drillbit 0.0.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7da2a5f4ccd53545dbaed3a47514e4412a03c8d5
-  data.tar.gz: fd209949f22667edd9463773350c5e10653c02ef
+  metadata.gz: 8653add9748daa722199cda827ade767201495db
+  data.tar.gz: bad41a3d97ac655776263d7fc5770c71e09ab062
 SHA512:
-  metadata.gz: fe248f3809403c62785c45701359ae0646d8ae3ba70230ed02c7a00e126ea2c826c238c7150544faf4bacd918eddd86a88078b368dbf3aceaffccd9ffc5c1720
-  data.tar.gz: 16178d7d3d1a04f7917d5e980734deff2d05513e39d95138aa67c0a654be4e2ff09963ee0f54bab50a0f775952e7367c50d09903f321dfe7548d7152b15d7111
+  metadata.gz: d8bbd110a4c40d5beecd18b3c4b72e91b239c0b7824f7c142006d6d29caf2722ec438b5acdf5fafc573165e9edbffc49aa960c51d30b43c202eaea032cc4f7b7
+  data.tar.gz: 4e6b1c5897fa747f3497cdb17a10bed6d355fe093d7e0f7e2a65810ab8aec65b3166cdc204e0f1927f0f96cbf5d628f46b534eb8f2095ba129d0309188932e87

data/lib/drillbit/authorizable_resource.rb

@@ -75,6 +75,7 @@ module  AuthorizableResource
                     authorizer_class.
                     new(token:    token,
                         user:     authorized_user,
+                        params:   authorized_params,
                         resource: authorized_resource)
   end
 

data/lib/drillbit/authorizers/query.rb

@@ -4,11 +4,13 @@ module  Authorizers
 class   Query
   attr_accessor :token,
                 :user,
+                :params,
                 :resource
 
-  def initialize(token:, user:, resource:, **other)
+  def initialize(token:, user:, params:, resource:, **other)
     self.token    = token
     self.user     = user
+    self.params   = params
     self.resource = resource
 
     other.each do |name, value|
@@ -17,7 +19,7 @@ class   Query
   end
 
   def able_to_index?
-    true
+    false
   end
 
   def able_to_show?

data/lib/drillbit/configuration.rb

@@ -1,19 +1,31 @@
 # frozen_string_literal: true
 module  Drillbit
   class Configuration
-    attr_accessor \
-      :allowed_subdomains,
+    attr_writer \
       :allowed_api_subdomains,
+      :allowed_subdomains,
       :application_name,
+      :available_token_roles,
       :default_api_version,
+      :default_token_audience,
+      :default_token_roles,
+      :default_token_expiration_in_minutes,
+      :default_token_issuer,
+      :default_token_subject,
       :token_private_key
 
+    attr_accessor \
+      :application_name
+
     def to_h
       {
-        allowed_subdomains:     allowed_subdomains,
-        allowed_api_subdomains: allowed_api_subdomains,
-        application_name:       application_name,
-        default_api_version:    default_api_version,
+        allowed_api_subdomains:              allowed_api_subdomains,
+        allowed_subdomains:                  allowed_subdomains,
+        application_name:                    application_name,
+        default_api_version:                 default_api_version,
+        default_token_issuer:                default_token_issuer,
+        default_token_subject:               default_token_subject,
+        default_token_expiration_in_minutes: token_expiration_in_minutes,
       }
     end
 
@@ -24,6 +36,41 @@ module  Drillbit
     def allowed_api_subdomains
       @allowed_api_subdomains || ['api']
     end
+
+    def default_token_audience
+      @default_token_audience || 'public'
+    end
+
+    def available_token_roles
+      @available_token_roles || %w{standard admin password_reset email_verification}
+    end
+
+    def default_api_version
+      @default_api_version || '1'
+    end
+
+    def default_token_roles
+      @default_token_roles || %w{standard}
+    end
+
+    def default_token_issuer
+      @default_token_issuer || 'drillbit'
+    end
+
+    def default_token_subject
+      @default_token_subject || 'User'
+    end
+
+    def default_token_expiration_in_minutes
+      @default_token_expiration_in_minutes || (7 * 24 * 60)
+    end
+
+    def token_private_key
+      return unless @token_private_key
+      return @token_private_key if @token_private_key.respond_to?(:sign)
+
+      OpenSSL::PKey::RSA.new(@token_private_key)
+    end
   end
 
   def self.configure

data/lib/drillbit/resource/naming.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
+# rubocop:disable Metrics/LineLength
 module  Drillbit
 module  Resource
 module  Naming
-  CONTROLLER_RESOURCE_NAME_PATTERN = /\A((.*?::)?.*?)(\w+)Controller\z/
+  CONTROLLER_RESOURCE_NAME_PATTERN = /\A((.*?::)?.*?)(\w+?)(?:Index|Indicies)?Controller\z/
 
   module ClassMethods
     def plural_resource_name
@@ -31,3 +32,4 @@ module  Naming
 end
 end
 end
+# rubocop:enable Metrics/LineLength

data/lib/drillbit/serializers/json_api.rb

@@ -3,7 +3,17 @@ module  Drillbit
 module  Serializers
 module  JsonApi
   def json_api_type
-    object.class.name.demodulize.tableize.dasherize
+    object.
+      class.
+      name.
+      gsub(/\A[^:]+::/, '').
+      split('::').
+      reverse.
+      join('::').
+      tableize.
+      dasherize.
+      tr('/', '-').
+      pluralize
   end
 end
 end

data/lib/drillbit/tokens/json_web_token.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 require 'jwt'
 require 'json/jwt'
+require 'drillbit/configuration'
 require 'drillbit/tokens/json_web_tokens/invalid'
 require 'drillbit/tokens/json_web_tokens/null'
 
+# :reek:TooManyMethods
 module  Drillbit
 module  Tokens
 class   JsonWebToken
@@ -27,15 +29,60 @@ class   JsonWebToken
                               ].freeze
 
   attr_accessor :data,
+                :headers,
                 :private_key
 
   def initialize(data:,
+                 headers:     {},
                  private_key: Drillbit.configuration.token_private_key)
 
     self.data        = data
+    self.headers     = headers
     self.private_key = private_key
   end
 
+  def self.build_from_request(request_token)
+    return Tokens::JsonWebTokens::Null.instance unless request_token
+
+    data, headers = *request_token
+
+    new(data: data, headers: headers)
+  end
+
+  # rubocop:disable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength
+  # :reek:DuplicateMethodCall
+  def self.build(id:                SecureRandom.uuid,
+                 audience:          Drillbit.configuration.default_token_audience,
+                 expiration:        Time.now.utc.to_i + (60 * Drillbit.configuration.default_token_expiration_in_minutes),
+                 issuer:            Drillbit.configuration.default_token_issuer || 'Drillbit',
+                 issued_at:         Time.now.utc,
+                 not_before:        Time.now.utc,
+                 owner:             nil,
+                 roles:             Drillbit.configuration.default_token_roles,
+                 subject:           Drillbit.configuration.default_token_subject,
+                 subject_id:,
+                 token_private_key: Drillbit.configuration.token_private_key)
+
+    owner ||= subject_id
+
+    new(
+      private_key: token_private_key,
+      data:        {
+        'aud' => audience,
+        'exp' => expiration.to_i,
+        'iat' => issued_at.to_i,
+        'iss' => issuer,
+        'jti' => id,
+        'nbf' => not_before.to_i,
+        'own' => owner,
+        'rol' => roles.join(','),
+        'sid' => subject_id,
+        'sub' => subject,
+      },
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists, Metrics/AbcSize, Metrics/LineLength
+
   def valid?
     true
   end
@@ -45,7 +92,53 @@ class   JsonWebToken
   end
 
   def to_h
-    data
+    [data, headers]
+  end
+
+  def audience
+    data['aud']
+  end
+
+  def issued_at
+    data['iat']
+  end
+
+  def issuer
+    data['iss']
+  end
+
+  def expiration
+    data['exp']
+  end
+
+  def id
+    data['jti']
+  end
+
+  def not_before
+    data['nbf']
+  end
+
+  def owner_id
+    data['own']
+  end
+
+  def subject_id
+    data['sid']
+  end
+
+  def subject
+    data['sub']
+  end
+
+  Drillbit.configuration.available_token_roles.each do |role|
+    define_method("#{role}?") do
+      roles.include? role
+    end
+  end
+
+  def roles
+    @roles ||= data['rol'].split(',')
   end
 
   def to_jwt
@@ -91,18 +184,21 @@ class   JsonWebToken
 
     return JsonWebTokens::Null.instance if signed_token.to_s == ''
 
-    data = JWT.decode(
-                       signed_token,
-                       private_key,
-                       true,
-                       algorithm:         'RS256',
-                       verify_expiration: true,
-                       verify_not_before: true,
-                       verify_iat:        true,
-                       leeway:            5,
+    decoded = JWT.decode(
+                          signed_token,
+                          private_key,
+                          true,
+                          algorithm:         'RS256',
+                          verify_expiration: true,
+                          verify_not_before: true,
+                          verify_iat:        true,
+                          leeway:            5,
     )
 
+    data, headers = *decoded
+
     new(data:        data,
+        headers:     headers,
         private_key: private_key)
   rescue *TRANSFORMATION_EXCEPTIONS
     JsonWebTokens::Invalid.instance

data/lib/drillbit/tokens/json_web_tokens/null.rb

@@ -1,12 +1,55 @@
 # frozen_string_literal: true
+require 'drillbit/configuration'
 require 'drillbit/tokens/null'
 
 module  Drillbit
 module  Tokens
 module  JsonWebTokens
 class   Null < Tokens::Null
-  def to_h
-    [{}, {}]
+  def audience
+    nil
+  end
+
+  def issued_at
+    nil
+  end
+
+  def issuer
+    nil
+  end
+
+  def expiration
+    nil
+  end
+
+  def id
+    nil
+  end
+
+  def not_before
+    nil
+  end
+
+  def owner_id
+    nil
+  end
+
+  def subject_id
+    nil
+  end
+
+  def subject
+    nil
+  end
+
+  Drillbit.configuration.available_token_roles.each do |role|
+    define_method("#{role}?") do
+      false
+    end
+  end
+
+  def roles
+    []
   end
 end
 end

data/lib/drillbit/tokens/json_web_tokens/password_reset.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require 'drillbit/tokens/json_web_token'
+
+module  Drillbit
+module  Tokens
+module  JsonWebTokens
+class   PasswordReset < JsonWebToken
+  def self.build(expiration: Time.now.utc.to_i + (30 * 60), **attrs)
+    super(expiration: expiration, **attrs)
+  end
+end
+end
+end
+end

data/lib/drillbit/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Drillbit
-  VERSION = '0.0.1'
+  VERSION = '1.0.0'
 end

data/spec/drillbit/authorizers/query_spec.rb

@@ -8,9 +8,10 @@ RSpec.describe  Query do
   it 'does not authorize the resource by default' do
     authorizer = Query.new(token:    '123',
                            user:     'my_user',
-                           resource: 'my_resource')
+                           resource: 'my_resource',
+                           params:   'my_params')
 
-    expect(authorizer).to     be_able_to_index
+    expect(authorizer).not_to be_able_to_index
     expect(authorizer).not_to be_able_to_show
     expect(authorizer).not_to be_able_to_create
     expect(authorizer).not_to be_able_to_update

data/spec/drillbit/tokens/json_web_token_spec.rb

@@ -41,7 +41,17 @@ RSpec.describe  JsonWebToken do
                                   private_key: test_private_key)
 
     expect(token).to      be_a JsonWebToken
-    expect(token.to_h).to eql([{ 'bar' => 'baz' }, { 'typ' => 'JWT', 'alg' => 'RS256' }])
+    expect(token.to_h).to eql(
+      [
+        {
+          'bar' => 'baz',
+        },
+        {
+          'typ' => 'JWT',
+          'alg' => 'RS256',
+        },
+      ],
+    )
   end
 
   it 'can convert an empty signed token' do
@@ -130,6 +140,84 @@ RSpec.describe  JsonWebToken do
                                         ]
   end
   # rubocop:enable Metrics/LineLength
+
+  it 'can accept roles as a string but convert them to an array' do
+    token = JsonWebToken.new(data:        { 'rol' => 'bar,baz' },
+                             private_key: test_private_key)
+
+    expect(token.roles).to eql %w{bar baz}
+
+    jwe_s = token.to_jwe_s
+
+    converted_token = JsonWebToken.from_jwe(jwe_s,
+                                            private_key: test_private_key)
+
+    expect(converted_token.data['rol']).to eql 'bar,baz'
+    expect(converted_token.roles).to       eql %w{bar baz}
+  end
+
+  it 'can build a token by explicitly specifying all the data', :time_mock do
+    token = JsonWebToken.build(id:                'test_id',
+                               audience:          'audience',
+                               expiration:        20.years.from_now,
+                               issuer:            'issuer',
+                               issued_at:         5.minutes.ago,
+                               not_before:        1.month.ago,
+                               owner:             'subject_id',
+                               roles:             %w{my_role},
+                               subject:           'my_subject',
+                               subject_id:        'subject_id',
+                               token_private_key: test_private_key)
+
+    jwe_s = token.to_jwe_s
+
+    converted_token = JsonWebToken.from_jwe(jwe_s,
+                                            private_key: test_private_key)
+
+    expect(converted_token.to_h).to eql(
+      [
+        {
+          'aud' => 'audience',
+          'exp' => 1_974_477_600,
+          'iat' => 1_343_325_300,
+          'iss' => 'issuer',
+          'jti' => 'test_id',
+          'nbf' => 1_340_733_600,
+          'own' => 'subject_id',
+          'rol' => 'my_role',
+          'sid' => 'subject_id',
+          'sub' => 'my_subject',
+        },
+        {
+          'typ' => 'JWT',
+          'alg' => 'RS256',
+        },
+      ],
+    )
+  end
+
+  it 'can build a token by only specifying the subject ID', :time_mock do
+    token = JsonWebToken.build(subject_id:        'subject_id',
+                               token_private_key: test_private_key)
+
+    jwe_s = token.to_jwe_s
+
+    converted_token = JsonWebToken.from_jwe(jwe_s,
+                                            private_key: test_private_key)
+
+    expect(converted_token.to_h).to include(
+      'aud' => 'public',
+      'exp' => 1_343_930_400,
+      'iat' => 1_343_325_600,
+      'iss' => 'drillbit',
+      'jti' => match(uuid_regex),
+      'nbf' => 1_343_325_600,
+      'own' => 'subject_id',
+      'rol' => 'standard',
+      'sid' => 'subject_id',
+      'sub' => 'User',
+    )
+  end
 end
 end
 end

data/spec/drillbit/tokens/json_web_tokens/password_reset_spec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+require 'spec_helper'
+require 'drillbit/tokens/json_web_tokens/password_reset'
+
+module          Drillbit
+module          Tokens
+module          JsonWebTokens
+RSpec.describe  PasswordReset do
+  it 'can build a token that expires during the password reset timeframe', :time_mock do
+    token = JsonWebToken.build(id:                'test_id',
+                               subject_id:        'subject_id',
+                               token_private_key: test_private_key)
+
+    jwe_s = token.to_jwe_s
+
+    converted_token = JsonWebToken.from_jwe(jwe_s,
+                                            private_key: test_private_key)
+
+    expect(converted_token.to_h).to eql(
+      [
+        {
+          'aud' => 'public',
+          'exp' => 1_343_930_400,
+          'iat' => 1_343_325_600,
+          'iss' => 'drillbit',
+          'jti' => 'test_id',
+          'nbf' => 1_343_325_600,
+          'own' => 'subject_id',
+          'rol' => 'standard',
+          'sid' => 'subject_id',
+          'sub' => 'User',
+        },
+        {
+          'typ' => 'JWT',
+          'alg' => 'RS256',
+        },
+      ],
+    )
+  end
+end
+end
+end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: drillbit
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 1.0.0
 platform: ruby
 authors:
 - thegranddesign
@@ -31,7 +31,7 @@ cert_chain:
   zRIv8lqQM8QFT76rzP5SBCERwN+ltKAFbQ5/FwmZNGWYnmCP3RZMQiRnbh+9H9lh
   mlbwaYZTjgsXq6cy8N38EecewgBbZYS1IYJraE/M
   -----END CERTIFICATE-----
-date: 2016-05-01 00:00:00.000000000 Z
+date: 2016-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: erratum
@@ -103,6 +103,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
 description: ''
 email: rubygems@livinghighontheblog.com
 executables: []
@@ -155,6 +169,7 @@ files:
 - lib/drillbit/tokens/json_web_token.rb
 - lib/drillbit/tokens/json_web_tokens/invalid.rb
 - lib/drillbit/tokens/json_web_tokens/null.rb
+- lib/drillbit/tokens/json_web_tokens/password_reset.rb
 - lib/drillbit/tokens/null.rb
 - lib/drillbit/version.rb
 - spec/drillbit/accept_header_spec.rb
@@ -183,6 +198,7 @@ files:
 - spec/drillbit/resource/processors/sorting_spec.rb
 - spec/drillbit/tokens/base64_spec.rb
 - spec/drillbit/tokens/json_web_token_spec.rb
+- spec/drillbit/tokens/json_web_tokens/password_reset_spec.rb
 - spec/fixtures/test_rsa_key
 - spec/fixtures/test_rsa_key.pub
 - spec/spec_helper.rb
@@ -238,6 +254,7 @@ test_files:
 - spec/drillbit/resource/processors/sorting_spec.rb
 - spec/drillbit/tokens/base64_spec.rb
 - spec/drillbit/tokens/json_web_token_spec.rb
+- spec/drillbit/tokens/json_web_tokens/password_reset_spec.rb
 - spec/fixtures/test_rsa_key
 - spec/fixtures/test_rsa_key.pub
 - spec/spec_helper.rb