g5_authenticatable_api 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cd9ed6f231034a1d906d81e1fc66b0787fc7596e
-  data.tar.gz: bed5680f12d4d43a28b7aff5f2b55773ce8d7dd5
+  metadata.gz: 1aa117f0b0c46d048619a8b7bffe14b1030b0e67
+  data.tar.gz: bbb88bf02f07f19c095ef2ab23d68df33783a205
 SHA512:
-  metadata.gz: f77007e0fdeb669211365aa53a19bc011ab73c1297b9a6ae23155f7cc3a798f944517cbe1e72746c50cc430be45fecb9a6a2575e2e60981d816d30bbc6ac69a6
-  data.tar.gz: 8f425de57b86817df5528822b914030892292b622c9af9382a946270d66c91752de9188bb57884e70aba10909cef315da293acf3b00d38fdd75d69246931aa01
+  metadata.gz: 4788c4eb67bc7139ffeb7664d68dd6816ed735bcca9fcd7b38f4a20153c9e1cf3b93cfd6c523e191658d4b331b0d2bd64d0b591c571be2d3cd6693f7e470368e
+  data.tar.gz: fb3fd459a31acc154515473e5c0e11734a9929f35c4051f3cf94d18138a4da6c89e03eb9a9b3fb9e4a194540d22ee605d60b872ec022b75400fededeb315ca26

data/.ruby-version

@@ -0,0 +1 @@
+2.1.2

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.3.0 (2014-12-23)
+
+* When there is already an authenticated session, validate the current
+  user's access token against the auth server on every API request
+  ([#5](https://github.com/G5/g5_authenticatable_api/pull/5))
+
 ## v0.2.0 (2014-03-12)
 
 * First open source release to [RubyGems](https://rubygems.org)

data/Gemfile

@@ -6,7 +6,7 @@ source 'https://rubygems.org'
 gemspec
 
 # Gems used by the dummy application
-gem 'rails', '~> 4.0.2'
+gem 'rails', '4.1.4'
 gem 'jquery-rails'
 gem 'pg'
 gem 'grape'
@@ -24,7 +24,7 @@ group :test do
   gem 'simplecov', require: false
   gem 'codeclimate-test-reporter', require: false
   gem 'webmock'
-  gem 'shoulda-matchers'
+  gem 'shoulda-matchers', '~> 2.6'
   gem 'rspec-http', require: false
 end
 

data/README.md

@@ -9,7 +9,7 @@ service using token-based authentication.
 
 ## Current Version
 
-0.2.0
+0.3.0
 
 ## Requirements
 

data/circle.yml

@@ -1,4 +1,4 @@
 database:
   override:
     - cp spec/dummy/config/database.yml.ci spec/dummy/config/database.yml
-    - (cd spec/dummy; RAILS_ENV=test rake db:drop db:setup)
+    - (cd spec/dummy; RAILS_ENV=test bundle exec rake db:drop db:create db:schema:load)

data/lib/g5_authenticatable_api/helpers/grape.rb

@@ -4,7 +4,7 @@ module G5AuthenticatableApi
   module Helpers
     module Grape
       def authenticate_user!
-        raise_auth_error if !(warden.try(:authenticated?) || token_validator.valid?)
+        raise_auth_error if !token_validator.valid?
       end
 
       def warden
@@ -14,7 +14,7 @@ module G5AuthenticatableApi
       private
       def token_validator
         request = Rack::Request.new(env)
-        @token_validator ||= TokenValidator.new(request.params, headers)
+        @token_validator ||= TokenValidator.new(request.params, headers, warden)
       end
 
       def raise_auth_error

data/lib/g5_authenticatable_api/helpers/rails.rb

@@ -4,7 +4,7 @@ module G5AuthenticatableApi
   module Helpers
     module Rails
       def authenticate_api_user!
-        raise_auth_error if !(warden.try(:authenticated?) || token_validator.valid?)
+        raise_auth_error if !token_validator.valid?
       end
 
       def warden
@@ -13,7 +13,7 @@ module G5AuthenticatableApi
 
       private
       def token_validator
-        @token_validator ||= TokenValidator.new(request.params, request.headers)
+        @token_validator ||= TokenValidator.new(request.params, request.headers, warden)
       end
 
       def raise_auth_error

data/lib/g5_authenticatable_api/token_validator.rb

@@ -2,9 +2,10 @@ module G5AuthenticatableApi
   class TokenValidator
     attr_reader :error
 
-    def initialize(params={},headers={})
+    def initialize(params={},headers={},warden=nil)
       @params = params || {}
       @headers = headers || {}
+      @warden = warden
     end
 
     def validate!
@@ -25,12 +26,9 @@ module G5AuthenticatableApi
     end
 
     def access_token
-      @access_token ||= if @headers['Authorization']
-        parts = @headers['Authorization'].match(/Bearer (?<access_token>\S+)/)
-        parts['access_token']
-      else
-        @params['access_token']
-      end
+      @access_token ||= (extract_token_from_header ||
+                         @params['access_token'] ||
+                         @warden.try(:user).try(:g5_access_token))
     end
 
     def auth_response_header
@@ -61,5 +59,12 @@ module G5AuthenticatableApi
       error_description = error.description if error.respond_to?(:description)
       error_description
     end
+
+    def extract_token_from_header
+      if @headers['Authorization']
+        parts = @headers['Authorization'].match(/Bearer (?<access_token>\S+)/)
+        parts['access_token']
+      end
+    end
   end
 end

data/lib/g5_authenticatable_api/version.rb

@@ -1,3 +1,3 @@
 module G5AuthenticatableApi
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/spec/lib/g5_authenticatable_api/token_validator_spec.rb

@@ -3,11 +3,12 @@ require 'spec_helper'
 describe G5AuthenticatableApi::TokenValidator do
   subject { validator }
 
-  let(:validator) { described_class.new(params, headers) }
+  let(:validator) { described_class.new(params, headers, warden) }
 
   let(:headers) {}
   let(:params) { {'access_token' => token_value} }
   let(:token_value) { 'abc123' }
+  let(:warden) {}
 
   describe '#access_token' do
     subject(:access_token) { validator.access_token }
@@ -29,6 +30,29 @@ describe G5AuthenticatableApi::TokenValidator do
         expect(access_token).to eq(token_value)
       end
     end
+
+    context 'with warden user' do
+      let(:warden) { double(:warden, user: user) }
+      let(:user) { FactoryGirl.build_stubbed(:user) }
+
+      context 'without token on request' do
+        let(:params) {}
+        let(:headers) {}
+
+        it 'should extract the token value from the session user' do
+          expect(access_token).to eq(user.g5_access_token)
+        end
+      end
+
+      context 'with auth param' do
+        let(:params) { {'access_token' => token_value} }
+        let(:headers) {}
+
+        it 'should give precedence to the token on the request' do
+          expect(access_token).to eq(token_value)
+        end
+      end
+    end
   end
 
