Skip to content

Instantly share code, notes, and snippets.

@jaakkos

jaakkos/CSRFExperiment-code.rb

Created October 1, 2010 10:51
Show Gist options
  • Save jaakkos/606044 to your computer and use it in GitHub Desktop.
Save jaakkos/606044 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CSRFExperiment-code.rb
require 'rubygems'
require 'camping'
require 'camping/ar'
require 'camping/session'
require 'redcloth'
require 'xml/mapping'
Camping.goes :CSRFExperiment
module CSRFExperiment
include Camping::Session
end
module CSRFExperiment::Controllers
class Login < R '/login'
def get
render :login
end
def post
if correct_credentials?(input.login, input.password)
login_user
redirect UserList
end
render :login
end
end
class Logout < R '/logout'
def get
@state.user_id = nil
redirect Login
end
end
class UserList < R '/'
def get
require_login
@users = Users.all
render :user_list
end
end
class SearchUser < R '/search'
def get
require_login
render :search_user
end
end
class AddUser < R '/add_user'
def post
require_login
end
def get
require_login
render :new_user
end
end
class Page < R '/(\w+)'
def get(page_name)
render page_name
end
end
end
module CSRFExperiment::Helpers
def login_user
@state.user_id = 1
end
def correct_credentials?(login_name, password)
login_name == 'admin' && password == '1234'
end
def logged_in?
[email protected]_id
end
def require_login
unless logged_in?
redirect '/login'
end
end
end
module CSRFExperiment::Models
class User
include XML::Mapping
numeric_node :userid, "userid"
text_node :name, "name"
text_node :email, "email"
numeric_node :money, "money"
end
class Users
include XML::Mapping
array_node :users, 'user', :class => CSRFExperiment::Models::User
def self.all
load_from_file('users.xml')
end
end
end
module CSRFExperiment::Views
# If you have a `layout' method like this, it
# will wrap the HTML in the other methods. The
# `self << yield' is where the HTML is inserted.
def layout
html do
title { 'CSRF Experiment' }
body
_menu
div
self << yield
end
end
def _menu
ul
li {a 'Main', :href => R(UserList)}
li {a 'Search user', :href => R(SearchUser)}
li {a 'Logout', :href => R(Logout)}
end
# The `index' view. Inside your views, you express
# the HTML in Ruby. See http://joho.github.com/markaby/.
def login
form :action => '/login', :method => 'post' do
ul do
li
label 'Username: ', :for => :login
input :name => :login, :type => :input
li
label 'Password: ', :for => :password
input :name => :password, :type => :password
li
input :type => :submit, :value => 'Login'
end
end
end
def _user(users)
tr
td
user.username
td
user.email
end
def admin_view
p @params.inspect
end
def user_list
table
thead
tr
th
'Name'
th
'Email'
tbody
@users.users.each do |user|
"kiss"
user
end
end
def new_user
form :action => R(AddUser), :method => 'post' do
ul do
li
label 'Name: ', :for => :name
input :name => :name, :type => :input
li
label 'Email: ', :for => :email
input :name => :email, :type => :input
li
label 'Money: ', :for => :money
input :name => :money, :type => :input
li
input :type => :submit, :value => 'Login'
end
end
end
# The `sample' view.
def sample
p 'A sample page'
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment