RubyGems - grape-security - Versions diffs - 0.8.0 - Mend

grape-security 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

checksums.yaml +7 -0
data/.gitignore +45 -0
data/.rspec +2 -0
data/.rubocop.yml +70 -0
data/.travis.yml +18 -0
data/.yardopts +2 -0
data/CHANGELOG.md +314 -0
data/CONTRIBUTING.md +118 -0
data/Gemfile +21 -0
data/Guardfile +14 -0
data/LICENSE +20 -0
data/README.md +1777 -0
data/RELEASING.md +105 -0
data/Rakefile +69 -0
data/UPGRADING.md +124 -0
data/grape-security.gemspec +39 -0
data/grape.png +0 -0
data/lib/grape.rb +99 -0
data/lib/grape/api.rb +646 -0
data/lib/grape/cookies.rb +39 -0
data/lib/grape/endpoint.rb +533 -0
data/lib/grape/error_formatter/base.rb +31 -0
data/lib/grape/error_formatter/json.rb +15 -0
data/lib/grape/error_formatter/txt.rb +16 -0
data/lib/grape/error_formatter/xml.rb +15 -0
data/lib/grape/exceptions/base.rb +66 -0
data/lib/grape/exceptions/incompatible_option_values.rb +10 -0
data/lib/grape/exceptions/invalid_formatter.rb +10 -0
data/lib/grape/exceptions/invalid_versioner_option.rb +10 -0
data/lib/grape/exceptions/invalid_with_option_for_represent.rb +10 -0
data/lib/grape/exceptions/missing_mime_type.rb +10 -0
data/lib/grape/exceptions/missing_option.rb +10 -0
data/lib/grape/exceptions/missing_vendor_option.rb +10 -0
data/lib/grape/exceptions/unknown_options.rb +10 -0
data/lib/grape/exceptions/unknown_validator.rb +10 -0
data/lib/grape/exceptions/validation.rb +26 -0
data/lib/grape/exceptions/validation_errors.rb +43 -0
data/lib/grape/formatter/base.rb +31 -0
data/lib/grape/formatter/json.rb +12 -0
data/lib/grape/formatter/serializable_hash.rb +35 -0
data/lib/grape/formatter/txt.rb +11 -0
data/lib/grape/formatter/xml.rb +12 -0
data/lib/grape/http/request.rb +26 -0
data/lib/grape/locale/en.yml +32 -0
data/lib/grape/middleware/auth/base.rb +30 -0
data/lib/grape/middleware/auth/basic.rb +13 -0
data/lib/grape/middleware/auth/digest.rb +13 -0
data/lib/grape/middleware/auth/oauth2.rb +83 -0
data/lib/grape/middleware/base.rb +62 -0
data/lib/grape/middleware/error.rb +89 -0
data/lib/grape/middleware/filter.rb +17 -0
data/lib/grape/middleware/formatter.rb +150 -0
data/lib/grape/middleware/globals.rb +13 -0
data/lib/grape/middleware/versioner.rb +32 -0
data/lib/grape/middleware/versioner/accept_version_header.rb +67 -0
data/lib/grape/middleware/versioner/header.rb +132 -0
data/lib/grape/middleware/versioner/param.rb +42 -0
data/lib/grape/middleware/versioner/path.rb +52 -0
data/lib/grape/namespace.rb +23 -0
data/lib/grape/parser/base.rb +29 -0
data/lib/grape/parser/json.rb +11 -0
data/lib/grape/parser/xml.rb +11 -0
data/lib/grape/path.rb +70 -0
data/lib/grape/route.rb +27 -0
data/lib/grape/util/content_types.rb +18 -0
data/lib/grape/util/deep_merge.rb +23 -0
data/lib/grape/util/hash_stack.rb +120 -0
data/lib/grape/validations.rb +322 -0
data/lib/grape/validations/coerce.rb +63 -0
data/lib/grape/validations/default.rb +25 -0
data/lib/grape/validations/exactly_one_of.rb +26 -0
data/lib/grape/validations/mutual_exclusion.rb +25 -0
data/lib/grape/validations/presence.rb +16 -0
data/lib/grape/validations/regexp.rb +12 -0
data/lib/grape/validations/values.rb +23 -0
data/lib/grape/version.rb +3 -0
data/spec/grape/api_spec.rb +2571 -0
data/spec/grape/endpoint_spec.rb +784 -0
data/spec/grape/entity_spec.rb +324 -0
data/spec/grape/exceptions/invalid_formatter_spec.rb +18 -0
data/spec/grape/exceptions/invalid_versioner_option_spec.rb +18 -0
data/spec/grape/exceptions/missing_mime_type_spec.rb +18 -0
data/spec/grape/exceptions/missing_option_spec.rb +18 -0
data/spec/grape/exceptions/unknown_options_spec.rb +18 -0
data/spec/grape/exceptions/unknown_validator_spec.rb +18 -0
data/spec/grape/exceptions/validation_errors_spec.rb +19 -0
data/spec/grape/middleware/auth/basic_spec.rb +31 -0
data/spec/grape/middleware/auth/digest_spec.rb +47 -0
data/spec/grape/middleware/auth/oauth2_spec.rb +135 -0
data/spec/grape/middleware/base_spec.rb +58 -0
data/spec/grape/middleware/error_spec.rb +45 -0
data/spec/grape/middleware/exception_spec.rb +184 -0
data/spec/grape/middleware/formatter_spec.rb +258 -0
data/spec/grape/middleware/versioner/accept_version_header_spec.rb +121 -0
data/spec/grape/middleware/versioner/header_spec.rb +302 -0
data/spec/grape/middleware/versioner/param_spec.rb +58 -0
data/spec/grape/middleware/versioner/path_spec.rb +44 -0
data/spec/grape/middleware/versioner_spec.rb +22 -0
data/spec/grape/path_spec.rb +229 -0
data/spec/grape/util/hash_stack_spec.rb +132 -0
data/spec/grape/validations/coerce_spec.rb +208 -0
data/spec/grape/validations/default_spec.rb +123 -0
data/spec/grape/validations/exactly_one_of_spec.rb +71 -0
data/spec/grape/validations/mutual_exclusion_spec.rb +61 -0
data/spec/grape/validations/presence_spec.rb +142 -0
data/spec/grape/validations/regexp_spec.rb +40 -0
data/spec/grape/validations/values_spec.rb +152 -0
data/spec/grape/validations/zh-CN.yml +10 -0
data/spec/grape/validations_spec.rb +994 -0
data/spec/shared/versioning_examples.rb +121 -0
data/spec/spec_helper.rb +26 -0
data/spec/support/basic_auth_encode_helpers.rb +3 -0
data/spec/support/content_type_helpers.rb +11 -0
data/spec/support/versioned_helpers.rb +50 -0
metadata +421 -0

