clearance_http_auth 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2010 Karel Minarik
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,58 @@
+= Clearance::HttpAuth
+
+The goal of this project is simple, instant HTTP Basic Authentication for any
+controller in Rails 3 applications using Clearance[https://github.com/thoughtbot/clearance]
+for user authentication. You can use Clearance's default, session based authentication
+in the user facing parts of your application, and use HTTP Basic Auth when connecting
+to it's API.
+
+It has two parts:
+
+1. A middleware which intercepts requests to your application API
+   and performs a HTTP Basic Authentication by wrapping your application
+   in a <tt>Rack::Auth::Basic</tt> block. It supplies the provided credentials
+   to the <tt>User.authenticate</tt> method and sets an
+   <tt>env['clearance.current_user']</tt> variable.
+
+2. An overriden <tt>current_user</tt> helper method for controllers, which reads
+   the variable set in the middleware.
+
+
+== Usage
+
+First, add the gem to your Gemfile, along with +clearance+:
+
+    gem 'clearance', '~> 0.9.1'
+    gem 'clearance_http_auth'
+
+Second, include the module in your ApplicationController (or in a specific controller)
+_after_ you include Clearance::Authentication:
+
+    class ApplicationController < ActionController::Base
+      include Clearance::Authentication
+      include Clearance::HttpAuth
+    end
+
+There is no step three. When you hit your application API with the same credentials
+as when logging in the browser, you should be in:
+
+    $ curl -i -X GET  -u test@example.com:password http://localhost:3000/books.xml
+    $ curl -i -X POST -u test@example.com:password -H "Content-Type: application/xml" http://localhost:3000/books.xml \
+           -d "<book><author>Kafka</author><title>Metamorphosis</title></book>"
+
+By default, the middleware intercepts only requests to JSON and XML formats.
+You can add more formats in your <tt>config/application.rb</tt>:
+
+    config.clearance_http_auth.api_formats << 'csv'
+
+
+= About
+
+The project originally grew out of a simple monkeypatch: https://github.com/thoughtbot/clearance/issues/34
+
+Comments and patches are welcome. Fork, add tests for features and don't break any existing ones,
+send a pull request.
+
+-----
+
+Karel Minarik (http://karmi.cz)

data/Rakefile

@@ -0,0 +1,29 @@
+# encoding: UTF-8
+require 'rubygems'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rake'
+require 'rake/rdoctask'
+require 'rake/testtask'
+
+Bundler::GemHelper.install_tasks
+
+task :default => :test
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/*_test.rb'
+  test.verbose = true
+end
+
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Clearance::HttpAuth'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/clearance_http_auth/configuration.rb

@@ -0,0 +1,18 @@
+module Clearance
+  module HttpAuth
+
+    # Configuration is available in your Rails' <tt>application.rb</tt> as
+    # <tt>config.clearance_http_auth</tt>. See README for example.
+    #
+    class Configuration
+
+      # Returns formats for which the Middleware is enabled
+      #
+      def self.api_formats
+        @api_formats ||= %w[  json xml  ]
+      end
+    end
+
+  end
+
+end

data/lib/clearance_http_auth/current_user_override.rb

@@ -0,0 +1,20 @@
+module Clearance
+  module HttpAuth
+
+    # This module redefines default Clearance's +current_user+
+    # helper method functionality to look first in +env+
+    # passed from the middleware stack.
+    #
+    module CurrentUserOverride
+
+      # User in the current cookie
+      #
+      # @return [User, nil]
+      def current_user
+        env['clearance.current_user'] || @_current_user || user_from_cookie
+      end
+    end
+
+  end
+
+end

data/lib/clearance_http_auth/engine.rb

@@ -0,0 +1,13 @@
+require 'rails'
+
+module Clearance
+  module HttpAuth
+
+    class Engine < Rails::Engine
+      # Expose Clearance::HttpAuth::Configuration in the <tt>application.rb</tt>
+      config.clearance_http_auth = Configuration
+    end
+
+  end
+
+end

data/lib/clearance_http_auth/middleware.rb

@@ -0,0 +1,39 @@
+module Clearance
+  module HttpAuth
+
+    # A Rack middleware which intercepts requests to your application API
+    # (as defined in <tt>Configuration.api_formats</tt>) and performs
+    # a HTTP Basic Authentication via <tt>Rack::Auth::Basic</tt>.
+    #
+    class Middleware
+
+      def initialize(app)
+        @app = app
+      end
+
+      # Wrap the application with a <tt>Rack::Auth::Basic</tt> block
+      # and set the <tt>env['clearance.current_user']</tt> variable
+      # if the incoming request is targeting the API.
+      #
+      def call(env)
+        if targeting_api?(env)
+          @app = Rack::Auth::Basic.new(@app) do |username, password|
+            env['clearance.current_user'] = ::User.authenticate(username, password)
+          end
+        end
+        @app.call(env)
+      end
+
+      private
+
+      def targeting_api?(env)
+        return false unless env['action_dispatch.request.path_parameters']
+        format = env['action_dispatch.request.path_parameters'][:format]
+        format && Configuration.api_formats.include?(format)
+      end
+
+    end
+
+  end
+
+end

data/lib/clearance_http_auth/version.rb

@@ -0,0 +1,5 @@
+module Clearance
+  module HttpAuth
+    VERSION = "0.0.1"
+  end
+end

data/lib/clearance_http_auth.rb

@@ -0,0 +1,21 @@
+require 'clearance_http_auth/configuration'
+require 'clearance_http_auth/middleware'
+require 'clearance_http_auth/current_user_override'
+require 'clearance_http_auth/engine'
+
+module Clearance
+
+  # Include this module in a controller to enable the middleware and +current_user+ override:
+  #
+  #     class ProjectsController < ApplicationController
+  #       include Clearance::Authentication
+  #       include Clearance::HttpAuth
+  #     end
+  #
+  module HttpAuth
+    def self.included(controller)
+      controller.send :include, CurrentUserOverride
+      controller.use  Middleware
+    end
+  end
+end

data/test/clearance_http_auth_test.rb

@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class Clearance::HttpAuthTest < ActiveSupport::TestCase
+
+  context "Configuration" do
+    should "return JSON and XML formats by default" do
+      assert Clearance::HttpAuth::Configuration.api_formats.include?('json'), "does not include JSON"
+      assert Clearance::HttpAuth::Configuration.api_formats.include?('xml'),  "does not include XML"
+    end
+
+    should "allow adding formats" do
+      assert_nothing_raised { Clearance::HttpAuth::Configuration.api_formats << 'pdf' }
+      assert Clearance::HttpAuth::Configuration.api_formats.include?('pdf'), "does not include added format"
+    end
+  end
+
+end

data/test/dummy/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+
+Dummy::Application.load_tasks

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  include Clearance::Authentication
+  include Clearance::HttpAuth
+  protect_from_forgery
+end

data/test/dummy/app/controllers/entrances_controller.rb

@@ -0,0 +1,29 @@
+class EntrancesController < ApplicationController
+  before_filter :authenticate
+
+  respond_to :html, :json, :xml
+
+  def index
+    logger.debug current_user.inspect
+
+    respond_to do |format|
+      message = "Welcome!"
+      format.html { render :text => message }
+      format.json { render :json => { :message => message }.to_json }
+      format.xml  { render :xml  => { :message => message }.to_xml(:root => 'document') }
+      format.csv  { render :text => message }
+    end
+  end
+
+  def create
+
+    respond_to do |format|
+      message = "Created!"
+      format.html { render :text => message, :status => :created }
+      format.json { render :json => { :message => message }.to_json, :status => :created }
+      format.xml  { render :xml  => { :message => message }.to_xml(:root => 'document'), :status => :created }
+      format.csv  { render :text => message, :status => :created }
+    end
+  end
+  
+end

data/test/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/test/dummy/app/helpers/entrance_helper.rb

@@ -0,0 +1,2 @@
+module EntranceHelper
+end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Clearance::User
+end

data/test/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag :all %>
+  <%= javascript_include_tag :defaults %>
+  <%= csrf_meta_tag %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/test/dummy/config/application.rb

@@ -0,0 +1,47 @@
+require File.expand_path('../boot', __FILE__)
+
+require "active_model/railtie"
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_view/railtie"
+require "action_mailer/railtie"
+
+Bundler.require
+require "clearance_http_auth"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # JavaScript files you want as :defaults (application.js is always included).
+    # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    config.clearance_http_auth.api_formats << 'csv'
+  end
+end

data/test/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/test/dummy/config/database.yml

@@ -0,0 +1,22 @@
+# SQLite version 3.x
+#   gem install sqlite3-ruby (not necessary on OS X Leopard)
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/test/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/test/dummy/config/environments/development.rb

@@ -0,0 +1,26 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+end
+

data/test/dummy/config/environments/production.rb

@@ -0,0 +1,49 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The production environment is meant for finished, "live" apps.
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Specifies the header that your server uses for sending files
+  config.action_dispatch.x_sendfile_header = "X-Sendfile"
+
+  # For nginx:
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'
+
+  # If you have no front-end server that supports something like X-Sendfile,
+  # just comment this out and Rails will serve the files
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Disable Rails's static asset server
+  # In production, Apache or nginx will already do this
+  config.serve_static_assets = false
+
+  # Enable serving of images, stylesheets, and javascripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+end

data/test/dummy/config/environments/test.rb

@@ -0,0 +1,35 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/test/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/test/dummy/config/initializers/clearance.rb

@@ -0,0 +1,3 @@
+Clearance.configure do |config|
+  config.mailer_sender = 'donotreply@example.com'
+end

data/test/dummy/config/initializers/inflections.rb

@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end

data/test/dummy/config/initializers/mime_types.rb

@@ -0,0 +1 @@
+Mime::Type.register "text/csv",         :csv

data/test/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_token = '59031f235943d9fdcc4ab9d0b9fa954305e3bc3eaee8c4c2c7fec95d93b39810def54d2825637139fbc8dec8394e5db8b153d74b0fd83fb927b1b041a25179ae'

data/test/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/test/dummy/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/test/dummy/config/routes.rb

@@ -0,0 +1,4 @@
+Dummy::Application.routes.draw do
+  root :to => "entrances#index"
+  resources :entrances
+end

data/test/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/test/dummy/db/migrate/20101221153914_clearance_create_users.rb

@@ -0,0 +1,20 @@
+class ClearanceCreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table(:users) do |t|
+      t.string   :email
+      t.string   :encrypted_password, :limit => 128
+      t.string   :salt,               :limit => 128
+      t.string   :confirmation_token, :limit => 128
+      t.string   :remember_token,     :limit => 128
+      t.boolean  :email_confirmed, :default => false, :null => false
+      t.timestamps
+    end
+
+    add_index :users, :email
+    add_index :users, :remember_token
+  end
+
+  def self.down
+    drop_table :users
+  end
+end

data/test/dummy/db/schema.rb

@@ -0,0 +1,29 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20101221153914) do
+
+  create_table "users", :force => true do |t|
+    t.string   "email"
+    t.string   "encrypted_password", :limit => 128
+    t.string   "salt",               :limit => 128
+    t.string   "confirmation_token", :limit => 128
+    t.string   "remember_token",     :limit => 128
+    t.boolean  "email_confirmed",                   :default => false, :null => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "users", ["email"], :name => "index_users_on_email"
+  add_index "users", ["remember_token"], :name => "index_users_on_remember_token"
+
+end