gds-api-adapters 19.0.0 → 19.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 74bb42454aa30f1970f30520a8c77f578bd4e336
-  data.tar.gz: a10fcf027a156dd02d7e80ef31c0a75abbbfc41d
+  metadata.gz: 685025d180b46ecc7468390d5a17adfced252e6f
+  data.tar.gz: a7d382fa6bb62a52a2211cd746d334a292ca3633
 SHA512:
-  metadata.gz: 7031ecf415602f3e70c9b37963aa04114f7482d5ba3f5b65ed7fe883acdc70da40631daa985bea7a923cc096d369cb603e24d5915d7a25ef4d6a8cb0b7753d51
-  data.tar.gz: 5d9f6a306e719235254b72eba5c3ce24fd0979a70211d270cfb1ef0d766aa762b4ac6af588f75b35cd2e3186acf450f8694665d957c20fb753bdabf8cc6318c3
+  metadata.gz: e421a41cb2f5a2082a984faf196e910b2ad3232097507e420abcf7f95618dfc194ec8e0508def31ec4406f6a5f65cf07d671e915573ba5f6209726691f131d35
+  data.tar.gz: 8490c07db3fe156ecda84e21541a1ef94450310ebca5890798ee37839c839a56ce25f4a90831ada11a0930387c0a0aa45f7c9f9268ba315d56d342d1d05c8f0a

data/README.md

@@ -29,32 +29,39 @@ something that actually logs:
 
     GdsApi::Base.logger = Logger.new("/path/to/file.log")
 
-## Authorization
-
-The API Adapters currently support either HTTP Basic authentication or OAuth2
-(bearer token) authorization. This is only used for Panopticon registration at
-present. The GdsApi::Panopticon::Registerer adapter expects a constant called
-PANOPTICON_API_CREDENTIALS to be defined and will use that to pass the relevant
-options to the HTTP client.
-
-To use bearer token authorization the format that constant should be a hash of
-the form:
-
-    PANOPTICON_API_CREDENTIALS = { bearer_token: 'MY_BEARER_TOKEN' }
-
-
 ## Middleware for request tracing
 
-We set a unique header at the cache level called `GOVUK-Request-Id`. In order
+We set a unique header at the cache level called `Govuk-Request-Id`. In order
 to serve a user's request, if apps make API requests they should pass on this
 header, so that we can trace a request across the entire GOV.UK stack.
 
-`GdsApi::GovukRequestIdSniffer` middleware takes care of this. This gem contains
+`GdsApi::GovukHeaderSniffer` middleware takes care of this. This gem contains
 a railtie that configures this middleware for Rails apps without extra effort.
 Other Rack-based apps should opt-in by adding this line to your `config.ru`:
 
-```use GdsApi::GovukRequestIdSniffer```
+    use GdsApi::GovukHeaderSniffer, 'HTTP_GOVUK_REQUEST_ID'
 
+## Middleware for identifying authenticated users
+
+Applications can make use of user-based identification for additional
+authorisation when making API requests. Any application that is using gds-sso
+for authentication can set an additional header called
+'X-Govuk-Authenticated-User' to identify the currently authenticated user ID.
+This will automatically be picked up by the `GdsApi::GovukHeaderSniffer`
+middleware in Rails applications and sent with API requests so that the
+downstream service can optionally use the identifier to perform authorisation
+on the request. This will be used by content-store as a mechanism to only
+return access-limited content to authenticated and authorised users.
+
+## App-level Authentication
+
+The API Adapters currently support either HTTP Basic or OAuth2 (bearer token)
+authentication. This allows an application to identify itself to another where
+required. This is currently used by the `GdsApi::Panopticon::Registerer`
+adapter, which  expects a constant called `PANOPTICON_API_CREDENTIALS` to be
+defined that identifies the calling application to Panopticon:
+
+    PANOPTICON_API_CREDENTIALS = { bearer_token: 'MY_BEARER_TOKEN' }
 