data/lib/grape/error_formatter/base.rb ADDED

@@ -0,0 +1,31 @@
+module Grape
+  module ErrorFormatter
+    module Base
+      class << self
+        FORMATTERS = {
+          serializable_hash: Grape::ErrorFormatter::Json,
+          json: Grape::ErrorFormatter::Json,
+          jsonapi: Grape::ErrorFormatter::Json,
+          txt: Grape::ErrorFormatter::Txt,
+          xml: Grape::ErrorFormatter::Xml
+        }
+        def formatters(options)
+          FORMATTERS.merge(options[:error_formatters] || {})
+        end
+        def formatter_for(api_format, options = {})
+          spec = formatters(options)[api_format]
+          case spec
+          when nil
+            options[:default_error_formatter] || Grape::ErrorFormatter::Txt
+          when Symbol
+            method(spec)
+          else
+            spec
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape/error_formatter/json.rb ADDED

@@ -0,0 +1,15 @@
+module Grape
+  module ErrorFormatter
+    module Json
+      class << self
+        def call(message, backtrace, options = {}, env = nil)
+          result = message.is_a?(Hash) ? message : { error: message }
+          if (options[:rescue_options] || {})[:backtrace] && backtrace && !backtrace.empty?
+            result = result.merge(backtrace: backtrace)
+          end
+          MultiJson.dump(result)
+        end
+      end
+    end
+  end
+end

data/lib/grape/error_formatter/txt.rb ADDED

@@ -0,0 +1,16 @@
+module Grape
+  module ErrorFormatter
+    module Txt
+      class << self
+        def call(message, backtrace, options = {}, env = nil)
+          result = message.is_a?(Hash) ? MultiJson.dump(message) : message
+          if (options[:rescue_options] || {})[:backtrace] && backtrace && !backtrace.empty?
+            result += "\r\n "
+            result += backtrace.join("\r\n ")
+          end
+          result
+        end
+      end
+    end
+  end
+end

