fortress 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6575dc9b3e01e0bb6fd8178ab34ab5a0441ef2d0
-  data.tar.gz: b73945d1bf417c3e977ce3eb7f55c9fec5d1a92e
+  metadata.gz: 0f461ea5452cda1e8c528abce340f785daf5563a
+  data.tar.gz: fdc2d34806a35bbe9d1b5783c8975aa0ce9c9ae1
 SHA512:
-  metadata.gz: e1125d2717e5beaa4be6ede6121b01342d71ae1a38edf429b6cc151dad1c6321625ef04f85d24dafd86b4ad50462d1e30bfa7742bbf4f1c9cb3d36cbbc896d07
-  data.tar.gz: c80ff15137ecab5375bed56a4081a5d7a9054a1890391d54990ddba2dd58c71fb6c1cc4783235d0fa806269aa376e3344b582ee11e666f32b7392f337165b521
+  metadata.gz: 79a48a060e3eb1c14ace5b630bcbeb580744d49f20e182440ec8303be1f075743773ced8615858433ce25f942bd0c77984bfd9318174e085f2a055fdb27b0947
+  data.tar.gz: 17a71c6918265fcdc18ddfd06e6dc35406ccd82ef0277e478a7ecfd33c396a9469284a0f5b8be1c7cf0bc3eb53b72ab7dd8f96fa5cac7b3e09dee97e1e00182e

data/README.md

@@ -1,6 +1,6 @@
 # Fortress
 
-[![Build Status](https://travis-ci.org/YourCursus/fortress.svg?branch=master)](https://travis-ci.org/YourCursus/fortress)
+[![Build Status](https://travis-ci.org/YourCursus/fortress.svg?branch=master)](https://travis-ci.org/YourCursus/fortress) [![Code Climate](https://codeclimate.com/github/YourCursus/fortress/badges/gpa.svg)](https://codeclimate.com/github/YourCursus/fortress) [![Gem Version](https://badge.fury.io/rb/fortress.svg)](http://badge.fury.io/rb/fortress)
 
 Implement the simple but powerful protection: close everything and open the
 access explecitely.

data/Rakefile

@@ -1,6 +1,17 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 
+# Imported Rails rake task
+desc 'Print out all defined routes in match order, with names.'
+task :routes do
+  $LOAD_PATH.unshift('spec/')
+  require 'fixtures/application'
+  all_routes = Rails.application.routes.routes
+  require 'action_dispatch/routing/inspector'
+  inspector = ActionDispatch::Routing::RoutesInspector.new(all_routes)
+  puts inspector.format(ActionDispatch::Routing::ConsoleFormatter.new)
+end
+
 RSpec::Core::RakeTask.new
 
 task default: :spec

data/lib/fortress.rb

@@ -1,3 +1,4 @@
+require 'fortress/configuration'
 require 'fortress/controller'
 require 'fortress/controller_interface'
 require 'fortress/mechanism'

data/lib/fortress/configuration.rb

@@ -0,0 +1,44 @@
+module Fortress
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+
+    yield(configuration)
+
+    apply_configuration!
+  end
+
+  class Configuration
+    attr_reader :options
+
+    def externals=(value)
+      return unless value
+
+      @options = { externals: externals_from(value) }
+    end
+
+    private
+
+    def externals_from(value)
+      case
+      when value.is_a?(String) then [value]
+      when value.is_a?(Array) then value
+      end
+    end
+  end
+
+  private
+
+  def self.apply_configuration!
+    if configuration.options.try(:key?, :externals)
+      fortress_allow_externals!(configuration.options[:externals])
+    end
+  end
+
+  def self.fortress_allow_externals!(externals)
+    externals.each { |name| Mechanism.authorise!(name, :all) }
+  end
+end

data/lib/fortress/controller.rb

@@ -29,8 +29,21 @@ module Fortress
     # You can re-define it within the ApplicationController of you rails
     # application.
     def access_deny
-      flash[:error] = 'You are not authorised to access this page.'
-      redirect_to Rails.application.routes.url_helpers.root_url
+      message = 'You are not authorised to access this page.'
+      respond_to do |format|
+        format.html do
+          flash[:error] = message
+          redirect_to root_url
+        end
+        format.json do
+          self.status = :unauthorized
+          self.response_body = { error: message }.to_json
+        end
+        format.xml do
+          self.status = :unauthorized
+          self.response_body = { error: message }.to_xml
+        end
+      end
     end
 
     #

data/lib/fortress/version.rb

@@ -4,5 +4,5 @@
 # @author zedtux
 #
 module Fortress
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/spec/fixtures/application.rb

@@ -14,12 +14,20 @@ module Rails
       {}
     end
 
+    # Required in order to have `rake routes` working
+    def config
+      OpenStruct.new(assets: OpenStruct.new(prefix: nil))
+    end
+
     def routes
       return @routes if defined?(@routes)
       @routes = ActionDispatch::Routing::RouteSet.new
       @routes.draw do
         root 'home#index'
         resources :guitars
+        resources :concerts, only: :index
+        # Represents an external controller
+        resources :stages
       end
       @routes
     end

data/spec/fixtures/controllers.rb

@@ -27,3 +27,15 @@ class GuitarsController < TestController
 
   def destroy; end
 end
+
+#
+# Controller with a custom access_deny method
+#
+class ConcertsController < TestController
+  def index; end
+
+  def access_deny
+    flash[:error] = 'Accès refusé'
+    redirect_to '/another/route'
+  end
+end

data/spec/fortress/access_deny_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe GuitarsController, type: :controller do
+  let(:default_message) { 'You are not authorised to access this page.' }
+  describe 'access_deny' do
+    it 'should have a default method' do
+      get :index
+
+      expect(response).to redirect_to(root_url)
+      expect(flash[:error]).to eql(default_message)
+    end
+    describe 'respond with the same format (YourCursus/fortress#2)' do
+      context 'with JSON' do
+        it 'should respond with a JSON message' do
+          json = { error: default_message }.to_json
+
+          get :index, format: :json
+
+          expect(response.status).to eql(401)
+          expect(response.body).to eql(json)
+        end
+      end
+      context 'with XML' do
+        it 'should respond with a XML message' do
+          xml = { error: default_message }.to_xml
+
+          get :index, format: :xml
+
+          expect(response.status).to eql(401)
+          expect(response.body).to eql(xml)
+        end
+      end
+    end
+  end
+end
+
+describe ConcertsController, type: :controller do
+  describe 'access_deny' do
+    it 'flash message should be overriden' do
+      new_message = 'Accès refusé'
+
+      get :index
+
+      expect(flash[:error]).to eql(new_message)
+    end
+    it 'redirection should be overriden' do
+      new_route = '/another/route'
+
+      get :index
+
+      expect(response).to redirect_to(new_route)
+    end
+  end
+end

data/spec/fortress/configuration_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe Fortress::Configuration do
+  describe 'default configuration' do
+    it 'should keep a blank configuration' do
+      expect(Fortress.configuration).to be_nil
+    end
+  end
+  describe 'externals option' do
+    context 'passing nil' do
+      before { Fortress.configure { |config| config.externals = nil } }
+      it 'should keep a blank configuration' do
+        expect(Fortress.configuration.options).to be_nil
+      end
+    end
+    context 'passing a String' do
+      before do
+        Fortress.configure { |config| config.externals = 'IronMaiden' }
+      end
+      it 'should add the externals key as an Array with the given string' do
+        options = { externals: ['IronMaiden'] }
+        expect(Fortress.configuration.options).to eql(options)
+      end
+    end
+    context 'passing an Array of String' do
+      before do
+        Fortress.configure do |config|
+          config.externals = %w(Rocksmith IronMaiden Pantera)
+        end
+      end
+      it 'should add the externals key as an Array with the given string' do
+        options = { externals: %w(Rocksmith IronMaiden Pantera) }
+        expect(Fortress.configuration.options).to eql(options)
+      end
+    end
+  end
+end

data/spec/fortress/controller_spec.rb

@@ -1,10 +1,6 @@
 require 'spec_helper'
-require 'fixtures/application'
-require 'fixtures/controllers'
 
 describe GuitarsController, type: :controller do
-  before { @flash_error = 'You are not authorised to access this page.' }
-
   it 'should have a before filter `:prevent_access!`' do
     before_filters = subject._process_action_callbacks.map do |callback|
       callback.filter if callback.kind == :before
@@ -20,7 +16,7 @@ describe GuitarsController, type: :controller do
         get :index
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET show' do
@@ -28,7 +24,7 @@ describe GuitarsController, type: :controller do
         get :show, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET new' do
@@ -36,7 +32,7 @@ describe GuitarsController, type: :controller do
         get :new
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST create' do
@@ -44,7 +40,7 @@ describe GuitarsController, type: :controller do
         post :create
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET edit' do
@@ -52,7 +48,7 @@ describe GuitarsController, type: :controller do
         post :edit, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PUT update' do
@@ -60,7 +56,7 @@ describe GuitarsController, type: :controller do
         put :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PATCH update' do
@@ -68,7 +64,7 @@ describe GuitarsController, type: :controller do
         patch :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST destroy' do
@@ -76,7 +72,7 @@ describe GuitarsController, type: :controller do
         post :destroy, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
   end
@@ -100,7 +96,7 @@ describe GuitarsController, type: :controller do
         get :show, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET new' do
@@ -108,7 +104,7 @@ describe GuitarsController, type: :controller do
         get :new
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST create' do
@@ -116,7 +112,7 @@ describe GuitarsController, type: :controller do
         post :create
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET edit' do
@@ -124,7 +120,7 @@ describe GuitarsController, type: :controller do
         post :edit, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PUT update' do
@@ -132,7 +128,7 @@ describe GuitarsController, type: :controller do
         put :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PATCH update' do
@@ -140,7 +136,7 @@ describe GuitarsController, type: :controller do
         patch :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST destroy' do
@@ -148,7 +144,7 @@ describe GuitarsController, type: :controller do
         post :destroy, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
   end
@@ -181,7 +177,7 @@ describe GuitarsController, type: :controller do
         get :new
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST create' do
@@ -189,7 +185,7 @@ describe GuitarsController, type: :controller do
         post :create
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET edit' do
@@ -197,7 +193,7 @@ describe GuitarsController, type: :controller do
         post :edit, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PUT update' do
@@ -205,7 +201,7 @@ describe GuitarsController, type: :controller do
         put :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PATCH update' do
@@ -213,7 +209,7 @@ describe GuitarsController, type: :controller do
         patch :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST destroy' do
@@ -221,7 +217,7 @@ describe GuitarsController, type: :controller do
         post :destroy, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
   end
@@ -342,7 +338,7 @@ describe GuitarsController, type: :controller do
         post :create
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET edit' do
@@ -402,7 +398,7 @@ describe GuitarsController, type: :controller do
         get :show, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET new' do
@@ -410,7 +406,7 @@ describe GuitarsController, type: :controller do
         get :new
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST create' do
@@ -418,7 +414,7 @@ describe GuitarsController, type: :controller do
         post :create
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET edit' do
@@ -426,7 +422,7 @@ describe GuitarsController, type: :controller do
         post :edit, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PUT update' do
@@ -434,7 +430,7 @@ describe GuitarsController, type: :controller do
         put :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PATCH update' do
@@ -442,7 +438,7 @@ describe GuitarsController, type: :controller do
         patch :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST destroy' do
@@ -450,7 +446,7 @@ describe GuitarsController, type: :controller do
         post :destroy, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
   end
@@ -465,7 +461,7 @@ describe GuitarsController, type: :controller do
         get :index
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET show' do
@@ -473,7 +469,7 @@ describe GuitarsController, type: :controller do
         get :show, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET new' do
@@ -481,7 +477,7 @@ describe GuitarsController, type: :controller do
         get :new
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST create' do
@@ -489,7 +485,7 @@ describe GuitarsController, type: :controller do
         post :create
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'GET edit' do
@@ -497,7 +493,7 @@ describe GuitarsController, type: :controller do
         post :edit, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PUT update' do
@@ -505,7 +501,7 @@ describe GuitarsController, type: :controller do
         put :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'PATCH update' do
@@ -513,7 +509,7 @@ describe GuitarsController, type: :controller do
         patch :update, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
     describe 'POST destroy' do
@@ -521,7 +517,7 @@ describe GuitarsController, type: :controller do
         post :destroy, id: 1
 
