capcoauth 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f3219f2f066b3f768660b18dc93573735aae8597
-  data.tar.gz: 3c1915a11faccc0dabedea935d1ff6652f62d16b
+  metadata.gz: 034c46acdc3cd67430792c484dccaffa490190b0
+  data.tar.gz: 9334e9e08a061613dd2d5a93efae5cb7f13d832f
 SHA512:
-  metadata.gz: 540cbf8a0ea52e8e98474065f57432de4db5c7533746ca6fdc538fcfcf61a6aa875d6a58b4998eeb727226d571de7b249e102349eaa3e515387903487250de26
-  data.tar.gz: ac54859312f5f47b2fb05a2ca8fe006317c73dffb630c77274727cfb897111ebe4c08e0ac8d8aae8882c34e61d8d376d8c96ac21b1ffbe89dd17ad1fb2883c46
+  metadata.gz: 24802981fe766eaf8c08f99fa141f2228b005eb47491706ba40eadbbd1bad81ee2ff0d9de22e86a934893aab2ef7be2207dad21c7576b215ab85cafc273efa6a
+  data.tar.gz: e0ab260d5a042d7c6e90e489a33411d3b2c090182eb3b2b60341d525dcc1ac0c1e0c523cd3bee634f4e3573b45a624a8d4ee73de70c9649cfb7eb1fbb9b58920

data/.gitignore

@@ -1,40 +1,20 @@
-*.gem
+.bundle/
+.rbx
 *.rbc
-/.config
-/coverage/
-/InstalledFiles
-/pkg/
-/spec/reports/
-/spec/examples.txt
-/test/tmp/
-/test/version_tmp/
-/tmp/
-
-## Specific to RubyMotion:
-.dat*
-.repl_history
-build/
-
-## Documentation cache and generated files:
+log/*.log
+pkg/
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/
+spec/generators/tmp
+Gemfile.lock
+gemfiles/*.lock
+.rvmrc
+*.swp
+.idea
 /.yardoc/
 /_yardoc/
 /doc/
 /rdoc/
-
-## Environment normalization:
-/.bundle/
-/vendor/bundle
-/lib/bundler/man/
-
-# for a library or gem, you might want to ignore these files since the code is
-# intended to run in multiple environments; otherwise, check them in:
-# Gemfile.lock
-# .ruby-version
-# .ruby-gemset
-
-# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
-.rvmrc
-
-# IDE
-.idea
-.editorconfig
+coverage
+*.gem

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,11 @@
+cache: bundler
+language: ruby
+sudo: false
+
+rvm:
+  - 2.2.7
+  - 2.3.4
+  - 2.4.1
+
+before_install:
+  - gem install bundler -v '~> 1.10'

data/Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+
+gem 'rails', '~> 4.2.0'
+
+gem 'simplecov', require: false, group: :test
+
+gem 'activerecord-jdbcsqlite3-adapter', platform: :jruby
+gem 'sqlite3', platform: [:ruby, :mswin, :mingw, :x64_mingw]
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw]
+gemspec

data/Gemfile.lock

@@ -0,0 +1,171 @@
+PATH
+  remote: .
+  specs:
+    capcoauth (0.4.0)
+      activesupport (>= 3.0)
+      httparty (~> 0.14)
+      railties (>= 4.2, < 6.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.2.8)
+      actionpack (= 4.2.8)
+      actionview (= 4.2.8)
+      activejob (= 4.2.8)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.8)
+      actionview (= 4.2.8)
+      activesupport (= 4.2.8)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.8)
+      activesupport (= 4.2.8)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (4.2.8)
+      activesupport (= 4.2.8)
+      globalid (>= 0.3.0)
+    activemodel (4.2.8)
+      activesupport (= 4.2.8)
+      builder (~> 3.1)
+    activerecord (4.2.8)
+      activemodel (= 4.2.8)
+      activesupport (= 4.2.8)
+      arel (~> 6.0)
+    activesupport (4.2.8)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    addressable (2.5.1)
+      public_suffix (~> 2.0, >= 2.0.2)
+    arel (6.0.4)
+    builder (3.2.3)
+    capybara (2.14.0)
+      addressable
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (~> 2.0)
+    concurrent-ruby (1.0.5)
+    database_cleaner (1.5.3)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    erubis (2.7.0)
+    factory_girl (4.7.0)
+      activesupport (>= 3.0.0)
+    generator_spec (0.9.3)
+      activesupport (>= 3.0.0)
+      railties (>= 3.0.0)
+    globalid (0.4.0)
+      activesupport (>= 4.2.0)
+    httparty (0.15.2)
+      multi_xml (>= 0.5.2)
+    i18n (0.8.1)
+    json (2.1.0)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mail (2.6.5)
+      mime-types (>= 1.16, < 4)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
+    mini_portile2 (2.1.0)
+    minitest (5.10.2)
+    multi_xml (0.6.0)
+    nokogiri (1.7.2)
+      mini_portile2 (~> 2.1.0)
+    public_suffix (2.0.5)
+    rack (1.6.6)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (4.2.8)
+      actionmailer (= 4.2.8)
+      actionpack (= 4.2.8)
+      actionview (= 4.2.8)
+      activejob (= 4.2.8)
+      activemodel (= 4.2.8)
+      activerecord (= 4.2.8)
+      activesupport (= 4.2.8)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.8)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.8)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    railties (4.2.8)
+      actionpack (= 4.2.8)
+      activesupport (= 4.2.8)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (12.0.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-rails (3.6.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+    simplecov (0.14.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.0)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.13)
+    thor (0.19.4)
+    thread_safe (0.3.6)
+    timecop (0.8.1)
+    tzinfo (1.2.3)
+      thread_safe (~> 0.1)
+    xpath (2.0.0)
+      nokogiri (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbcsqlite3-adapter
+  capcoauth!
+  capybara
+  database_cleaner (~> 1.5.3)
+  factory_girl (~> 4.7.0)
+  generator_spec (~> 0.9.3)
+  rails (~> 4.2.0)
+  rake (>= 11.3.0)
+  rspec-rails
+  simplecov
+  sqlite3
+  timecop (~> 0.8.1)
+  tzinfo-data
+
+BUNDLED WITH
+   1.13.5

data/README.md

@@ -1,5 +1,7 @@
 # capcoauth-gem
 
+![Travis Build status](https://travis-ci.org/arcreative/capcoauth-gem.svg?branch=master)
+
 Ruby Gem for integrating a Rails project with CapcOAuth
 
