conjur-rack 1.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 90340dd3a8dbc2f410a43b66ef10d010e76a9ffd
+  data.tar.gz: 9cc5f13b006ac102df5a28b65da08e7f3a7ef6dd
+SHA512:
+  metadata.gz: 9223bfe5621080f8b9dba63e2de5593e2f6e44d2ad34d3beb60c8447a0ff8340eae3d1530420975052cfcbe6d26a66e2bbc5c8a1737f0019a2ee437c0fe458a3
+  data.tar.gz: 58042ba2ee61e535da72b1395ab7f48e1a873d8fba78fdc0ac1ab1a01a15b3dda63e7ba78fe83a550876c180238fbe5d38917d50f5c0485cf8dba1f42bfdbb67

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# IDE garbage
+/.idea

data/.project

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>conjur-rack</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.aptana.ide.core.unifiedBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.aptana.ruby.core.rubynature</nature>
+		<nature>com.aptana.projects.webnature</nature>
+	</natures>
+</projectDescription>

data/.rvmrc

@@ -0,0 +1 @@
+rvm use --create 2.0.0@conjur-rack

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+# v1.4.0
+
+* Add `validated_global_privilege` helper function to get the global privilege, if any, which has been submitted with the request and verified by the Conjur server.
+
+# v1.3.0
+
+* Add handling for `X-Forwarded-For` and `X-Conjur-Privilege`

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in conjur-rack.gemspec
+gemspec
+
+gem 'conjur-api', github: 'conjurinc/api-ruby', branch: 'master'

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Kevin Gilpin
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Conjur::Rack
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'conjur-rack'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install conjur-rack
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,14 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+require 'ci/reporter/rake/rspec'
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = "--format doc"
+  unless ENV["CONJUR_ENV"] == "ci"
+    t.rspec_opts << " --color"
+  else 
+    Rake::Task["ci:setup:rspec"].invoke
+  end
+end
+
+task :default => :spec

data/conjur-rack.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'conjur/rack/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "conjur-rack"
+  spec.version       = Conjur::Rack::VERSION
+  spec.authors       = ["Kevin Gilpin"]
+  spec.email         = ["kgilpin@conjur.net"]
+  spec.description   = %q{Rack authenticator and basic User struct}
+  spec.summary       = %q{Rack authenticator and basic User struct}
+  spec.homepage      = "http://github.com/conjurinc/conjur-rack"
+  spec.license       = "Private"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "slosilo"
+  spec.add_dependency "conjur-api", ">= 4.17"
+  spec.add_dependency "rack"
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", ">=2.9", "<3.0"
+  spec.add_development_dependency 'ci_reporter_rspec'
+end

data/lib/conjur/rack.rb

@@ -0,0 +1,3 @@
+require "conjur/rack/version"
+require "conjur/rack/authenticator"
+require "conjur/rack/path_prefix"

data/lib/conjur/rack/authenticator.rb

@@ -0,0 +1,125 @@
+require "conjur/rack/user"
+
+module Conjur
+  module Rack
+    def self.identity?
+      !Thread.current[:conjur_rack_identity].nil?
+    end
+    
+    def self.user
+      User.new(identity[0], identity[1], privilege, remote_ip)
+    end
+    
+    def self.identity
+      Thread.current[:conjur_rack_identity] or raise "No Conjur identity for current request"
+    end
+    
+    def self.privilege
+      Thread.current[:conjur_rack_privilege]
+    end
+    
+    def self.remote_ip
+      Thread.current[:conjur_rack_remote_ip]
+    end
+  
+    class Authenticator
+      class AuthorizationError < SecurityError
+      end
+      class SignatureError < SecurityError
+      end
+      
+      attr_reader :app, :options
+      
+      # +options+:
+      # :except :: a list of request path patterns for which to skip authentication
+      def initialize app, options = {}
+        @app = app
+        @options = options
+      end
+
+      # threadsafe accessors, values are established explicitly below
+      def env; Thread.current[:rack_env] ; end
+      def token; Thread.current[:conjur_rack_token] ; end
+      def account; Thread.current[:conjur_rack_account]; end
+      def privilege; Thread.current[:conjur_rack_privilege]; end
+      def remote_ip; Thread.current[:conjur_rack_remote_ip]; end
+ 
+      def call rackenv
+        # never store request-specific variables as application attributes 
+        Thread.current[:rack_env] = rackenv
+        if authenticate?
+          begin
+            identity = verify_authorization_and_get_identity # [token, account]
+             
+            Thread.current[:conjur_rack_token] = identity[0]
+            Thread.current[:conjur_rack_account] = identity[1]
+            Thread.current[:conjur_rack_identity] = identity
+            Thread.current[:conjur_rack_privilege] = conjur_privilege
+            Thread.current[:conjur_rack_remote_ip] = remote_ip
+
+          rescue SecurityError, RestClient::Exception
+            return error 401, $!.message
+          end
+        end
+        begin
+          @app.call rackenv
+        ensure
+          Thread.current[:rack_env] = nil
+          Thread.current[:conjur_rack_identity] = nil
+          Thread.current[:conjur_rack_token] = nil
+          Thread.current[:conjur_rack_account] = nil
+          Thread.current[:conjur_rack_privilege] = nil
+          Thread.current[:conjur_rack_remote_ip] = nil
+        end
+      end
+      
+      protected
+      
+      def validate_token_and_get_account token
+        failure = SignatureError.new("Unathorized: Invalid token")
+        raise failure unless (signer = Slosilo.token_signer token)
+        raise failure unless signer =~ /\Aauthn:(.+)\z/
+        return $1
+      end
+      
+      def error status, message
+        [status, { 'Content-Type' => 'text/plain', 'Content-Length' => message.length.to_s }, [message] ]
+      end
+      
+      def verify_authorization_and_get_identity
+        if authorization.to_s[/^Token token="(.*)"/]
+          token = JSON.parse(Base64.decode64($1))
+          account = validate_token_and_get_account(token)
+          return [token, account]
+        else
+          raise AuthorizationError.new("Authorization missing")
+        end
+      end
+      
+      def authenticate?
+        if options[:except]
+          options[:except].find{|p| p.match(path)}.nil?
+        else
+          true
+        end
+      end
+
+      def conjur_privilege
+        env['HTTP_X_CONJUR_PRIVILEGE']
+      end
+      
+      def authorization
+        env['HTTP_AUTHORIZATION']
+      end
+      
+      def remote_ip
+        require 'rack/request'
+        ::Rack::Request.new(env).ip
+      end
+      
+      def path
+        [ env['SCRIPT_NAME'], env['PATH_INFO'] ].join
+      end
+    end
+  end
+end

data/lib/conjur/rack/path_prefix.rb

@@ -0,0 +1,31 @@
+# https://raw.github.com/merb/merb/master/merb-core/lib/merb-core/rack/middleware/path_prefix.rb
+module Conjur
+  module Rack
+    class PathPrefix
+      EMPTY_STRING = ""
+      SLASH = "/"
+      
+      # @api private
+      def initialize(app, path_prefix = nil)
+        @app = app
+        @path_prefix = /^#{Regexp.escape(path_prefix)}/
+      end
+
+      # @api plugin
+      def call(env)
+        strip_path_prefix(env) 
+        @app.call(env)
+      end
+
+      # @api private
+      def strip_path_prefix(env)
+        ['PATH_INFO', 'REQUEST_URI'].each do |path_key|
+          if env[path_key] =~ @path_prefix
+            env[path_key].sub!(@path_prefix, EMPTY_STRING)
+            env[path_key] = SLASH if env[path_key].empty?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/conjur/rack/user.rb

@@ -0,0 +1,79 @@
+require 'conjur/api'
+
+module Conjur
+  module Rack
+    class User
+      attr_accessor :token, :account, :privilege, :remote_ip
+      
+      def initialize(token, account, privilege = nil, remote_ip = nil)
+        @token = token
+        @account = account
+        @privilege = privilege
+        @remote_ip = remote_ip
+      end
+      
+      # This file was accidently calling account conjur_account,
+      # I'm adding an alias in case that's going on anywhere else.
+      # -- Jon
+      alias :conjur_account :account
+      alias :conjur_account= :account=
+      
+      def new_association(cls, params = {})
+        cls.new params.merge({userid: login})
+      end
+      
+      # Returns the global privilege which was present on the request, if and only
+      # if the user actually has that privilege.
+      #
+      # Returns nil if no global privilege was present in the request headers, 
+      # or if a global privilege was present in the request headers, but the user doesn't
+      # actually have that privilege according to the Conjur server.
+      def validated_global_privilege
+        unless @validated_global_privilege
+          @privilege = nil if @privilege && !api.global_privilege_permitted?(@privilege)
+          @validated_global_privilege = true
+        end
+        @privilege
+      end
+      
+      # True if and only if the user has valid global 'reveal' privilege.
+      def global_reveal?
+        validated_global_privilege == "reveal"
+      end
+      
+      # True if and only if the user has valid global 'sudo' privilege.
+      def global_sudo?
+        validated_global_privilege == "sudo"
+      end
+      
+      def login
+        token["data"] or raise "No data field in token"
+      end
+      
+      def roleid
+        tokens = login.split('/')
+        role_kind, roleid = if tokens.length == 1
+          [ 'user', login ]
+        else
+          [ tokens[0], tokens[1..-1].join('/') ]
+        end
+        [ account, role_kind, roleid ].join(':')
+      end
+      
+      def role
+        api.role(roleid)
+      end
+      
+      def api(cls = Conjur::API)
+        args = [ token ]
+        args.push remote_ip if remote_ip
+        api = cls.new_from_token(*args)
+        if privilege
+          api.with_privilege(privilege)
+        else
+          api
+        end
+      end
+    end
+  end
+end

data/lib/conjur/rack/version.rb

@@ -0,0 +1,5 @@
+module Conjur
+  module Rack
+    VERSION = "1.4.0"
+  end
+end

data/spec/rack/authenticator_spec.rb

@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+require 'conjur/rack/authenticator'
+
+describe Conjur::Rack::Authenticator do
+  let(:app) { double(:app) }
+  let(:options) { {} }
+  let(:authenticator) { Conjur::Rack::Authenticator.new(app, options) }
+  let(:call) { authenticator.call env }
+  
+  context "#call" do
+    context "with Conjur authorization" do
+      before{ stub_const 'Slosilo', Module.new }
+      let(:env) {
+        {
+          'HTTP_AUTHORIZATION' => "Token token=\"#{basic_64}\""
+        }.tap do |e|
+          e['HTTP_X_CONJUR_PRIVILEGE'] = privilege if privilege
+          e['HTTP_X_FORWARDED_FOR'] = remote_ip if remote_ip
+        end
+      }
+      let(:basic_64) { Base64.strict_encode64(token.to_json) }
+      let(:token) { { "data" => "foobar" } }
+      let(:sample_account) { "someacc" }
+      let(:privilege) { nil }
+      let(:remote_ip) { nil }
+
+      context "of a valid token" do
+          
+        before(:each) {
+          Slosilo.stub token_signer: 'authn:'+sample_account
+        }
+
+        it 'launches app' do
+          app.should_receive(:call).with(env).and_return app
+          call.should == app
+        end
+
+        context 'Authable provides module method conjur_user' do
+          let(:stubuser) { "some value" }
+          before {
+            app.stub(:call) { Conjur::Rack.user }
+          }
+
+          context 'when called in app context' do
+            let(:invoke) {
+              Conjur::Rack::User.should_receive(:new).
+                with(token, sample_account, privilege, remote_ip).
+                and_return(stubuser)
+              Conjur::Rack.should_receive(:user).and_call_original
+              call
+            }
+            
+            shared_examples_for 'returns User built from token' do
+              specify { 
+                invoke.should == stubuser      
+              }
+            end
+            
+            it_should_behave_like 'returns User built from token'
+            
+            context 'with X-Conjur-Privilege' do
+              let(:privilege) { "sudo" }
+              it_should_behave_like 'returns User built from token'
+            end
+            
+            context 'with X-Forwarded-For' do
+              let(:remote_ip) { "66.0.0.1" }
+              it_should_behave_like 'returns User built from token'
+            end
+          end
+
+          context 'called out of app context' do
+            it { lambda { Conjur::Rack.user }.should raise_error }
+          end
+        end
+      end
+      context "of an invalid token" do
+        it "returns a 401 error" do
+          Slosilo.stub token_signer: nil
+          call.should == [401, {"Content-Type"=>"text/plain", "Content-Length"=>"26"}, ["Unathorized: Invalid token"]]
+        end
+      end
+      context "of a token invalid for authn" do
+        it "returns a 401 error" do
+          Slosilo.stub token_signer: 'a-totally-different-key'
+          call.should == [401, {"Content-Type"=>"text/plain", "Content-Length"=>"26"}, ["Unathorized: Invalid token"]]
+        end
+      end
+    end
+  end
+  context "without authorization" do
+    context "to a protected path" do
+      let(:env) { { 'SCRIPT_NAME' => '/pathname' } }
+      it "returns a 401 error" do
+        call.should == [401, {"Content-Type"=>"text/plain", "Content-Length"=>"21"}, ["Authorization missing"]]
+      end
+    end
+    context "to an unprotected path" do
+      let(:except) { [ /^\/foo/ ] }
+      let(:env) { { 'SCRIPT_NAME' => '', 'PATH_INFO' => '/foo/bar' } }
+      it "proceeds" do
+        options[:except] = except
+        app.should_receive(:call).with(env).and_return app
+        call.should == app
+      end
+    end
+  end
+end

data/spec/rack/path_prefix_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+require 'conjur/rack/path_prefix'
+
+describe Conjur::Rack::PathPrefix do
+  let(:app) { double(:app) }
+  let(:prefix) { "/api" }
+  let(:path_prefix) { Conjur::Rack::PathPrefix.new(app, prefix) }
+  let(:call) { path_prefix.call env }
+  let(:env) {
+    {
+      'PATH_INFO' => path
+    }
+  }
+
+  context "#call" do
+    context "/api/hosts" do
+      let(:path) { "/api/hosts" }
+      it "matches" do
+        app.should_receive(:call).with({ 'PATH_INFO' => '/hosts' }).and_return app
+        call
+      end
+    end
+    context "/api" do
+      let(:path) { "/api" }
+      it "doesn't erase the path completely" do
+        app.should_receive(:call).with({ 'PATH_INFO' => '/' }).and_return app
+        call
+      end
+    end
+    context "with non-matching prefix" do
+      let(:path) { "/hosts" }
+      it "doesn't match" do
+        app.should_receive(:call).with({ 'PATH_INFO' => '/hosts' }).and_return app
+        call
+      end
+    end
+  end
+  
+end

data/spec/rack/user_spec.rb

@@ -0,0 +1,121 @@
+require 'spec_helper'
+
+describe Conjur::Rack::User do
+  let(:login){ 'admin' }
+  let(:token){ {'data' => login} }
+  let(:account){ 'acct' }
+  let(:privilege) { nil }
+  let(:remote_ip) { nil }
+  
+  subject{ described_class.new token, account, privilege, remote_ip }
+  
+  its(:token){ should == token }
+  its(:account){ should == account }
+  its(:conjur_account){ should == account }
+  its(:login){ should == token['data'] }
+  
+  it "aliases setter for account to conjur_account" do
+    subject.conjur_account = "changed!"
+    subject.account.should == "changed!"
+  end
+  
+  describe '#new_assocation' do
+    let(:associate){ Class.new }
+    let(:params){{foo: 'bar'}}
+    it "calls cls.new with params including userid: login" do
+      associate.should_receive(:new).with(params.merge(userid: subject.login))
+      subject.new_association(associate, params)
+    end
+  end
+  
+  describe '#roleid' do
+    let(:login){ tokens.join('/') }
+    context "when login contains one token 'foobar'" do
+      let(:tokens){ ['foobar'] }
+      its(:roleid){ should == "#{account}:user:#{login}" } 
+    end
+    context "when login contains tokens ['foo', 'bar']" do
+      let(:tokens){ ["foos", "bar"] }
+      its(:roleid){ should == "#{account}:#{tokens[0]}:#{tokens[1]}"}
+    end
+    context "when login contains tokens ['foo','bar','baz']" do
+      let(:tokens){ ['foo', 'bar', 'baz'] }
+      its(:roleid){ should == "#{account}:#{tokens[0]}:#{tokens[1]}/#{tokens[2]}" }
+    end
+  end
+  
+  describe '#role' do
+    let(:roleid){ 'the role id' }
+    let(:api){ double('conjur api') }
+    before do
+      subject.stub(:roleid).and_return roleid
+      subject.stub(:api).and_return api
+    end
+    
+    it 'passes roleid to api.role' do
+      api.should_receive(:role).with(roleid).and_return 'the role'
+      subject.role.should == 'the role'
+    end
+  end
+  
+  describe "#global_reveal?" do
+    context "with global privilege" do
+      let(:privilege) { "reveal" }
+      let(:api){ Conjur::API.new_from_token "the-token" }
+      before do
+        subject.stub(:api).and_return api
+      end
+      it "checks the API function global_privilege_permitted?" do
+        api.should_receive(:resource).with("!:!:conjur").and_return resource = double(:resource)
+        resource.should_receive(:permitted?).with("reveal").and_return true
+        expect(subject.global_reveal?).to be_true
+        # The result is cached
+        subject.global_reveal?
+      end
+    end
+    context "without a global privilege" do
+      it "simply returns nil" do
+        expect(subject.global_reveal?).to be_false
+      end
+    end
+  end
+  
+  describe '#api' do
+    context "when given a class" do
+      let(:cls){ double('API class') }
+      it "calls cls.new_from_token with its token" do
+        cls.should_receive(:new_from_token).with(token).and_return 'the api'
+        subject.api(cls).should == 'the api'
+      end
+    end
+    context 'when not given args' do
+      shared_examples_for "builds the api" do
+        specify {
+          subject.api.should == 'the api'
+        }
+      end
+      
+      context "with no extra args" do
+        before {
+          Conjur::API.should_receive(:new_from_token).with(token).and_return 'the api'
+        }
+        it_should_behave_like "builds the api"
+      end
+      context "with remote_ip" do
+        let(:remote_ip) { "the-ip" }
+        before {
+          Conjur::API.should_receive(:new_from_token).with(token, 'the-ip').and_return 'the api'
+        }
+        it_should_behave_like "builds the api"
+      end
+      context "with privilege" do
+        let(:privilege) { "sudo" }
+        before {
+          Conjur::API.should_receive(:new_from_token).with(token).and_return api = double(:api)
+          expect(api).to receive(:with_privilege).with("sudo").and_return('the api')
+        }
+        it_should_behave_like "builds the api"
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'rubygems'
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+$:.unshift File.join(File.dirname(__FILE__), "lib")
+
+# Allows loading of an environment config based on the environment
+require 'rspec'
+require 'securerandom'
+
+RSpec.configure do |config|
+end
+

metadata

@@ -0,0 +1,170 @@
+--- !ruby/object:Gem::Specification
+name: conjur-rack
+version: !ruby/object:Gem::Version
+  version: 1.4.0
+platform: ruby
+authors:
+- Kevin Gilpin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-10-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: slosilo
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: conjur-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.17'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.17'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: ci_reporter_rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rack authenticator and basic User struct
+email:
+- kgilpin@conjur.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".project"
+- ".rvmrc"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- conjur-rack.gemspec
+- lib/conjur/rack.rb
+- lib/conjur/rack/authenticator.rb
+- lib/conjur/rack/path_prefix.rb
+- lib/conjur/rack/user.rb
+- lib/conjur/rack/version.rb
+- spec/rack/authenticator_spec.rb
+- spec/rack/path_prefix_spec.rb
+- spec/rack/user_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/conjurinc/conjur-rack
+licenses:
+- Private
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Rack authenticator and basic User struct
+test_files:
+- spec/rack/authenticator_spec.rb
+- spec/rack/path_prefix_spec.rb
+- spec/rack/user_spec.rb
+- spec/spec_helper.rb