         expect(response).to redirect_to(root_url)
-        expect(flash[:error]).to eql(@flash_error)
+        expect(flash[:error]).to be_present
       end
     end
   end

data/spec/fortress/external_controllers_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+class StagesController < TestController
+  def index; end
+
+  def show; end
+
+  def new; end
+
+  def create; end
+
+  def edit; end
+
+  def update; end
+
+  def destroy; end
+end
+
+describe 'Allow adding manually controller names (YourCursus/fortress#3)' do
+  describe StagesController, type: :controller do
+    describe 'giving a controller name to config.externals' do
+      before do
+        Fortress.configure { |config| config.externals = 'StagesController' }
+      end
+      it 'should allow the index controller action' do
+        get :index
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the show controller action' do
+        get :show, id: 1
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the new controller action' do
+        get :new
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the create controller action' do
+        post :create
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the edit controller action' do
+        get :edit, id: 1
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the update (PUT) controller action' do
+        put :update, id: 1
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the update (PATCH) controller action' do
+        patch :update, id: 1
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+      it 'should allow the destroy controller action' do
+        post :destroy, id: 1
+
+        expect(response).to_not redirect_to(root_url)
+        expect(flash[:error]).to be_nil
+        expect(response).to have_http_status(:ok)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,6 +1,9 @@
 require 'action_controller/railtie'
 require 'rspec/rails'
 
+require 'fixtures/application'
+require 'fixtures/controllers'
+
 require 'fortress/controller'
 
 # This file was generated by the `rspec --init` command. Conventionally, all

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fortress
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Guillaume Hain
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-21 00:00:00.000000000 Z
+date: 2015-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -155,14 +155,18 @@ files:
 - bin/thor
 - fortress.gemspec
 - lib/fortress.rb
+- lib/fortress/configuration.rb
 - lib/fortress/controller.rb
 - lib/fortress/controller_interface.rb
 - lib/fortress/mechanism.rb
 - lib/fortress/version.rb
 - spec/fixtures/application.rb
 - spec/fixtures/controllers.rb
+- spec/fortress/access_deny_spec.rb
+- spec/fortress/configuration_spec.rb
 - spec/fortress/controller_interface_spec.rb
 - spec/fortress/controller_spec.rb
+- spec/fortress/external_controllers_spec.rb
 - spec/fortress/mechanism_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/YourCursus/fortress
@@ -193,7 +197,10 @@ summary: Secure your Rails application from preventing access to everything to o
 test_files:
 - spec/fixtures/application.rb
 - spec/fixtures/controllers.rb
+- spec/fortress/access_deny_spec.rb
+- spec/fortress/configuration_spec.rb
 - spec/fortress/controller_interface_spec.rb
 - spec/fortress/controller_spec.rb
+- spec/fortress/external_controllers_spec.rb
 - spec/fortress/mechanism_spec.rb
 - spec/spec_helper.rb