/envel
                           "xmlns:xsi" => 'http://www.w3.org/2001/XMLSchema-instance',
                           "xmlns:tns" => @namespace do
   xml.tag! "soap:Body" do
-    key = "tns:#{@operation}#{controller.soap_config.camelize_wsdl ? 'Response' : '_response'}"
-
-    xml.tag! @action_spec[:response_tag] do
+    xml.tag! "tns:#{@action_spec[:response_tag]}" do
       wsdl_data xml, result
     end
   end

data/app/views/wash_with_soap/rpc/wsdl.builder

@@ -20,10 +20,10 @@ xml.definitions 'xmlns' => 'http://schemas.xmlsoap.org/wsdl/',
   end
 
   xml.portType :name => "#{@name}_port" do
-    @map.keys.each do |operation|
+    @map.each do |operation, formats|
       xml.operation :name => operation do
         xml.input :message => "tns:#{operation}"
-        xml.output :message => "tns:#{operation}#{controller.soap_config.camelize_wsdl ? 'Response' : '_response'}"
+        xml.output :message => "tns:#{formats[:response_tag]}"
       end
     end
   end
@@ -59,7 +59,7 @@ xml.definitions 'xmlns' => 'http://schemas.xmlsoap.org/wsdl/',
         xml.part wsdl_occurence(p, true, :name => p.name, :type => p.namespaced_type)
       end
     end
-    xml.message :name => "#{operation}#{controller.soap_config.camelize_wsdl ? 'Response' : '_response'}" do
+    xml.message :name => formats[:response_tag] do
       formats[:out].each do |p|
         xml.part wsdl_occurence(p, true, :name => p.name, :type => p.namespaced_type)
       end

data/lib/wash_out.rb

@@ -15,7 +15,7 @@ module ActionDispatch::Routing
   class Mapper
     # Adds the routes for a SOAP endpoint at +controller+.
     def wash_out(controller_name, options={})
-      options.reverse_merge!(@scope) if @scope
+      options.each_with_index { |key, value|  @scope[key] = value } if @scope
       controller_class_name = [options[:module], controller_name].compact.join("/")
 
       match "#{controller_name}/wsdl"   => "#{controller_name}#_generate_wsdl", :via => :get, :format => false
@@ -44,4 +44,4 @@ ActionController::Base.class_eval do
     include WashOut::SOAP
     self.soap_config = options
   end
-end
+end

data/lib/wash_out/dispatcher.rb

@@ -5,7 +5,14 @@ module WashOut
   module Dispatcher
     # A SOAPError exception can be raised to return a correct SOAP error
     # response.
-    class SOAPError < Exception; end
+    class SOAPError < Exception
+      attr_accessor :code
+      def initialize(message, code=nil)
+        super(message)
+        @code = code
+      end
+    end
+
     class ProgrammerError < Exception; end
 
     def _authenticate_wsse
@@ -25,19 +32,10 @@ module WashOut
     end
 
     def _map_soap_parameters
-
-      soap_action = request.env['wash_out.soap_action']
-      action_spec = self.class.soap_actions[soap_action]
-
-      xml_data = env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
-      xml_data = xml_data.values_at(:body, :Body).compact.first
-      xml_data = xml_data.values_at(soap_action.underscore.to_sym,
-                                    soap_action.to_sym).compact.first || {}
-
       strip_empty_nodes = lambda{|hash|
         hash.keys.each do |key|
           if hash[key].is_a? Hash
-            value = hash[key].delete_if{|k, v| key.to_s[0] == '@'}
+            value = hash[key].delete_if{|k, v| k.to_s[0] == '@'}
 
             if value.length > 0
               hash[key] = strip_empty_nodes.call(value)
@@ -49,8 +47,7 @@ module WashOut
 
         hash
       }
-      xml_data = strip_empty_nodes.call(xml_data)
-      @_params = _load_params(action_spec[:in], xml_data)
+      @_params = _load_params(action_spec[:in], strip_empty_nodes.call(xml_data))
     end
 
     # Creates the final parameter hash based on the request spec and xml_data from the request
@@ -138,23 +135,25 @@ module WashOut
       render_soap_error("Cannot find SOAP action mapping for #{request.env['wash_out.soap_action']}")
     end
 
-    def _render_soap_exception(error)
-      render_soap_error(error.message)
+    def _catch_soap_errors
+      yield
+    rescue SOAPError => error
+      render_soap_error(error.message, error.code)
     end
 
     # Render a SOAP error response.
     #
     # Rails do not support sequental rescue_from handling, that is, rescuing an
     # exception from a rescue_from handler. Hence this function is a public API.
-    def render_soap_error(message)
+    def render_soap_error(message, code=nil)
       render :template => "wash_with_soap/#{soap_config.wsdl_style}/error", :status => 500,
              :layout => false,
-             :locals => { :error_message => message },
+             :locals => { :error_message => message, :error_code => (code || 'Server') },
              :content_type => 'text/xml'
     end
 
     def self.included(controller)
-      controller.send :rescue_from, SOAPError, :with => :_render_soap_exception
+      controller.send :around_filter, :_catch_soap_errors
       controller.send :helper, :wash_out
       controller.send :before_filter, :_authenticate_wsse,     :except => [
         :_generate_wsdl, :_invalid_action ]
@@ -182,5 +181,22 @@ module WashOut
 
       hash
     end
+
+    private
+
+    def action_spec
+      self.class.soap_actions[soap_action]
+    end
+
+    def soap_action
+      request.env['wash_out.soap_action']
+    end
+
+    def xml_data
+      xml_data = env['wash_out.soap_data'].values_at(:envelope, :Envelope).compact.first
+      xml_data = xml_data.values_at(:body, :Body).compact.first
+      xml_data = xml_data.values_at(soap_action.underscore.to_sym, soap_action.to_sym).compact.first || {}
+    end
+
   end
 end

data/lib/wash_out/model.rb

@@ -22,7 +22,7 @@ module WashOut
       map
     end
 
-    def wash_out_param_name
+    def wash_out_param_name(*args)
       return name.underscore
     end
   end

data/lib/wash_out/param.rb

@@ -160,6 +160,7 @@ module WashOut
     def flat_copy
       copy = self.class.new(@soap_config, @name, @type.to_sym, @multiplied)
       copy.raw_name = raw_name
+      copy.source_class = copy.source_class
       copy
     end
 

data/lib/wash_out/router.rb

@@ -15,10 +15,14 @@ module WashOut
     def parse_soap_action(env)
       return env['wash_out.soap_action'] if env['wash_out.soap_action']
 
-      soap_action = env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
+      soap_action = controller.soap_config.soap_action_routing ? env['HTTP_SOAPACTION'].to_s.gsub(/^"(.*)"$/, '\1')
+                                                               : ''
 
       if soap_action.blank?
-        soap_action = nori.parse(soap_body env)
+        parsed_soap_body = nori(controller.soap_config.snakecase_input).parse(soap_body env)
+        return nil if parsed_soap_body.blank?
+
+        soap_action = parsed_soap_body
             .values_at(:envelope, :Envelope).compact.first
             .values_at(:body, :Body).compact.first
             .keys.first.to_s
@@ -41,13 +45,16 @@ module WashOut
         :strip_namespaces => true,
         :advanced_typecasting => true,
         :convert_tags_to => (
-          snakecase ? lambda { |tag| tag.snakecase.to_sym } 
+          snakecase ? lambda { |tag| tag.snakecase.to_sym }
                     : lambda { |tag| tag.to_sym }
         )
       )
     end
 
     def soap_body(env)
+      # Don't let nobody intercept us ^_^
+      env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
+
       env['rack.input'].respond_to?(:string) ? env['rack.input'].string
                                              : env['rack.input'].read
     end
@@ -70,6 +77,8 @@ module WashOut
       @controller = @controller_name.constantize
 
       soap_action     = parse_soap_action(env)
+      return [200, {}, ['OK']] if soap_action.blank?
+
       soap_parameters = parse_soap_parameters(env)
 
       action_spec = controller.soap_actions[soap_action]

data/lib/wash_out/soap.rb

@@ -26,20 +26,21 @@ module WashOut
         end
 
         default_response_tag = soap_config.camelize_wsdl ? 'Response' : '_response'
-        default_response_tag = "tns:#{action}#{default_response_tag}"
+        default_response_tag = action+default_response_tag
 
-        self.soap_actions[action] = {
+        self.soap_actions[action] = options.merge(
           :in           => WashOut::Param.parse_def(soap_config, options[:args]),
           :out          => WashOut::Param.parse_def(soap_config, options[:return]),
           :to           => options[:to] || action,
           :response_tag => options[:response_tag] || default_response_tag
-        }
+        )
       end
     end
 
     included do
       include WashOut::Configurable
       include WashOut::Dispatcher
+      include WashOut::WsseParams
       self.soap_actions = {}
     end
   end

data/lib/wash_out/soap_config.rb

@@ -13,6 +13,8 @@ module WashOut
       catch_xml_errors: false,
       wsse_username: nil,
       wsse_password: nil,
+      wsse_auth_callback: nil,
+      soap_action_routing: true,
     }
 
     attr_reader :config

data/lib/wash_out/version.rb

@@ -1,3 +1,3 @@
 module WashOut
-  VERSION = "0.9.0"
+  VERSION = "0.9.2"
 end

data/lib/wash_out/wsse.rb

@@ -1,4 +1,13 @@
 module WashOut
+
+  module WsseParams
+    def wsse_username
+      if request.env['WSSE_TOKEN']
+        request.env['WSSE_TOKEN'].values_at(:username, :Username).compact.first
+      end
+    end
+  end
+
   class Wsse
     attr_reader :soap_config
     def self.authenticate(soap_config, token)
@@ -18,7 +27,15 @@ module WashOut
     end
 
     def required?
-      !soap_config.wsse_username.blank?
+      !soap_config.wsse_username.blank? || auth_callback?
+    end
+
+    def auth_callback?
+      return !!soap_config.wsse_auth_callback && soap_config.wsse_auth_callback.respond_to?(:call) && soap_config.wsse_auth_callback.arity == 2
+    end
+
+    def perform_auth_callback(user, password)
+      soap_config.wsse_auth_callback.call(user, password)
     end
 
     def expected_user
@@ -65,11 +82,15 @@ module WashOut
       user     = @username_token.values_at(:username, :Username).compact.first
       password = @username_token.values_at(:password, :Password).compact.first
 
-      if (expected_user == user && expected_password == password)
+      if (expected_user == user && matches_expected_digest?(password))
         return true
       end
 
-      if (expected_user == user && matches_expected_digest?(password))
+      if auth_callback?
+        return perform_auth_callback(user, password)
+      end
+
+      if (expected_user == user && expected_password == password)
         return true
       end
 

data/spec/lib/wash_out/dispatcher_spec.rb

@@ -52,6 +52,21 @@ describe WashOut::Dispatcher do
     }
   end
 
+  describe "#_map_soap_parameters" do
+    let(:dispatcher) { Dispatcher.new }
+    let(:soap_config) { WashOut::SoapConfig.new(camelize_wsdl: false) }
+
+    before do
+      allow(dispatcher).to receive(:action_spec).and_return(in: WashOut::Param.parse_def(soap_config, {:empty => :string } ))
+      allow(dispatcher).to receive(:xml_data).and_return(:empty => { :"@xsi:type" => "xsd:string" })
+    end
+
+    it "should handle empty strings that have been parsed wrong by nori" do
+      dispatcher._map_soap_parameters
+      expect(dispatcher.params).to eq('empty' => nil)
+    end
+  end
+
   describe "#_load_params" do
     let(:dispatcher) { Dispatcher.new }
     let(:soap_config) { WashOut::SoapConfig.new({ camelize_wsdl: false }) }

