drillbit 2.11.0 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/drillbit.rb +1 -0
- data/lib/drillbit/accept_header.rb +1 -0
- data/lib/drillbit/authorizable_resource.rb +61 -60
- data/lib/drillbit/authorizers/parameters.rb +1 -0
- data/lib/drillbit/authorizers/parameters/filtering.rb +7 -6
- data/lib/drillbit/authorizers/parameters/inclusions.rb +6 -9
- data/lib/drillbit/authorizers/parameters/resource.rb +20 -19
- data/lib/drillbit/authorizers/query.rb +1 -0
- data/lib/drillbit/authorizers/scope.rb +5 -4
- data/lib/drillbit/compatibility/controllers.rb +1 -0
- data/lib/drillbit/configuration.rb +14 -16
- data/lib/drillbit/errors/invalid_api_request.rb +1 -0
- data/lib/drillbit/errors/invalid_request_body.rb +1 -0
- data/lib/drillbit/errors/invalid_subdomain.rb +1 -0
- data/lib/drillbit/errors/invalid_token.rb +1 -0
- data/lib/drillbit/errors/unpermitted_inclusions.rb +1 -0
- data/lib/drillbit/matchers/accept_header.rb +1 -0
- data/lib/drillbit/matchers/generic.rb +4 -3
- data/lib/drillbit/matchers/subdomain.rb +5 -6
- data/lib/drillbit/matchers/version.rb +3 -2
- data/lib/drillbit/middleware/api_request_validator.rb +4 -3
- data/lib/drillbit/middleware/parameter_parser.rb +1 -0
- data/lib/drillbit/middleware/token_processor.rb +1 -0
- data/lib/drillbit/parameters/filter.rb +12 -11
- data/lib/drillbit/parameters/index.rb +3 -2
- data/lib/drillbit/parameters/page.rb +1 -0
- data/lib/drillbit/parameters/sort.rb +1 -0
- data/lib/drillbit/requests/base.rb +1 -1
- data/lib/drillbit/requests/rack.rb +3 -0
- data/lib/drillbit/requests/rails.rb +1 -0
- data/lib/drillbit/resource.rb +1 -0
- data/lib/drillbit/resource/model.rb +5 -4
- data/lib/drillbit/resource/naming.rb +11 -10
- data/lib/drillbit/resource/processors/filtering.rb +1 -0
- data/lib/drillbit/resource/processors/indexing.rb +1 -0
- data/lib/drillbit/resource/processors/paging.rb +4 -3
- data/lib/drillbit/resource/processors/sorting.rb +1 -0
- data/lib/drillbit/responses/invalid_api_request.rb +3 -0
- data/lib/drillbit/responses/invalid_request_body.rb +3 -0
- data/lib/drillbit/responses/invalid_subdomain.rb +3 -0
- data/lib/drillbit/responses/invalid_token.rb +3 -0
- data/lib/drillbit/serializers/json_api.rb +12 -11
- data/lib/drillbit/tokens/base64.rb +1 -0
- data/lib/drillbit/tokens/base64s/invalid.rb +1 -0
- data/lib/drillbit/tokens/base64s/null.rb +1 -0
- data/lib/drillbit/tokens/invalid.rb +1 -0
- data/lib/drillbit/tokens/json_web_token.rb +6 -5
- data/lib/drillbit/tokens/json_web_tokens/invalid.rb +1 -0
- data/lib/drillbit/tokens/json_web_tokens/null.rb +1 -0
- data/lib/drillbit/tokens/json_web_tokens/password_reset.rb +1 -0
- data/lib/drillbit/tokens/null.rb +1 -0
- data/lib/drillbit/utilities/string.rb +1 -0
- data/lib/drillbit/version.rb +2 -1
- metadata +28 -94
- metadata.gz.sig +0 -0
- data/Rakefile +0 -2
- data/spec/drillbit/accept_header_spec.rb +0 -119
- data/spec/drillbit/authorizers/parameters/filtering_spec.rb +0 -101
- data/spec/drillbit/authorizers/parameters/resource_spec.rb +0 -12
- data/spec/drillbit/authorizers/parameters_spec.rb +0 -19
- data/spec/drillbit/authorizers/query_spec.rb +0 -24
- data/spec/drillbit/authorizers/scope_spec.rb +0 -21
- data/spec/drillbit/errors/invalid_api_request_spec.rb +0 -31
- data/spec/drillbit/errors/invalid_request_body_spec.rb +0 -25
- data/spec/drillbit/errors/invalid_subdomain_spec.rb +0 -30
- data/spec/drillbit/errors/invalid_token_spec.rb +0 -24
- data/spec/drillbit/invalid_subdomain_spec.rb +0 -45
- data/spec/drillbit/invalid_token_spec.rb +0 -44
- data/spec/drillbit/matchers/accept_header_spec.rb +0 -114
- data/spec/drillbit/matchers/subdomain_spec.rb +0 -78
- data/spec/drillbit/matchers/version_spec.rb +0 -86
- data/spec/drillbit/middleware/api_request_validator_spec.rb +0 -185
- data/spec/drillbit/middleware/parameter_parser_spec.rb +0 -200
- data/spec/drillbit/middleware/token_processor_spec.rb +0 -27
- data/spec/drillbit/requests/base_spec.rb +0 -37
- data/spec/drillbit/requests/rack_spec.rb +0 -252
- data/spec/drillbit/requests/rails_spec.rb +0 -264
- data/spec/drillbit/resource/model_spec.rb +0 -64
- data/spec/drillbit/resource/processors/filtering_spec.rb +0 -106
- data/spec/drillbit/resource/processors/indexing_spec.rb +0 -45
- data/spec/drillbit/resource/processors/paging_spec.rb +0 -74
- data/spec/drillbit/resource/processors/sorting_spec.rb +0 -66
- data/spec/drillbit/tokens/base64_spec.rb +0 -44
- data/spec/drillbit/tokens/json_web_token_spec.rb +0 -231
- data/spec/drillbit/tokens/json_web_tokens/password_reset_spec.rb +0 -43
- data/spec/fixtures/test_rsa_key +0 -27
- data/spec/fixtures/test_rsa_key.pub +0 -9
- data/spec/spec_helper.rb +0 -4
- data/spec/support/private_keys.rb +0 -42
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 21b351789867855382f7d34e1e9be5992ba79675
|
4
|
+
data.tar.gz: de799bd372c085ec0c8bded02d0731eb376fc441
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 454f8b4ff3d4f0cecebccfb31cacb60054987cd78ec1616c756677a7e7e324d83eccb877f9c4b4e65ea18b8a650b9e9b3bd5096f69c0660c6ccf1017e350aa20
|
7
|
+
data.tar.gz: 519698ac22164db0b00e8f95dfcf499df299e5cc57c2eae67c6896e02416bd096ad547f7d3583489987fa2182005bf23e7d4f61f913ff5fb71e9dc3624541c2b
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/lib/drillbit.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'drillbit/resource/naming'
|
3
4
|
require 'drillbit/resource/model'
|
4
5
|
|
@@ -14,8 +15,8 @@ module AuthorizableResource
|
|
14
15
|
def authorizer_class
|
15
16
|
@authorizer_class ||= "#{authorizer_prefix}" \
|
16
17
|
"Authorizers::" \
|
17
|
-
"#{resource_class_name}"
|
18
|
-
|
18
|
+
"#{resource_class_name}"
|
19
|
+
.constantize
|
19
20
|
rescue NameError
|
20
21
|
'Drillbit::Authorizers::Query'.constantize
|
21
22
|
end
|
@@ -24,8 +25,8 @@ module AuthorizableResource
|
|
24
25
|
@authorizer_scope_class ||= "#{authorizer_prefix}" \
|
25
26
|
"Authorizers::" \
|
26
27
|
"#{resource_class_name}" \
|
27
|
-
"::Scope"
|
28
|
-
|
28
|
+
"::Scope"
|
29
|
+
.constantize
|
29
30
|
rescue NameError
|
30
31
|
'Drillbit::Authorizers::Scope'.constantize
|
31
32
|
end
|
@@ -34,8 +35,8 @@ module AuthorizableResource
|
|
34
35
|
@authorizer_resource_params_class ||= "#{authorizer_prefix}" \
|
35
36
|
"Authorizers::" \
|
36
37
|
"#{resource_class_name}" \
|
37
|
-
"::ResourceParameters"
|
38
|
-
|
38
|
+
"::ResourceParameters"
|
39
|
+
.constantize
|
39
40
|
rescue NameError
|
40
41
|
'Drillbit::Authorizers::Parameters::Resource'.constantize
|
41
42
|
end
|
@@ -44,8 +45,8 @@ module AuthorizableResource
|
|
44
45
|
@authorizer_filtering_params_class ||= "#{authorizer_prefix}" \
|
45
46
|
"Authorizers::" \
|
46
47
|
"#{resource_class_name}::" \
|
47
|
-
"FilteringParameters"
|
48
|
-
|
48
|
+
"FilteringParameters"
|
49
|
+
.constantize
|
49
50
|
rescue NameError
|
50
51
|
'Drillbit::Authorizers::Parameters::Filtering'.constantize
|
51
52
|
end
|
@@ -54,8 +55,8 @@ module AuthorizableResource
|
|
54
55
|
@authorizer_inclusions_params_class ||= "#{authorizer_prefix}" \
|
55
56
|
"Authorizers::" \
|
56
57
|
"#{resource_class_name}::" \
|
57
|
-
"InclusionParameters"
|
58
|
-
|
58
|
+
"InclusionParameters"
|
59
|
+
.constantize
|
59
60
|
rescue NameError
|
60
61
|
'Drillbit::Authorizers::Parameters::Inclusions'.constantize
|
61
62
|
end
|
@@ -82,50 +83,50 @@ module AuthorizableResource
|
|
82
83
|
end
|
83
84
|
|
84
85
|
def authorizer
|
85
|
-
@authorizer ||= self
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
86
|
+
@authorizer ||= self
|
87
|
+
.class
|
88
|
+
.authorizer_class
|
89
|
+
.new(action: action_name,
|
90
|
+
token: token,
|
91
|
+
user: authorized_user,
|
92
|
+
issuer: authorized_issuer,
|
93
|
+
params: authorized_params,
|
94
|
+
resource: authorized_resource)
|
94
95
|
end
|
95
96
|
|
96
97
|
def authorized_scope
|
97
|
-
@authorized_scope ||= self
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
98
|
+
@authorized_scope ||= self
|
99
|
+
.class
|
100
|
+
.authorizer_scope_class
|
101
|
+
.new(action: action_name,
|
102
|
+
token: token,
|
103
|
+
user: authorized_user,
|
104
|
+
issuer: authorized_issuer,
|
105
|
+
params: authorized_params,
|
106
|
+
scope_root: authorized_scope_root)
|
107
|
+
.call
|
107
108
|
end
|
108
109
|
|
109
110
|
def authorized_inclusions
|
110
|
-
@authorized_inclusions ||= self
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
111
|
+
@authorized_inclusions ||= self
|
112
|
+
.class
|
113
|
+
.authorizer_inclusions_params_class
|
114
|
+
.new(action: action_name,
|
115
|
+
token: token,
|
116
|
+
user: authorized_user,
|
117
|
+
issuer: authorized_issuer,
|
118
|
+
params: authorized_params)
|
119
|
+
.call
|
119
120
|
end
|
120
121
|
|
121
122
|
def authorized_params
|
122
|
-
@authorized_params ||= authorizer_params_class
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
123
|
+
@authorized_params ||= authorizer_params_class
|
124
|
+
.new(action: action_name,
|
125
|
+
token: token,
|
126
|
+
user: authorized_user,
|
127
|
+
issuer: authorized_issuer,
|
128
|
+
params: params)
|
129
|
+
.call
|
129
130
|
end
|
130
131
|
|
131
132
|
# rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
|
@@ -133,20 +134,20 @@ module AuthorizableResource
|
|
133
134
|
# rubocop:disable Metrics/BlockNesting
|
134
135
|
def authorized_attributes
|
135
136
|
@authorized_attributes ||= begin
|
136
|
-
attributes
|
137
|
-
|
138
|
-
|
137
|
+
attributes = authorized_params
|
138
|
+
.fetch(:data, {})
|
139
|
+
.fetch(:attributes, authorized_params.class.new)
|
139
140
|
|
140
141
|
relationships = authorized_params.class.new
|
141
142
|
|
142
|
-
authorized_params
|
143
|
-
|
144
|
-
|
145
|
-
|
143
|
+
authorized_params
|
144
|
+
.fetch(:data, {})
|
145
|
+
.fetch(:relationships, authorized_params.class.new)
|
146
|
+
.each_pair do |name, relationship|
|
146
147
|
if relationship[:data].is_a?(Array)
|
147
148
|
if (relationship[:data][0] || {})[:attributes]
|
148
149
|
relationships["#{name}_attributes"] = relationship[:data].map do |datum|
|
149
|
-
attrs
|
150
|
+
attrs = datum[:attributes].dup
|
150
151
|
|
151
152
|
attrs.delete(:__id__)
|
152
153
|
attrs[:id] = datum[:id] if datum[:id]
|
@@ -177,18 +178,18 @@ module AuthorizableResource
|
|
177
178
|
# rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity
|
178
179
|
|
179
180
|
def authorized_resource
|
180
|
-
return
|
181
|
+
return if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
|
181
182
|
|
182
183
|
@authorized_resource ||= public_send(self.class.singular_resource_name)
|
183
184
|
end
|
184
185
|
|
185
186
|
def authorized_collection
|
186
|
-
return
|
187
|
+
return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)
|
187
188
|
|
188
189
|
@authorized_collection ||= \
|
189
|
-
Resource::Model
|
190
|
-
|
191
|
-
|
190
|
+
Resource::Model
|
191
|
+
.new(resource: public_send(self.class.plural_resource_name),
|
192
|
+
parameters: authorized_params)
|
192
193
|
end
|
193
194
|
|
194
195
|
def authorizer_params_class
|
@@ -201,8 +202,8 @@ module AuthorizableResource
|
|
201
202
|
|
202
203
|
def authorized_scope_root
|
203
204
|
@authorized_scope_root ||= "#{self.class.authorizer_prefix}" \
|
204
|
-
"#{self.class.resource_class_name}"
|
205
|
-
|
205
|
+
"#{self.class.resource_class_name}"
|
206
|
+
.constantize
|
206
207
|
end
|
207
208
|
|
208
209
|
def authorized_user
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'drillbit/authorizers/parameters'
|
3
4
|
|
4
5
|
module Drillbit
|
@@ -35,9 +36,9 @@ class Filtering < Authorizers::Parameters
|
|
35
36
|
end
|
36
37
|
|
37
38
|
def add_filterable_parameter(name)
|
38
|
-
param = params
|
39
|
-
|
40
|
-
|
39
|
+
param = params
|
40
|
+
.fetch(:filter, {})
|
41
|
+
.fetch(name, nil)
|
41
42
|
|
42
43
|
if param.class == Array
|
43
44
|
authorized_params[7][:filter][1][name] = []
|
@@ -61,9 +62,9 @@ class Filtering < Authorizers::Parameters
|
|
61
62
|
|
62
63
|
return true if !override_if_admin && token.admin?
|
63
64
|
|
64
|
-
param = params
|
65
|
-
|
66
|
-
|
65
|
+
param = params
|
66
|
+
.fetch(:filter, {})
|
67
|
+
.fetch(name, nil)
|
67
68
|
|
68
69
|
return if !param && only_when_present
|
69
70
|
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'drillbit/authorizers/parameters'
|
3
4
|
require 'drillbit/errors/unpermitted_inclusions'
|
4
5
|
|
@@ -6,18 +7,14 @@ module Drillbit
|
|
6
7
|
module Authorizers
|
7
8
|
class Parameters
|
8
9
|
class Inclusions < Authorizers::Parameters
|
9
|
-
|
10
|
+
attr_writer :authorized_inclusions
|
10
11
|
|
11
|
-
# rubocop:disable Style/RaiseArgs
|
12
12
|
def call
|
13
13
|
fail Errors::UnpermittedInclusions.new(inclusions: requested_inclusions) \
|
14
14
|
if inclusion_differences.any?
|
15
15
|
|
16
16
|
authorized_inclusions
|
17
17
|
end
|
18
|
-
# rubocop:enable Style/RaiseArgs
|
19
|
-
|
20
|
-
protected
|
21
18
|
|
22
19
|
def authorized_inclusions
|
23
20
|
@authorized_inclusions ||= []
|
@@ -36,10 +33,10 @@ class Inclusions < Authorizers::Parameters
|
|
36
33
|
end
|
37
34
|
|
38
35
|
def requested_inclusions
|
39
|
-
@requested_inclusions ||= params
|
40
|
-
|
41
|
-
|
42
|
-
|
36
|
+
@requested_inclusions ||= params
|
37
|
+
.fetch(:include, '')
|
38
|
+
.split(',')
|
39
|
+
.map(&:to_sym)
|
43
40
|
end
|
44
41
|
|
45
42
|
def inclusion_differences
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'drillbit/authorizers/parameters'
|
3
4
|
|
4
5
|
module Drillbit
|
@@ -34,10 +35,10 @@ class Resource < Authorizers::Parameters
|
|
34
35
|
end
|
35
36
|
|
36
37
|
def add_authorized_attribute(name)
|
37
|
-
param = params
|
38
|
-
|
39
|
-
|
40
|
-
|
38
|
+
param = params
|
39
|
+
.fetch(:data, {})
|
40
|
+
.fetch(:attributes, {})
|
41
|
+
.fetch(name, nil)
|
41
42
|
|
42
43
|
if param.class == Array
|
43
44
|
authorized_params[7][:data][2][:attributes][0][name] = []
|
@@ -54,17 +55,17 @@ class Resource < Authorizers::Parameters
|
|
54
55
|
|
55
56
|
# rubocop:disable Metrics/AbcSize
|
56
57
|
def add_authorized_relationship(name, embedded_attributes: [])
|
57
|
-
param = params
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
first = params
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
58
|
+
param = params
|
59
|
+
.fetch(:data, {})
|
60
|
+
.fetch(:relationships, {})
|
61
|
+
.fetch(name, {})
|
62
|
+
.fetch(:data, nil)
|
63
|
+
first = params
|
64
|
+
.fetch(:data, {})
|
65
|
+
.fetch(:relationships, {})
|
66
|
+
.fetch(name, {})
|
67
|
+
.fetch(:data, [])
|
68
|
+
.first || {}
|
68
69
|
embedded = first.fetch(:attributes, nil)
|
69
70
|
|
70
71
|
if param.nil?
|
@@ -100,10 +101,10 @@ class Resource < Authorizers::Parameters
|
|
100
101
|
|
101
102
|
return true if !override_if_admin && token.admin?
|
102
103
|
|
103
|
-
param = params
|
104
|
-
|
105
|
-
|
106
|
-
|
104
|
+
param = params
|
105
|
+
.fetch(:data, {})
|
106
|
+
.fetch(:attributes, {})
|
107
|
+
.fetch(name, nil)
|
107
108
|
|
108
109
|
return if !param && only_when_present
|
109
110
|
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'drillbit/utilities/string'
|
3
4
|
|
4
5
|
module Drillbit
|
@@ -43,14 +44,14 @@ class Scope
|
|
43
44
|
private
|
44
45
|
|
45
46
|
def scope_user_id
|
46
|
-
@scope_user_id ||= params
|
47
|
-
|
48
|
-
|
47
|
+
@scope_user_id ||= params
|
48
|
+
.fetch(:filter, {})
|
49
|
+
.fetch(user_underscored_class_name, nil)
|
49
50
|
end
|
50
51
|
|
51
52
|
def user_underscored_class_name
|
52
53
|
@user_underscored_class_name ||= begin
|
53
|
-
base_user_class_name
|
54
|
+
base_user_class_name = user.class.name[/([^:]+)\z/, 1]
|
54
55
|
|
55
56
|
Utilities::String.underscore(base_user_class_name).downcase
|
56
57
|
end
|
@@ -1,22 +1,20 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
module Drillbit
|
3
4
|
class Configuration
|
4
|
-
attr_writer
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
attr_accessor \
|
19
|
-
:application_name
|
5
|
+
attr_writer :allowed_api_subdomains,
|
6
|
+
:allowed_subdomains,
|
7
|
+
:available_token_roles,
|
8
|
+
:default_api_version,
|
9
|
+
:default_token_audience,
|
10
|
+
:default_token_expiration_in_minutes,
|
11
|
+
:default_token_issuer,
|
12
|
+
:default_token_roles,
|
13
|
+
:default_token_subject,
|
14
|
+
:token_private_key,
|
15
|
+
:token_type
|
16
|
+
|
17
|
+
attr_accessor :application_name
|
20
18
|
|
21
19
|
def to_h
|
22
20
|
{
|