 Currently, this only supports session-based authentication, but can easily be adapted to accept bearer tokens if needed.
@@ -50,7 +52,7 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-Or even skip it entirely for specific actions:
+Or even skip it entirely for specific controllers:
 
 ```ruby
 class PublicStuffController < ApplicationController

data/Rakefile

@@ -2,19 +2,19 @@ require 'bundler/setup'
 require 'rspec/core/rake_task'
 
 desc 'Default: run specs.'
-task :default => :spec
+task :default => :spec_example
 
 desc 'Run all specs'
-RSpec::Core::RakeTask.new(:spec) do |config|
+RSpec::Core::RakeTask.new(:spec_example) do |config|
   config.verbose = false
 end
 
 namespace :capcoauth do
-  # desc 'Install Capcoauth in dummy app'
-  # task :install do
-  #   cd 'spec/dummy'
-  #   system 'bundle exec rails g capcoauth:install --force'
-  # end
+  desc 'Install Capcoauth in dummy app'
+  task :install do
+    cd 'spec/dummy'
+    system 'bundle exec rails g capcoauth:install --force'
+  end
 end
 
 Bundler::GemHelper.install_tasks

data/app/controllers/capcoauth/application_controller.rb

@@ -1,11 +1,18 @@
 module Capcoauth
   class ApplicationController < ActionController::Base
-    include Helpers::Controller
 
     if ::Rails.version.to_i < 4
       protect_from_forgery
     else
       protect_from_forgery with: :exception
     end
+
+    def capcoauth_token
+      @capcoauth_token ||= OAuth::AccessToken.new(session[:capcoauth_access_token])
+    end
+
+    def oauth_callback_url
+      "#{root_url}auth/callback"
+    end
   end
 end

data/app/controllers/capcoauth/login_controller.rb

@@ -10,7 +10,11 @@ module Capcoauth
         # Attempt to verify
         begin
           capcoauth_token.verify
-          redirect_to session.delete(:previous_url) || root_url, notice: 'You are already logged in'
+          if Capcoauth.configuration.perform_login_redirects
+            redirect_to session.delete(:previous_url) || root_url, notice: 'You are already logged in'
+          else
+            redirect_to root_url, notice: 'You are already logged in'
+          end
           return
         rescue; end
       end

data/app/controllers/capcoauth/logout_controller.rb

@@ -3,12 +3,8 @@ module Capcoauth
     def show
       session.delete(:capcoauth_user_id)
       token = session.delete(:capcoauth_access_token)
-      if token
-        OAuth::TTLCache.remove(token)
-        redirect_to root_url, notice: 'You have been logged out'
-      else
-        redirect_to root_url
-      end
+      OAuth::TTLCache.remove(token) if token.present?
+      redirect_to root_url, notice: 'You have been logged out'
     end
   end
 end

data/capcoauth.gemspec

@@ -1,10 +1,10 @@
-$:.push File.expand_path("../lib", __FILE__)
+$:.push File.expand_path('../lib', __FILE__)
 
 require 'capcoauth/version'
 
 Gem::Specification.new do |s|
   s.name        = 'capcoauth'
-  s.version     = Capcoauth::VERSION
+  s.version     = Capcoauth.gem_version.to_s
   s.authors     = ['Adam Robertson']
   s.email       = %w'adam.robertson@capco.com'
   s.homepage    = 'https://github.com/arcreative/capcoauth-gem'
@@ -13,13 +13,20 @@ Gem::Specification.new do |s|
   s.license     = 'MIT'
 
   s.files         = `git ls-files`.split("\n")
-  # s.test_files    = `git ls-files -- spec/*`.split("\n")
+  s.test_files    = `git ls-files -- spec/*`.split("\n")
   s.require_paths = ['lib']
+  
+  s.required_ruby_version = '>= 2.1'
 
   s.add_dependency 'railties', ['>= 4.2', '< 6.0']
   s.add_dependency 'activesupport', '>= 3.0'
-  s.add_dependency 'httparty', '~> 0.13'
+  s.add_dependency 'httparty', '~> 0.14'
 
-  s.add_development_dependency 'rake', '~> 10.5'
-  s.add_development_dependency 'rspec-rails', '~> 3.4'
+  s.add_development_dependency 'capybara'
+  s.add_development_dependency 'database_cleaner', '~> 1.5.3'
+  s.add_development_dependency 'factory_girl', '~> 4.7.0'
+  s.add_development_dependency 'generator_spec', '~> 0.9.3'
+  s.add_development_dependency 'rake', '>= 11.3.0'
+  s.add_development_dependency 'rspec-rails'
+  s.add_development_dependency 'timecop', '~> 0.8.1'
 end

data/lib/capcoauth/config.rb

@@ -1,86 +1,80 @@
 require 'active_support/cache'
 
 module Capcoauth
-  class MissingConfiguration < StandardError
-    def initialize
-      super 'Capcoauth configuration is missing.  Please ensure you have an initializer in config/initializers/capcoauth.rb'
+  class MissingConfigurationError < StandardError
+    def message
+      # :nocov:
+      'Capcoauth configuration is missing.  Please ensure you have an initializer in config/initializers/capcoauth.rb'
+      # :nocov:
     end
   end
+  class MissingRequiredOptionError < StandardError; end
 
   def self.configure(&block)
     @config = Config::Builder.new(&block).build
   end
 
   def self.configuration
-    @config || (fail MissingConfiguration.new)
+    @config || (fail MissingConfigurationError.new)
   end
 
   class Config
-    attr_reader :client_id
-    attr_reader :client_secret
-    attr_reader :logger
-    attr_accessor :using_routes
+    CAPCOAUTH_URL_DEFAULT = 'https://capcoauth.capco.com'.freeze
+    TOKEN_VERIFY_TTL_DEFAULT = 10.freeze
 
     class Builder
       def initialize(&block)
         @config = Config.new
-        instance_eval(&block)
+
+        # Set defaults
+        @config.logger = ::Rails.logger
+        @config.using_routes = false
+        @config.perform_login_redirects = true
+        @config.token_verify_ttl = TOKEN_VERIFY_TTL_DEFAULT
+        @config.capcoauth_url = CAPCOAUTH_URL_DEFAULT
+        @config.user_id_field = :capcoauth
+        @config.cache_store = ::ActiveSupport::Cache::MemoryStore.new
+        @config.require_user = true
+
+        # Evaluate configuration block
+        @config.instance_eval(&block)
       end
 
       def build
         @config
       end
-
-      def client_id(client_id)
-        @config.instance_variable_set('@client_id', client_id)
-      end
-
-      def client_secret(client_secret)
-        @config.instance_variable_set('@client_secret', client_secret)
-      end
-
-      def logger(logger)
-        @config.instance_variable_set('@logger', logger)
-      end
     end
 
-    module Option
-      def option(name, options = {})
-        attribute = options[:as] || name
-
-        Builder.instance_eval do
-          define_method name do |*args, &block|
-            value = block ? block : args.first
-
-            @config.instance_variable_set(:"@#{attribute}", value)
-          end
-        end
-
-        define_method attribute do |*args|
-          if instance_variable_defined?(:"@#{attribute}")
-            instance_variable_get(:"@#{attribute}")
-          else
-            options[:default]
-          end
-        end
-
-        public attribute
-      end
-
-      def extended(base)
-        base.send(:private, :option)
-      end
+    attr_accessor :logger,
+                  :using_routes,
+                  :perform_login_redirects,
+                  :token_verify_ttl,
+                  :capcoauth_url,
+                  :user_id_field,
+                  :cache_store,
+                  :user_resolver,
+                  :require_user
+
+    def client_id
+      @client_id || raise(MissingRequiredOptionError, 'Missing required option `client_id`')
+    end
+    def client_id= (val=nil)
+      raise(MissingRequiredOptionError, '`client_id` cannot be set to nil') if val.nil?
+      @client_id = val
+    end
+    def client_secret
+      @client_secret || raise(MissingRequiredOptionError, 'Missing required option `client_secret`')
+    end
+    def client_secret= (val=nil)
+      raise(MissingRequiredOptionError, '`client_secret` cannot be set to nil') if val.nil?
+      @client_secret = val
+    end
+    def user_resolver
+      @user_resolver || raise(MissingRequiredOptionError, 'Missing required option/lambda `user_resolver`')
+    end
+    def user_resolver= (val=nil)
+      raise(MissingRequiredOptionError, '`user_resolver` cannot be set to nil') if val.nil?
+      @user_resolver = val
     end
-
-    extend Option
-
-    option :token_verify_ttl, default: 10
-    option :capcoauth_url, default: 'https://capcoauth.capco.com'
-    option :user_id_field, default: :capcoauth
-    option :cache_store, default: ::ActiveSupport::Cache::MemoryStore.new
-    option :user_resolver, default: (lambda do |capcoauth_user_id|
-      Capcoauth.configuration.logger.warn('[CapcOAuth] User resolver is not configured. Please specify a block in configuration to resolve the proper user')
-      nil
-    end)
   end
 end

data/lib/capcoauth/errors.rb

@@ -0,0 +1,3 @@
+module Capcoauth
+  class AuthorizationError < StandardError; end
+end

data/lib/capcoauth/notifications.rb

@@ -6,10 +6,12 @@ module Capcoauth
 
     class << self
 
-      @@bearer_token = nil
+      def store
+        Capcoauth.configuration.cache_store
+      end
 
       def bearer_token
-        return @@bearer_token if @@bearer_token.present?
+        return store.fetch('application_token') if store.fetch('application_token').present?
 
         res = self.post(
           "#{Capcoauth.configuration.capcoauth_url}/oauth/token",
