RubyGems - aaf-gumboot - Versions diffs - 1.0.0.pre.alpha.2 - Mend

aaf-gumboot 1.0.0.pre.alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

checksums.yaml +7 -0
data/.gitignore +17 -0
data/.rspec +3 -0
data/.rubocop.yml +15 -0
data/Gemfile +4 -0
data/Guardfile +18 -0
data/LICENSE +202 -0
data/README.md +1069 -0
data/Rakefile +8 -0
data/aaf-gumboot.gemspec +42 -0
data/lib/aaf-gumboot.rb +1 -0
data/lib/gumboot.rb +5 -0
data/lib/gumboot/shared_examples/anonymous_controller.rb +17 -0
data/lib/gumboot/shared_examples/api_constraints.rb +29 -0
data/lib/gumboot/shared_examples/api_controller.rb +206 -0
data/lib/gumboot/shared_examples/api_subjects.rb +44 -0
data/lib/gumboot/shared_examples/application_controller.rb +223 -0
data/lib/gumboot/shared_examples/database_schema.rb +45 -0
data/lib/gumboot/shared_examples/foreign_keys.rb +65 -0
data/lib/gumboot/shared_examples/permissions.rb +45 -0
data/lib/gumboot/shared_examples/roles.rb +15 -0
data/lib/gumboot/shared_examples/subjects.rb +29 -0
data/lib/gumboot/strap.rb +121 -0
data/lib/gumboot/version.rb +3 -0
data/spec/dummy/README.rdoc +28 -0
data/spec/dummy/Rakefile +3 -0
data/spec/dummy/app/assets/images/.keep +0 -0
data/spec/dummy/app/assets/javascripts/application.js +13 -0
data/spec/dummy/app/assets/stylesheets/application.css +15 -0
data/spec/dummy/app/controllers/api/api_controller.rb +78 -0
data/spec/dummy/app/controllers/application_controller.rb +64 -0
data/spec/dummy/app/controllers/concerns/.keep +0 -0
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/mailers/.keep +0 -0
data/spec/dummy/app/models/.keep +0 -0
data/spec/dummy/app/models/api_subject.rb +23 -0
data/spec/dummy/app/models/api_subject_role.rb +6 -0
data/spec/dummy/app/models/concerns/.keep +0 -0
data/spec/dummy/app/models/permission.rb +7 -0
data/spec/dummy/app/models/role.rb +11 -0
data/spec/dummy/app/models/subject.rb +20 -0
data/spec/dummy/app/models/subject_role.rb +6 -0
data/spec/dummy/app/views/dynamic_errors/forbidden.html.erb +0 -0
data/spec/dummy/app/views/dynamic_errors/unauthorized.html.erb +0 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/bin/bundle +3 -0
data/spec/dummy/bin/rails +4 -0
data/spec/dummy/bin/rake +4 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/config/application.rb +18 -0
data/spec/dummy/config/boot.rb +5 -0
data/spec/dummy/config/database.yml +5 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +32 -0
data/spec/dummy/config/environments/production.rb +37 -0
data/spec/dummy/config/environments/test.rb +33 -0
data/spec/dummy/config/initializers/assets.rb +4 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -0
data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/dummy/config/initializers/inflections.rb +15 -0
data/spec/dummy/config/initializers/mime_types.rb +4 -0
data/spec/dummy/config/initializers/session_store.rb +3 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +9 -0
data/spec/dummy/config/locales/en.yml +23 -0
data/spec/dummy/config/routes.rb +2 -0
data/spec/dummy/config/secrets.yml +22 -0
data/spec/dummy/db/schema.rb +51 -0
data/spec/dummy/db/test.sqlite3 +0 -0
data/spec/dummy/lib/api_constraints.rb +16 -0
data/spec/dummy/lib/assets/.keep +0 -0
data/spec/dummy/public/404.html +67 -0
data/spec/dummy/public/422.html +67 -0
data/spec/dummy/public/500.html +66 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/factories/api_subjects.rb +20 -0
data/spec/factories/permissions.rb +6 -0
data/spec/factories/roles.rb +5 -0
data/spec/factories/subjects.rb +24 -0
data/spec/gumboot/api_constraints_spec.rb +18 -0
data/spec/gumboot/api_controller_spec.rb +7 -0
data/spec/gumboot/api_subjects_spec.rb +7 -0
data/spec/gumboot/application_controller_spec.rb +7 -0
data/spec/gumboot/foreign_keys_spec.rb +7 -0
data/spec/gumboot/permissions_spec.rb +7 -0
data/spec/gumboot/roles_spec.rb +7 -0
data/spec/gumboot/subjects_spec.rb +7 -0
data/spec/lib/gumboot/strap_spec.rb +330 -0
data/spec/spec_helper.rb +45 -0
metadata +387 -0

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new
+task default: [:spec, :rubocop]

data/aaf-gumboot.gemspec ADDED Viewed

@@ -0,0 +1,42 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'gumboot/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'aaf-gumboot'
+  spec.version       = Gumboot::VERSION
+  spec.authors       = ['Bradley Beddoes']
+  spec.email         = ['bradleybeddoes@aaf.edu.au']
+  spec.summary       = 'Kick off subject and API structure for AAF applications'
+  spec.description   = 'Provides a set of shared specs and base generators to' \
+                       ' ensure that all AAF ruby applications follow the' \
+                       ' same basic structure and implementation for' \
+                       ' subjects, RESTful APIs and access control.'
+  spec.homepage      = 'http://www.aaf.edu.au'
+  spec.license       = 'Apache-2.0'
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.add_dependency 'accession', '~> 1.0'
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'mysql2', '~> 0.3.20'
+  spec.add_development_dependency 'sqlite3'
+  spec.add_development_dependency 'valhammer'
+  spec.add_development_dependency 'factory_girl'
+  spec.add_development_dependency 'faker'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+  spec.add_development_dependency 'rails-controller-testing'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'guard-rubocop'
+  spec.add_development_dependency 'guard-bundler'
+  spec.add_development_dependency 'rails', '~> 4.2.6'
+end

data/lib/aaf-gumboot.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'gumboot'

data/lib/gumboot.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Gumboot
+  # Your code goes here...
+end
+require 'gumboot/version'

data/lib/gumboot/shared_examples/anonymous_controller.rb ADDED Viewed

@@ -0,0 +1,17 @@
+RSpec.shared_examples 'Anon controller' do
+  controller(described_class) do
+    def an_action
+      check_access!('required:permission')
+      head :ok
+    end
+    def bad_action
+      head :ok
+    end
+    def public
+      public_action
+      head :ok
+    end
+  end
+end

data/lib/gumboot/shared_examples/api_constraints.rb ADDED Viewed

@@ -0,0 +1,29 @@
+RSpec.shared_examples 'API constraints' do
+  context 'AAF shared implementation' do
+    context '#matches?' do
+      context 'with default: false' do
+        subject { described_class.new(version: '1', default: false) }
+        it 'is true for a valid request' do
+          expect(subject.matches?(matching_request)).to be_truthy
+        end
+        it 'is false for a non-matching request' do
+          expect(subject.matches?(non_matching_request)).to be_falsey
+        end
+      end
+      context 'with default: true' do
+        subject { described_class.new(version: '1', default: true) }
+        it 'is true for a valid request' do
+          expect(subject.matches?(matching_request)).to be_truthy
+        end
+        it 'is true for a non-matching request' do
+          expect(subject.matches?(non_matching_request)).to be_truthy
+        end
+      end
+    end
+  end
+end

data/lib/gumboot/shared_examples/api_controller.rb ADDED Viewed

@@ -0,0 +1,206 @@
+require 'gumboot/shared_examples/anonymous_controller'
+RSpec.shared_examples 'API base controller' do
+  context 'AAF shared implementation' do
+    include_examples 'Anon controller'
+    before do
+      @routes.draw do
+        get '/anonymous/an_action' => 'api/api#an_action'
+        get '/anonymous/bad_action' => 'api/api#bad_action'
+        get '/anonymous/public' => 'api/api#public'
+      end
+    end
+    it { is_expected.to respond_to(:subject) }
+    context '#ensure_authenticated as before_action' do
+      subject { response }
+      let(:json) { JSON.parse(subject.body) }
+      context 'no x509 header set by nginx' do
+        before { get :an_action }
+        it { is_expected.to have_http_status(:unauthorized) }
+        context 'json within response' do
+          it 'has a message' do
+            expect(json['message']).to eq('SSL client failure.')
+          end
+          it 'has an error' do
+            expect(json['error']).to eq('Subject DN')
+          end
+        end
+      end
+      context 'x509 header set to "(null)"' do
+        before do
+          request.env['HTTP_X509_DN'] = '(null)'
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        context 'json within response' do
+          it 'has a message' do
+            expect(json['message']).to eq('SSL client failure.')
+          end
+          it 'has an error' do
+            expect(json['error']).to eq('Subject DN')
+          end
+        end
+      end
+      context 'invalid x509 header set by nginx' do
+        before do
+          request.env['HTTP_X509_DN'] = "Z=#{Faker::Lorem.word}"
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        context 'json within response' do
+          it 'has a message' do
+            expect(json['message']).to eq('SSL client failure.')
+          end
+          it 'has an error' do
+            expect(json['error']).to eq('Subject DN invalid')
+          end
+        end
+      end
+      context 'without a CN component to DN' do
+        before do
+          request.env['HTTP_X509_DN'] = "O=#{Faker::Lorem.word}"
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        context 'json within response' do
+          it 'has a message' do
+            expect(json['message']).to eq('SSL client failure.')
+          end
+          it 'has an error' do
+            expect(json['error']).to eq('Subject CN invalid')
+          end
+        end
+      end
+      context 'with a CN that does not represent an APISubject' do
+        before do
+          request.env['HTTP_X509_DN'] = "CN=#{Faker::Lorem.word}/" \
+                                        "O=#{Faker::Lorem.word}"
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        context 'json within response' do
+          it 'has a message' do
+            expect(json['message']).to eq('SSL client failure.')
+          end
+          it 'has an error' do
+            expect(json['error']).to eq('Subject invalid')
+          end
+        end
+      end
+      context 'with an APISubject that is not functioning' do
+        let(:api_subject) { create :api_subject, enabled: false }
+        before do
+          request.env['HTTP_X509_DN'] = "CN=#{api_subject.x509_cn}/" \
+                                        "O=#{Faker::Lorem.word}"
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        context 'json within response' do
+          it 'has a message' do
+            expect(json['message']).to eq('SSL client failure.')
+          end
+          it 'has an error' do
+            expect(json['error']).to eq('Subject not functional')
+          end
+        end
+      end
+    end
+    context '#ensure_access_checked as after_action' do
+      subject(:api_subject) { create :api_subject }
+      let(:json) { JSON.parse(response.body) }
+      before do
+        request.env['HTTP_X509_DN'] = "CN=#{api_subject.x509_cn}/DC=example"
+      end
+      RSpec.shared_examples 'APIController base state' do
+        it 'fails request to incorrectly implemented action' do
+          msg = 'No access control performed by API::APIController#bad_action'
+          expect { get :bad_action }.to raise_error(msg)
+        end
+        it 'completes request to a public action' do
+          get :public
+          expect(response).to have_http_status(:ok)
+        end
+      end
+      context 'subject without permissions' do
+        include_examples 'APIController base state'
+        it 'has no permissions' do
+          expect(api_subject.permissions).to eq([])
+        end
+        context 'the request does not complete' do
+          before { get :an_action }
+          it 'should respond with status code :forbidden (403)' do
+            expect(response).to have_http_status(:forbidden)
+          end
+          it 'recieves a json message' do
+            expect(json['message'])
+              .to eq('The request was understood but explicitly denied.')
+          end
+        end
+      end
+      context 'subject with invalid permissions' do
+        subject(:api_subject) do
+          create :api_subject, :authorized, permission: 'invalid:permission'
+        end
+        include_examples 'APIController base state'
+        it 'has an invalid permission' do
+          expect(api_subject.permissions).to eq(['invalid:permission'])
+        end
+        context 'the request does not complete' do
+          before { get :an_action }
+          it 'should respond with status code :forbidden (403)' do
+            expect(response).to have_http_status(:forbidden)
+          end
+          it 'recieves a json message' do
+            expect(json['message'])
+              .to eq('The request was understood but explicitly denied.')
+          end
+        end
+      end
+      context 'subject with valid permission' do
+        subject(:api_subject) do
+          create :api_subject, :authorized, permission: 'required:permission'
+        end
+        include_examples 'APIController base state'
+        it 'has a valid permission' do
+          expect(api_subject.permissions).to eq(['required:permission'])
+        end
+        it 'completes request after permissions checked' do
+          get :an_action
+          expect(response).to have_http_status(:ok)
+        end
+      end
+    end
+  end
+end

data/lib/gumboot/shared_examples/api_subjects.rb ADDED Viewed

@@ -0,0 +1,44 @@
+RSpec.shared_examples 'API Subjects' do
+  context 'AAF shared implementation' do
+    subject { build :api_subject }
+    it { is_expected.to be_valid }
+    it { is_expected.to be_an(Accession::Principal) }
+    it { is_expected.to respond_to(:roles) }
+    it { is_expected.to respond_to(:permissions) }
+    it { is_expected.to respond_to(:permits?) }
+    it { is_expected.to respond_to(:functioning?) }
+    it 'is invalid without an x509_cn' do
+      subject.x509_cn = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid if an x509 value is not in the correct format' do
+      subject.x509_cn += '%^%&*'
+      expect(subject).not_to be_valid
+    end
+    it 'is valid if an x509 value is in the correct format' do
+      expect(subject).to be_valid
+    end
+    it 'is invalid if an x509 value is not unique' do
+      create(:api_subject, x509_cn: subject.x509_cn)
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without a description' do
+      subject.description = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without a contact name' do
+      subject.contact_name = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without a contact mail address' do
+      subject.contact_mail = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without an enabled state' do
+      subject.enabled = nil
+      expect(subject).not_to be_valid
+    end
+  end
+end

data/lib/gumboot/shared_examples/application_controller.rb ADDED Viewed

@@ -0,0 +1,223 @@
+require 'gumboot/shared_examples/anonymous_controller'
+RSpec.shared_examples 'Application controller' do
+  context 'AAF shared implementation' do
+    include_examples 'Anon controller'
+    before do
+      @routes.draw do
+        get '/anonymous/an_action' => 'anonymous#an_action'
+        get '/anonymous/bad_action' => 'anonymous#bad_action'
+        get '/anonymous/public' => 'anonymous#public'
+      end
+    end
+    context '#subject' do
+      context 'No subject ID is set in session' do
+        before do
+          session[:subject_id] = nil
+        end
+        it 'returns nil' do
+          expect(subject.subject).to be_nil
+        end
+      end
+      context 'session has subject_id that does not represent a Subject' do
+        before do
+          session[:subject_id] = -1
+        end
+        it 'returns nil' do
+          expect(subject.subject).to be_nil
+        end
+      end
+      context 'Subject that is not functioning' do
+        let(:current_subject) { create :subject, enabled: false }
+        before do
+          session[:subject_id] = current_subject.id
+        end
+        it 'returns nil' do
+          expect(subject.subject).to be_nil
+        end
+      end
+      context 'Subject is valid' do
+        let(:current_subject) { create :subject }
+        before do
+          session[:subject_id] = current_subject.id
+        end
+        it 'returns subject' do
+          expect(subject.subject).to eq(current_subject)
+        end
+      end
+    end
+    context '#ensure_authenticated as before_action' do
+      subject { response }
+      context 'No subject ID is set in session' do
+        before do
+          session[:subject_id] = nil
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:redirect) }
+        it { is_expected.to redirect_to('/auth/login') }
+      end
+      context 'session has subject_id that does not represent a Subject' do
+        before do
+          session[:subject_id] = -1
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        it do
+          is_expected.to render_template(
+            'dynamic_errors/unauthorized',
+            'layouts/application'
+          )
+        end
+        it 'resets the session' do
+          expect(session[:subject_id]).to be_nil
+        end
+      end
+      context 'Subject that is not functioning' do
+        let(:current_subject) { create :subject, enabled: false }
+        before do
+          session[:subject_id] = current_subject.id
+          get :an_action
+        end
+        it { is_expected.to have_http_status(:unauthorized) }
+        it do
+          is_expected.to render_template(
+            'dynamic_errors/unauthorized',
+            'layouts/application'
+          )
+        end
+        it 'resets the session' do
+          expect(session[:subject_id]).to be_nil
+        end
+      end
+      context 'when request is session' do
+        it 'POST request should not create a uri session' do
+          post :an_action
+          expect(session).not_to include(:return_url)
+        end
+        it 'GET request should not create a uri session' do
+          get :an_action
+          uri = URI.parse(session[:return_url])
+          expect(uri.path).to eq('/anonymous/an_action')
+          expect(uri.query).to be_blank
+          expect(uri.fragment).to be_blank
+        end
+        it 'GET request should create a uri session including fragments' do
+          get :an_action, params: { time: 1000 }
+          uri = URI.parse(session[:return_url])
+          expect(uri.path).to eq('/anonymous/an_action')
+          expect(uri.query).to eq('time=1000')
+          expect(uri.fragment).to be_blank
+        end
+      end
+    end
+    context '#ensure_access_checked as after_action' do
+      before { session[:subject_id] = subject.id }
+      RSpec.shared_examples 'ApplicationController base state' do
+        it 'fails request to incorrectly implemented action' do
+          msg = 'No access control performed by AnonymousController#bad_action'
+          expect { get :bad_action }.to raise_error(msg)
+        end
+        it 'completes request to a public action' do
+          get :public
+          expect(response).to have_http_status(:ok)
+        end
+      end
+      context 'subject without permissions' do
+        subject(:subject) { create :subject }
+        include_examples 'ApplicationController base state'
+        it 'has no permissions' do
+          expect(subject.permissions).to eq([])
+        end
+        context 'the request does not complete' do
+          before { get :an_action }
+          it 'should respond with status code :forbidden (403)' do
+            expect(response).to have_http_status(:forbidden)
+          end
+          it 'renders forbidden template' do
+            expect(response).to render_template(
+              'dynamic_errors/forbidden',
+              'layouts/application'
+            )
+          end
+        end
+      end
+      context 'subject with invalid permissions' do
+        subject(:subject) do
+          create :subject, :authorized, permission: 'invalid:permission'
+        end
+        include_examples 'ApplicationController base state'
+        it 'has an invalid permission' do
+          expect(subject.permissions).to eq(['invalid:permission'])
+        end
+        context 'the request does not complete' do
+          before { get :an_action }
+          it 'should respond with status code :forbidden (403)' do
+            expect(response).to have_http_status(:forbidden)
+          end
+          it 'renders forbidden template' do
+            expect(response).to render_template(
+              'dynamic_errors/forbidden',
+              'layouts/application'
+            )
+          end
+        end
+      end
+      context 'subject with valid permission' do
+        subject(:subject) do
+          create :subject, :authorized, permission: 'required:permission'
+        end
+        include_examples 'ApplicationController base state'
+        it 'has a valid permission' do
+          expect(subject.permissions).to eq(['required:permission'])
+        end
+        it 'completes request after permissions checked' do
+          get :an_action
+          expect(response).to have_http_status(:ok)
+        end
+      end
+    end
+  end
+end