g5_authenticatable_api 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +27 -1
  4. data/g5_authenticatable_api.gemspec +1 -0
  5. data/lib/g5_authenticatable_api/token_validator.rb +5 -1
  6. data/lib/g5_authenticatable_api/version.rb +1 -1
  7. data/lib/g5_authenticatable_api.rb +8 -1
  8. data/spec/lib/g5_authenticatable_api/token_validator_spec.rb +68 -20
  9. data/spec/support/shared_examples/warden_authenticatable_api.rb +22 -1
  10. metadata +17 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1aa117f0b0c46d048619a8b7bffe14b1030b0e67
4
- data.tar.gz: bbb88bf02f07f19c095ef2ab23d68df33783a205
3
+ metadata.gz: 3fab392aec338c014086e508dfc7f257d848f0aa
4
+ data.tar.gz: 9a034d766e6f79ba7eb9c0e66df420c4665e9d8d
5
5
  SHA512:
6
- metadata.gz: 4788c4eb67bc7139ffeb7664d68dd6816ed735bcca9fcd7b38f4a20153c9e1cf3b93cfd6c523e191658d4b331b0d2bd64d0b591c571be2d3cd6693f7e470368e
7
- data.tar.gz: fb3fd459a31acc154515473e5c0e11734a9929f35c4051f3cf94d18138a4da6c89e03eb9a9b3fb9e4a194540d22ee605d60b872ec022b75400fededeb315ca26
6
+ metadata.gz: f1b27503517f7a269af86515e56e8c0185572d62b9db6802c75a6248a4e9d29448ccc46fd4bb88f1539c7613bb40acb822d9a60a4cb99948bac36b83fcaae13f
7
+ data.tar.gz: bdf990ae909d110075ff2ef0ab52ad6a4c2024a42f62501498fd86712293599892c15f5417baa7b62cfd803a19462b59cd27c0e353d314e0e9619670d3c1aa14
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## v0.3.1 (2015-01-20)
2
+
3
+ * Disable strict token validation for session-authenticated users by
4
+ default; enable with `G5AuthenticatableApi.strict_token_validation = true`
5
+ ([#6](https://github.com/G5/g5_authenticatable_api/pull/6)).
6
+
1
7
  ## v0.3.0 (2014-12-23)
2
8
 
3
9
  * When there is already an authenticated session, validate the current
data/README.md CHANGED
@@ -9,7 +9,7 @@ service using token-based authentication.
9
9
 
10
10
  ## Current Version
11
11
 
12
- 0.3.0
12
+ 0.3.1
13
13
 
14
14
  ## Requirements
15
15
 
@@ -35,6 +35,8 @@ service using token-based authentication.
35
35
 
36
36
  ## Configuration
37
37
 
38
+ ### Auth endpoint
39
+
38
40
  The API helpers need to know the endpoint for the G5 auth server to use when
39
41
  validating tokens. This may be configured in one of several ways:
40
42
 
@@ -52,6 +54,30 @@ validating tokens. This may be configured in one of several ways:
52
54
  end
53
55
  ```
54
56
 
57
+ ### Strict token validation
58
+
59
+ If your API supports session-based authentication through
60
+ [devise_g5_authenticatable](https://github.com/G5/devise_g5_authenticatable),
61
+ then you have the option of toggling strict token validation.
62
+
63
+ If strict token validation is disabled (the default), then token validation
64
+ will be bypassed if there is already an authenticated user in warden. This
65
+ is fast, but it means that users with revoked or expired access tokens can
66
+ still access your API as long as the local session remains active.
67
+
68
+ ```ruby
69
+ G5AuthenticatableApi.strict_token_validation = false
70
+ ```
71
+
72
+ If strict token validation is enabled, then the session user's access token
73
+ will be periodically re-validated. Access to your API will be limited
74
+ to users with active access tokens, but there is a performance penalty
75
+ for this level of security.
76
+
77
+ ```ruby
78
+ G5AuthenticatableApi.strict_token_validation = true
79
+ ```
80
+
55
81
  ## Usage
56
82
 
57
83
  ### Rails
data/g5_authenticatable_api.gemspec CHANGED
@@ -20,4 +20,5 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_dependency 'rack'
22
22
  spec.add_dependency 'g5_authentication_client', '~> 0.2'
23
+ spec.add_dependency 'activesupport', '>= 3.2'
23
24
  end
data/lib/g5_authenticatable_api/token_validator.rb CHANGED
@@ -10,7 +10,7 @@ module G5AuthenticatableApi
10
10
 
11
11
  def validate!
12
12
  begin
13
- auth_client.token_info
13
+ auth_client.token_info unless skip_validation?
14
14
  rescue StandardError => @error
15
15
  raise error
16
16
  end
@@ -66,5 +66,9 @@ module G5AuthenticatableApi
66
66
  parts['access_token']
67
67
  end
68
68
  end
69
+
70
+ def skip_validation?
71
+ @warden.try(:user) && !G5AuthenticatableApi.strict_token_validation
72
+ end
69
73
  end
70
74
  end
data/lib/g5_authenticatable_api/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module G5AuthenticatableApi
2
- VERSION = '0.3.0'
2
+ VERSION = '0.3.1'
3
3
  end
data/lib/g5_authenticatable_api.rb CHANGED
@@ -1,3 +1,6 @@
1
+ require 'active_support'
2
+ require 'active_support/core_ext/module/attribute_accessors'
3
+
1
4
  require 'g5_authenticatable_api/version'
2
5
  require 'g5_authenticatable_api/helpers/grape'
3
6
  require 'g5_authenticatable_api/railtie' if defined?(Rails)
@@ -5,5 +8,9 @@ require 'g5_authenticatable_api/railtie' if defined?(Rails)
5
8
  require 'g5_authentication_client'
6
9
 
7
10
  module G5AuthenticatableApi
8
- # Your code goes here...
11
+ # When enabled, strict token validation will validate the session user's
12
+ # access_token against the auth server for every request (if there is
13
+ # an existing session in warden). Disabled by default.
14
+ @@strict_token_validation = false
15
+ mattr_accessor :strict_token_validation
9
16
  end
data/spec/lib/g5_authenticatable_api/token_validator_spec.rb CHANGED
@@ -58,37 +58,85 @@ describe G5AuthenticatableApi::TokenValidator do
58
58
  describe '#validate!' do
59
59
  subject(:validate!) { validator.validate! }
60
60
 
61
- context 'when token is valid' do
62
- include_context 'valid access token'
61
+ context 'when token is on the request' do
62
+ context 'when token is valid' do
63
+ include_context 'valid access token'
63
64
 
64
- it 'should initialize the auth client with the access token' do
65
- validate!
66
- expect(a_request(:get, 'auth.g5search.com/oauth/token/info').
67
- with(headers: {'Authorization' => "Bearer #{token_value}"})).to have_been_made
68
- end
65
+ it 'should initialize the auth client with the access token' do
66
+ validate!
67
+ expect(a_request(:get, 'auth.g5search.com/oauth/token/info').
68
+ with(headers: {'Authorization' => "Bearer #{token_value}"})).to have_been_made
69
+ end
70
+
71
+ it 'should not raise errors during validation' do
72
+ expect { validate! }.to_not raise_error
73
+ end
69
74
 
70
- it 'should not raise errors during validation' do
71
- expect { validate! }.to_not raise_error
75
+ it 'should not set an error on the validator' do
76
+ validate!
77
+ expect(validator.error).to be_nil
