certmeister 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +5 -5
- data/README.md +2 -3
- data/lib/certmeister/policy/chain_all.rb +4 -13
- data/lib/certmeister/policy/chain_any.rb +27 -0
- data/lib/certmeister/policy.rb +7 -0
- data/lib/certmeister/version.rb +1 -1
- data/spec/certmeister/policy/chain_all_spec.rb +6 -6
- data/spec/certmeister/policy/chain_any_spec.rb +37 -0
- metadata +4 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41a8e46ac96ea1df82ccd6bc6d1e7ac813c45b39
|
|
4
|
+
data.tar.gz: 7d3deab06f303c7725b316db513e1951d7ce2429
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 476a2abd15ebd45ac60facf0c6b3837ae08b3bc11d9785e230ecd94b58acad5aa3abf3a5b5db246be204a9400e1bf2aacc19173ff42f4d3cc721f1edb1f34ef4
|
|
7
|
+
data.tar.gz: e7385adbdb0288a486897979c64b459b1efb672bbc334502300ac35764bff158a7759060f748e68b5750d013f01b40e8281deb277786d13e06b0c6e16d9c7a7d
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
certmeister (0.
|
|
5
|
-
certmeister-rack (0.
|
|
6
|
-
certmeister (= 0.
|
|
4
|
+
certmeister (0.4.0)
|
|
5
|
+
certmeister-rack (0.4.0)
|
|
6
|
+
certmeister (= 0.4.0)
|
|
7
7
|
rack (~> 1.5)
|
|
8
|
-
certmeister-redis (0.
|
|
9
|
-
certmeister (= 0.
|
|
8
|
+
certmeister-redis (0.4.0)
|
|
9
|
+
certmeister (= 0.4.0)
|
|
10
10
|
redis-sentinel (~> 1.4)
|
|
11
11
|
|
|
12
12
|
GEM
|
data/README.md
CHANGED
|
@@ -56,9 +56,8 @@ If you work at Hetzner and need to release new versions of the gems, do this
|
|
|
56
56
|
changes):
|
|
57
57
|
|
|
58
58
|
```
|
|
59
|
-
|
|
59
|
+
# edit lib/certmeister/version.rb
|
|
60
60
|
bundle
|
|
61
|
-
git
|
|
62
|
-
git commit -m "Bump to version $(bundle exec semver)"
|
|
61
|
+
git commit -m "Bump to version x.y.z" Gemfile.lock lib/certmeister/version.rb
|
|
63
62
|
bundle exec release
|
|
64
63
|
```
|
|
@@ -6,29 +6,20 @@ module Certmeister
|
|
|
6
6
|
|
|
7
7
|
class ChainAll
|
|
8
8
|
|
|
9
|
-
def initialize(
|
|
10
|
-
|
|
11
|
-
@
|
|
9
|
+
def initialize(policies)
|
|
10
|
+
Certmeister::Policy.validate_policies(policies)
|
|
11
|
+
@policies = policies
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def authenticate(request)
|
|
15
15
|
success = Certmeister::Policy::Response.new(true, nil)
|
|
16
|
-
@
|
|
16
|
+
@policies.inject(success) do |continue, policy|
|
|
17
17
|
response = policy.authenticate(request)
|
|
18
18
|
break response unless response.authenticated?
|
|
19
19
|
continue
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
private
|
|
24
|
-
|
|
25
|
-
def validate_policys(policys)
|
|
26
|
-
unless policys.is_a?(Enumerable) and policys.respond_to?(:size) and policys.size > 0 and
|
|
27
|
-
policys.all? { |policy| Certmeister::Policy.validate_authenticate_signature(policy) }
|
|
28
|
-
raise ArgumentError.new("enumerable collection of policys required")
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
|
|
32
23
|
end
|
|
33
24
|
|
|
34
25
|
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
require 'certmeister/policy'
|
|
2
|
+
|
|
3
|
+
module Certmeister
|
|
4
|
+
|
|
5
|
+
module Policy
|
|
6
|
+
|
|
7
|
+
class ChainAny
|
|
8
|
+
|
|
9
|
+
def initialize(policies)
|
|
10
|
+
Certmeister::Policy.validate_policies(policies)
|
|
11
|
+
@policies = policies
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def authenticate(request)
|
|
15
|
+
failure = Certmeister::Policy::Response.new(false, "no conditions satisifed")
|
|
16
|
+
@policies.inject(failure) do |continue, policy|
|
|
17
|
+
response = policy.authenticate(request)
|
|
18
|
+
break response if response.authenticated?
|
|
19
|
+
continue
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
end
|
data/lib/certmeister/policy.rb
CHANGED
|
@@ -11,6 +11,13 @@ module Certmeister
|
|
|
11
11
|
response.respond_to?(:authenticated?) and response.respond_to?(:error)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
def self.validate_policies(policies)
|
|
15
|
+
unless policies.is_a?(Enumerable) and policies.respond_to?(:size) and policies.size > 0 and
|
|
16
|
+
policies.all? { |policy| self.validate_authenticate_signature(policy) }
|
|
17
|
+
raise ArgumentError.new("enumerable collection of policies required")
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
14
21
|
end
|
|
15
22
|
|
|
16
23
|
end
|
data/lib/certmeister/version.rb
CHANGED
|
@@ -6,8 +6,8 @@ require 'certmeister/policy/chain_all'
|
|
|
6
6
|
|
|
7
7
|
describe Certmeister::Policy::ChainAll do
|
|
8
8
|
|
|
9
|
-
it "must be configured with a list of
|
|
10
|
-
expected_error = "enumerable collection of
|
|
9
|
+
it "must be configured with a list of policies" do
|
|
10
|
+
expected_error = "enumerable collection of policies required"
|
|
11
11
|
expect { Certmeister::Policy::ChainAll.new }.to raise_error(ArgumentError)
|
|
12
12
|
expect { Certmeister::Policy::ChainAll.new(Certmeister::Policy::Noop.new) }.to raise_error(ArgumentError, expected_error)
|
|
13
13
|
expect { Certmeister::Policy::ChainAll.new([]) }.to raise_error(ArgumentError, expected_error)
|
|
@@ -18,18 +18,18 @@ describe Certmeister::Policy::ChainAll do
|
|
|
18
18
|
expect { policy.authenticate }.to raise_error(ArgumentError)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
it "authenticates a request that all its chained
|
|
21
|
+
it "authenticates a request that all its chained policies authenticate" do
|
|
22
22
|
policy = Certmeister::Policy::ChainAll.new([Certmeister::Policy::Noop.new, Certmeister::Policy::Noop.new])
|
|
23
23
|
response = policy.authenticate({anything: 'something'})
|
|
24
24
|
expect(response).to be_authenticated
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
it "refuses a request that any one of its chained
|
|
27
|
+
it "refuses a request that any one of its chained policies refuses" do
|
|
28
28
|
refuse_last = Certmeister::Policy::ChainAll.new([ Certmeister::Policy::Noop.new, Certmeister::Policy::Blackhole.new])
|
|
29
29
|
refuse_first = Certmeister::Policy::ChainAll.new([ Certmeister::Policy::Blackhole.new, Certmeister::Policy::Noop.new])
|
|
30
|
-
|
|
30
|
+
policies = [refuse_last, refuse_first]
|
|
31
31
|
|
|
32
|
-
|
|
32
|
+
policies.each do |policy|
|
|
33
33
|
response = policy.authenticate({anything: 'something'})
|
|
34
34
|
expect(response).to_not be_authenticated
|
|
35
35
|
expect(response.error).to eql "blackholed"
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'certmeister/policy/blackhole'
|
|
3
|
+
require 'certmeister/policy/noop'
|
|
4
|
+
|
|
5
|
+
require 'certmeister/policy/chain_any'
|
|
6
|
+
|
|
7
|
+
describe Certmeister::Policy::ChainAny do
|
|
8
|
+
|
|
9
|
+
it "must be configured with a list of policies" do
|
|
10
|
+
expected_error = "enumerable collection of policies required"
|
|
11
|
+
expect { Certmeister::Policy::ChainAny.new }.to raise_error(ArgumentError)
|
|
12
|
+
expect { Certmeister::Policy::ChainAny.new(Certmeister::Policy::Noop.new) }.to raise_error(ArgumentError, expected_error)
|
|
13
|
+
expect { Certmeister::Policy::ChainAny.new([]) }.to raise_error(ArgumentError, expected_error)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it "demands a request" do
|
|
17
|
+
policy = Certmeister::Policy::ChainAny.new([Certmeister::Policy::Noop.new])
|
|
18
|
+
expect { policy.authenticate }.to raise_error(ArgumentError)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it "authenticates a request that any of its chained policies authenticate" do
|
|
22
|
+
policy = Certmeister::Policy::ChainAny.new([Certmeister::Policy::Blackhole.new, Certmeister::Policy::Noop.new, Certmeister::Policy::Blackhole.new])
|
|
23
|
+
response = policy.authenticate({anything: 'something'})
|
|
24
|
+
expect(response).to be_authenticated
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it "refuses a request that none of its chained policies refuses" do
|
|
28
|
+
policy = Certmeister::Policy::ChainAll.new([ Certmeister::Policy::Blackhole.new, Certmeister::Policy::Blackhole.new])
|
|
29
|
+
response = policy.authenticate({anything: 'something'})
|
|
30
|
+
expect(response).to_not be_authenticated
|
|
31
|
+
expect(response.error).to eql "blackholed"
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it "uses the error message of the last encountered refusal in the chain"
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certmeister
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sheldon Hearn
|
|
@@ -93,6 +93,7 @@ files:
|
|
|
93
93
|
- lib/certmeister/policy.rb
|
|
94
94
|
- lib/certmeister/policy/blackhole.rb
|
|
95
95
|
- lib/certmeister/policy/chain_all.rb
|
|
96
|
+
- lib/certmeister/policy/chain_any.rb
|
|
96
97
|
- lib/certmeister/policy/domain.rb
|
|
97
98
|
- lib/certmeister/policy/existing.rb
|
|
98
99
|
- lib/certmeister/policy/fcrdns.rb
|
|
@@ -109,6 +110,7 @@ files:
|
|
|
109
110
|
- spec/certmeister/in_memory_store_spec.rb
|
|
110
111
|
- spec/certmeister/policy/blackhole_spec.rb
|
|
111
112
|
- spec/certmeister/policy/chain_all_spec.rb
|
|
113
|
+
- spec/certmeister/policy/chain_any_spec.rb
|
|
112
114
|
- spec/certmeister/policy/domain_spec.rb
|
|
113
115
|
- spec/certmeister/policy/existing_spec.rb
|
|
114
116
|
- spec/certmeister/policy/fcrdns_spec.rb
|
|
@@ -153,6 +155,7 @@ test_files:
|
|
|
153
155
|
- spec/certmeister/in_memory_store_spec.rb
|
|
154
156
|
- spec/certmeister/policy/blackhole_spec.rb
|
|
155
157
|
- spec/certmeister/policy/chain_all_spec.rb
|
|
158
|
+
- spec/certmeister/policy/chain_any_spec.rb
|
|
156
159
|
- spec/certmeister/policy/domain_spec.rb
|
|
157
160
|
- spec/certmeister/policy/existing_spec.rb
|
|
158
161
|
- spec/certmeister/policy/fcrdns_spec.rb
|