├── .gitignore ├── Gemfile ├── MIT-LICENSE ├── README.md ├── Rakefile ├── app ├── assets │ ├── images │ │ └── boilerman │ │ │ └── .keep │ ├── javascripts │ │ ├── application.js │ │ └── boilerman │ │ │ ├── actions_controller.js │ │ │ ├── application.js │ │ │ ├── checks.js │ │ │ └── controllers.js │ └── stylesheets │ │ ├── application.css │ │ └── boilerman │ │ ├── actions_controller.css │ │ ├── application.scss │ │ ├── checks.css │ │ └── controllers.css ├── controllers │ └── boilerman │ │ ├── actions_controller.rb │ │ ├── application_controller.rb │ │ ├── checks_controller.rb │ │ └── controllers_controller.rb ├── helpers │ └── boilerman │ │ ├── actions_controller_helper.rb │ │ ├── application_helper.rb │ │ ├── checks_helper.rb │ │ └── controllers_helper.rb └── views │ ├── boilerman │ ├── actions │ │ ├── _controller_filter.html.erb │ │ ├── _filters_filter.html.erb │ │ └── index.html.erb │ ├── checks │ │ ├── csrf.html.erb │ │ ├── index.html.erb │ │ └── inheritance_check.html.erb │ └── controllers │ │ ├── _action_filter.html.erb │ │ ├── _application_statistics_panel.html.erb │ │ ├── _callback_breakdown_panel.html.erb │ │ ├── _controller_filter.html.erb │ │ ├── _controller_list_panel.html.erb │ │ └── index.html.erb │ └── layouts │ └── boilerman │ └── application.html.erb ├── bin └── rails ├── boilerman.gemspec ├── config ├── locales │ └── en.bootstrap.yml └── routes.rb ├── lib ├── boilerman.rb ├── boilerman │ ├── actions.rb │ ├── checks.rb │ ├── engine.rb │ └── version.rb ├── generators │ └── boilerman │ │ └── install_generator.rb └── tasks │ └── boilerman_tasks.rake ├── screenshots └── boilerman_screenshot.png └── test ├── boilerman_test.rb ├── controllers └── boilerman │ ├── actions_controller_controller_test.rb │ ├── checks_controller_test.rb │ └── controllers_controller_test.rb ├── dummy ├── README.rdoc ├── Rakefile ├── app │ ├── assets │ │ ├── images │ │ │ └── .keep │ │ ├── javascripts │ │ │ └── application.js │ │ └── stylesheets │ │ │ └── application.css │ ├── controllers │ │ ├── application_controller.rb │ │ └── concerns │ │ │ └── .keep │ ├── helpers │ │ └── application_helper.rb │ ├── mailers │ │ └── .keep │ ├── models │ │ ├── .keep │ │ └── concerns │ │ │ └── .keep │ └── views │ │ └── layouts │ │ └── application.html.erb ├── bin │ ├── bundle │ ├── rails │ └── rake ├── config.ru ├── config │ ├── application.rb │ ├── boot.rb │ ├── database.yml │ ├── environment.rb │ ├── environments │ │ ├── development.rb │ │ ├── production.rb │ │ └── test.rb │ ├── initializers │ │ ├── assets.rb │ │ ├── backtrace_silencers.rb │ │ ├── cookies_serializer.rb │ │ ├── filter_parameter_logging.rb │ │ ├── inflections.rb │ │ ├── mime_types.rb │ │ ├── session_store.rb │ │ └── wrap_parameters.rb │ ├── locales │ │ └── en.yml │ ├── routes.rb │ └── secrets.yml ├── lib │ └── assets │ │ └── .keep ├── log │ └── .keep └── public │ ├── 404.html │ ├── 422.html │ ├── 500.html │ └── favicon.ico ├── helpers └── boilerman │ └── controllers_helper_test.rb ├── integration └── navigation_test.rb └── test_helper.rb /.gitignore: -------------------------------------------------------------------------------- 1 | Gemfile.lock 2 | .bundle/ 3 | log/*.log 4 | pkg/ 5 | test/dummy/db/*.sqlite3 6 | test/dummy/db/*.sqlite3-journal 7 | test/dummy/log/*.log 8 | test/dummy/tmp/ 9 | test/dummy/.sass-cache 10 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | # Declare your gem's dependencies in boilerman.gemspec. 4 | # Bundler will treat runtime dependencies like base dependencies, and 5 | # development dependencies will be added by default to the :development group. 6 | gemspec 7 | 8 | # Declare any dependencies that are still in development here instead of in 9 | # your gemspec. These might include edge Rails or gems from your path or 10 | # Git. Remember to move these dependencies to your gemspec before releasing 11 | # your gem to rubygems.org. 12 | 13 | # To use debugger 14 | # gem 'debugger' 15 | -------------------------------------------------------------------------------- /MIT-LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2015 YOURNAME 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Boilerman 2 | 3 | Boilerman is a Rails engine that helps in assessing security of your authentication 4 | and authorization logic. 5 | 6 | Currently supports Rails versions 3.2 and greater. 7 | 8 | ## What it looks like 9 | 10 | ![Boilerman Screenshot](https://raw.github.com/tomekr/boilerman/master/screenshots/boilerman_screenshot.png) 11 | 12 | ## Features 13 | 14 | Tracked at https://www.pivotaltracker.com/n/projects/1281714 15 | 16 | ## Installation and Usage 17 | 18 | 1. Add `gem "boilerman"` to your Gemfile 19 | 1. Run `bundle install` 20 | 1. Run `rails generate boilerman:install` 21 | 1. Start your application. 22 | 1. Navigate to `http://localhost:3000/boilerman` 23 | 24 | ## Console Usage 25 | 26 | ### Configurable Filters: 27 | 28 | The currently implemented filters follow: 29 | 30 | ~~~ 31 | controller_filters 32 | with_filters 33 | without_filters 34 | ignore_filters 35 | ignore_actions 36 | ~~~ 37 | 38 | Within a Rails console, you can use the following syntax: 39 | 40 | ~~~ 41 | ➜ railsgoat git:(master) ✗ rails c 42 | Loading development environment (Rails 4.2.2) 43 | [1] pry(main)> Boilerman::Actions.get_action_hash 44 | => {SessionsController=> 45 | {"new"=> 46 | ["verify_authenticity_token", 47 | "set_xhr_redirected_to", 48 | "set_request_method_cookie", 49 | "create_analytic", 50 | "mailer_options"] 51 | ... 52 | ~~~ 53 | 54 | Filters can be applied by passing in filter strings into the appropriate 55 | hash value 56 | 57 | ~~~ 58 | [2] pry(main)> Boilerman::Actions.get_action_hash({ controller_filters: ["API"]}) 59 | => {Api::V1::UsersController=> 60 | {"index"=> 61 | ["verify_authenticity_token", 62 | "set_xhr_redirected_to", 63 | "set_request_method_cookie", 64 | "has_info", 65 | "create_analytic", 66 | "mailer_options", 67 | "valid_api_token", 68 | "extrapolate_user"] 69 | ~~~ 70 | 71 | ### Force loading boilerman into a Rails console 72 | 73 | If you have access to a Rails console but for one reason or another you 74 | can not modify the Gemfile of the application, you can force load 75 | boilerman's lib path into the $LOAD_PATH variable. First you will need 76 | the boilerman lib path. This could be the path you downloaded the source 77 | to or the path of the gem when using `gem install boilerman` (e.g. 78 | /Users/user1/.rvm/gems/ruby-2.2.1/gems/boilerman-0.1.0/lib) 79 | 80 | When in Rails console, add the path to the $LOAD_PATH array: 81 | 82 | ~~~ 83 | ➜ railsgoat git:(master) ✗ rails c 84 | Loading development environment (Rails 4.2.2) 85 | [1] pry(main)> $LOAD_PATH << "/Users/kamaji/.rvm/gems/ruby-2.2.1/gems/boilerman-0.1.0/lib" 86 | ~~~ 87 | 88 | After adding boilerman's lib path, you can now require it in the rails 89 | console and use it's methods. Note, this will not give you access to the 90 | engine and `/boilerman` path. 91 | 92 | ~~~ 93 | [3] pry(main)> require 'boilerman' 94 | WARNING: You're probably side loading boilerman into a console. 95 | Note that you will only have console access to Boilerman and will be 96 | unable to access it via the /boilerman path 97 | => true 98 | [4] pry(main)> 99 | ~~~ 100 | 101 | This project uses the MIT-LICENSE. 102 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | begin 2 | require 'bundler/setup' 3 | rescue LoadError 4 | puts 'You must `gem install bundler` and `bundle install` to run rake tasks' 5 | end 6 | 7 | require 'rdoc/task' 8 | 9 | RDoc::Task.new(:rdoc) do |rdoc| 10 | rdoc.rdoc_dir = 'rdoc' 11 | rdoc.title = 'Boilerman' 12 | rdoc.options << '--line-numbers' 13 | rdoc.rdoc_files.include('README.rdoc') 14 | rdoc.rdoc_files.include('lib/**/*.rb') 15 | end 16 | 17 | APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__) 18 | load 'rails/tasks/engine.rake' 19 | 20 | 21 | 22 | Bundler::GemHelper.install_tasks 23 | 24 | require 'rake/testtask' 25 | 26 | Rake::TestTask.new(:test) do |t| 27 | t.libs << 'lib' 28 | t.libs << 'test' 29 | t.pattern = 'test/**/*_test.rb' 30 | t.verbose = false 31 | end 32 | 33 | 34 | task default: :test 35 | -------------------------------------------------------------------------------- /app/assets/images/boilerman/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/app/assets/images/boilerman/.keep -------------------------------------------------------------------------------- /app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into including all the files listed below. 2 | // Add new JavaScript/Coffee code in separate files in this directory and they'll automatically 3 | // be included in the compiled file accessible from http://example.com/assets/application.js 4 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 5 | // the compiled file. 6 | // 7 | //= require jquery 8 | //= require jquery_ujs 9 | //= require_tree . 10 | -------------------------------------------------------------------------------- /app/assets/javascripts/boilerman/actions_controller.js: -------------------------------------------------------------------------------- 1 | // Place all the behaviors and hooks related to the matching controller here. 2 | // All this logic will automatically be available in application.js. 3 | 4 | $( document ).ready(function() { 5 | // Initialize global variables 6 | window.controller_filters = []; 7 | 8 | // When the enter key is pressed on the filter input boxes, trigger the 9 | // onclick event for that text box 10 | $("#controller_filter_input").keyup(function(event){ 11 | if(event.keyCode == 13){ 12 | $("#controller_filter_input_btn").click(); 13 | } 14 | }); 15 | 16 | $("#with_filter_input").keyup(function(event){ 17 | if(event.keyCode == 13){ 18 | $("#action_with_filter_input_btn").click(); 19 | } 20 | }); 21 | 22 | $("#without_filter_input").keyup(function(event){ 23 | if(event.keyCode == 13){ 24 | $("#action_without_filter_input_btn").click(); 25 | } 26 | }); 27 | }); 28 | 29 | function send_with_filter() { 30 | var filter_input = $("#with_filter_input")[0]; 31 | 32 | // we should only apply new query string if there is actual input 33 | if (filter_input.value.length) { 34 | // decide which seperator we want depending on if there is a current query string 35 | var seperator = window.location.search ? "&" : "?"; 36 | 37 | // Get current URL 38 | var href = window.location.href; 39 | // append new query 40 | new_link = href + seperator + "filters[with_filters][]=" + filter_input.value; 41 | 42 | window.location = new_link; 43 | } else { 44 | alert("You did not specify a filter to apply"); 45 | } 46 | } 47 | 48 | 49 | function send_controller_filter() { 50 | var filter_input = $("#controller_filter_input")[0]; 51 | 52 | // we should only apply new query string if there is actual input 53 | if (filter_input.value.length) { 54 | // decide which seperator we want depending on if there is a current query string 55 | var seperator = window.location.search ? "&" : "?"; 56 | 57 | // Get current URL 58 | var href = window.location.href; 59 | // append new query 60 | new_link = href + seperator + "filters[controller_filters][]=" + filter_input.value; 61 | 62 | window.location = new_link; 63 | } else { 64 | alert("You did not specify a filter to apply"); 65 | } 66 | } 67 | 68 | 69 | function send_without_filter() { 70 | var filter_input = $("#without_filter_input")[0]; 71 | 72 | // we should only apply new query string if there is actual input 73 | if (filter_input.value.length) { 74 | // decide which seperator we want depending on if there is a current query string 75 | var seperator = window.location.search ? "&" : "?"; 76 | 77 | // Get current URL 78 | var href = window.location.href; 79 | // append new query 80 | new_link = href + seperator + "filters[without_filters][]=" + filter_input.value; 81 | 82 | window.location = new_link; 83 | } else { 84 | alert("You did not specify a filter to apply"); 85 | } 86 | } 87 | 88 | function remove_with_filter(list_item) { 89 | var filter_text = list_item.text.trim(); 90 | var original_query = window.location.search; 91 | 92 | console.log(filter_text); 93 | var question_regex = new RegExp("\\?filters\\[with_filters\\]\\[\\]=" + filter_text + "&*"); 94 | var ampersand_regex = new RegExp("&filters\\[with_filters\\]\\[\\]=" + filter_text); 95 | 96 | var query = ""; 97 | if (question_regex.test(original_query)) { 98 | console.log("we've got a question mark"); 99 | query = original_query.replace(question_regex, '?'); 100 | 101 | } else if (ampersand_regex.test(original_query)) { 102 | console.log("we've got an ampersand mark"); 103 | query = original_query.replace(ampersand_regex, ''); 104 | } 105 | 106 | // reload page with new query string 107 | window.location = window.location.href.split('?')[0] + query; 108 | } 109 | 110 | function remove_without_filter(list_item) { 111 | console.log("remove_without_filter"); 112 | var filter_text = list_item.text.trim(); 113 | var original_query = window.location.search; 114 | 115 | console.log(filter_text); 116 | var question_regex = new RegExp("\\?filters\\[without_filters\\]\\[\\]=" + filter_text + "&*"); 117 | var ampersand_regex = new RegExp("&filters\\[without_filters\\]\\[\\]=" + filter_text); 118 | 119 | var query = ""; 120 | if (question_regex.test(original_query)) { 121 | console.log("we've got a question mark"); 122 | query = original_query.replace(question_regex, '?'); 123 | 124 | } else if (ampersand_regex.test(original_query)) { 125 | console.log("we've got an ampersand mark"); 126 | query = original_query.replace(ampersand_regex, ''); 127 | } 128 | 129 | console.log(query); 130 | // reload page with new query string 131 | window.location = window.location.href.split('?')[0] + query; 132 | } 133 | -------------------------------------------------------------------------------- /app/assets/javascripts/boilerman/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require jquery 14 | //= require jquery_ujs 15 | //= require bootstrap-sprockets 16 | //= require_tree . 17 | -------------------------------------------------------------------------------- /app/assets/javascripts/boilerman/checks.js: -------------------------------------------------------------------------------- 1 | // Place all the behaviors and hooks related to the matching controller here. 2 | // All this logic will automatically be available in application.js. 3 | -------------------------------------------------------------------------------- /app/assets/javascripts/boilerman/controllers.js: -------------------------------------------------------------------------------- 1 | $( document ).ready(function() { 2 | // Initialize global variables 3 | window.controller_filters = []; 4 | 5 | // When the enter key is pressed on the filter input boxes, trigger the 6 | // onclick event for that text box 7 | $("#controller_filter_input").keyup(function(event){ 8 | if(event.keyCode == 13){ 9 | $("#controller_filter_input_btn").click(); 10 | } 11 | }); 12 | 13 | $("#action_with_filter_input").keyup(function(event){ 14 | if(event.keyCode == 13){ 15 | $("#action_with_filter_input_btn").click(); 16 | } 17 | }); 18 | 19 | $("#action_without_filter_input").keyup(function(event){ 20 | if(event.keyCode == 13){ 21 | $("#action_without_filter_input_btn").click(); 22 | } 23 | }); 24 | }); 25 | 26 | function removeController(list_item) { 27 | var index = window.controller_filters.indexOf(list_item.text); 28 | if (index > -1) { 29 | window.controller_filters.splice(index, 1); 30 | } 31 | 32 | list_item.remove(); 33 | 34 | update_page(); 35 | } 36 | 37 | function update_page() { 38 | // Clear the value in the input field 39 | var rows = $("#callbackBreakdownTbl").find("tr.callback_lineitem").hide(); 40 | 41 | if (window.controller_filters.length == 0) { 42 | rows.show(); 43 | $("#include-controllers").find("li.list-group-item").show(); 44 | } 45 | else { 46 | var data = window.controller_filters; 47 | $.each(data, function (i, v) { 48 | rows.filter(":contains('" + v + "')").show(); 49 | }); 50 | $("#include-controllers").find("li.list-group-item").hide(); 51 | } 52 | } 53 | 54 | function filterController() { 55 | var filter_input = $("#controller_filter_input")[0]; 56 | 57 | if (filter_input.value.length) { 58 | // Add the filter to the global array of controller filters 59 | window.controller_filters.push(filter_input.value); 60 | 61 | // Add this filter to the controller filter list group 62 | update_controller_filter_list(filter_input.value); 63 | 64 | } else rows.show(); 65 | 66 | $("#controller_filter_input").val(''); 67 | update_page(); 68 | } 69 | 70 | function update_controller_filter_list(filter) { 71 | 72 | // Add the filter to the include-controllers list group 73 | build_list_group_item(filter); 74 | } 75 | 76 | function build_list_group_item(filter) { 77 | var list_item = $('',{ 78 | text: filter, 79 | href: '#', 80 | onclick: "removeController(this)", 81 | class: "list-group-item" 82 | }) 83 | 84 | $('', { 85 | class: "glyphicon glyphicon-remove pull-right list-group-span", 86 | "aria-hidden": true 87 | }).appendTo(list_item); 88 | 89 | list_item.appendTo('#include-controllers'); 90 | } 91 | 92 | // TODO 93 | function action_with_filter() { 94 | console.log("TODO: Implement action_with_filter()"); 95 | } 96 | 97 | function action_without_filter() { 98 | console.log("TODO: Implement action_without_filter()"); 99 | } 100 | function removeWithoutActionItem() { 101 | //TODO: Implement this 102 | console.log("TODO: IMPLEMENT removeWithoutActionItem()"); 103 | } 104 | function removeWithActionItem() { 105 | //TODO: Implement this 106 | console.log("TODO: IMPLEMENT removeWithActionItem()"); 107 | } 108 | function clearLocalFilters() { 109 | // TODO 110 | var x; 111 | if (confirm("Are you sure you want to clear your saved filters?") == true) { 112 | alert(gon.controllers); 113 | console.log("Clearing local storage"); 114 | } 115 | } 116 | -------------------------------------------------------------------------------- /app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/app/assets/stylesheets/application.css -------------------------------------------------------------------------------- /app/assets/stylesheets/boilerman/actions_controller.css: -------------------------------------------------------------------------------- 1 | /* 2 | Place all the styles related to the matching controller here. 3 | They will automatically be included in application.css. 4 | */ 5 | -------------------------------------------------------------------------------- /app/assets/stylesheets/boilerman/application.scss: -------------------------------------------------------------------------------- 1 | @import "bootstrap-sprockets"; 2 | @import "bootstrap"; 3 | /* universal */ 4 | 5 | body { 6 | padding-top: 60px; 7 | } 8 | 9 | section { 10 | overflow: auto; 11 | } 12 | 13 | textarea { 14 | resize: vertical; 15 | } 16 | 17 | .center { 18 | text-align: center; 19 | } 20 | 21 | .center h1 { 22 | margin-bottom: 10px; 23 | } 24 | 25 | /* typography */ 26 | 27 | h1, h2, h3, h4, h5, h6 { 28 | line-height: 1; 29 | } 30 | 31 | /*h1 {*/ 32 | /*font-size: 3em;*/ 33 | /*letter-spacing: -2px;*/ 34 | /*margin-bottom: 30px;*/ 35 | /*}*/ 36 | 37 | /*h2 {*/ 38 | /*font-size: 1.2em;*/ 39 | /*letter-spacing: -1px;*/ 40 | /*margin-bottom: 30px;*/ 41 | /*font-weight: normal;*/ 42 | /*color: #777;*/ 43 | /*}*/ 44 | 45 | p { 46 | font-size: 1.1em; 47 | line-height: 1.7em; 48 | } 49 | 50 | #logo { 51 | float: left; 52 | margin-right: 10px; 53 | font-size: 1.7em; 54 | color: #fff; 55 | text-transform: uppercase; 56 | letter-spacing: -1px; 57 | padding-top: 9px; 58 | font-weight: bold; 59 | } 60 | 61 | #logo:hover { 62 | color: #fff; 63 | text-decoration: none; 64 | } 65 | 66 | table { 67 | table-layout: fixed; 68 | word-wrap: break-word; 69 | } 70 | 71 | .top-buffer { margin-top:20px; } 72 | 73 | .list-group-span { 74 | display: none; 75 | } 76 | 77 | a:hover .list-group-span{ 78 | display: block; 79 | } 80 | 81 | .panel-heading { 82 | cursor: pointer; 83 | } 84 | -------------------------------------------------------------------------------- /app/assets/stylesheets/boilerman/checks.css: -------------------------------------------------------------------------------- 1 | /* 2 | Place all the styles related to the matching controller here. 3 | They will automatically be included in application.css. 4 | */ 5 | -------------------------------------------------------------------------------- /app/assets/stylesheets/boilerman/controllers.css: -------------------------------------------------------------------------------- 1 | /* 2 | Place all the styles related to the matching controller here. 3 | They will automatically be included in application.css. 4 | */ 5 | 6 | -------------------------------------------------------------------------------- /app/controllers/boilerman/actions_controller.rb: -------------------------------------------------------------------------------- 1 | require_dependency "boilerman/application_controller" 2 | 3 | module Boilerman 4 | class ActionsController < ApplicationController 5 | def index 6 | default_filters = { controller_filters: [], # XXX Implemented 7 | with_actions: [], 8 | without_actions: [], 9 | with_filters: [], # XXX Implemented 10 | without_filters: [], # XXX Implemented 11 | ignore_filters: [], # XXX Implemented 12 | ignore_actions: [] } # XXX Implemented 13 | 14 | if params[:filters] 15 | filters = params[:filters].reverse_merge(default_filters) 16 | else 17 | filters = default_filters 18 | end 19 | 20 | @controller_filters = filters[:controller_filters] 21 | 22 | @with_actions = filters[:with_actions] 23 | @without_actions = filters[:without_actions] 24 | 25 | @with_filters = filters[:with_filters] || [] 26 | @without_filters = filters[:without_filters] 27 | 28 | @ignore_filters = filters[:ignore_filters] 29 | @ignore_actions = filters[:ignore_actions] 30 | 31 | @action_filter_hash = Boilerman::Actions.get_action_hash(filters) 32 | end 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /app/controllers/boilerman/application_controller.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | class ApplicationController < ActionController::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/controllers/boilerman/checks_controller.rb: -------------------------------------------------------------------------------- 1 | require_dependency "boilerman/application_controller" 2 | 3 | module Boilerman 4 | class ChecksController < ApplicationController 5 | def index 6 | @checks = [] 7 | end 8 | 9 | def inheritance_check 10 | @inheritance_controller = params[:inheritance_controller] || "ApplicationController" 11 | begin 12 | @controllers = Boilerman::Checks.inheritance_check @inheritance_controller 13 | rescue NameError 14 | # The user has passed in a class that does not exist in the application. 15 | @error = "#{ @inheritance_controller } is not a class that exists in the application" 16 | end 17 | end 18 | 19 | def csrf 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /app/controllers/boilerman/controllers_controller.rb: -------------------------------------------------------------------------------- 1 | require_dependency "boilerman/application_controller" 2 | 3 | module Boilerman 4 | class ControllersController < ApplicationController 5 | before_filter :eager_load 6 | 7 | def index 8 | @with_actions = [] 9 | @without_actions = [] 10 | @controller_filters = [] 11 | 12 | @controllers = filtered_controllers 13 | @controllers_and_callbacks = @controllers.map do |controller| 14 | callbacks = controller._process_action_callbacks 15 | [controller, callbacks.select{|callback| callback.kind == :before}.map(&:filter)] 16 | end 17 | 18 | gon.controllers = @controllers.map{|x| x.to_s} 19 | end 20 | 21 | private 22 | def eager_load 23 | # FIXME This is required when developing boilerman and cache_classes is 24 | # set to false. Need to think of a proper workaround for this. Possibly 25 | # checking for a BOILERMAN_DEV enviornment variable and maybe changing 26 | # this line to: 27 | # 28 | # Rails.application.eager_load! if ENV["BOILERMAN_DEV"] 29 | # 30 | # But then you have to specifify that everytime you run the app server 31 | # for dev and if you forget it, debugging this is going not be fun. 32 | # 33 | # Alternatively, just eager_load on every request. It'll take a bit 34 | # longer but we can be sure the classes will be there and most of the 35 | # Boilerman usge is client side anyways. 36 | Rails.application.eager_load! 37 | end 38 | 39 | def filtered_controllers 40 | # Process only controllers with callbacks and do not include 41 | # Boilerman's own controllers 42 | controllers = ActionController::Metal.descendants.reject do |controller| 43 | controller.parent == Boilerman || !controller.respond_to?(:_process_action_callbacks) 44 | end 45 | 46 | if params[:include_namespace] 47 | controllers.select!{|controller| params[:include_namespace].include?(controller.parent.to_s)} 48 | end 49 | 50 | controllers.sort_by{|c| c.to_s} 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /app/helpers/boilerman/actions_controller_helper.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module ActionsControllerHelper 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/helpers/boilerman/application_helper.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module ApplicationHelper 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/helpers/boilerman/checks_helper.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module ChecksHelper 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/helpers/boilerman/controllers_helper.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module ControllersHelper 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/views/boilerman/actions/_controller_filter.html.erb: -------------------------------------------------------------------------------- 1 |

Controllers

2 | 3 |
4 |
5 |
6 | 7 | 11 | 12 | 13 |
14 |
15 | 16 |
17 | 29 |
30 |
31 | -------------------------------------------------------------------------------- /app/views/boilerman/actions/_filters_filter.html.erb: -------------------------------------------------------------------------------- 1 |

Filters

2 | 3 |
4 |
5 |
6 | 7 | 11 | 12 | 13 |
14 | 15 | 27 | 28 |
29 |
30 |
31 | 32 | 36 | 37 | 38 |
39 | 40 | 52 |
53 |
54 | 55 | -------------------------------------------------------------------------------- /app/views/boilerman/actions/index.html.erb: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 |

Filter

5 |
6 |
7 | 8 | <%= render "controller_filter" %> 9 | <%= render "filters_filter" %> 10 | 11 | 12 |
13 |
14 | 15 |
16 | 17 | 18 |
19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | <% @action_filter_hash.each do |controller, actions| %> 27 | 28 | 29 | <% filter_count = actions.map{|_, filters| filters.empty? ? 1 : filters}.flatten.count %> 30 | 31 | 32 | <% actions.each_with_index do |(action, filters),index| %> 33 | 34 | <% if index == 0 %> 35 | 36 | <% filters.each_with_index do |filter, index| %> 37 | <% if index == 0 %> 38 | 39 | <% else %> 40 | 41 | 42 | 43 | <% end %> 44 | <% end %> 45 | <% else %> 46 | 47 | 48 | 49 | <% filters.each_with_index do |filter, index| %> 50 | <% if index == 0 %> 51 | 52 | <% else %> 53 | 54 | 55 | 56 | <% end %> 57 | <% end %> 58 | 59 | <% end %> 60 | <% end %> 61 | 62 | <% end %> 63 | 64 |
ControllerActionsFilters
<%= controller %><%= action %><%= filter %>
<%= filter %>
<%= action %><%= filter %>
<%= filter %>
65 |
66 | -------------------------------------------------------------------------------- /app/views/boilerman/checks/csrf.html.erb: -------------------------------------------------------------------------------- 1 |

Checks#csrf

2 |

TODO Find me in app/views/boilerman/checks/csrf.html.erb

3 | -------------------------------------------------------------------------------- /app/views/boilerman/checks/index.html.erb: -------------------------------------------------------------------------------- 1 | 2 |

Check List

3 | 7 | -------------------------------------------------------------------------------- /app/views/boilerman/checks/inheritance_check.html.erb: -------------------------------------------------------------------------------- 1 |
2 |

The following controllers do not inhertit from: <%= @inheritance_controller%>

3 |
4 | 5 |
6 | 17 |
18 | -------------------------------------------------------------------------------- /app/views/boilerman/controllers/_action_filter.html.erb: -------------------------------------------------------------------------------- 1 |

Actions

2 | 3 |
4 |
5 |
6 | 7 | 11 | 12 | 13 |
14 | 15 | 27 | 28 |
29 |
30 |
31 | 32 | 36 | 37 | 38 |
39 | 40 | 52 |
53 |
54 | 55 | -------------------------------------------------------------------------------- /app/views/boilerman/controllers/_application_statistics_panel.html.erb: -------------------------------------------------------------------------------- 1 |
2 | 9 |
10 |
11 |
12 |

Number of Controllers: <%= @controllers.count %>

13 |
14 |
15 |
16 |
17 | -------------------------------------------------------------------------------- /app/views/boilerman/controllers/_callback_breakdown_panel.html.erb: -------------------------------------------------------------------------------- 1 |
2 | 9 |
10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 | <% @controllers_and_callbacks.each do |controller, callbacks| %> 18 | 19 | 20 | 29 | 30 | <% end %> 31 | 32 |
ControllerFilters
<%= controller %> 21 | 22 | <% callbacks.each do |callback| %> 23 | 24 | 25 | 26 | <% end %> 27 |
<%= callback %>
28 |
33 |
34 |
35 |
36 | -------------------------------------------------------------------------------- /app/views/boilerman/controllers/_controller_filter.html.erb: -------------------------------------------------------------------------------- 1 |

Controllers

2 | 3 |
4 |
5 |
6 | 7 | 11 | 12 | 13 |
14 |
15 | 16 |
17 | 29 |
30 |
31 | -------------------------------------------------------------------------------- /app/views/boilerman/controllers/_controller_list_panel.html.erb: -------------------------------------------------------------------------------- 1 |
2 | 9 |
10 |
11 | 12 | <% @controllers.each_slice(5) do |controller_slice| %> 13 | 14 | <% controller_slice.each do |controller| %> 15 | 16 | <% end %> 17 | 18 | <% end %> 19 |
<%= controller %>
20 |
21 |
22 |
23 | -------------------------------------------------------------------------------- /app/views/boilerman/controllers/index.html.erb: -------------------------------------------------------------------------------- 1 |
2 |
3 |
4 |

Filter

5 |
6 |
7 | 8 | <%= render "controller_filter" %> 9 | <%= render "action_filter" %> 10 | 11 | 12 |
13 |
14 | 15 |
16 | 17 |
18 |
19 | <%= render "controller_list_panel" %> 20 | <%= render "callback_breakdown_panel" %> 21 | <%= render "application_statistics_panel" %> 22 |
23 |
24 | 25 | -------------------------------------------------------------------------------- /app/views/layouts/boilerman/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Boilerman 5 | <%= include_gon %> 6 | <%= stylesheet_link_tag "boilerman/application", media: "all" %> 7 | <%= javascript_include_tag "boilerman/application" %> 8 | <%= csrf_meta_tags %> 9 | 10 | 11 |
12 |
13 | <%= link_to "Boilerman", actions_path, id: "logo" %> 14 | 21 |
22 |
23 |
24 | <%= yield %> 25 |
26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails 4 gems installed from the root of your application. 3 | 4 | ENGINE_ROOT = File.expand_path('../..', __FILE__) 5 | ENGINE_PATH = File.expand_path('../../lib/boilerman/engine', __FILE__) 6 | 7 | # Set up gems listed in the Gemfile. 8 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 9 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 10 | 11 | require 'rails/all' 12 | require 'rails/engine/commands' 13 | -------------------------------------------------------------------------------- /boilerman.gemspec: -------------------------------------------------------------------------------- 1 | $:.push File.expand_path("../lib", __FILE__) 2 | 3 | # Maintain your gem's version: 4 | require "boilerman/version" 5 | 6 | # Describe your gem and declare its dependencies: 7 | Gem::Specification.new do |s| 8 | s.name = "boilerman" 9 | s.version = Boilerman::VERSION 10 | s.authors = ["Tomek Rabczak"] 11 | s.email = ["tomek.rabczak@gmail.com"] 12 | s.homepage = "https://github.com/tomekr/boilerman" 13 | s.summary = "A Rails dynamic analysis tool" 14 | s.description = "A tool used to help with testing/auditing the security of a Rails application." 15 | s.license = "MIT" 16 | 17 | s.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile", "README.rdoc"] 18 | s.test_files = Dir["test/**/*"] 19 | 20 | s.add_dependency "rails", ">= 3.2" 21 | s.add_dependency "jquery-rails" 22 | s.add_dependency "bootstrap-sass" 23 | s.add_dependency "sass-rails" 24 | s.add_dependency "gon" 25 | s.add_dependency "responders" 26 | 27 | # TODO: Are we going to need this at some point? Might be good to use a 28 | # database for easier/faster querying of application data 29 | #s.add_development_dependency "sqlite3" 30 | end 31 | -------------------------------------------------------------------------------- /config/locales/en.bootstrap.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | breadcrumbs: 6 | application: 7 | root: "Index" 8 | pages: 9 | pages: "Pages" 10 | helpers: 11 | actions: "Actions" 12 | links: 13 | back: "Back" 14 | cancel: "Cancel" 15 | confirm: "Are you sure?" 16 | destroy: "Delete" 17 | new: "New" 18 | edit: "Edit" 19 | titles: 20 | edit: "Edit %{model}" 21 | save: "Save %{model}" 22 | new: "New %{model}" 23 | delete: "Delete %{model}" 24 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Boilerman::Engine.routes.draw do 2 | get 'checks', to: "checks#index" 3 | get 'checks/inheritance_check' 4 | get 'checks/csrf' 5 | 6 | root to: "actions#index" 7 | resources :actions, only: :index 8 | resources :controllers, only: :index 9 | end 10 | -------------------------------------------------------------------------------- /lib/boilerman.rb: -------------------------------------------------------------------------------- 1 | require "boilerman/engine" 2 | require "boilerman/actions" 3 | require "boilerman/checks" 4 | 5 | module Boilerman 6 | def self.controllers 7 | ActionController::Metal.descendants.reject do |controller| 8 | controller.parent == Boilerman || !controller.respond_to?(:_process_action_callbacks) 9 | end 10 | end 11 | 12 | def self.eager_load_rails_paths 13 | Rails.configuration.eager_load_paths.each do |path| 14 | Dir[path + "/*.rb"].each do |file| 15 | require file 16 | end 17 | end 18 | end 19 | 20 | # This lets me tap into Rails initialization events. before_initialize is a 21 | # hook after configuration is completed but right before the applicaiton gets 22 | # initialized. 23 | # 24 | # See http://edgeguides.rubyonrails.org/configuring.html#initialization-events 25 | class InitializationHooks < Rails::Railtie 26 | config.before_initialize do |app| 27 | if Rails.env.development? 28 | # Force eager loading of namespaces so that Boilerman has immeddiate 29 | # access to all controllers and models in development enviornments. 30 | # 31 | # Note, this will not propogate code changes and will require server 32 | # restarts if you change code. 33 | app.config.eager_load = true 34 | #app.config.cache_classes = true 35 | end 36 | end 37 | end 38 | end 39 | -------------------------------------------------------------------------------- /lib/boilerman/actions.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module Actions 3 | METADATA_KEYS = [:_non_existant_route, 4 | :_method_conditionals, 5 | :_proc_conditionals, 6 | :_weird_controller] 7 | 8 | 9 | def self.get_action_hash(filters={}) 10 | controller_filters = filters[:controller_filters] || [] 11 | 12 | with_actions = filters[:with_actions] || [] 13 | without_actions = filters[:without_actions] || [] 14 | 15 | with_filters = filters[:with_filters] || [] 16 | without_filters = filters[:without_filters] || [] 17 | 18 | ignore_filters = filters[:ignore_filters] || [] 19 | ignore_actions = filters[:ignore_actions] || [] 20 | 21 | # Biggie Smalls... Biggie Smalls... Biggie Smalls.... 22 | routes = Rails.application.routes.routes.routes.select do |route| 23 | # Select routes that point to a specific controller and action. Also 24 | # ignore routes that just redirect 25 | route.defaults.key?(:controller) && 26 | !route.defaults.empty? && 27 | route.app.class != ActionDispatch::Routing::Redirect 28 | end 29 | 30 | # We only care about the defaults which will give us an array of 31 | # controller/action hashes. We're also going to rearrange things a bit so 32 | # that the controller is the key and the value is another hash that 33 | # represent each action and it's corresponding filters. This will look 34 | # like: 35 | # 36 | # {:controler_name1 => {"action1" => [filter1, filter2, ... , filterN]}} 37 | controller_action_hash = build_controller_action_list(routes) 38 | 39 | filter_list = build_filter_list(controller_action_hash) 40 | 41 | # controller_filters 42 | unless controller_filters.empty? 43 | filter_list.select! do |controller, _| 44 | METADATA_KEYS.include?(controller) || include_controller?(controller_filters, controller.to_s) 45 | end 46 | end 47 | 48 | # ignore_actions 49 | unless ignore_actions.empty? 50 | filter_list = filter_list.inject(Hash.new) do |new_results, (controller, actions)| 51 | new_results[controller] = actions.reject{|action, filter| ignore_actions.include?(action) } 52 | new_results 53 | end 54 | end 55 | 56 | # ignore_filters 57 | unless ignore_filters.empty? 58 | filter_list = filter_list.inject(Hash.new) do |new_results, (controller, actions)| 59 | # FIXME Is this idiomatic Ruby code? Feels a bit icky to me. 60 | # Mapping over a hash turns it into a 2D array so we need to 61 | # turn it back into a hash using the Hash[] syntax. 62 | new_results[controller] = Hash[actions.map do |action, filters| 63 | [action, filters.reject{|filter| ignore_filters.include?(filter.to_s)}] 64 | end] 65 | new_results 66 | end 67 | end 68 | 69 | # without_filters 70 | unless without_filters.empty? 71 | filter_list = filter_list.inject(Hash.new) do |new_results, (controller, actions)| 72 | new_results[controller] = actions.select{|action, filters| (without_filters & Array(filters)).empty? } 73 | new_results 74 | end 75 | end 76 | 77 | # with_filters 78 | unless with_filters.empty? 79 | filter_list = filter_list.inject(Hash.new) do |new_results, (controller, actions)| 80 | new_results[controller] = actions.select{|action, filters| (with_filters - Array(filters)).empty? } 81 | new_results 82 | end 83 | end 84 | 85 | filter_list 86 | 87 | #if !with_actions.empty? && !without_actions.empty? 88 | ## This means that both with_actions AND without_actions were specified 89 | #next route_hash if without_actions.include?(defaults[:action]) 90 | #next route_hash if !with_actions.include?(defaults[:action]) 91 | #elsif with_actions.empty? 92 | ## This means that just without_actions filtering was specified 93 | #next route_hash if without_actions.include?(defaults[:action]) 94 | #elsif without_actions.empty? 95 | ## This means that just with_action filtering was specified 96 | #next route_hash if !with_actions.include?(defaults[:action]) 97 | #end 98 | end 99 | 100 | private 101 | 102 | # Returns an array of strings as controller actions 103 | def self.actions_from_conditional(conditionals) 104 | unless conditionals.empty? 105 | conditionals.map do |conditional| 106 | conditional.scan(/'(.+?)'/).flatten 107 | end.flatten 108 | else 109 | return 110 | end 111 | end 112 | 113 | # Only skip and call next if the controller_filters list isn't empty 114 | # AND the controller we're looking at is NOT in the filters. 115 | def self.include_controller?(filters, controller) 116 | return true if filters.empty? 117 | 118 | filters.each do |filter| 119 | # check if the provided filter is a substring of the controller 120 | return true if controller.downcase.include?(filter.downcase) 121 | end 122 | 123 | return false 124 | end 125 | 126 | def self.build_controller_action_list(routes) 127 | routes.inject(Hash.new) do |route_hash, route| 128 | defaults = route.defaults 129 | 130 | begin 131 | # This is what Rails does to get from a String to an object we can 132 | # call methods on. Note that a NameError will get thrown if the class 133 | # doesn't exist in the app. 134 | # 135 | # See actionpack/lib/action_dispatch/routing/route_set.rb:67 136 | # 137 | # Progression goes something like this: 138 | # bank_accounts => BankAccounts => BankAccountsController 139 | controller = ActiveSupport::Dependencies.constantize("#{ defaults[:controller].camelize }Controller") 140 | rescue NameError 141 | # This error will get thrown if there is a route in config/routes.rb 142 | # that points to a controller that doesn't actually exist. 143 | 144 | route_hash[:_non_existant_route] ||= [] 145 | # Keep a record of this in the form of "BankAccountsController#index" 146 | # so we can notify the user 147 | route_hash[:_non_existant_route] << "#{ defaults[:controller].camelize }Controller##{ defaults[:action] }" 148 | 149 | next route_hash # On to the next route since we don't have a controller to process 150 | end 151 | 152 | route_hash[controller] ||= [] 153 | 154 | 155 | # we don't want duplicate actions in our array (this happens for PUT/PATCH routes 156 | route_hash[controller] << defaults[:action] unless route_hash[controller].include? defaults[:action] 157 | route_hash 158 | end 159 | end 160 | 161 | def self.build_filter_list(controller_action_hash) 162 | 163 | controller_action_filter_hash = {} 164 | 165 | # Initialize the return hash 166 | controller_action_hash.each do |controller, actions| 167 | controller_action_filter_hash[controller] = {} 168 | 169 | # With our controller_action_filter_hash being a nested hash, we want 170 | # to initialize each action hash with an empty array so we can use << 171 | # in the upcoming code. 172 | actions.each do |action| 173 | controller_action_filter_hash[controller][action] = [] 174 | end 175 | end 176 | 177 | # Initialize metadata keys. 178 | # 179 | # _proc_conditionals: keeps track of filters that call Procs to 180 | # decide whether or not a filter will be applied to an action. 181 | # 182 | # _method_conditionals: keeps track of filters that call methods within 183 | # the controller to decide whether or not a filter will be applied to an 184 | # action. 185 | controller_action_filter_hash[:_proc_conditionals] = {} 186 | controller_action_filter_hash[:_method_conditionals] = {} 187 | 188 | # All right, now we have a mapping of routable controllers and actions in 189 | # the application. Let's collect the before_actions that get run on each 190 | # controller action. 191 | controller_action_hash.each do |controller, actions| 192 | 193 | unless controller.respond_to?(:_process_action_callbacks) 194 | #FIXME: change this metadata key name 195 | controller_action_filter_hash[:_weird_controller] ||= [] 196 | controller_action_filter_hash[:_weird_controller] << controller 197 | next 198 | end 199 | 200 | 201 | # We only care about before_actions 202 | controller._process_action_callbacks.select{|c| c.kind == :before}.each do |callback| 203 | # There is a slight disparity in the way conditional before_actions 204 | # are handled between Rails 3.2 and 4.x so we need to take this into 205 | # consideration here. 206 | 207 | # RAILS 3.2 208 | if callback.instance_variables.include?(:@options) 209 | options = callback.instance_variable_get(:@options) 210 | if_call, unless_call = options[:if], options[:unless] 211 | else # RAILS 4.x 212 | if_call, unless_call = callback.instance_variable_get(:@if), callback.instance_variable_get(:@unless) 213 | end 214 | 215 | # Keep track of before_actions that rely on Procs. Since we can't 216 | # really handle this in our code, we keep it in a metadata key and 217 | # present it to the user so they can check up on it themselves. 218 | if if_call.first.is_a?(Proc) || unless_call.first.is_a?(Proc) 219 | controller_action_filter_hash[:_proc_conditionals][controller] ||= [] 220 | controller_action_filter_hash[:_proc_conditionals][controller] << callback.filter.to_s 221 | next 222 | end 223 | 224 | 225 | # Go through and process each condition 226 | if if_call.empty? && unless_call.empty? 227 | actions.each do |action| 228 | controller_action_filter_hash[controller][action] << callback.filter.to_s 229 | end 230 | elsif !if_call.empty? # before_(filter|action) only: [:foo, :bar, :baz] 231 | 232 | actions_to_filter = if_call.select{|call| call.is_a?(Symbol)} 233 | actions_to_filter << actions_from_conditional(if_call.select{|call| call.is_a?(String)}) 234 | 235 | actions_to_filter.flatten! unless actions_to_filter.empty? 236 | actions_to_filter.compact! unless actions_to_filter.empty? 237 | 238 | actions_to_filter.each do |action| 239 | next unless actions.include?(action) 240 | controller_action_filter_hash[controller][action] << callback.filter.to_s 241 | end 242 | 243 | elsif !unless_call.empty? # before_(filter|action) unless: [:qux] 244 | # Get all the symbols first 245 | unless_actions = unless_call.select{|call| call.is_a?(Symbol)} 246 | 247 | # Now process any Array based conditionas 248 | unless_actions << actions_from_conditional(unless_call.select{|call| call.is_a?(String)}) 249 | 250 | unless_actions.flatten! unless unless_actions.empty? 251 | unless_actions.compact! unless unless_actions.empty? 252 | 253 | # If the unless conditional isn't an action we won't include it because 254 | # similar to the proces this filter relies on the true/false output of a 255 | # method 256 | if (actions & unless_actions).empty? 257 | controller_action_filter_hash[:_method_conditionals][controller] ||= [] 258 | controller_action_filter_hash[:_method_conditionals][controller] << {filter: callback.filter.to_s, conditional: unless_actions} 259 | next 260 | end 261 | 262 | actions.reject{|a| unless_actions.include?(a)}.each do |action| 263 | controller_action_filter_hash[controller][action] << callback.filter.to_s 264 | end 265 | end 266 | end 267 | end 268 | controller_action_filter_hash 269 | end 270 | end 271 | end 272 | 273 | -------------------------------------------------------------------------------- /lib/boilerman/checks.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module Checks 3 | 4 | # Return controllers that don't have inheritance_controller in it's 5 | # ancestor list. This method defaults to checking for ApplicationController. 6 | def self.inheritance_check(inheritance_controller="ApplicationController") 7 | inheritance_controller = inheritance_controller.constantize 8 | 9 | # On top of rejecting controllers which do not have the passed in 10 | # inheritance_controller, we also want to reject ActionController::Base 11 | # as this won't be a useful result (at least I don't think it will be) 12 | Boilerman.controllers.reject do |controller| 13 | controller.ancestors.include?(inheritance_controller) || controller == ActionController::Base 14 | end 15 | end 16 | 17 | def self.csrf_check 18 | Boilerman::Actions.get_action_hash.select do |controller, actions| 19 | #TODO implement verify_authenticity_token filter checking logic 20 | end 21 | end 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /lib/boilerman/engine.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | class Engine < ::Rails::Engine 3 | isolate_namespace Boilerman 4 | load_generators 5 | 6 | begin 7 | require 'bootstrap-sass' 8 | require 'gon' 9 | require 'jquery-rails' 10 | # XXX TODO This is a hack and isn't actually required by the boilerman 11 | # gem, however if boilerman is plugged into a Rails 4.2 application that 12 | # uses respond_with then I THINK boostrap-sass freaks out and throws an 13 | # error saying to require the responders gem. 14 | require 'responders' 15 | rescue LoadError 16 | puts "WARNING: You're probably side loading boilerman into a console. 17 | Note that you will only have console access to Boilerman and will be 18 | unable to access it via the /boilerman path" 19 | end 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /lib/boilerman/version.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | VERSION = "0.1.2" 3 | end 4 | -------------------------------------------------------------------------------- /lib/generators/boilerman/install_generator.rb: -------------------------------------------------------------------------------- 1 | module Boilerman 2 | module Generators 3 | class InstallGenerator < Rails::Generators::Base 4 | desc "creates a mount point for the engine in the routes file at /boilerman" 5 | source_root File.expand_path('../../../..', __FILE__) 6 | 7 | # This would copy a configuration file over if I ever needed it 8 | #def generate_initialization 9 | #copy_file 'config/initializers/boilerman.rb', 'config/initializers/boilerman.rb' 10 | #end 11 | 12 | def generate_routing 13 | route "mount Boilerman::Engine, at: 'boilerman'" 14 | log "# You can access the Boilerman URL at '/boilerman'" 15 | end 16 | end 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /lib/tasks/boilerman_tasks.rake: -------------------------------------------------------------------------------- 1 | # desc "Explaining what the task does" 2 | # task :boilerman do 3 | # # Task goes here 4 | # end 5 | -------------------------------------------------------------------------------- /screenshots/boilerman_screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/screenshots/boilerman_screenshot.png -------------------------------------------------------------------------------- /test/boilerman_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class BoilermanTest < ActiveSupport::TestCase 4 | test "truth" do 5 | assert_kind_of Module, Boilerman 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /test/controllers/boilerman/actions_controller_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | module Boilerman 4 | class ActionsControllerControllerTest < ActionController::TestCase 5 | setup do 6 | @routes = Engine.routes 7 | end 8 | 9 | # test "the truth" do 10 | # assert true 11 | # end 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /test/controllers/boilerman/checks_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | module Boilerman 4 | class ChecksControllerTest < ActionController::TestCase 5 | test "should get inheritance_check" do 6 | get :inheritance_check 7 | assert_response :success 8 | end 9 | 10 | test "should get index" do 11 | get :index 12 | assert_response :success 13 | end 14 | 15 | test "should get csrf" do 16 | get :csrf 17 | assert_response :success 18 | end 19 | 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /test/controllers/boilerman/controllers_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | module Boilerman 4 | class ControllersControllerTest < ActionController::TestCase 5 | test "should get index" do 6 | get :index 7 | assert_response :success 8 | end 9 | 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /test/dummy/README.rdoc: -------------------------------------------------------------------------------- 1 | == README 2 | 3 | This README would normally document whatever steps are necessary to get the 4 | application up and running. 5 | 6 | Things you may want to cover: 7 | 8 | * Ruby version 9 | 10 | * System dependencies 11 | 12 | * Configuration 13 | 14 | * Database creation 15 | 16 | * Database initialization 17 | 18 | * How to run the test suite 19 | 20 | * Services (job queues, cache servers, search engines, etc.) 21 | 22 | * Deployment instructions 23 | 24 | * ... 25 | 26 | 27 | Please feel free to use a different markup language if you do not plan to run 28 | rake doc:app. 29 | -------------------------------------------------------------------------------- /test/dummy/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /test/dummy/app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/app/assets/images/.keep -------------------------------------------------------------------------------- /test/dummy/app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require_tree . 14 | -------------------------------------------------------------------------------- /test/dummy/app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any styles 10 | * defined in the other CSS/SCSS files in this directory. It is generally better to create a new 11 | * file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /test/dummy/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # Prevent CSRF attacks by raising an exception. 3 | # For APIs, you may want to use :null_session instead. 4 | protect_from_forgery with: :exception 5 | end 6 | -------------------------------------------------------------------------------- /test/dummy/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/dummy/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/dummy/app/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/app/mailers/.keep -------------------------------------------------------------------------------- /test/dummy/app/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/app/models/.keep -------------------------------------------------------------------------------- /test/dummy/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/dummy/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Dummy 5 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> 6 | <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/dummy/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/dummy/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../../config/application', __FILE__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /test/dummy/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /test/dummy/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails.application 5 | -------------------------------------------------------------------------------- /test/dummy/config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require 'rails/all' 4 | 5 | Bundler.require(*Rails.groups) 6 | require "boilerman" 7 | 8 | module Dummy 9 | class Application < Rails::Application 10 | # Settings in config/environments/* take precedence over those specified here. 11 | # Application configuration should go into files in config/initializers 12 | # -- all .rb files in that directory are automatically loaded. 13 | 14 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 15 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 16 | # config.time_zone = 'Central Time (US & Canada)' 17 | 18 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 19 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 20 | # config.i18n.default_locale = :de 21 | end 22 | end 23 | 24 | -------------------------------------------------------------------------------- /test/dummy/config/boot.rb: -------------------------------------------------------------------------------- 1 | # Set up gems listed in the Gemfile. 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__) 3 | 4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 5 | $LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__) 6 | -------------------------------------------------------------------------------- /test/dummy/config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: 5 10 | timeout: 5000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /test/dummy/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /test/dummy/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports and disable caching. 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send. 17 | config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger. 20 | config.active_support.deprecation = :log 21 | 22 | # Raise an error on page load if there are pending migrations. 23 | config.active_record.migration_error = :page_load 24 | 25 | # Debug mode disables concatenation and preprocessing of assets. 26 | # This option may cause significant delays in view rendering with a large 27 | # number of complex assets. 28 | config.assets.debug = true 29 | 30 | # Adds additional error checking when serving assets at runtime. 31 | # Checks for improperly declared sprockets dependencies. 32 | # Raises helpful error messages. 33 | config.assets.raise_runtime_errors = true 34 | 35 | # Raises error for missing translations 36 | # config.action_view.raise_on_missing_translations = true 37 | end 38 | -------------------------------------------------------------------------------- /test/dummy/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Enable Rack::Cache to put a simple HTTP cache in front of your application 18 | # Add `rack-cache` to your Gemfile before enabling this. 19 | # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. 20 | # config.action_dispatch.rack_cache = true 21 | 22 | # Disable Rails's static asset server (Apache or nginx will already do this). 23 | config.serve_static_assets = false 24 | 25 | # Compress JavaScripts and CSS. 26 | config.assets.js_compressor = :uglifier 27 | # config.assets.css_compressor = :sass 28 | 29 | # Do not fallback to assets pipeline if a precompiled asset is missed. 30 | config.assets.compile = false 31 | 32 | # Generate digests for assets URLs. 33 | config.assets.digest = true 34 | 35 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb 36 | 37 | # Specifies the header that your server uses for sending files. 38 | # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache 39 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx 40 | 41 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 42 | # config.force_ssl = true 43 | 44 | # Set to :debug to see everything in the log. 45 | config.log_level = :info 46 | 47 | # Prepend all log lines with the following tags. 48 | # config.log_tags = [ :subdomain, :uuid ] 49 | 50 | # Use a different logger for distributed setups. 51 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 52 | 53 | # Use a different cache store in production. 54 | # config.cache_store = :mem_cache_store 55 | 56 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 57 | # config.action_controller.asset_host = "http://assets.example.com" 58 | 59 | # Ignore bad email addresses and do not raise email delivery errors. 60 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 61 | # config.action_mailer.raise_delivery_errors = false 62 | 63 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 64 | # the I18n.default_locale when a translation cannot be found). 65 | config.i18n.fallbacks = true 66 | 67 | # Send deprecation notices to registered listeners. 68 | config.active_support.deprecation = :notify 69 | 70 | # Disable automatic flushing of the log to improve performance. 71 | # config.autoflush_log = false 72 | 73 | # Use default logging formatter so that PID and timestamp are not suppressed. 74 | config.log_formatter = ::Logger::Formatter.new 75 | 76 | # Do not dump schema after migrations. 77 | config.active_record.dump_schema_after_migration = false 78 | end 79 | -------------------------------------------------------------------------------- /test/dummy/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure static asset server for tests with Cache-Control for performance. 16 | config.serve_static_assets = true 17 | config.static_cache_control = 'public, max-age=3600' 18 | 19 | # Show full error reports and disable caching. 20 | config.consider_all_requests_local = true 21 | config.action_controller.perform_caching = false 22 | 23 | # Raise exceptions instead of rendering exception templates. 24 | config.action_dispatch.show_exceptions = false 25 | 26 | # Disable request forgery protection in test environment. 27 | config.action_controller.allow_forgery_protection = false 28 | 29 | # Tell Action Mailer not to deliver emails to the real world. 30 | # The :test delivery method accumulates sent emails in the 31 | # ActionMailer::Base.deliveries array. 32 | config.action_mailer.delivery_method = :test 33 | 34 | # Print deprecation notices to the stderr. 35 | config.active_support.deprecation = :stderr 36 | 37 | # Raises error for missing translations 38 | # config.action_view.raise_on_missing_translations = true 39 | end 40 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Precompile additional assets. 7 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. 8 | # Rails.application.config.assets.precompile += %w( search.js ) 9 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.action_dispatch.cookies_serializer = :json -------------------------------------------------------------------------------- /test/dummy/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_dummy_session' 4 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] if respond_to?(:wrap_parameters) 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /test/dummy/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # To learn more, please read the Rails Internationalization guide 20 | # available at http://guides.rubyonrails.org/i18n.html. 21 | 22 | en: 23 | hello: "Hello world" 24 | -------------------------------------------------------------------------------- /test/dummy/config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | 3 | mount Boilerman::Engine => "/boilerman" 4 | end 5 | -------------------------------------------------------------------------------- /test/dummy/config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key is used for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rake secret` to generate a secure secret key. 9 | 10 | # Make sure the secrets in this file are kept private 11 | # if you're sharing your code publicly. 12 | 13 | development: 14 | secret_key_base: f1223025b67ae9a992d6523aa3c8cd7a24da29593e93c1d1a56a1829f12bcea42fdaefc0691b3a3b888050bb1668bdcbd3e5cdf287cd9a6967dfe72a5cfd98e1 15 | 16 | test: 17 | secret_key_base: 70be74e4041f72c3bee61677813cfbb345b07037405ad82af5c2eabccd6a51f17aebe614deeb4b2acaeca6a455911d3e7fa0fba2df322b8020c6b4893dade76f 18 | 19 | # Do not keep production secrets in the repository, 20 | # instead read values from the environment. 21 | production: 22 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> 23 | -------------------------------------------------------------------------------- /test/dummy/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/lib/assets/.keep -------------------------------------------------------------------------------- /test/dummy/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/log/.keep -------------------------------------------------------------------------------- /test/dummy/public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /test/dummy/public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /test/dummy/public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /test/dummy/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomekr/boilerman/33b81bb671eab924c8199988fb5e6a77bfc685bc/test/dummy/public/favicon.ico -------------------------------------------------------------------------------- /test/helpers/boilerman/controllers_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | module Boilerman 4 | class ControllersHelperTest < ActionView::TestCase 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /test/integration/navigation_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class NavigationTest < ActionDispatch::IntegrationTest 4 | fixtures :all 5 | 6 | # test "the truth" do 7 | # assert true 8 | # end 9 | end 10 | 11 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | # Configure Rails Environment 2 | ENV["RAILS_ENV"] = "test" 3 | 4 | require File.expand_path("../../test/dummy/config/environment.rb", __FILE__) 5 | ActiveRecord::Migrator.migrations_paths = [File.expand_path("../../test/dummy/db/migrate", __FILE__)] 6 | ActiveRecord::Migrator.migrations_paths << File.expand_path('../../db/migrate', __FILE__) 7 | require "rails/test_help" 8 | 9 | # Filter out Minitest backtrace while allowing backtrace from other libraries 10 | # to be shown. 11 | Minitest.backtrace_filter = Minitest::BacktraceFilter.new 12 | 13 | # Load support files 14 | Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } 15 | 16 | # Load fixtures from the engine 17 | if ActiveSupport::TestCase.method_defined?(:fixture_path=) 18 | ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__) 19 | end 20 | --------------------------------------------------------------------------------