78
+ end
72
79
  end
73
80
 
74
- it 'should not set an error on the validator' do
75
- validate!
76
- expect(validator.error).to be_nil
81
+ context 'when token is invalid' do
82
+ include_context 'invalid access token'
83
+
84
+ it 'should re-raise the OAuth error' do
85
+ expect { validate! }.to raise_error(OAuth2::Error)
86
+ end
87
+
88
+ it 'should set the error on the validator' do
89
+ begin
90
+ validate!
91
+ rescue StandardError => validation_error
92
+ expect(validator.error).to eq(validation_error)
93
+ end
94
+ end
77
95
  end
78
96
  end
79
97
 
80
- context 'when token is invalid' do
81
- include_context 'invalid access token'
98
+ context 'when token is on the warden user' do
99
+ let(:warden) { double(:warden, user: user) }
100
+ let(:user) { FactoryGirl.build_stubbed(:user, g5_access_token: token_value) }
101
+ let(:params) {}
102
+ let(:headers) {}
103
+
104
+ context 'when strict token validation is enabled' do
105
+ before { G5AuthenticatableApi.strict_token_validation = true }
106
+
107
+ context 'when the token is valid' do
108
+ include_context 'valid access token'
109
+
110
+ it 'should validate the access token against the auth server' do
111
+ validate!
112
+ expect(a_request(:get, 'auth.g5search.com/oauth/token/info').
113
+ with(headers: {'Authorization' => "Bearer #{token_value}"})).to have_been_made
114
+ end
115
+
116
+ it 'should not raise errors during validation' do
117
+ expect { validate! }.to_not raise_error
118
+ end
119
+ end
120
+
121
+ context 'when token is invalid' do
122
+ include_context 'invalid access token'
82
123
 
83
- it 'should re-raise the OAuth error' do
84
- expect { validate! }.to raise_error(OAuth2::Error)
124
+ it 'should re-raise the error' do
125
+ expect { validate! }.to raise_error(OAuth2::Error)
126
+ end
127
+ end
85
128
  end
86
129
 
87
- it 'should set the error on the validator' do
88
- begin
130
+ context 'when strict token validation is disabled' do
131
+ before { G5AuthenticatableApi.strict_token_validation = false }
132
+
133
+ it 'should not validate the access token against the auth server' do
89
134
  validate!
90
- rescue StandardError => validation_error
91
- expect(validator.error).to eq(validation_error)
135
+ expect(a_request(:get, 'authg5search.com/oauth/token/info')).to_not have_been_made
136
+ end
137
+
138
+ it 'should not raise errors during validation' do
139
+ expect { validate! }.to_not raise_error
92
140
  end
93
141
  end
94
142
  end
data/spec/support/shared_examples/warden_authenticatable_api.rb CHANGED
@@ -8,7 +8,28 @@ shared_examples_for 'a warden authenticatable api' do
8
8
  before { login_as(user, scope: :user) }
9
9
  after { logout }
10
10
 
11
- include_examples 'token validation'
11
+ context 'when strict token validation is enabled' do
12
+ before do
13
+ G5AuthenticatableApi.strict_token_validation = true
14
+ end
15
+
16
+ include_examples 'token validation'
17
+ end
18
+
19
+ context 'when strict token validation is disabled' do
20
+ before do
21
+ G5AuthenticatableApi.strict_token_validation = false
22
+ subject
23
+ end
24
+
25
+ it 'should be successful' do
26
+ expect(response).to be_success
27
+ end
28
+
29
+ it 'should not validate the token against the auth server' do
30
+ expect(a_request(:get, 'auth.g5search.com/oauth/token/info')).to_not have_been_made
31
+ end
32
+ end
12
33
  end
13
34
 
14
35
  context 'when user is not authenticated' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: g5_authenticatable_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maeve Revels
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-23 00:00:00.000000000 Z
11
+ date: 2015-01-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0.2'
41
+ - !ruby/object:Gem::Dependency
42
+ name: activesupport
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '3.2'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '3.2'
41
55
  description: Helpers for securing APIs with G5
42
56
  email:
43
57
  - maeve.revels@getg5.com
@@ -224,3 +238,4 @@ test_files:
224
238
  - spec/support/shared_examples/token_validation.rb
225
239
  - spec/support/shared_examples/warden_authenticatable_api.rb
226
240
  - spec/support/warden.rb
241
+ has_rdoc: