auth 0.0.6 → 0.0.7

data/CHANGELOG

@@ -1,3 +1,9 @@
+*0.0.7*
+
+* Added handling of access_token as query parameter in Auth::Middleware
+* Add option for allowing unauthenticated access in Auth::Middleware
+* Uses SecureRandom when possible
+
 *0.0.6*
 
 * Added a Rack middleware

data/lib/auth/helpers.rb

@@ -1,14 +1,23 @@
 require 'base64'
 require 'digest/sha2'
 
+begin
+  require 'securerandom'
+rescue LoadError
+end
+
 module Auth
   module Helpers
 
     # Generate a unique cryptographically secure secret
     def generate_secret
-      Base64.encode64(
-        Digest::SHA256.digest("#{Time.now}-#{rand}")
-      ).gsub('/','x').gsub('+','y').gsub('=','').strip
+      if defined?(SecureRandom)
+        SecureRandom.urlsafe_base64(32)
+      else
+        Base64.encode64(
+          Digest::SHA256.digest("#{Time.now}-#{Time.now.usec}-#{$$}-#{rand}")
+        ).gsub('/','-').gsub('+','_').gsub('=','').strip
+      end
     end
 
     # Obfuscate a password using a salt and a cryptographic hash function

data/lib/auth/middleware.rb

@@ -7,18 +7,32 @@ require 'auth'
 module Auth
   class Middleware < Rack::Auth::AbstractHandler
 
+    def initialize(app, realm=nil, options={}, &authenticator)
+      super(app, realm, &authenticator)
+      @options = options
+    end
+
     def call(env)
       auth = Request.new(env)
 
-      return unauthorized unless auth.provided?
-      return bad_request unless auth.bearer?
+      unless @options[:allow_unauthenticated]
+        return unauthorized unless auth.provided?
+        return bad_request unless auth.bearer?
+      end
 
-      if valid?(auth)
+      if auth.provided? && valid?(auth)
         env['REMOTE_USER'] = auth.account_id
         return @app.call(env)
       end
 
-      unauthorized
+      if @options[:allow_unauthenticated]
+        res = @app.call(env)
+        return [res[0],
+                res[1].merge('WWW-Authenticate' => challenge),
+                res[2]]
+      else
+        unauthorized
+      end
     end
 
     private
@@ -36,8 +50,17 @@ module Auth
           :bearer == scheme
         end
 
+        def provided?
+          super || request.params['access_token']
+        end
+
+        def parts
+          authorization_key ? super : ['Bearer', nil]
+        end
+
         def access_token
-          @access_token ||= params.unpack("m*").first
+          @access_token ||= params ? params.unpack("m*").first :
+                                     request.params['access_token']
         end
 
         def account_id

data/lib/auth/server.rb

@@ -10,7 +10,7 @@ module Auth
     dir = File.dirname(File.expand_path(__FILE__))
 
     set :views,  "#{dir}/server/views"
-    set :public, "#{dir}/server/public"
+    set :public_folder, "#{dir}/server/public"
     set :static, true
     set :raise_errors, true
     set :show_exceptions, true if development?

data/lib/auth/version.rb

@@ -1,3 +1,3 @@
 module Auth
-  Version = VERSION = '0.0.6'
+  Version = VERSION = '0.0.7'
 end

data/test/middleware_test.rb

@@ -4,11 +4,18 @@ require 'auth/middleware'
 class MiddlewareTest < Test::Unit::TestCase
   include Rack::Test::Methods
 
+  def inner_app
+    lambda { |env| [200, {'Content-Type' => 'text/plain'}, [env['REMOTE_USER']]] }
+  end
+
   def app
-    inner_app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, [env['REMOTE_USER']]] }
     Auth::Middleware.new(inner_app, 'Test realm')
   end
 
+  def unprotected_app
+    Auth::Middleware.new(inner_app, 'Test realm', :allow_unauthenticated => true)
+  end
+
   def setup
     Auth.redis.flushall
   end
@@ -49,4 +56,31 @@ class MiddlewareTest < Test::Unit::TestCase
     assert_empty res[2]
   end
 
+  def test_unauthenticated_request_on_unprotected_app
+    env = Rack::MockRequest.env_for('/test')
+    res = unprotected_app.call(env)
+    assert_equal 200, res[0]
+    assert_equal 'Bearer realm="Test realm"', res[1]['WWW-Authenticate']
+    assert_equal [nil], res[2]
+  end
+
+  def test_authenticated_request_on_unprotected_app
+    token = Auth.issue_token('test-user')
+    env = Rack::MockRequest.env_for('/test',
+      'HTTP_AUTHORIZATION' => "Bearer #{Base64.encode64(token)}")
+    res = unprotected_app.call(env)
+    assert_equal 200, res[0]
+    assert_equal nil, res[1]['WWW-Authenticate']
+    assert_equal ['test-user'], res[2]
+  end
+
+  def test_authenticated_request_with_query_parameter
+    token = Auth.issue_token('test-user')
+    env = Rack::MockRequest.env_for("/test?access_token=#{CGI.escape(token)}")
+    res = app.call(env)
+    assert_equal 200, res[0]
+    assert_equal nil, res[1]['WWW-Authenticate']
+    assert_equal ['test-user'], res[2]
+  end
+
 end

metadata

@@ -2,7 +2,7 @@
 name: auth
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors: 
 - Niklas Holmgren
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-12-19 00:00:00 Z
+date: 2012-01-23 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: json