g5_authenticatable_api 0.2.0

data/spec/spec_helper.rb

@@ -0,0 +1,49 @@
+# MUST happen before any other code is loaded
+require 'simplecov'
+SimpleCov.start 'test_frameworks'
+
+require 'codeclimate-test-reporter'
+CodeClimate::TestReporter.start
+
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../dummy/config/environment", __FILE__)
+
+require 'rspec/rails'
+require 'rspec/http'
+require 'capybara/rspec'
+require 'webmock/rspec'
+
+Rails.backtrace_cleaner.remove_silencers!
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[File.expand_path('../support/**/*.rb', __FILE__)].each { |f| require f }
+
+RSpec.configure do |config|
+  # ## Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+  config.mock_with :rspec
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+
+  # If true, the base class of anonymous controllers will be inferred
+  # automatically. This will be the default behavior in future versions of
+  # rspec-rails.
+  config.infer_base_class_for_anonymous_controllers = false
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+
+  config.after(:suite) { WebMock.disable! }
+end

data/spec/support/factory_girl.rb

@@ -0,0 +1,5 @@
+require 'factory_girl_rails'
+
+RSpec.configure do |config|
+  config.include FactoryGirl::Syntax::Methods
+end

data/spec/support/shared_contexts/invalid_access_token.rb

@@ -0,0 +1,24 @@
+shared_context 'OAuth2 error' do
+  before do
+    stub_request(:get, 'auth.g5search.com/oauth/token/info').
+      with(headers: {'Authorization'=>"Bearer #{token_value}"}).
+      to_return(status: 401,
+                headers: {'Content-Type' => 'application/json; charset=utf-8',
+                          'Cache-Control' => 'no-cache'},
+                body: parsed_error.to_json)
+  end
+
+  let(:parsed_error) { '' }
+end
+
+shared_context 'invalid access token' do
+  include_context 'OAuth2 error' do
+    let(:parsed_error) do
+      {'error' => error_code,
+       'error_description' => error_description}
+    end
+
+    let(:error_code) { 'invalid_token' }
+    let(:error_description) { 'The access token expired' }
+  end
+end

data/spec/support/shared_contexts/valid_access_token.rb

@@ -0,0 +1,7 @@
+shared_context 'valid access token' do
+  before do
+    stub_request(:get, 'auth.g5search.com/oauth/token/info').
+      with(headers: {'Authorization'=>"Bearer #{token_value}"}).
+         to_return(status: 200, body: '', headers: {})
+  end
+end

data/spec/support/shared_examples/token_authenticatable_api.rb

@@ -0,0 +1,106 @@
+shared_examples_for 'token validation' do
+  context 'when token is valid' do
+    include_context 'valid access token'
+
+    before { subject }
+
+    it 'should be successful' do
+      expect(response).to be_success
+    end
+
+    it 'should validate the access token against the auth server' do
+      expect(a_request(:get, 'auth.g5search.com/oauth/token/info').
+             with(headers: {'Authorization' => "Bearer #{token_value}"})).to have_been_made
+    end
+  end
+
+  context 'when token is invalid' do
+    include_context 'invalid access token'
+
+    before { subject }
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header' do
+      expect(response.headers).to have_key('WWW-Authenticate')
+    end
+
+    it 'should return the authentication error' do
+      expect(response.headers['WWW-Authenticate']).to match("error=\"#{error_code}\"")
+    end
+
+    it 'should return the authentication error description' do
+      expect(response.headers['WWW-Authenticate']).to match("error_description=\"#{error_description}\"")
+    end
+  end
+
+  context 'when some other oauth error occurs' do
+    include_context 'OAuth2 error'
+
+    before { subject }
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header' do
+      expect(response.headers).to have_key('WWW-Authenticate')
+    end
+
+    it 'should return the default authentication error code' do
+      expect(response.headers['WWW-Authenticate']).to match('error="invalid_request"')
+    end
+  end
+end
+
+shared_examples_for 'a token authenticatable api' do
+  let(:token_value) { 'abc123' }
+
+  context 'with authorization header' do
+    let(:headers) { {'Authorization' => "Bearer #{token_value}"} }
+
+    include_examples 'token validation'
+  end
+
+  context 'with access token parameter' do
+    let(:params) { {'access_token' => token_value} }
+
+    include_examples 'token validation'
+  end
+
+  context 'without authentication information' do
+    before { subject }
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header without details' do
+      expect(response.headers).to include('WWW-Authenticate' => 'Bearer')
+    end
+  end
+
+  context 'with environment variables for password credentials' do
+    before do
+      ENV['G5_AUTH_USERNAME'] = 'my.user@test.host'
+      ENV['G5_AUTH_PASSWORD'] = 'my_secret'
+    end
+
+    after do
+      ENV['G5_AUTH_USERNAME'] = nil
+      ENV['G5_AUTH_PASSWORD'] = nil
+    end
+
+    before { subject }
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header without details' do
+      expect(response.headers).to include('WWW-Authenticate' => 'Bearer')
+    end
+  end
+end

data/spec/support/shared_examples/warden_authenticatable_api.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+shared_examples_for 'a warden authenticatable api' do
+  context 'when user is authenticated' do
+    let(:user) { create(:user) }
+
+    before do
+      login_as(user, scope: :user)
+      subject
+    end
+
+    it 'should be successful' do
+      expect(response).to be_success
+    end
+  end
+
+  context 'when user is not authenticated' do
+    before do
+     logout
+     subject
+    end
+
+    it 'should be unauthorized' do
+      expect(response).to be_http_unauthorized
+    end
+
+    it 'should return an authenticate header without details' do
+      expect(response.headers).to include('WWW-Authenticate' => 'Bearer')
+    end
+  end
+end

data/spec/support/warden.rb

@@ -0,0 +1,4 @@
+RSpec.configure do |config|
+  config.include Warden::Test::Helpers, type: :request
+  config.after(type: :request) { Warden.test_reset! }
+end

metadata

@@ -0,0 +1,223 @@
+--- !ruby/object:Gem::Specification
+name: g5_authenticatable_api
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Maeve Revels
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: g5_authentication_client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+description: Helpers for securing APIs with G5
+email:
+- maeve.revels@getg5.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- circle.yml
+- g5_authenticatable_api.gemspec
+- lib/g5_authenticatable_api.rb
+- lib/g5_authenticatable_api/helpers/grape.rb
+- lib/g5_authenticatable_api/helpers/rails.rb
+- lib/g5_authenticatable_api/railtie.rb
+- lib/g5_authenticatable_api/token_validator.rb
+- lib/g5_authenticatable_api/version.rb
+- spec/dummy/README.rdoc
+- spec/dummy/Rakefile
+- spec/dummy/app/api/hello_api.rb
+- spec/dummy/app/assets/images/.keep
+- spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/javascripts/articles.js
+- spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/assets/stylesheets/articles.css
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/concerns/.keep
+- spec/dummy/app/controllers/rails_api/articles_controller.rb
+- spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/helpers/articles_helper.rb
+- spec/dummy/app/mailers/.keep
+- spec/dummy/app/models/.keep
+- spec/dummy/app/models/article.rb
+- spec/dummy/app/models/concerns/.keep
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/bin/bundle
+- spec/dummy/bin/rails
+- spec/dummy/bin/rake
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml.ci
+- spec/dummy/config/database.yml.sample
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/devise.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/locales/devise.en.yml
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/migrate/20140217124048_devise_create_users.rb
+- spec/dummy/db/migrate/20140223194521_create_articles.rb
+- spec/dummy/db/schema.rb
+- spec/dummy/db/seeds.rb
+- spec/dummy/lib/assets/.keep
+- spec/dummy/lib/tasks/.keep
+- spec/dummy/log/.keep
+- spec/dummy/public/404.html
+- spec/dummy/public/422.html
+- spec/dummy/public/500.html
+- spec/dummy/public/favicon.ico
+- spec/dummy/public/robots.txt
+- spec/dummy/vendor/assets/javascripts/.keep
+- spec/dummy/vendor/assets/stylesheets/.keep
+- spec/factories/user.rb
+- spec/lib/g5_authenticatable_api/token_validator_spec.rb
+- spec/lib/g5_authenticatable_api/version_spec.rb
+- spec/requests/grape_api_spec.rb
+- spec/requests/rails_api_spec.rb
+- spec/spec_helper.rb
+- spec/support/factory_girl.rb
+- spec/support/shared_contexts/invalid_access_token.rb
+- spec/support/shared_contexts/valid_access_token.rb
+- spec/support/shared_examples/token_authenticatable_api.rb
+- spec/support/shared_examples/warden_authenticatable_api.rb
+- spec/support/warden.rb
+homepage: https://github.com/G5/g5_authenticatable_api
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.0
+signing_key: 
+specification_version: 4
+summary: Helpers for securing APIs with G5
+test_files:
+- spec/dummy/README.rdoc
+- spec/dummy/Rakefile
+- spec/dummy/app/api/hello_api.rb
+- spec/dummy/app/assets/images/.keep
+- spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/javascripts/articles.js
+- spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/assets/stylesheets/articles.css
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/concerns/.keep
+- spec/dummy/app/controllers/rails_api/articles_controller.rb
+- spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/helpers/articles_helper.rb
+- spec/dummy/app/mailers/.keep
+- spec/dummy/app/models/.keep
+- spec/dummy/app/models/article.rb
+- spec/dummy/app/models/concerns/.keep
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/bin/bundle
+- spec/dummy/bin/rails
+- spec/dummy/bin/rake
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml.ci
+- spec/dummy/config/database.yml.sample
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/devise.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/locales/devise.en.yml
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/migrate/20140217124048_devise_create_users.rb
+- spec/dummy/db/migrate/20140223194521_create_articles.rb
+- spec/dummy/db/schema.rb
+- spec/dummy/db/seeds.rb
+- spec/dummy/lib/assets/.keep
+- spec/dummy/lib/tasks/.keep
+- spec/dummy/log/.keep
+- spec/dummy/public/404.html
+- spec/dummy/public/422.html
+- spec/dummy/public/500.html
+- spec/dummy/public/favicon.ico
+- spec/dummy/public/robots.txt
+- spec/dummy/vendor/assets/javascripts/.keep
+- spec/dummy/vendor/assets/stylesheets/.keep
+- spec/factories/user.rb
+- spec/lib/g5_authenticatable_api/token_validator_spec.rb
+- spec/lib/g5_authenticatable_api/version_spec.rb
+- spec/requests/grape_api_spec.rb
+- spec/requests/rails_api_spec.rb
+- spec/spec_helper.rb
+- spec/support/factory_girl.rb
+- spec/support/shared_contexts/invalid_access_token.rb
+- spec/support/shared_contexts/valid_access_token.rb
+- spec/support/shared_examples/token_authenticatable_api.rb
+- spec/support/shared_examples/warden_authenticatable_api.rb
+- spec/support/warden.rb