 ## Test Helpers
 

data/lib/gds_api/govuk_headers.rb

@@ -0,0 +1,21 @@
+module GdsApi
+  class GovukHeaders
+    class << self
+      def set_header(header_name, value)
+        header_data[header_name] = value
+      end
+
+      def headers
+        header_data.select {|k, v| !(v.nil? || v.empty?) }
+      end
+
+      private
+
+      def header_data
+        Thread.current[:headers] ||= {}
+      end
+
+    end
+  end
+end
+

data/lib/gds_api/json_client.rb

@@ -2,7 +2,7 @@ require_relative 'response'
 require_relative 'exceptions'
 require_relative 'version'
 require_relative 'null_cache'
-require_relative 'govuk_request_id'
+require_relative 'govuk_headers'
 require 'lrucache'
 require 'rest-client'
 
@@ -172,7 +172,7 @@ module GdsApi
     end
 
     def with_headers(method_params, headers)
-      headers = headers.merge(govuk_request_id: GdsApi::GovukRequestId.value) if GdsApi::GovukRequestId.set?
+      headers = headers.merge(GdsApi::GovukHeaders.headers)
       method_params.merge(
         headers: method_params[:headers].merge(headers)
       )

data/lib/gds_api/middleware/govuk_header_sniffer.rb

@@ -0,0 +1,21 @@
+require_relative '../govuk_headers'
+
+module GdsApi
+  class GovukHeaderSniffer
+    def initialize(app, header_name)
+      @app = app
+      @header_name = header_name
+    end
+
+    def call(env)
+      GdsApi::GovukHeaders.set_header(readable_name, env[@header_name])
+      @app.call(env)
+    end
+
+    private
+
+    def readable_name
+      @header_name.sub(/^HTTP_/, "").downcase.to_sym
+    end
+  end
+end

data/lib/gds_api/railtie.rb

@@ -1,10 +1,15 @@
-require_relative 'middleware/govuk_request_id_sniffer'
+require_relative 'middleware/govuk_header_sniffer'
 
 module GdsApi
   class Railtie < Rails::Railtie
     initializer "gds_api.initialize_govuk_request_id_sniffer" do |app|
-      Rails.logger.info "Using middleware GdsApi::GovukRequestIdSniffer to sniff for GOVUK-Request-Id header"
-      app.middleware.use GdsApi::GovukRequestIdSniffer
+      Rails.logger.info "Using middleware GdsApi::GovukHeaderSniffer to sniff for GOVUK-Request-Id header"
+      app.middleware.use GdsApi::GovukHeaderSniffer, 'HTTP_GOVUK_REQUEST_ID'
+    end
+
+    initializer "gds_api.initialize_govuk_authenticated_user_sniffer" do |app|
+      Rails.logger.info "Using middleware GdsApi::GovukHeaderSniffer to sniff for X-GOVUK-Authenticated-User header"
+      app.middleware.use GdsApi::GovukHeaderSniffer, 'HTTP_X_GOVUK_AUTHENTICATED_USER'
     end
   end
 end

data/lib/gds_api/version.rb

@@ -1,3 +1,3 @@
 module GdsApi
-  VERSION = '19.0.0'
+  VERSION = '19.1.0'
 end

data/test/json_client_test.rb

@@ -638,8 +638,8 @@ class JsonClientTest < MiniTest::Spec
     end
   end
 
-  def test_govuk_request_id_gets_set_if_present
-    GdsApi::GovukRequestId.value = "12345" # set by middleware GovukRequestIdSniffer
+  def test_govuk_headers_are_included_in_requests_if_present
+    GdsApi::GovukHeaders.set_header(:govuk_request_id, "12345") # set by middleware GovukHeaderSniffer
     stub_request(:get, "http://some.other.endpoint/some.json").to_return(:status => 200)
 
     GdsApi::JsonClient.new.get_json("http://some.other.endpoint/some.json")
@@ -649,6 +649,17 @@ class JsonClientTest < MiniTest::Spec
     end
   end
 
+  def test_govuk_headers_ignored_in_requests_if_not_present
+    GdsApi::GovukHeaders.set_header(:x_govuk_authenticated_user, "")
+    stub_request(:get, "http://some.other.endpoint/some.json").to_return(:status => 200)
+
+    GdsApi::JsonClient.new.get_json("http://some.other.endpoint/some.json")
+
+    assert_requested(:get, %r{/some.json}) do |request|
+      !request.headers.has_key?('X-Govuk-Authenticated-User')
+    end
+  end
+
   def test_additional_headers_passed_in_do_not_get_modified
     stub_request(:get, "http://some.other.endpoint/some.json").to_return(:status => 200)
 

data/test/middleware/govuk_header_sniffer_test.rb

@@ -0,0 +1,18 @@
+require 'test_helper'
+require 'gds_api/middleware/govuk_header_sniffer'
+
+describe GdsApi::GovukHeaderSniffer do
+  include Rack::Test::Methods
+
+  let(:inner_app) do
+    lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['All good!']] }
+  end
+
+  let(:app) { GdsApi::GovukHeaderSniffer.new(inner_app, 'HTTP_GOVUK_REQUEST_ID') }
+
+  it "sniffs custom request headers and stores them for later use" do
+    header "Govuk-Request-Id", "12345"
+    get "/"
+    assert_equal '12345', GdsApi::GovukHeaders.headers[:govuk_request_id]
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gds-api-adapters
 version: !ruby/object:Gem::Version
-  version: 19.0.0
+  version: 19.1.0
 platform: ruby
 authors:
 - James Stewart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-23 00:00:00.000000000 Z
+date: 2015-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: plek
@@ -287,7 +287,7 @@ files:
 - lib/gds_api/finder_api.rb
 - lib/gds_api/finder_schema.rb
 - lib/gds_api/gov_uk_delivery.rb
-- lib/gds_api/govuk_request_id.rb
+- lib/gds_api/govuk_headers.rb
 - lib/gds_api/helpers.rb
 - lib/gds_api/imminence.rb
 - lib/gds_api/json_client.rb
@@ -295,7 +295,7 @@ files:
 - lib/gds_api/list_response.rb
 - lib/gds_api/mapit.rb
 - lib/gds_api/maslow.rb
-- lib/gds_api/middleware/govuk_request_id_sniffer.rb
+- lib/gds_api/middleware/govuk_header_sniffer.rb
 - lib/gds_api/need_api.rb
 - lib/gds_api/needotron.rb
 - lib/gds_api/null_cache.rb
@@ -373,7 +373,7 @@ files:
 - test/list_response_test.rb
 - test/mapit_test.rb
 - test/maslow_test.rb
-- test/middleware/govuk_request_id_sniffer_test.rb
+- test/middleware/govuk_header_sniffer_test.rb
 - test/need_api_test.rb
 - test/organisations_api_test.rb
 - test/panopticon_registerer_test.rb
@@ -434,7 +434,7 @@ test_files:
 - test/maslow_test.rb
 - test/panopticon_registerer_test.rb
 - test/panopticon_test.rb
-- test/middleware/govuk_request_id_sniffer_test.rb
+- test/middleware/govuk_header_sniffer_test.rb
 - test/rummager_test.rb
 - test/json_client_test.rb
 - test/email_alert_api_test.rb

data/lib/gds_api/govuk_request_id.rb

@@ -1,17 +0,0 @@
-module GdsApi
-  class GovukRequestId
-    class << self
-      def set?
-        !(value.nil? || value.empty?)
-      end
-
-      def value
-        Thread.current[:govuk_request_id]
-      end
-
-      def value=(new_id)
-        Thread.current[:govuk_request_id] = new_id
-      end
-    end
-  end
-end

data/lib/gds_api/middleware/govuk_request_id_sniffer.rb

@@ -1,14 +0,0 @@
-require_relative '../govuk_request_id'
-
-module GdsApi
-  class GovukRequestIdSniffer
-    def initialize(app)
-      @app = app
-    end
-
-    def call(env)
-      GdsApi::GovukRequestId.value = env['HTTP_GOVUK_REQUEST_ID']
-      @app.call(env)
-    end
-  end
-end

data/test/middleware/govuk_request_id_sniffer_test.rb

@@ -1,18 +0,0 @@
-require 'test_helper'
-require 'gds_api/middleware/govuk_request_id_sniffer'
-
-describe GdsApi::GovukRequestIdSniffer do
-  include Rack::Test::Methods
-
-  let(:inner_app) do
-    lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['All good!']] }
-  end
-
-  let(:app) { GdsApi::GovukRequestIdSniffer.new(inner_app) }
-
-  it "sniffs the govuk request id from request headers" do
-    header "Govuk-Request-Id", "12345"
-    get "/"
-    assert_equal '12345', GdsApi::GovukRequestId.value
-  end
-end