authoraise 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: c413ae8e74f7d4f2d61548b8d18381805f8e20f4
4
+ data.tar.gz: a4fdd291b24a7a163908c2fd1c175c87169c4515
5
+ SHA512:
6
+ metadata.gz: 61092df57488c5df6f74dd84ae22a74e30c485b7d3569cb3d6460c648f758791338df5c41f921c4a6d372879da7509d2d15adf92e54f21929824e5d54fb88863
7
+ data.tar.gz: bed1f0f0adcd85f44e01967532351bc9e9f56f8ff47edaabe1cfffaeec680e302867ca6a40d7cd3502d5b0bf12cd2258014f152b92bd0b57bdd5e0e6e2e6060c
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
@@ -0,0 +1,3 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.1
@@ -0,0 +1,13 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
4
+
5
+ We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
6
+
7
+ Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
8
+
9
+ Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
10
+
11
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
12
+
13
+ This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in authoraise.gemspec
4
+ gemspec
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2015 Maxim Chernyak
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,90 @@
1
+ # Authoraise
2
+
3
+ So your authorization logic is getting complex, and eventually you start forgetting to pass in all the options that are used to check access. When that happens, your boolean expressions return false, causing false negatives. This tool solves the problem by raising helpful error messages, but also allows you to ignore the issue where it's intended to be that way. No more false negatives!
4
+
5
+ ## Usage
6
+
7
+ Follow these examples to see what happens when sometimes you forget to pass the keys needed for a certain authorization check.
8
+
9
+ ~~~ruby
10
+ require 'authoraise'
11
+
12
+ # Authorization policy can be defined as follows...
13
+ policy = Authoraise::Policy.new
14
+ policy.allow { |user| user == 'sammy' }
15
+ policy.allow { |post| post == 'happy_post' }
16
+
17
+ # ...and used as follows.
18
+ policy.authorize(user: 'sammy', post: 'happy_post') # => true
19
+ policy.authorize(user: 'bob', post: 'happy_post') # => true
20
+ policy.authorize(user: 'bob', post: 'sad_post') # => false
21
+ policy.authorize(user: 'sammy') # => true
22
+
23
+ # Another way is to both define and run a policy using this block form.
24
+ include Authoraise
25
+ authorize(user: 'sammy', post: 'article') do |policy|
26
+ policy.allow { |user| user == 'sammy' }
27
+ end
28
+ # => true
29
+
30
+ # Oops, in this example I forgot to pass the post, but user also didn't match.
31
+ authorize(user: 'bob') do |policy|
32
+ policy.allow { |user| user == 'sammy' }
33
+ policy.allow { |post| post == 'foo' }
34
+ end
35
+ # => Authoraise::Error: Inconclusive authorization, missing keys: [:post]
36
+
37
+ # Forgot to pass the post object, but user was actually enough.
38
+ authorize(user: 'sammy') do |policy|
39
+ policy.allow { |user| user == 'sammy' }
40
+ policy.allow { |post| post == 'foo' }
41
+ end
42
+ # => true
43
+
44
+ # Didn't forget to pass anything, but it didn't match, so this is a legit fail.
45
+ authorize(user: 'bob', post: 'foo') do |policy|
46
+ policy.allow { |user| user == 'sammy' }
47
+ policy.allow { |post| post == 'bar' }
48
+ end
49
+ # => false
50
+
51
+ # Let's see what happens in strict mode.
52
+ Authoraise.strict_mode = true
53
+
54
+ # In stict mode any missing key raises an error, even if other checks passed.
55
+ authorize(user: 'sammy') do |policy|
56
+ policy.allow { |user| user == 'sammy' }
57
+ policy.allow { |post| post.published? }
58
+ end
59
+ # => Authoraise::Error: Inconclusive authorization, missing keys: [:post]
60
+ ~~~
61
+
62
+ ## Installation
63
+
64
+ Add this line to your application's Gemfile:
65
+
66
+ ```ruby
67
+ gem 'authoraise'
68
+ ```
69
+
70
+ And then execute:
71
+
72
+ $ bundle
73
+
74
+ Or install it yourself as:
75
+
76
+ $ gem install authoraise
77
+
78
+ ## Development
79
+
80
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
81
+
82
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
83
+
84
+ ## Contributing
85
+
86
+ 1. Fork it ( https://github.com/[my-github-username]/authoraise/fork )
87
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
88
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
89
+ 4. Push to the branch (`git push origin my-new-feature`)
90
+ 5. Create a new Pull Request
@@ -0,0 +1,10 @@
1
+ require 'bundler/gem_tasks'
2
+ require 'rake/testtask'
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.libs << 'test'
6
+ t.test_files = FileList['test/**/test_*.rb']
7
+ t.verbose = true
8
+ end
9
+
10
+ task :default => :test
@@ -0,0 +1,24 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'authoraise/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "authoraise"
8
+ spec.version = Authoraise::VERSION
9
+ spec.authors = ["Maxim Chernyak"]
10
+ spec.email = ["max@bitsonnet.com"]
11
+
12
+ spec.summary = %q{Authorize without false negatives.}
13
+ spec.homepage = "https://github.com/maxim/authoraise"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
17
+ spec.bindir = "exe"
18
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.8"
22
+ spec.add_development_dependency "rake", "~> 10.0"
23
+ spec.add_development_dependency "pry"
24
+ end
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env ruby
2
+ require "bundler/setup"
3
+ require "authoraise"
4
+
5
+ include Authoraise
6
+
7
+ require "pry"
8
+ Pry.start
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+
5
+ bundle install
6
+
7
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,84 @@
1
+ require 'authoraise/version'
2
+ require 'set'
3
+
4
+ module Authoraise
5
+ Error = Class.new(RuntimeError)
6
+
7
+ class << self; attr_accessor :strict_mode end
8
+
9
+ def authorize(options = {})
10
+ policy = Policy.new(options)
11
+ yield(policy)
12
+ policy.authorize
13
+ end
14
+
15
+ class Check
16
+ attr_reader :required_keys
17
+
18
+ def initialize(required_keys, procedure)
19
+ @required_keys = required_keys.to_set
20
+ @procedure = procedure
21
+ end
22
+
23
+ def call(options)
24
+ given_keys = options.keys.to_set
25
+
26
+ if required_keys.subset?(given_keys)
27
+ @procedure.call(*required_keys.map{|k| options[k]})
28
+ else
29
+ raise Error, "Check failed, missing keys: #{missing_keys(given_keys)}"
30
+ end
31
+ end
32
+
33
+ def missing_keys(given_keys)
34
+ (required_keys - given_keys.to_set).to_a
35
+ end
36
+ end
37
+
38
+ class Policy
39
+ def initialize(options = {})
40
+ @options = options
41
+ @checks = []
42
+ @mode = :any
43
+ end
44
+
45
+ def allow(&procedure)
46
+ @checks <<
47
+ Check.new(procedure.parameters.map(&:last), procedure)
48
+ end
49
+
50
+ def authorize
51
+ raise Error, 'Policy is empty' if @checks.empty?
52
+ given_keys = @options.keys.to_set
53
+ assert_all_keys_match(given_keys) if Authoraise.strict_mode
54
+ missing_keys = Set.new
55
+
56
+ @checks.each do |check|
57
+ if check.required_keys.subset?(given_keys)
58
+ return true if check.(@options)
59
+ else
60
+ missing_keys += check.missing_keys(given_keys)
61
+ end
62
+ end
63
+
64
+ if missing_keys.empty?
65
+ return false
66
+ else
67
+ raise Error,
68
+ "Inconclusive authorization, missing keys: #{missing_keys.to_a}"
69
+ end
70
+ end
71
+
72
+ private
73
+
74
+ def assert_all_keys_match(given_keys)
75
+ missing_keys = @checks.inject(Set.new) do |set, check|
76
+ set + check.missing_keys(given_keys)
77
+ end.to_a
78
+
79
+ if !missing_keys.empty?
80
+ raise Error, "Strict mode found missing keys: #{missing_keys}"
81
+ end
82
+ end
83
+ end
84
+ end
@@ -0,0 +1,3 @@
1
+ module Authoraise
2
+ VERSION = "0.1.0"
3
+ end
metadata ADDED
@@ -0,0 +1,99 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: authoraise
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Maxim Chernyak
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2015-03-10 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.8'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.8'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: pry
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description:
56
+ email:
57
+ - max@bitsonnet.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - ".gitignore"
63
+ - ".travis.yml"
64
+ - CODE_OF_CONDUCT.md
65
+ - Gemfile
66
+ - LICENSE.txt
67
+ - README.md
68
+ - Rakefile
69
+ - authoraise.gemspec
70
+ - bin/console
71
+ - bin/setup
72
+ - lib/authoraise.rb
73
+ - lib/authoraise/version.rb
74
+ homepage: https://github.com/maxim/authoraise
75
+ licenses:
76
+ - MIT
77
+ metadata: {}
78
+ post_install_message:
79
+ rdoc_options: []
80
+ require_paths:
81
+ - lib
82
+ required_ruby_version: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ required_rubygems_version: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ requirements: []
93
+ rubyforge_project:
94
+ rubygems_version: 2.4.5
95
+ signing_key:
96
+ specification_version: 4
97
+ summary: Authorize without false negatives.
98
+ test_files: []
99
+ has_rdoc: