digestive 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 21d6d553eb8692cd4ba1c1153ab5c1709f4fbe90
+  data.tar.gz: 0d94f3e0c745428fe9291976f9c9a77cd3fb5e61
+SHA512:
+  metadata.gz: c2ba4d48fa6c6cf74c1e674f219122d2a657a056bd8fbac485a25cc8bcf59e469477c0cfa3993a493f328610def044c377d760f1c23efcfdb67da8c975907929
+  data.tar.gz: c158552c5e55affc3fa23096031857642ac1c014c69bc56e5327f611abd3fcc8d6c8ae29130abdd33ae7fc152314dc525bc86b2be548096734cd8acf095a6980

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+memory

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in digestive.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+
+guard :minitest do
+  watch(%r|^spec/(.+)_spec\.rb$|)
+  watch(%r|^lib/(.+)\.rb$|) { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r|^spec/spec_helper.rb$|)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Robert Dallas Gray
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,25 @@
+# Digestive
+
+A super-simple microframework to implement Digest Authentication for
+Rails apps.
+
+NB USE AT YOUR OWN RISK!
+
+```ruby
+include Digestive::Auth
+# simple simon
+before_filter :authenticate
+
+# authenticate with an authorization strategy
+def authenticate_as_admin
+  authenticate { |user| user.is_admin? }
+end
+
+# on successful authentication, user stored in instance var
+# of including class
+@current_user.is_a?(User)
+```
+
+## Installation
+
+    $ gem install digestive

data/Rakefile

@@ -0,0 +1,8 @@
+# encoding: UTF-8
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.pattern = 'spec/**/*_spec.rb'
+end

data/digestive.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'digestive/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'digestive'
+  spec.version       = Digestive::VERSION
+  spec.authors       = ['Robert Dallas Gray']
+  spec.email         = ['mail@robertdallasgray.com']
+  spec.description   = %q{Simple digest auth with roles}
+  spec.summary       = %q{Simple digest auth with roles}
+  spec.homepage      = ''
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.test_files    = spec.files.grep(/^spec\//)
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'm', '~> 1.3.1'
+  spec.add_development_dependency 'guard', '>= 1.8'
+  spec.add_development_dependency 'guard-minitest'
+  spec.add_development_dependency 'activerecord', '~> 3'
+  spec.add_development_dependency 'sqlite3'
+  spec.add_development_dependency 'mocha'
+end

data/lib/digestive/auth/service.rb

@@ -0,0 +1,57 @@
+# encoding: UTF-8
+
+module Digestive
+  module Auth
+    # Handles authentication of a credentialed object, using a given provider.
+    # The credentialed object will normally be a user, and the provider
+    # `ActionController::HttpAuthentication::Digest::ControllerMethods`.
+    # @!attribute [r] user
+    #   @return [Object]
+    #     The currently-authenticated user, or nil
+    class Service
+
+      attr_reader :user
+
+      # Create a new Digest::Auth::Service.
+      # @param [Object] credentialed
+      #   An object responding to constant DIGEST_REALM and
+      #   method find_by_username. See {Digestive::User}.
+      # @param [Object] provider
+      #   An object responding to methods
+      #   `authenticate_with_http_digest` and
+      #   `request_http_digest_authentication`.
+      #   Defaults to nil; if not given, {Digestive::Auth::Service}
+      #   will expect the methods to be mixed-in, which
+      #   in the context of Rails, they should be.
+      def initialize(credentialed, provider=nil)
+        @credentialed = credentialed
+        @provider = provider || self
+      end
+
+      # Authenticate, optionally with an authorization strategy.
+      # If authentication can't be verified, prompt for credentials.
+      # @param [Block] strategy
+      #   Block accepting one argument (an object returned by
+      #   @credentialed.find_by_username) and returning a boolean.
+      def authenticate(&strategy)
+        unless authenticated?(strategy)
+          realm = @credentialed::DIGEST_REALM
+          @provider.request_http_digest_authentication(realm)
+        end
+      end
+
+      private
+
+      def authenticated?(strategy=nil)
+        realm = @credentialed::DIGEST_REALM
+        strategy ||= ->(user) { true }
+        user = nil
+        @provider.authenticate_with_http_digest(realm) do |username|
+          user = @credentialed.find_by_username(username)
+          user.nil? ? nil : user.password
+        end
+        @user = user if strategy.call(user)
+      end
+    end
+  end
+end

data/lib/digestive/auth.rb

@@ -0,0 +1,37 @@
+# encoding: UTF-8
+
+require_relative 'auth/service'
+
+module Digestive
+  module Auth
+    # Convenience method to require authentication.
+    # If successful, will set the @current_user
+    # instance variable of the including object to the
+    # authenticated user.
+    # @param [Hash] options
+    # @option options [Object] credentialed
+    #   An object responding to constant DIGEST_REALM and
+    #   method find_by_username.
+    #   See {Digestive::User}, to which the option defaults.
+    # @option options [Object] provider
+    #   An object responding to methods
+    #   `authenticate_with_http_digest` and
+    #   `request_http_digest_authentication`.
+    #   Defaults to nil; if not given, {Digestive::Auth::Service}
+    #   will expect the methods to be mixed-in, which
+    #   in the context of Rails, they should be.
+    # @param [Block] strategy
+    #   A block, accepting a single argument, intended
+    #   to be the authenticating user, which will
+    #   return true or false to indicate authorization.
+    # @return [Object]
+    #   The authenticated user, or nil if authentication fails.
+    def authenticate(options={}, &strategy)
+      credentialed = options[:credentialed] || ::User
+      provider = options[:provider]
+      service = Service.new(credentialed, provider)
+      service.authenticate(&strategy)
+      @current_user = service.user
+    end
+  end
+end

data/lib/digestive/credentials.rb

@@ -0,0 +1,23 @@
+# encoding: UTF-8
+
+require 'digest/md5'
+
+module Digestive
+  module Credentials
+    # Encrypt a given password for comparison with a password
+    # given during the authentication process, per
+    # {http://tools.ietf.org/html/rfc2069 RFC2069}.
+    # @param [String] username
+    #   User's username
+    # @param [String] realm
+    #   Realm to which the user is authenticating
+    # @param [String] password
+    #   User's password
+    # @return [String]
+    #   A string encrypted per RFC2069
+    def encrypt_password(username, realm, password)
+      a1 = [username, realm, password].join(':')
+      ::Digest::MD5.hexdigest(a1).to_s
+    end
+  end
+end

data/lib/digestive/user.rb

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+
+require_relative 'credentials'
+
+module Digestive
+  # A simple User class which will function with Digestive.
+  class User < ::ActiveRecord::Base
+    include Credentials
+
+    # The realm to which the user will authenticate
+    DIGEST_REALM = 'user@example.com'
+
+    validates :username, presence: true, uniqueness: true
+    validates :password, presence: true
+
+    attr_accessible :username, :password
+
+    before_save :digest_encrypt_password
+
+    # The JSON representation of a User conceals the password
+    def as_json(options={})
+      hash = super(options)
+      hash['user']['password'] = ''
+      hash
+    end
+
+    private
+
+    # User's password is encrypted before save
+    def digest_encrypt_password
+      if password_changed? || username_changed?
+        self.password = encrypt_password(username, DIGEST_REALM, password)
+      end
+    end
+  end
+end

data/lib/digestive/version.rb

@@ -0,0 +1,3 @@
+module Digestive
+  VERSION = "0.0.1"
+end

data/lib/digestive.rb

@@ -0,0 +1,9 @@
+# encoding: UTF-8
+
+require 'digestive/version'
+require 'digestive/user'
+require 'digestive/auth'
+require 'digestive/credentials'
+
+module Digestive
+end

data/spec/digestive/auth/service_spec.rb

@@ -0,0 +1,43 @@
+# encoding: UTF-8
+
+require_relative '../../spec_helper'
+require_relative '../../../lib/digestive/auth/service'
+
+describe Digestive::Auth::Service do
+
+  class Provider
+    def self.request_http_digest_authentication(realm, message=nil)
+    end
+    def self.authenticate_with_http_digest(realm, &procedure)
+      procedure.call('test')
+    end
+  end
+
+  before do
+    @service = Digestive::Auth::Service.new(User, Provider)
+  end
+
+  it 'should prompt for authentication if a user is not authenticated' do
+    Provider.expects(:request_http_digest_authentication)
+      .with(User::DIGEST_REALM)
+    @service.stubs(:authenticated?).returns(false)
+    @service.authenticate
+  end
+
+  it 'should authenticate a user with http digest' do
+    Provider.expects(:authenticate_with_http_digest).with(User::DIGEST_REALM)
+    @service.authenticate
+  end
+
+  it 'should return the user if authenticated' do
+    @service.authenticate
+    @service.user.must_be_instance_of User
+  end
+
+  it 'should use a strategy to authorize a user' do
+    @service.authenticate { |u| false }
+    @service.user.must_equal nil
+    @service.authenticate { |u| true }
+    @service.user.must_be_instance_of User
+  end
+end

data/spec/digestive/auth_spec.rb

@@ -0,0 +1,34 @@
+# encoding: UTF-8
+
+require_relative '../spec_helper'
+require_relative '../../lib/digestive/auth'
+require_relative '../../lib/digestive/user'
+
+describe Digestive::Auth do
+
+  class Authenticatable
+    include Digestive::Auth
+    attr_reader :current_user
+  end
+
+  before do
+    @authenticatable = Authenticatable.new
+  end
+
+  it 'should provide a convenience method' do
+    service = Digestive::Auth::Service.new(::User)
+    Digestive::Auth::Service.expects(:new).with(::User, nil)
+      .returns(service)
+    service.expects(:authenticate)
+    @authenticatable.authenticate
+  end
+
+  it 'should set the authenticated user' do
+    service = Digestive::Auth::Service.new(::User)
+    Digestive::Auth::Service.expects(:new).returns(service)
+    service.expects(:authenticate)
+    service.expects(:user).returns(::User.new)
+    @authenticatable.authenticate
+    @authenticatable.current_user.must_be_instance_of ::User
+  end
+end

data/spec/digestive/credentials_spec.rb

@@ -0,0 +1,25 @@
+# encoding: UTF-8
+
+require_relative '../spec_helper'
+require_relative '../../lib/digestive/credentials'
+
+describe Digestive do
+
+  class Encryptable
+    include Digestive::Credentials
+  end
+
+  before do
+    @encryptable = Encryptable.new
+  end
+
+  it 'should encrypt a password for a set of credentials' do
+    username = 'test_username'
+    realm = 'test_realm'
+    password = 'test_password'
+    encrypted_password = @encryptable.encrypt_password(username, realm, password)
+    a1 = [username, realm, password].join(':')
+    sample_password = Digest::MD5.hexdigest(a1).to_s
+    encrypted_password.must_equal sample_password
+  end
+end

data/spec/digestive/user_spec.rb

@@ -0,0 +1,24 @@
+# encoding: UTF-8
+
+require_relative '../spec_helper'
+require_relative '../../lib/digestive/user'
+
+describe Digestive::User do
+
+  before do
+    @user_attrs = { name: 'Rich', username: 'tea', password: 'hobnob' }
+    @user = Digestive::User.new(@user_attrs)
+  end
+
+  it 'should conceal the password in json' do
+    json = @user.to_json
+    json.wont_match @user_attrs[:password]
+  end
+
+  it 'should digest-encrypt the password on save' do
+    a1 = [@user.username, Digestive::User::DIGEST_REALM, @user.password].join(':')
+    encrypted_password = Digest::MD5.hexdigest(a1).to_s
+    @user.save
+    @user.password.must_equal encrypted_password
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,28 @@
+# encoding: UTF-8
+
+gem 'activerecord'
+
+require 'active_record'
+require 'minitest/autorun'
+require 'mocha/setup'
+
+class User
+  DIGEST_REALM = 'test'
+  def self.find_by_username(username)
+    self.new
+  end
+  def password
+    'test'
+  end
+end
+
+ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: 'memory')
+
+ActiveRecord::Schema.define do
+  self.verbose = false
+
+  create_table :users, force: true do |t|
+    t.string  :username
+    t.string  :password
+  end
+end

metadata

@@ -0,0 +1,180 @@
+--- !ruby/object:Gem::Specification
+name: digestive
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Robert Dallas Gray
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-07-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple digest auth with roles
+email:
+- mail@robertdallasgray.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- digestive.gemspec
+- lib/digestive.rb
+- lib/digestive/auth.rb
+- lib/digestive/auth/service.rb
+- lib/digestive/credentials.rb
+- lib/digestive/user.rb
+- lib/digestive/version.rb
+- spec/digestive/auth/service_spec.rb
+- spec/digestive/auth_spec.rb
+- spec/digestive/credentials_spec.rb
+- spec/digestive/user_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.2
+signing_key: 
+specification_version: 4
+summary: Simple digest auth with roles
+test_files:
+- spec/digestive/auth/service_spec.rb
+- spec/digestive/auth_spec.rb
+- spec/digestive/credentials_spec.rb
+- spec/digestive/user_spec.rb
+- spec/spec_helper.rb
+has_rdoc: