Merge branch 'master' of github.com:yegor256/takes into 306

.gitattributes

@@ -1,20 +1,7 @@
-# Check out all text files in UNIX format.
-* text eol=lf
+# Check out all text files in UNIX format, with LF as end of line
+# Don't change this file. If you have any ideas about it, please
+# submit a separate issue about it and we'll discuss.
 
-# Explicitly declare text files we want to always be normalized and converted 
-# to native line endings on checkout.
-*.txt text
-*.java text
-*.groovy text
-*.xml text
-*.md text
-*.pom text
-*.properties text
-*.tex text
-*.vm text
-*.xsl text
-*.yml text
-
-# Denote all files that are truly binary and should not be modified.
-*.png binary
-*.jpg binary
+* text=auto eol=lf
+*.java ident
+*.xml ident

.rultor.yml

@@ -42,7 +42,6 @@ merge:
   - krzyk
   - longtimeago
   - pinaf
-  - yegor256
 deploy:
   script: |
     version=$(curl -K ../curl-appveyor.cfg --data "{accountName: 'yegor256', projectSlug: 'takes', branch: 'master'}" https://ci.appveyor.com/api/builds | jq -r '.version')

est/takes_09_06_2015.est

@@ -0,0 +1,17 @@
+date: 09-06-2015
+author: Igor Khvostenkov
+method: champions.pert
+scope:
+  1: Design of the interfaces
+  2: Routing/Dispatching
+  3: Persistent entities
+  4: Performance testing
+champions:
+  1:
+    worst-case: 60
+    best-case: 25
+    most-likely: 35
+  2:
+    worst-case: 40
+    best-case: 15
+    most-likely: 25

src/main/java/org/takes/facets/auth/PsBasic.java

@@ -0,0 +1,188 @@
+/**
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Yegor Bugayenko
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package org.takes.facets.auth;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.util.logging.Level;
+import javax.xml.bind.DatatypeConverter;
+import lombok.EqualsAndHashCode;
+import org.takes.Request;
+import org.takes.Response;
+import org.takes.facets.flash.RsFlash;
+import org.takes.facets.forward.RsForward;
+import org.takes.misc.Opt;
+import org.takes.rq.RqHeaders;
+import org.takes.rq.RqHref;
+import org.takes.rs.RsWithHeader;
+
+/**
+ * Pass that checks the user according RFC-2617.
+ *
+ * <p>The class is immutable and thread-safe.
+ *
+ * @author Endrigo Antonini (teamed@endrigo.com.br)
+ * @version $Id$
+ * @since 0.20
+ * @checkstyle ClassDataAbstractionCouplingCheck (250 lines)
+ */
+@EqualsAndHashCode(of = { "entry", "realm" })
+public final class PsBasic implements Pass {
+
+    /**
+     * Authorization response HTTP head.
+     */
+    private static final String AUTH_HEAD = "Basic";
+
+    /**
+     * Entry to validate user information.
+     */
+    private final transient PsBasic.Entry entry;
+
+    /**
+     * Realm.
+     */
+    private final transient String realm;
+
+    /**
+     * Ctor.
+     * @param rlm Realm
+     * @param basic Entry
+     */
+    public PsBasic(final String rlm, final PsBasic.Entry basic) {
+        this.realm = rlm;
+        this.entry = basic;
+    }
+
+    @Override
+    public Opt<Identity> enter(final Request request) throws IOException {
+        final String decoded = new String(
+            DatatypeConverter.parseBase64Binary(
+                new RqHeaders.Smart(
+                    new RqHeaders.Base(request)
+                ).single("authorization").split(AUTH_HEAD)[1]
+            )
+        ).trim();
+        final String user = decoded.split(":")[0];
+        final Opt<Identity> identity = this.entry.enter(
+            user,
+            decoded.substring(user.length() + 1)
+        );
+        if (!identity.has()) {
+            throw new RsForward(
+                new RsWithHeader(
+                    new RsFlash("access denied", Level.WARNING),
+                    String.format(
+                        "WWW-Authenticate: Basic ream=\"%s\"",
+                        this.realm
+                    )
+                ),
+                HttpURLConnection.HTTP_UNAUTHORIZED,
+                new RqHref.Base(request).href()
+            );
+        }
+        return identity;
+    }
+
+    @Override
+    public Response exit(final Response response, final Identity identity)
+        throws IOException {
+        return response;
+    }
+
+    /**
+     * Entry interface that is used to check if the received information is
+     * valid.
+     *
+     * @author Endrigo Antonini (teamed@endrigo.com.br)
+     * @version $Id$
+     * @since 0.20
+     */
+    public interface Entry {
+
+        /**
+         * Check if is a valid user.
+         * @param user User
+         * @param pwd Password
+         * @return Identity.
+         */
+        Opt<Identity> enter(String user, String pwd);
+    }
+
+    /**
+     * Fake implementation of {@link PsBasic.Entry}.
+     *
+     * <p>The class is immutable and thread-safe.
+     *
+     * @author Endrigo Antonini (teamed@endrigo.com.br)
+     * @version $Id$
+     * @since 0.20
+     *
+     */
+    public static final class Fake implements PsBasic.Entry {
+
+        /**
+         * Should we authenticate a user?
+         */
+        private final transient boolean condition;
+
+        /**
+         * Ctor.
+         * @param cond Condition
+         */
+        public Fake(final boolean cond) {
+            this.condition = cond;
+        }
+
+        @Override
+        public Opt<Identity> enter(final String usr, final String pwd) {
+            final Opt<Identity> user;
+            if (this.condition) {
+                user = new Opt.Single<Identity>(
+                    new Identity.Simple(
+                        String.format("urn:basic:%s", usr)
+                    )
+                );
+            } else {
+                user = new Opt.Empty<Identity>();
+            }
+            return user;
+        }
+    }
+
+    /**
+     * Empty check.
+     *
+     * @author Endrigo Antonini (teamed@endrigo.com.br)
+     * @version $Id$
+     * @since 0.20
+     */
+    public static final class Empty implements PsBasic.Entry {
+
+        @Override
+        public Opt<Identity> enter(final String user, final String pwd) {
+            return new Opt.Empty<Identity>();
+        }
+    }
+}