Merge commit 'mainstream/master'

4 files changed, 229 insertions, 26 deletions

diff --git a/activeresource/lib/active_resource/base.rb b/activeresource/lib/active_resource/base.rb
index 3d58660ffc..e1f221bd3e 100644
--- a/activeresource/lib/active_resource/base.rb
+++ b/activeresource/lib/active_resource/base.rb
@@ -110,6 +110,8 @@ module ActiveResource
   #
   # Many REST APIs will require authentication, usually in the form of basic
   # HTTP authentication.  Authentication can be specified by:
+  #
+  # === HTTP Basic Authentication
   # * putting the credentials in the URL for the +site+ variable.
   #
   #    class Person < ActiveResource::Base
@@ -130,6 +132,19 @@ module ActiveResource
   # Note: Some values cannot be provided in the URL passed to site.  e.g. email addresses
   # as usernames.  In those situations you should use the separate user and password option.
   #
+  # === Certificate Authentication
+  #
+  # * End point uses an X509 certificate for authentication. <tt>See ssl_options=</tt> for all options.
+  #
+  #    class Person < ActiveResource::Base
+  #      self.site = "https://secure.api.people.com/"
+  #      self.ssl_options = {:cert         => OpenSSL::X509::Certificate.new(File.open(pem_file))
+  #                          :key          => OpenSSL::PKey::RSA.new(File.open(pem_file)),
+  #                          :ca_path      => "/path/to/OpenSSL/formatted/CA_Certs",
+  #                          :verify_mode  => OpenSSL::SSL::VERIFY_PEER}
+  #    end
+  #
+  #
   # == Errors & Validation
   #
   # Error handling and validation is handled in much the same manner as you're used to seeing in
@@ -156,6 +171,7 @@ module ActiveResource
   # * 404 - ActiveResource::ResourceNotFound
   # * 405 - ActiveResource::MethodNotAllowed
   # * 409 - ActiveResource::ResourceConflict
+  # * 410 - ActiveResource::ResourceGone
   # * 422 - ActiveResource::ResourceInvalid (rescued by save as validation errors)
   # * 401..499 - ActiveResource::ClientError
   # * 500..599 - ActiveResource::ServerError
@@ -176,7 +192,7 @@ module ActiveResource
   #
   # Active Resource supports validations on resources and will return errors if any of these validations fail
   # (e.g., "First name can not be blank" and so on).  These types of errors are denoted in the response by
-  # a response code of <tt>422</tt> and an XML representation of the validation errors.  The save operation will
+  # a response code of <tt>422</tt> and an XML or JSON representation of the validation errors.  The save operation will
   # then fail (with a <tt>false</tt> return value) and the validation errors can be accessed on the resource in question.
   #
   #   ryan = Person.find(1)
@@ -185,10 +201,14 @@ module ActiveResource
   #
   #   # When
   #   # PUT http://api.people.com:3000/people/1.xml
+  #   # or
+  #   # PUT http://api.people.com:3000/people/1.json
   #   # is requested with invalid values, the response is:
   #   #
   #   # Response (422):
   #   # <errors type="array"><error>First cannot be empty</error></errors>
+  #   # or
+  #   # {"errors":["First cannot be empty"]}
   #   #
   #
   #   ryan.errors.invalid?(:first)  # => true
@@ -349,6 +369,31 @@ module ActiveResource
         end
       end
 
+      # Options that will get applied to an SSL connection.
+      #
+      # * <tt>:key</tt> - An OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
+      # * <tt>:cert</tt> - An OpenSSL::X509::Certificate object as client certificate
+      # * <tt>:ca_file</tt> - Path to a CA certification file in PEM format. The file can contrain several CA certificates.
+      # * <tt>:ca_path</tt> - Path of a CA certification directory containing certifications in PEM format.
+      # * <tt>:verify_mode</tt> - Flags for server the certification verification at begining of SSL/TLS session. (OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER is acceptable)
+      # * <tt>:verify_callback</tt> - The verify callback for the server certification verification.
+      # * <tt>:verify_depth</tt> - The maximum depth for the certificate chain verification.
+      # * <tt>:cert_store</tt> - OpenSSL::X509::Store to verify peer certificate.
+      # * <tt>:ssl_timeout</tt> -The SSL timeout in seconds.
+      def ssl_options=(opts={})
+        @connection   = nil
+        @ssl_options  = opts
+      end
+
+      # Returns the SSL options hash.
+      def ssl_options
+        if defined?(@ssl_options)
+          @ssl_options
+        elsif superclass != Object && superclass.ssl_options
+          superclass.ssl_options
+        end
+      end
+
       # An instance of ActiveResource::Connection that is the base \connection to the remote service.
       # The +refresh+ parameter toggles whether or not the \connection is refreshed at every request
       # or not (defaults to <tt>false</tt>).
@@ -359,6 +404,7 @@ module ActiveResource
           @connection.user = user if user
           @connection.password = password if password
           @connection.timeout = timeout if timeout
+          @connection.ssl_options = ssl_options if ssl_options
           @connection
         else
           superclass.connection
@@ -546,6 +592,19 @@ module ActiveResource
       #
       #   StreetAddress.find(1, :params => { :person_id => 1 })
       #   # => GET /people/1/street_addresses/1.xml
+      #
+      # == Failure or missing data
+      #   A failure to find the requested object raises a ResourceNotFound
+      #   exception if the find was called with an id.
+      #   With any other scope, find returns nil when no data is returned.
+      #
+      #   Person.find(1)
+      #   # => raises ResourcenotFound
+      #
+      #   Person.find(:all)
+      #   Person.find(:first)
+      #   Person.find(:last)
+      #   # => nil
       def find(*arguments)
         scope   = arguments.slice!(0)
         options = arguments.slice!(0) || {}
@@ -559,6 +618,28 @@ module ActiveResource
         end
       end
 
+
+      # A convenience wrapper for <tt>find(:first, *args)</tt>. You can pass
+      # in all the same arguments to this method as you can to
+      # <tt>find(:first)</tt>.
+      def first(*args)
+        find(:first, *args)
+      end
+
+      # A convenience wrapper for <tt>find(:last, *args)</tt>. You can pass
+      # in all the same arguments to this method as you can to
+      # <tt>find(:last)</tt>.
+      def last(*args)
+        find(:last, *args)
+      end
+
+      # This is an alias for find(:all).  You can pass in all the same
+      # arguments to this method as you can to <tt>find(:all)</tt>
+      def all(*args)
+        find(:all, *args)
+      end
+
+
       # Deletes the resources with the ID in the +id+ parameter.
       #
       # ==== Options
@@ -592,23 +673,29 @@ module ActiveResource
           response.code.to_i == 200
         end
         # id && !find_single(id, options).nil?
-      rescue ActiveResource::ResourceNotFound
+      rescue ActiveResource::ResourceNotFound, ActiveResource::ResourceGone
         false
       end
 
       private
         # Find every resource
         def find_every(options)
-          case from = options[:from]
-          when Symbol
-            instantiate_collection(get(from, options[:params]))
-          when String
-            path = "#{from}#{query_string(options[:params])}"
-            instantiate_collection(connection.get(path, headers) || [])
-          else
-            prefix_options, query_options = split_options(options[:params])
-            path = collection_path(prefix_options, query_options)
-            instantiate_collection( (connection.get(path, headers) || []), prefix_options )
+          begin
+            case from = options[:from]
+            when Symbol
+              instantiate_collection(get(from, options[:params]))
+            when String
+              path = "#{from}#{query_string(options[:params])}"
+              instantiate_collection(connection.get(path, headers) || [])
+            else
+              prefix_options, query_options = split_options(options[:params])
+              path = collection_path(prefix_options, query_options)
+              instantiate_collection( (connection.get(path, headers) || []), prefix_options )
+            end
+          rescue ActiveResource::ResourceNotFound
+            # Swallowing ResourceNotFound exceptions and return nil - as per
+            # ActiveRecord.
+            nil
           end
         end
 
@@ -835,6 +922,23 @@ module ActiveResource
     def save
       new? ? create : update
     end
+    
+    # Saves the resource.
+    #
+    # If the resource is new, it is created via +POST+, otherwise the
+    # existing resource is updated via +PUT+.
+    #
+    # With <tt>save!</tt> validations always run. If any of them fail
+    # ActiveResource::ResourceInvalid gets raised, and nothing is POSTed to
+    # the remote system.
+    # See ActiveResource::Validations for more information. 
+    #
+    # There's a series of callbacks associated with <tt>save!</tt>. If any
+    # of the <tt>before_*</tt> callbacks return +false+ the action is
+    # cancelled and <tt>save!</tt> raises ActiveResource::ResourceInvalid.
+    def save!
+      save || raise(ResourceInvalid.new(self))
+    end
 
     # Deletes the resource from the remote service.
     #
@@ -985,7 +1089,13 @@ module ActiveResource
           case value
             when Array
               resource = find_or_create_resource_for_collection(key)
-              value.map { |attrs| attrs.is_a?(String) ? attrs.dup : resource.new(attrs) }
+              value.map do |attrs|
+                if attrs.is_a?(String) || attrs.is_a?(Numeric)
+                  attrs.duplicable? ? attrs.dup : attrs
+                else
+                  resource.new(attrs)
+                end
+              end
             when Hash
               resource = find_or_create_resource_for(key)
               resource.new(value)
diff --git a/activeresource/lib/active_resource/connection.rb b/activeresource/lib/active_resource/connection.rb
index ef57c1f8b2..9d551f04e7 100644
--- a/activeresource/lib/active_resource/connection.rb
+++ b/activeresource/lib/active_resource/connection.rb
@@ -13,10 +13,11 @@ module ActiveResource
     HTTP_FORMAT_HEADER_NAMES = {  :get => 'Accept',
       :put => 'Content-Type',
       :post => 'Content-Type',
-      :delete => 'Accept'
+      :delete => 'Accept',
+      :head => 'Accept'
     }
 
-    attr_reader :site, :user, :password, :timeout, :proxy
+    attr_reader :site, :user, :password, :timeout, :proxy, :ssl_options
     attr_accessor :format
 
     class << self
@@ -61,6 +62,11 @@ module ActiveResource
       @timeout = timeout
     end
 
+    # Hash of options applied to Net::HTTP instance when +site+ protocol is 'https'.
+    def ssl_options=(opts={})
+      @ssl_options = opts
+    end
+
     # Executes a GET request.
     # Used to get (find) resources.
     def get(path, headers = {})
@@ -88,7 +94,7 @@ module ActiveResource
     # Executes a HEAD request.
     # Used to obtain meta-information about resources, such as whether they exist and their size (via response headers).
     def head(path, headers = {})
-      request(:head, path, build_request_headers(headers))
+      request(:head, path, build_request_headers(headers, :head))
     end
 
 
@@ -102,6 +108,8 @@ module ActiveResource
         handle_response(result)
       rescue Timeout::Error => e
         raise TimeoutError.new(e.message)
+      rescue OpenSSL::SSL::SSLError => e
+        raise SSLError.new(e.message)
       end
 
       # Handles response and error codes from the remote service.
@@ -123,6 +131,8 @@ module ActiveResource
             raise(MethodNotAllowed.new(response))
           when 409
             raise(ResourceConflict.new(response))
+          when 410
+            raise(ResourceGone.new(response))
           when 422
             raise(ResourceInvalid.new(response))
           when 401...500
@@ -149,8 +159,7 @@ module ActiveResource
       end
 
       def configure_http(http)
-        http.use_ssl = @site.is_a?(URI::HTTPS)
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl?
+        http = apply_ssl_options(http)
 
         # Net::HTTP timeouts default to 60 seconds.
         if @timeout
@@ -161,6 +170,29 @@ module ActiveResource
         http
       end
 
+      def apply_ssl_options(http)
+        return http unless @site.is_a?(URI::HTTPS)
+
+        http.use_ssl     = true
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        return http unless defined?(@ssl_options)
+
+        http.ca_path     = @ssl_options[:ca_path] if @ssl_options[:ca_path]
+        http.ca_file     = @ssl_options[:ca_file] if @ssl_options[:ca_file]
+
+        http.cert        = @ssl_options[:cert] if @ssl_options[:cert]
+        http.key         = @ssl_options[:key]  if @ssl_options[:key]
+
+        http.cert_store  = @ssl_options[:cert_store]  if @ssl_options[:cert_store]
+        http.ssl_timeout = @ssl_options[:ssl_timeout] if @ssl_options[:ssl_timeout]
+
+        http.verify_mode     = @ssl_options[:verify_mode]     if @ssl_options[:verify_mode]
+        http.verify_callback = @ssl_options[:verify_callback] if @ssl_options[:verify_callback]
+        http.verify_depth    = @ssl_options[:verify_depth]    if @ssl_options[:verify_depth]
+
+        http
+      end
+
       def default_header
         @default_header ||= {}
       end
diff --git a/activeresource/lib/active_resource/exceptions.rb b/activeresource/lib/active_resource/exceptions.rb
index 5e4b1d4487..0631cdcf9f 100644
--- a/activeresource/lib/active_resource/exceptions.rb
+++ b/activeresource/lib/active_resource/exceptions.rb
@@ -20,6 +20,14 @@ module ActiveResource
     def to_s; @message ;end
   end
 
+  # Raised when a OpenSSL::SSL::SSLError occurs.
+  class SSLError < ConnectionError
+    def initialize(message)
+      @message = message
+    end
+    def to_s; @message ;end
+  end
+
   # 3xx Redirection
   class Redirection < ConnectionError # :nodoc:
     def to_s; response['Location'] ? "#{super} => #{response['Location']}" : super; end
@@ -43,6 +51,9 @@ module ActiveResource
   # 409 Conflict
   class ResourceConflict < ClientError; end # :nodoc:
 
+  # 410 Gone
+  class ResourceGone < ClientError; end # :nodoc:
+
   # 5xx Server Error
   class ServerError < ConnectionError; end # :nodoc:
 
diff --git a/activeresource/lib/active_resource/validations.rb b/activeresource/lib/active_resource/validations.rb
index a2ba224998..d4d282e273 100644
--- a/activeresource/lib/active_resource/validations.rb
+++ b/activeresource/lib/active_resource/validations.rb
@@ -7,11 +7,12 @@ module ActiveResource
   # Active Resource validation is reported to and from this object, which is used by Base#save
   # to determine whether the object in a valid state to be saved. See usage example in Validations.  
   class Errors < ActiveModel::Errors
-    # Grabs errors from the XML response.
-    def from_xml(xml)
-      clear
+    # Grabs errors from an array of messages (like ActiveRecord::Validations)
+    # The second parameter directs the errors cache to be cleared (default)
+    # or not (by passing true)
+    def from_array(messages, save_cache = false)
+      clear unless save_cache
       humanized_attributes = @base.attributes.keys.inject({}) { |h, attr_name| h.update(attr_name.humanize => attr_name) }
-      messages = Array.wrap(Hash.from_xml(xml)['errors']['error']) rescue []
       messages.each do |message|
         attr_message = humanized_attributes.keys.detect do |attr_name|
           if message[0, attr_name.size + 1] == "#{attr_name} "
@@ -22,6 +23,18 @@ module ActiveResource
         self[:base] << message if attr_message.nil?
       end
     end
+
+    # Grabs errors from a json response.
+    def from_json(json, save_cache = false)
+      array = ActiveSupport::JSON.decode(json)['errors'] rescue []
+      from_array array, save_cache
+    end
+
+    # Grabs errors from an XML response.
+    def from_xml(xml, save_cache = false)
+      array = Array.wrap(Hash.from_xml(xml)['errors']['error']) rescue []
+      from_array array, save_cache
+    end
   end
   
   # Module to support validation and errors with Active Resource objects. The module overrides
@@ -46,21 +59,55 @@ module ActiveResource
   #
   module Validations
     extend ActiveSupport::Concern
+    include ActiveModel::Validations
+    extend ActiveModel::Validations::ClassMethods
 
     included do
       alias_method_chain :save, :validation
     end
 
     # Validate a resource and save (POST) it to the remote web service.
-    def save_with_validation
-      save_without_validation
-      true
+    # If any local validations fail - the save (POST) will not be attempted.
+    def save_with_validation(perform_validation = true)
+      # clear the remote validations so they don't interfere with the local
+      # ones. Otherwise we get an endless loop and can never change the
+      # fields so as to make the resource valid
+      @remote_errors = nil
+      if perform_validation && valid? || !perform_validation
+        save_without_validation
+        true
+      else
+        false
+      end
     rescue ResourceInvalid => error
-      errors.from_xml(error.response.body)
+      # cache the remote errors because every call to <tt>valid?</tt> clears
+      # all errors. We must keep a copy to add these back after local
+      # validations
+      @remote_errors = error
+      load_remote_errors(@remote_errors, true)
       false
     end
 
+
+    # Loads the set of remote errors into the object's Errors based on the
+    # content-type of the error-block received
+    def load_remote_errors(remote_errors, save_cache = false ) #:nodoc:
+      case remote_errors.response['Content-Type']
+      when 'application/xml'
+        errors.from_xml(remote_errors.response.body, save_cache)
+      when 'application/json'
+        errors.from_json(remote_errors.response.body, save_cache)
+      end
+    end
+
     # Checks for errors on an object (i.e., is resource.errors empty?).
+    #
+    # Runs all the specified local validations and returns true if no errors
+    # were added, otherwise false.
+    # Runs local validations (eg those on your Active Resource model), and
+    # also any errors returned from the remote system the last time we
+    # saved.
+    # Remote errors can only be cleared by trying to re-save the resource.
     # 
     # ==== Examples
     #   my_person = Person.create(params[:person])
@@ -70,7 +117,10 @@ module ActiveResource
     #   my_person.errors.add('login', 'can not be empty') if my_person.login == ''
     #   my_person.valid?
     #   # => false
+    #
     def valid?
+      super
+      load_remote_errors(@remote_errors, true) if defined?(@remote_errors) && @remote_errors.present?
       errors.empty?
     end