   describe '#validate!' do

data/spec/support/shared_examples/token_authenticatable_api.rb

@@ -1,60 +1,3 @@
-shared_examples_for 'token validation' do
-  context 'when token is valid' do
-    include_context 'valid access token'
-
-    before { subject }
-
-    it 'should be successful' do
-      expect(response).to be_success
-    end
-
-    it 'should validate the access token against the auth server' do
-      expect(a_request(:get, 'auth.g5search.com/oauth/token/info').
-             with(headers: {'Authorization' => "Bearer #{token_value}"})).to have_been_made
-    end
-  end
-
-  context 'when token is invalid' do
-    include_context 'invalid access token'
-
-    before { subject }
-
-    it 'should be unauthorized' do
-      expect(response).to be_http_unauthorized
-    end
-
-    it 'should return an authenticate header' do
-      expect(response.headers).to have_key('WWW-Authenticate')
-    end
-
-    it 'should return the authentication error' do
-      expect(response.headers['WWW-Authenticate']).to match("error=\"#{error_code}\"")
-    end
-
-    it 'should return the authentication error description' do
-      expect(response.headers['WWW-Authenticate']).to match("error_description=\"#{error_description}\"")
-    end
-  end
-
-  context 'when some other oauth error occurs' do
-    include_context 'OAuth2 error'
-
-    before { subject }
-
-    it 'should be unauthorized' do
-      expect(response).to be_http_unauthorized
-    end
-
-    it 'should return an authenticate header' do
-      expect(response.headers).to have_key('WWW-Authenticate')
-    end
-
-    it 'should return the default authentication error code' do
-      expect(response.headers['WWW-Authenticate']).to match('error="invalid_request"')
-    end
-  end
-end
-
 shared_examples_for 'a token authenticatable api' do
   let(:token_value) { 'abc123' }
 

data/spec/support/shared_examples/token_validation.rb

@@ -0,0 +1,56 @@
+shared_examples_for 'token validation' do
+  context 'when token is valid' do
+    include_context 'valid access token'
+
+    before { subject }
+
+    it 'should be successful' do
+      expect(response).to be_success
+    end
+
+    it 'should validate the access token against the auth server' do
+      expect(a_request(:get, 'auth.g5search.com/oauth/token/info').
+             with(headers: {'Authorization' => "Bearer #{token_value}"})).to have_been_made
+    end
+  end
+
+  context 'when token is invalid' do
+    include_context 'invalid access token'
+
+    before { subject }
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header' do
+      expect(response.headers).to have_key('WWW-Authenticate')
+    end
+
+    it 'should return the authentication error' do
+      expect(response.headers['WWW-Authenticate']).to match("error=\"#{error_code}\"")
+    end
+
+    it 'should return the authentication error description' do
+      expect(response.headers['WWW-Authenticate']).to match("error_description=\"#{error_description}\"")
+    end
+  end
+
+  context 'when some other oauth error occurs' do
+    include_context 'OAuth2 error'
+
+    before { subject }
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header' do
+      expect(response.headers).to have_key('WWW-Authenticate')
+    end
+
+    it 'should return the default authentication error code' do
+      expect(response.headers['WWW-Authenticate']).to match('error="invalid_request"')
+    end
+  end
+end

data/spec/support/shared_examples/warden_authenticatable_api.rb

@@ -3,15 +3,12 @@ require 'spec_helper'
 shared_examples_for 'a warden authenticatable api' do
   context 'when user is authenticated' do
     let(:user) { create(:user) }
+    let(:token_value) { user.g5_access_token }
 
-    before do
-      login_as(user, scope: :user)
-      subject
-    end
+    before { login_as(user, scope: :user) }
+    after { logout }
 
-    it 'should be successful' do
-      expect(response).to be_success
-    end
+    include_examples 'token validation'
   end
 
   context 'when user is not authenticated' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: g5_authenticatable_api
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Maeve Revels
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-12 00:00:00.000000000 Z
+date: 2014-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -47,6 +47,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".ruby-version"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -126,6 +127,7 @@ files:
 - spec/support/shared_contexts/invalid_access_token.rb
 - spec/support/shared_contexts/valid_access_token.rb
 - spec/support/shared_examples/token_authenticatable_api.rb
+- spec/support/shared_examples/token_validation.rb
 - spec/support/shared_examples/warden_authenticatable_api.rb
 - spec/support/warden.rb
 homepage: https://github.com/G5/g5_authenticatable_api
@@ -148,7 +150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Helpers for securing APIs with G5
@@ -219,5 +221,6 @@ test_files:
 - spec/support/shared_contexts/invalid_access_token.rb
 - spec/support/shared_contexts/valid_access_token.rb
 - spec/support/shared_examples/token_authenticatable_api.rb
+- spec/support/shared_examples/token_validation.rb
 - spec/support/shared_examples/warden_authenticatable_api.rb
 - spec/support/warden.rb