@@ -24,15 +26,15 @@ module Capcoauth
           }
         )
         if res.ok? and res.parsed_response['access_token']
-          @@bearer_token = res.parsed_response['access_token']
+          store.write('application_token', res.parsed_response['access_token'], expires_in: res.parsed_response['expires_in'])
         end
-        @@bearer_token
+        store.fetch('application_token')
       end
 
       def default_headers
         {
-          'Authorization' => "Bearer #{bearer_token}",
-          'Content-Type' => 'application/vnd.api+json'
+          'Authorization': "Bearer #{bearer_token}",
+          'Content-Type': 'application/vnd.api+json'
         }
       end
 
@@ -62,7 +64,7 @@ module Capcoauth
             headers: default_headers
           }
         )
-        @@bearer_token = nil if res.code == 401
+        store.delete('application_token') if res.code == 401
         return true if res.created?
         return true if res.body.include? 'has already been registered'
         false
@@ -70,7 +72,7 @@ module Capcoauth
 
       def remove_device_token(device_token)
         res = self.delete("#{Capcoauth.configuration.capcoauth_url}/api/v1/user_devices/#{device_token}", headers: default_headers)
-        @@bearer_token = nil if res.code == 401
+        store.delete('application_token') if res.code == 401
         res.code == 204
       end
 
@@ -100,7 +102,7 @@ module Capcoauth
             headers: default_headers
           }
         )
-        @@bearer_token = nil if res.code == 401
+        store.delete('application_token') if res.code == 401
         return true if res.created?
         false
       end

data/lib/capcoauth/oauth/access_token.rb

@@ -10,7 +10,6 @@ module Capcoauth
       end
 
       def verify
-        nil unless @token
         TokenVerifier.verify(self)
       end
     end

data/lib/capcoauth/oauth/token_verifier.rb

@@ -8,15 +8,20 @@ module Capcoauth
       class OtherError < StandardError; end
 
       def self.verify(access_token)
-        raise UnauthorizedError if access_token.blank? or access_token.token.blank?
+        raise UnauthorizedError, 'Please log in to continue' if access_token.blank? or access_token.token.blank?
         return access_token if TTLCache.user_id_for(access_token.token)
 
         # Call Capcoauth
-        response = ::HTTParty.get("#{Capcoauth.configuration.capcoauth_url}/oauth/token/info", {
-          headers: {
-            :'Authorization' => "Bearer #{access_token.token}"
-          }
-        })
+        begin
+          response = ::HTTParty.get("#{Capcoauth.configuration.capcoauth_url}/oauth/token/info", {
+            timeout: 5,
+            headers: {
+              :'Authorization' => "Bearer #{access_token.token}"
+            }
+          })
+        rescue Net::OpenTimeout
+          raise OtherError, 'An error occurred while verifying your credentials (server not available)'
+        end
 
         # Set the user_id from the token response
         if response.code == 200
@@ -35,7 +40,7 @@ module Capcoauth
           # Throw unauthorized if ID of specified type doesn't exist
           if access_token.user_id.blank? and !application_credentials
             logger.info("CapcOAuth: The access token for #{user_id_field} user ##{access_token.user_id} did not have an ID for type `#{user_id_field}`") unless logger.nil?
-            raise UnauthorizedError
+            raise UnauthorizedError, 'The system cannot recognize you by that ID type'
           end
 
           # Verify token is for correct application/client
@@ -45,16 +50,16 @@ module Capcoauth
             access_token
           else
             logger.info("CapcOAuth: The access token for #{user_id_field} user ##{access_token.user_id} was valid, but for a different OAuth client ID") unless logger.nil?
-            raise UnauthorizedError
+            raise UnauthorizedError, 'Your credentials are valid, but are not for use with this system'
           end
         elsif response.code == 401
           TTLCache.remove(access_token.token)
           logger.info("CapcOAuth: The access token was invalid, expired, or revoked") unless logger.nil?
-          raise UnauthorizedError
+          raise UnauthorizedError, 'Please log in to continue'
         else
           logger.info("CapcOAuth: Received unknown response") unless logger.nil?
           logger.info(JSON.pretty_generate(response)) unless logger.nil?
-          raise OtherError
+          raise OtherError, 'An error occurred while verifying your credentials (unknown response)'
         end
       end