apill 4.0.3 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f77db3956c72054749629446e1d098d3f7f97e64
-  data.tar.gz: 52ab14155d33d4c52c11a71c50e6aa40abbcbaae
+  metadata.gz: 905997a468c58168a9f87fbae4df382ced3cc1fd
+  data.tar.gz: d354947d9ca949dadaad2d25969c5f7865b0652c
 SHA512:
-  metadata.gz: b069207e88d408c5c88c5ee0389e5f61a04dc46b6403d8d7464c826ecb7a999cb7c1f9b567dd236376682d7d67e7d92a55555dde65ce803dacaaf2a25fc1f7eb
-  data.tar.gz: 5920fac6396a11314058a7837f7fb01138f4d31bece28ac8fe4e028952ea4e273feab24fc7322d3c2796ea7bf73e35bf3c223703e40cd203ce61a2e441b10d57
+  metadata.gz: a8576261ae11512401546d1b2e22b6e435921ab67ec2efce00e0ddeabcfff846522d1a2b918dbeff6c7175166004aee450db10eb6fed6cd136487c6c568b867e
+  data.tar.gz: fdd74cbe6f6245d3b6caa3b730487cbbf04bb0c80c08deecc5a5dab7b84f216fe403732142191d57892a0313d2a65515b30c18474e6a41d5b388b9b1a249192a

data/lib/apill/matchers/subdomain.rb

@@ -9,13 +9,13 @@ class   Subdomain
   end
 
   def matches?(request)
-    self.request = request
+    self.request = Requests::Base.resolve(request)
 
     allowed_subdomains.include? request.subdomain
   end
 
   def matches_api_subdomain?(request)
-    self.request = request
+    self.request = Requests::Base.resolve(request)
 
     allowed_api_subdomains.include? request.subdomain
   end

data/lib/apill/requests/base.rb

@@ -1,10 +1,15 @@
-require 'apill/tokens/invalid_request_authorization'
-require 'apill/tokens/request_authorization'
+require 'apill/tokens/json_web_tokens/invalid'
+require 'apill/tokens/json_web_token'
 
 module  Apill
 module  Requests
 class   Base
-  TOKEN_PATTERN = %r{\A(?:Token ([A-Za-z0-9_/\+\=\-\.]+))?\z}
+  BASE64_PATTERN                = %r{[A-Za-z0-9_/\+\=\-\.]}
+  BASE64_TOKEN_PARAM_NAME       = 'token_b64'.freeze
+  JSON_WEB_TOKEN_PARAM_NAME     = 'token_jwt'.freeze
+  JSON_WEB_TOKEN_PATTERN        = /(#{BASE64_PATTERN}+?\.){4}#{BASE64_PATTERN}+?/
+  BASE64_TOKEN_HEADER_PATTERN   = /\A(?:Basic|Bearer)\s+(.*)\z/
+  JSON_WEB_TOKEN_HEADER_PATTERN = /\AToken\s+(.*)\z/
 
   attr_accessor :token_private_key,
                 :request
@@ -85,18 +90,17 @@ class   Base
   end
 
   def authorization_token_from_header
-    return Tokens::InvalidRequestAuthorization.instance \
-      unless raw_authorization_header.match(TOKEN_PATTERN)
-
-    Tokens::RequestAuthorization.convert(
-      token_private_key: token_private_key,
-      raw_token:         raw_authorization_token_from_header || '')
-  end
-
-  def authorization_token_from_params
-    Tokens::RequestAuthorization.convert(
-      token_private_key: token_private_key,
-      raw_token:         raw_authorization_token_from_params || '')
+    case raw_authorization_header
+    when JSON_WEB_TOKEN_HEADER_PATTERN
+      Tokens::JsonWebToken.convert(
+        token_private_key: token_private_key,
+        raw_token:         raw_authorization_header[JSON_WEB_TOKEN_HEADER_PATTERN, 1])
+    when BASE64_TOKEN_HEADER_PATTERN
+      Tokens::Base64.convert(
+        raw_token: raw_authorization_header[BASE64_TOKEN_HEADER_PATTERN, 1])
+    else
+      Tokens::Null.instance
+    end
   end
 
   private
@@ -104,10 +108,6 @@ class   Base
   def raw_host
     request.fetch('HTTP_HOST', '')
   end
-
-  def raw_authorization_token_from_header
-    raw_authorization_header[TOKEN_PATTERN, 1] || ''
-  end
 end
 end
 end

data/lib/apill/requests/rack.rb

@@ -1,12 +1,31 @@
 require 'apill/configuration'
 require 'apill/requests/base'
 require 'apill/accept_header'
+require 'apill/tokens/json_web_token'
+require 'apill/tokens/base64'
 
 module  Apill
 module  Requests
 class   Rack < Base
-  ACCEPT_PARAM_PATTERN     = /(?:\A|&)accept=(.+?)(?=\z|&)/
-  AUTH_TOKEN_PARAM_PATTERN = /(?:\A|&)auth_token=(.+?)(?=\z|&)/
+  ACCEPT_PARAM_PATTERN         = /(?:\A|&)accept=(.+?)(?=\z|&)/
+  BASE64_TOKEN_PARAM_PATTERN   = /(?:\A|&)#{BASE64_TOKEN_PARAM_NAME}=(.*)(?=\z|&)/
+  JSON_WEB_TOKEN_PARAM_PATTERN = /(?:\A|&)#{JSON_WEB_TOKEN_PARAM_NAME}=(.*)(?=\z|&)/
+
+  def authorization_token_from_params
+    case request['QUERY_STRING']
+    when JSON_WEB_TOKEN_PARAM_PATTERN
+      Tokens::JsonWebToken.convert(
+        token_private_key: token_private_key,
+        raw_token:         request['QUERY_STRING'][JSON_WEB_TOKEN_PARAM_PATTERN, 1] || '',
+      )
+    when BASE64_TOKEN_PARAM_PATTERN
+      base64_token = request['QUERY_STRING'][BASE64_TOKEN_PARAM_PATTERN, 1]
+
+      Tokens::Base64.convert(raw_token: base64_token)
+    else
+      Tokens::Null.instance
+    end
+  end
 
   private
 
@@ -22,10 +41,6 @@ class   Rack < Base
     request['HTTP_AUTHORIZATION'] || ''
   end
 
-  def raw_authorization_token_from_params
-    URI.unescape(request['QUERY_STRING'][AUTH_TOKEN_PARAM_PATTERN, 1] || '')
-  end
-
   def raw_request_application_name
     request['HTTP_X_APPLICATION_NAME']
   end

data/lib/apill/requests/rails.rb

@@ -1,10 +1,25 @@
 require 'apill/configuration'
 require 'apill/requests/base'
 require 'apill/accept_header'
+require 'apill/tokens/json_web_token'
+require 'apill/tokens/base64'
 
 module  Apill
 module  Requests
 class   Rails < Base
+  def authorization_token_from_params
+    case
+    when request.params.key?(JSON_WEB_TOKEN_PARAM_NAME)
+      Tokens::JsonWebToken.convert(
+        token_private_key: token_private_key,
+        raw_token:         request.params[JSON_WEB_TOKEN_PARAM_NAME] || '')
+    when request.params.key?(BASE64_TOKEN_PARAM_NAME)
+      Tokens::Base64.convert(raw_token: request.params[BASE64_TOKEN_PARAM_NAME] || '')
+    else
+      Tokens::Null.instance
+    end
+  end
+
   private
 
   def raw_accept_header_from_header
@@ -19,10 +34,6 @@ class   Rails < Base
     request.headers['HTTP_AUTHORIZATION'] || ''
   end
 
-  def raw_authorization_token_from_params
-    request.params['auth_token'] || ''
-  end
-
   def raw_request_application_name
     request.headers['X-Application-Name']
   end

data/lib/apill/tokens/base64.rb

@@ -0,0 +1,44 @@
+require 'base64'
+require 'apill/tokens/base64s/null'
+require 'apill/tokens/base64s/invalid'
+
+module  Apill
+module  Tokens
+class   Base64
+  attr_accessor :token
+
+  def initialize(token:)
+    self.token = token
+  end
+
+  def valid?
+    true
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    [
+      {
+        'token' => token,
+      },
+      {
+        'typ' => 'base64',
+      },
+    ]
+  end
+
+  def self.convert(raw_token:)
+    return Base64s::Null.instance if raw_token.to_s == ''
+
+    ::Base64.strict_decode64(raw_token)
+
+    new(token: raw_token)
+  rescue ArgumentError
+    Base64s::Invalid.instance
+  end
+end
+end
+end

data/lib/apill/tokens/base64s/invalid.rb

@@ -0,0 +1,13 @@
+require 'apill/tokens/invalid'
+
+module  Apill
+module  Tokens
+module  Base64s
+class   Invalid < Tokens::Invalid
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/apill/tokens/base64s/null.rb

@@ -0,0 +1,13 @@
+require 'apill/tokens/null'
+
+module  Apill
+module  Tokens
+module  Base64s
+class   Null < Tokens::Null
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/apill/tokens/{invalid_request_authorization.rb → invalid.rb}

@@ -2,7 +2,7 @@ require 'singleton'
 
 module  Apill
 module  Tokens
-class   InvalidRequestAuthorization
+class   Invalid
   include Singleton
 
   def valid?
@@ -14,7 +14,11 @@ class   InvalidRequestAuthorization
   end
 
   def to_h
-    [{}, {}]
+    {}
+  end
+
+  def to_s
+    ''
   end
 end
 end

data/lib/apill/tokens/{request_authorization.rb → json_web_token.rb}

@@ -1,11 +1,11 @@
 require 'jwt'
 require 'json/jwt'
-require 'apill/tokens/invalid_request_authorization'
-require 'apill/tokens/null_request_authorization'
+require 'apill/tokens/json_web_tokens/invalid'
+require 'apill/tokens/json_web_tokens/null'
 
 module  Apill
 module  Tokens
-class   RequestAuthorization
+class   JsonWebToken
   attr_accessor :token
 
   def initialize(token:)
@@ -25,7 +25,7 @@ class   RequestAuthorization
   end
 
   def self.convert(raw_token:, token_private_key: Apill.configuration.token_private_key)
-    return NullRequestAuthorization.instance if raw_token.to_s == ''
+    return JsonWebTokens::Null.instance if raw_token.to_s == ''
 
     decrypted_token = JSON::JWT.decode(raw_token, token_private_key).plain_text
     decoded_token   = JWT.decode(decrypted_token,
@@ -55,7 +55,7 @@ class   RequestAuthorization
          JWT::InvalidJtiError,
          OpenSSL::PKey::RSAError
 
-    InvalidRequestAuthorization.instance
+    JsonWebTokens::Invalid.instance
   end
 end
 end

data/lib/apill/tokens/json_web_tokens/invalid.rb

@@ -0,0 +1,13 @@
+require 'apill/tokens/invalid'
+
+module  Apill
+module  Tokens
+module  JsonWebTokens
+class   Invalid < Tokens::Invalid
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/apill/tokens/json_web_tokens/null.rb

@@ -0,0 +1,13 @@
+require 'apill/tokens/null'
+
+module  Apill
+module  Tokens
+module  JsonWebTokens
+class   Null < Tokens::Null
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/apill/tokens/{null_request_authorization.rb → null.rb}

@@ -2,7 +2,7 @@ require 'singleton'
 
 module  Apill
 module  Tokens
-class   NullRequestAuthorization
+class   Null
   include Singleton
 
   def valid?
@@ -16,6 +16,10 @@ class   NullRequestAuthorization
   def to_h
     [{}, {}]
   end
+
+  def to_s
+    ''
+  end
 end
 end
 end

data/lib/apill/version.rb

@@ -1,3 +1,3 @@
 module Apill
-  VERSION = '4.0.3'.freeze
+  VERSION = '4.1.0'.freeze
 end

data/spec/apill/middleware/api_request_spec.rb

@@ -132,7 +132,7 @@ describe  ApiRequest, singletons: HumanError::Configuration do
     request = {
       'HTTP_HOST'          => 'api.example.com',
       'HTTP_ACCEPT'        => 'application/vnd.matrix+zion;version=1.0.0',
-      'HTTP_AUTHORIZATION' => "Token #{valid_token}",
+      'HTTP_AUTHORIZATION' => "Token #{valid_jwt_token}",
       'QUERY_STRING'       => 'accept=application/vnd.matrix+zion;version=1.0.0',
     }
 
@@ -150,7 +150,7 @@ describe  ApiRequest, singletons: HumanError::Configuration do
     request = {
       'HTTP_HOST'          => 'api.example.com',
       'HTTP_ACCEPT'        => 'application/vnd.matrix+zion;version=1.0.0',
-      'HTTP_AUTHORIZATION' => "Token #{invalid_token}",
+      'HTTP_AUTHORIZATION' => "Token #{invalid_jwt_token}",
       'QUERY_STRING'       => 'accept=application/vnd.matrix+zion;version=1.0.0',
     }
 

data/spec/apill/requests/rack_spec.rb

@@ -54,7 +54,7 @@ describe  Rack do
 
   it 'finds the authorization token from the header' do
     raw_request = {
-      'HTTP_AUTHORIZATION' => "Token #{valid_token}",
+      'HTTP_AUTHORIZATION' => "Token #{valid_jwt_token}",
       'QUERY_STRING'       => '',
     }
     request     = Rack.new(token_private_key: test_private_key,
@@ -68,24 +68,52 @@ describe  Rack do
       ])
   end
 
-  it 'can process an authorization token if it is sent through incorrectly' do
+  it 'finds the Base64 token from the header' do
     raw_request = {
-      'HTTP_AUTHORIZATION' => "#{valid_token}",
+      'HTTP_AUTHORIZATION' => "Basic #{valid_b64_token}",
       'QUERY_STRING'       => '',
     }
     request     = Rack.new(token_private_key: test_private_key,
                            request:           raw_request)
 
-    expect(request.authorization_token).not_to  be_valid
-    expect(request.authorization_token.to_h).to eql([{}, {}])
+    expect(request.authorization_token).to      be_valid
+    expect(request.authorization_token.to_h).to eql(
+      [
+        { 'token' => valid_b64_token },
+        { 'typ'   => 'base64' },
+      ])
+  end
+
+  it 'finds a null token from the header if there is no header' do
+    raw_request = {
+      'HTTP_AUTHORIZATION' => '',
+      'QUERY_STRING'       => '',
+    }
+    request     = Rack.new(token_private_key: test_private_key,
+                           request:           raw_request)
+
+    expect(request.authorization_token).to be_valid
+    expect(request.authorization_token).to be_blank
+  end
+
+  it 'ignores incorrectly passed in tokens since we do not know what to do' do
+    raw_request = {
+      'HTTP_AUTHORIZATION' => "#{valid_jwt_token}",
+      'QUERY_STRING'       => '',
+    }
+    request     = Rack.new(token_private_key: test_private_key,
+                           request:           raw_request)
+
+    expect(request.authorization_token).to be_valid
+    expect(request.authorization_token).to be_blank
   end
 
   it 'finds the authorization token from the params if the authorization token from ' \
      'the header is invalid and the authorization token from the params is valid' do
 
     raw_request = {
-      'HTTP_AUTHORIZATION' => "Token #{invalid_token}",
-      'QUERY_STRING'       => "auth_token=#{valid_token}",
+      'HTTP_AUTHORIZATION' => "Token #{invalid_jwt_token}",
+      'QUERY_STRING'       => "token_jwt=#{valid_jwt_token}",
     }
     request     = Rack.new(token_private_key: test_private_key,
                            request:           raw_request)
@@ -102,7 +130,7 @@ describe  Rack do
      'the header is not present and the authorization token from the params is valid' do
 
     raw_request = {
-      'QUERY_STRING' => "auth_token=#{valid_token}",
+      'QUERY_STRING' => "token_jwt=#{valid_jwt_token}",
     }
     request     = Rack.new(token_private_key: test_private_key,
                            request:           raw_request)
@@ -126,9 +154,9 @@ describe  Rack do
     expect(request.authorization_token.to_h).to eql([{}, {}])
   end
 
-  it 'finds the authorization token from the params' do
+  it 'finds the JSON web token from the params' do
     raw_request = {
-      'QUERY_STRING' => "auth_token=#{valid_token}",
+      'QUERY_STRING' => "token_jwt=#{valid_jwt_token}",
     }
     request     = Rack.new(token_private_key: test_private_key,
                            request:           raw_request)
@@ -141,6 +169,65 @@ describe  Rack do
       ])
   end
 
+  it 'finds the generic Base64 web token from the params' do
+    raw_request = {
+      'QUERY_STRING' => "token_b64=#{valid_b64_token}",
+    }
+    request     = Rack.new(request: raw_request)
+
+    expect(request.authorization_token).to      be_valid
+    expect(request.authorization_token.to_h).to eql(
+      [
+        { 'token' => valid_b64_token },
+        { 'typ'   => 'base64' },
+      ])
+  end
+
+  it 'finds invalid tokens from the params' do
+    raw_request = {
+      'QUERY_STRING' => 'token_b64=bla.h',
+    }
+    request     = Rack.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).not_to be_valid
+    expect(request.authorization_token_from_params).not_to be_blank
+
+    raw_request = {
+      'QUERY_STRING' => "token_jwt=#{invalid_jwt_token}",
+    }
+    request     = Rack.new(token_private_key: test_private_key,
+                           request:           raw_request)
+
+    expect(request.authorization_token_from_params).not_to be_valid
+    expect(request.authorization_token_from_params).not_to be_blank
+  end
+
+  it 'finds the null token from the params if nothing is passed in' do
+    raw_request = {
+      'QUERY_STRING' => 'token_b64=',
+    }
+    request     = Rack.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).to be_valid
+    expect(request.authorization_token_from_params).to be_blank
+
+    raw_request = {
+      'QUERY_STRING' => 'token_jwt=',
+    }
+    request     = Rack.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).to be_valid
+    expect(request.authorization_token_from_params).to be_blank
+
+    raw_request = {
+      'QUERY_STRING' => '',
+    }
+    request     = Rack.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).to be_valid
+    expect(request.authorization_token_from_params).to be_blank
+  end
+
   it 'defaults to the application name in the configuration if none is found in ' \
      'the header' do
 

data/spec/apill/requests/rails_spec.rb

@@ -45,7 +45,7 @@ describe  Rails do
   it 'finds the authorization token from the header' do
     raw_request = OpenStruct.new(
                     headers: {
-                      'HTTP_AUTHORIZATION' => "Token #{valid_token}",
+                      'HTTP_AUTHORIZATION' => "Token #{valid_jwt_token}",
                     },
                     params:  {})
     request     = Rails.new(token_private_key: test_private_key,
@@ -59,17 +59,45 @@ describe  Rails do
       ])
   end
 
-  it 'can process an authorization token if it is sent through incorrectly' do
+  it 'finds the Base64 token from the header' do
     raw_request = OpenStruct.new(
                     headers: {
-                      'HTTP_AUTHORIZATION' => "#{valid_token}",
+                      'HTTP_AUTHORIZATION' => "Basic #{valid_b64_token}",
                     },
                     params:  {})
     request     = Rails.new(token_private_key: test_private_key,
                             request:           raw_request)
 
-    expect(request.authorization_token).not_to  be_valid
-    expect(request.authorization_token.to_h).to eql([{}, {}])
+    expect(request.authorization_token).to      be_valid
+    expect(request.authorization_token.to_h).to eql(
+      [
+        { 'token' => valid_b64_token },
+        { 'typ'   => 'base64' },
+      ])
+  end
+
+  it 'finds a null token from the header if there is no header' do
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  {})
+    request     = Rails.new(token_private_key: test_private_key,
+                            request:           raw_request)
+
+    expect(request.authorization_token).to be_valid
+    expect(request.authorization_token).to be_blank
+  end
+
+  it 'ignores incorrectly passed in tokens since we do not know what to do' do
+    raw_request = OpenStruct.new(
+                    headers: {
+                      'HTTP_AUTHORIZATION' => "#{valid_jwt_token}",
+                    },
+                    params:  {})
+    request     = Rails.new(token_private_key: test_private_key,
+                            request:           raw_request)
+
+    expect(request.authorization_token).to be_valid
+    expect(request.authorization_token).to be_blank
   end
 
   it 'finds the authorization token from the params if the authorization token from ' \
@@ -77,9 +105,9 @@ describe  Rails do
 
     raw_request = OpenStruct.new(
                     headers: {
-                      'HTTP_AUTHORIZATION' => "Token #{invalid_token}",
+                      'HTTP_AUTHORIZATION' => "Token #{invalid_jwt_token}",
                     },
-                    params:  { 'auth_token' => valid_token })
+                    params:  { 'token_jwt' => valid_jwt_token })
     request     = Rails.new(token_private_key: test_private_key,
                             request:           raw_request)
 
@@ -96,7 +124,7 @@ describe  Rails do
 
     raw_request = OpenStruct.new(
                     headers: {},
-                    params:  { 'auth_token' => valid_token })
+                    params:  { 'token_jwt' => valid_jwt_token })
     request     = Rails.new(token_private_key: test_private_key,
                             request:           raw_request)
 
@@ -119,10 +147,10 @@ describe  Rails do
     expect(request.authorization_token.to_h).to eql([{}, {}])
   end
 
-  it 'finds the authorization token from the params' do
+  it 'finds the JSON web token from the params' do
     raw_request = OpenStruct.new(
                     headers: {},
-                    params:  { 'auth_token' => valid_token })
+                    params:  { 'token_jwt' => valid_jwt_token })
     request     = Rails.new(token_private_key: test_private_key,
                             request:           raw_request)
 
@@ -134,6 +162,65 @@ describe  Rails do
       ])
   end
 
+  it 'finds the generic Base64 web token from the params' do
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  { 'token_b64' => valid_b64_token })
+    request     = Rails.new(request: raw_request)
+
+    expect(request.authorization_token).to      be_valid
+    expect(request.authorization_token.to_h).to eql(
+      [
+        { 'token' => valid_b64_token },
+        { 'typ'   => 'base64' },
+      ])
+  end
+
+  it 'finds invalid tokens from the params' do
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  { 'token_b64' => 'bla.h' })
+    request     = Rails.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).not_to be_valid
+    expect(request.authorization_token_from_params).not_to be_blank
+
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  { 'token_jwt' => invalid_jwt_token })
+    request     = Rails.new(token_private_key: test_private_key,
+                            request:           raw_request)
+
+    expect(request.authorization_token_from_params).not_to be_valid
+    expect(request.authorization_token_from_params).not_to be_blank
+  end
+
+  it 'finds the null token from the params if nothing is passed in' do
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  { 'token_b64' => '' })
+    request     = Rails.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).to be_valid
+    expect(request.authorization_token_from_params).to be_blank
+
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  { 'token_jwt' => '' })
+    request     = Rails.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).to be_valid
+    expect(request.authorization_token_from_params).to be_blank
+
+    raw_request = OpenStruct.new(
+                    headers: {},
+                    params:  {})
+    request     = Rails.new(request: raw_request)
+
+    expect(request.authorization_token_from_params).to be_valid
+    expect(request.authorization_token_from_params).to be_blank
+  end
+
   it 'defaults to the application name in the configuration if none is found in ' \
      'the header' do
 

data/spec/apill/tokens/base64_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+require 'apill/tokens/base64'
+
+module    Apill
+module    Tokens
+describe  Base64 do
+  it 'is valid' do
+    expect(Base64.new(token: 'foo')).to be_valid
+  end
+
+  it 'is not blank' do
+    expect(Base64.new(token: 'foo')).not_to be_blank
+  end
+
+  it 'can convert itself into a hash' do
+    token = Base64.new(token: 'foo')
+
+    expect(token.to_h).to eql([
+      {
+        'token' => 'foo',
+      },
+      {
+        'typ' => 'base64',
+      },
+    ])
+  end
+
+  it 'can convert itself into a null token' do
+    token = Base64.convert(raw_token: nil)
+
+    expect(token).to be_valid
+    expect(token).to be_blank
+  end
+
+  it 'can convert itself into an invalid token' do
+    token = Base64.convert(raw_token: 'bla.h')
+
+    expect(token).not_to be_valid
+    expect(token).not_to be_blank
+  end
+end
+end
+end

data/spec/apill/tokens/json_web_token_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+require 'apill/tokens/json_web_token'
+
+module    Apill
+module    Tokens
+describe  JsonWebToken do
+  it 'can convert an empty token' do
+    token = JsonWebToken.convert(token_private_key: test_private_key,
+                                 raw_token:         nil)
+
+    expect(token).to be_a JsonWebTokens::Null
+  end
+
+  it 'can convert an invalid token' do
+    token = JsonWebToken.convert(token_private_key: test_private_key,
+                                 raw_token:         invalid_jwt_token)
+
+    expect(token).to be_a JsonWebTokens::Invalid
+  end
+
+  it 'can verify an expired token' do
+    expired_jwe = valid_jwt_token('exp' => 1.day.ago.to_i,
+                                  'baz' => 'bar')
+    token       = JsonWebToken.convert(
+                    token_private_key: test_private_key,
+                    raw_token:         expired_jwe)
+
+    expect(token).to be_a JsonWebTokens::Invalid
+  end
+
+  it 'can convert an invalidly signed token' do
+    other_private_key = OpenSSL::PKey::RSA.new(2048)
+    token             = JsonWebToken.convert(
+                          token_private_key: other_private_key,
+                          raw_token:         valid_jwt_token)
+
+    expect(token).to be_a JsonWebTokens::Invalid
+  end
+
+  it 'can convert a valid token' do
+    token = JsonWebToken.convert(token_private_key: test_private_key,
+                                 raw_token:         valid_jwt_token)
+
+    expect(token).to      be_a JsonWebToken
+    expect(token.to_h).to eql([{ 'bar' => 'baz' }, { 'typ' => 'JWT', 'alg' => 'RS256' }])
+  end
+end
+end
+end

data/spec/support/private_keys.rb

@@ -1,10 +1,11 @@
 require 'json/jwt'
+require 'base64'
 
 def test_private_key
   OpenSSL::PKey::RSA.new File.read(File.expand_path('../fixtures/test_rsa_key', __dir__))
 end
 
-def valid_token(payload = { 'bar' => 'baz' })
+def valid_jwt_token(payload = { 'bar' => 'baz' })
   @valid_token ||= begin
                      jwt = JSON::JWT.new(payload)
                      jws = jwt.sign(test_private_key, :RS256)
@@ -14,6 +15,14 @@ def valid_token(payload = { 'bar' => 'baz' })
                    end
 end
 