data/spec/lib/wash_out/router_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'wash_out/router'
+
+describe WashOut::Router do
+  it 'returns a 200 with empty soap action' do
+
+    mock_controller do
+      # nothing
+    end
+
+    env = {}
+    env['REQUEST_METHOD'] = 'GET'
+    env['rack.input'] = double 'basic-rack-input', {:string => ''}
+    result = WashOut::Router.new('Api').call env
+
+    expect(result[0]).to eq(200)
+    #expect(result[1]['Content-Type']).to eq('text/xml')
+
+    msg = result[2][0]
+    expect(msg).to eq('OK')
+  end
+end

data/spec/lib/wash_out_spec.rb

@@ -507,6 +507,19 @@ describe WashOut do
         lambda { savon(:error, :need_error => true) }.should raise_exception(Savon::SOAPFault)
       end
 
+      it "misses basic exceptions" do
+        mock_controller do
+          soap_action "error", :args => { :need_error => :boolean }, :return => nil
+          def error
+            raise self.class.const_get(:Exception), "you wanted one" if params[:need_error]
+            render :soap => nil
+          end
+        end
+
+        lambda { savon(:error, :need_error => false) }.should_not raise_exception
+        lambda { savon(:error, :need_error => true) }.should raise_exception(Exception)
+      end
+
       it "raise for manual throws" do
         mock_controller do
           soap_action "error", :args => nil, :return => nil
@@ -668,6 +681,10 @@ describe WashOut do
       end
 
       # correct auth
+      lambda { savon(:check_auth, 42){ wsse_auth "gorilla", "secret" } }.
+        should_not raise_exception
+
+      # correct digest auth
       lambda { savon(:check_auth, 42){ wsse_auth "gorilla", "secret", :digest } }.
         should_not raise_exception
 
@@ -684,6 +701,39 @@ describe WashOut do
         should raise_exception(Savon::SOAPFault)
     end
 
+    it "handles auth callback" do
+      mock_controller(
+        wsse_auth_callback: lambda {|user, password|
+          return user == "gorilla" && password == "secret" 
+        }
+      ) do
+        soap_action "checkAuth", :args => :integer, :return => :boolean, :to => 'check_auth'
+        def check_auth
+          render :soap => (params[:value] == 42)
+        end
+      end
+
+      # correct auth
+      lambda { savon(:check_auth, 42){ wsse_auth "gorilla", "secret" } }.
+        should_not raise_exception
+
+      # correct digest auth
+      lambda { savon(:check_auth, 42){ wsse_auth "gorilla", "secret", :digest } }.
+        should raise_exception(Savon::SOAPFault)
+
+      # wrong user
+      lambda { savon(:check_auth, 42){ wsse_auth "chimpanzee", "secret", :digest } }.
+        should raise_exception(Savon::SOAPFault)
+
+      # wrong pass
+      lambda { savon(:check_auth, 42){ wsse_auth "gorilla", "nicetry", :digest } }.
+        should raise_exception(Savon::SOAPFault)
+
+      # no auth
+      lambda { savon(:check_auth, 42) }.
+        should raise_exception(Savon::SOAPFault)
+    end
+
   end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wash_out
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.9.2
 platform: ruby
 authors:
 - Boris Staal
@@ -9,20 +9,20 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-10 00:00:00.000000000 Z
+date: 2015-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nori
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
 description: Dead simple Rails 3 SOAP server library
@@ -31,9 +31,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -88,6 +88,7 @@ files:
 - spec/lib/wash_out/dispatcher_spec.rb
 - spec/lib/wash_out/middleware_spec.rb
 - spec/lib/wash_out/param_spec.rb
+- spec/lib/wash_out/router_spec.rb
 - spec/lib/wash_out/type_spec.rb
 - spec/lib/wash_out_spec.rb
 - spec/spec_helper.rb
@@ -103,17 +104,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Dead simple Rails 3 SOAP server library