-def invalid_token
-  @invalid_token ||= valid_token.tr('a', 'f')
+def invalid_jwt_token
+  @invalid_token ||= valid_jwt_token.tr('a', 'f')
+end
+
+def valid_b64_token(payload = 'hereisacoollittlestring')
+  @valid_b64_token ||= Base64.encode64(payload).chomp
+end
+
+def invalid_b64_token
+  @invalid_b64_token ||= valid_b64_token.tr('abcdefghijklmnop', '$o#m$k#i$g#e$c#a')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apill
 version: !ruby/object:Gem::Version
-  version: 4.0.3
+  version: 4.1.0
 platform: ruby
 authors:
 - jfelchner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-21 00:00:00.000000000 Z
+date: 2015-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: human_error
@@ -119,9 +119,14 @@ files:
 - lib/apill/responses/invalid_subdomain.rb
 - lib/apill/responses/invalid_token.rb
 - lib/apill/serializers/json_api.rb
-- lib/apill/tokens/invalid_request_authorization.rb
-- lib/apill/tokens/null_request_authorization.rb
-- lib/apill/tokens/request_authorization.rb
+- lib/apill/tokens/base64.rb
+- lib/apill/tokens/base64s/invalid.rb
+- lib/apill/tokens/base64s/null.rb
+- lib/apill/tokens/invalid.rb
+- lib/apill/tokens/json_web_token.rb
+- lib/apill/tokens/json_web_tokens/invalid.rb
+- lib/apill/tokens/json_web_tokens/null.rb
+- lib/apill/tokens/null.rb
 - lib/apill/version.rb
 - spec/apill/accept_header_spec.rb
 - spec/apill/errors/invalid_api_request_spec.rb
@@ -142,7 +147,8 @@ files:
 - spec/apill/resource/processors/indexing_spec.rb
 - spec/apill/resource/processors/paging_spec.rb
 - spec/apill/resource/processors/sorting_spec.rb
-- spec/apill/tokens/request_authorization_spec.rb
+- spec/apill/tokens/base64_spec.rb
+- spec/apill/tokens/json_web_token_spec.rb
 - spec/fixtures/test_rsa_key
 - spec/fixtures/test_rsa_key.pub
 - spec/spec_helper.rb
@@ -191,7 +197,8 @@ test_files:
 - spec/apill/resource/processors/indexing_spec.rb
 - spec/apill/resource/processors/paging_spec.rb
 - spec/apill/resource/processors/sorting_spec.rb
-- spec/apill/tokens/request_authorization_spec.rb
+- spec/apill/tokens/base64_spec.rb
+- spec/apill/tokens/json_web_token_spec.rb
 - spec/fixtures/test_rsa_key
 - spec/fixtures/test_rsa_key.pub
 - spec/spec_helper.rb

data/spec/apill/tokens/request_authorization_spec.rb

@@ -1,49 +0,0 @@
-require 'spec_helper'
-require 'apill/tokens/request_authorization'
-
-module    Apill
-module    Tokens
-describe  RequestAuthorization do
-  it 'can convert an empty token' do
-    token = RequestAuthorization.convert(token_private_key: test_private_key,
-                                         raw_token:         nil)
-
-    expect(token).to be_a NullRequestAuthorization
-  end
-
-  it 'can convert an invalid token' do
-    token = RequestAuthorization.convert(token_private_key: test_private_key,
-                                         raw_token:         invalid_token)
-
-    expect(token).to be_a InvalidRequestAuthorization
-  end
-
-  it 'can verify an expired token' do
-    expired_jwe = valid_token('exp' => 1.day.ago.to_i,
-                              'baz' => 'bar')
-    token       = RequestAuthorization.convert(
-                    token_private_key: test_private_key,
-                    raw_token:         expired_jwe)
-
-    expect(token).to be_a InvalidRequestAuthorization
-  end
-
-  it 'can convert an invalidly signed token' do
-    other_private_key = OpenSSL::PKey::RSA.new(2048)
-    token             = RequestAuthorization.convert(
-                          token_private_key: other_private_key,
-                          raw_token:         valid_token)
-
-    expect(token).to be_a InvalidRequestAuthorization
-  end
-
-  it 'can convert a valid token' do
-    token = RequestAuthorization.convert(token_private_key: test_private_key,
-                                         raw_token:         valid_token)
-
-    expect(token).to      be_a RequestAuthorization
-    expect(token.to_h).to eql([{ 'bar' => 'baz' }, { 'typ' => 'JWT', 'alg' => 'RS256' }])
-  end
-end
-end
-end