data/lib/grape/error_formatter/xml.rb ADDED

@@ -0,0 +1,15 @@
+module Grape
+  module ErrorFormatter
+    module Xml
+      class << self
+        def call(message, backtrace, options = {}, env = nil)
+          result = message.is_a?(Hash) ? message : { message: message }
+          if (options[:rescue_options] || {})[:backtrace] && backtrace && !backtrace.empty?
+            result = result.merge(backtrace: backtrace)
+          end
+          result.respond_to?(:to_xml) ? result.to_xml(root: :error) : result.to_s
+        end
+      end
+    end
+  end
+end

data/lib/grape/exceptions/base.rb ADDED

@@ -0,0 +1,66 @@
+module Grape
+  module Exceptions
+    class Base < StandardError
+      BASE_MESSAGES_KEY = 'grape.errors.messages'
+      BASE_ATTRIBUTES_KEY = 'grape.errors.attributes'
+      FALLBACK_LOCALE = :en
+      attr_reader :status, :message, :headers
+      def initialize(args = {})
+        @status = args[:status] || nil
+        @message = args[:message] || nil
+        @headers = args[:headers] || nil
+      end
+      def [](index)
+        send index
+      end
+      protected
+      # TODO: translate attribute first
+      # if BASE_ATTRIBUTES_KEY.key respond to a string message, then short_message is returned
+      # if BASE_ATTRIBUTES_KEY.key respond to a Hash, means it may have problem , summary and resolution
+      def compose_message(key, attributes = {})
+        short_message = translate_message(key, attributes)
+        if short_message.is_a? Hash
+          @problem = problem(key, attributes)
+          @summary = summary(key, attributes)
+          @resolution = resolution(key, attributes)
+          [["Problem", @problem], ["Summary", @summary], ["Resolution", @resolution]].reduce("") do |message, detail_array|
+            message <<  "\n#{detail_array[0]}:\n  #{detail_array[1]}" unless detail_array[1].blank?
+            message
+          end
+        else
+          short_message
+        end
+      end
+      def problem(key, attributes)
+        translate_message("#{key}.problem", attributes)
+      end
+      def summary(key, attributes)
+        translate_message("#{key}.summary", attributes)
+      end
+      def resolution(key, attributes)
+        translate_message("#{key}.resolution", attributes)
+      end
+      def translate_attribute(key, options = {})
+        translate("#{BASE_ATTRIBUTES_KEY}.#{key}", { default: key }.merge(options))
+      end
+      def translate_message(key, options = {})
+        translate("#{BASE_MESSAGES_KEY}.#{key}", { default: '' }.merge(options))
+      end
+      def translate(key, options = {})
+        message = ::I18n.translate(key, options)
+        message.present? ? message : ::I18n.translate(key, options.merge(locale: FALLBACK_LOCALE))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/incompatible_option_values.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class IncompatibleOptionValues < Base
+      def initialize(option1, value1, option2, value2)
+        super(message: compose_message("incompatible_option_values", option1: option1, value1: value1, option2: option2, value2: value2))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/invalid_formatter.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class InvalidFormatter < Base
+      def initialize(klass, to_format)
+        super(message: compose_message("invalid_formatter", klass: klass, to_format: to_format))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/invalid_versioner_option.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class InvalidVersionerOption < Base
+      def initialize(strategy)
+        super(message: compose_message("invalid_versioner_option", strategy: strategy))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/invalid_with_option_for_represent.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class InvalidWithOptionForRepresent < Base
+      def initialize
+        super(message: compose_message("invalid_with_option_for_represent"))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/missing_mime_type.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class MissingMimeType < Base
+      def initialize(new_format)
+        super(message: compose_message("missing_mime_type", new_format: new_format))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/missing_option.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class MissingOption < Base
+      def initialize(option)
+        super(message: compose_message("missing_option", option: option))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/missing_vendor_option.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class MissingVendorOption < Base
+      def initialize
+        super(message: compose_message("missing_vendor_option"))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/unknown_options.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class UnknownOptions < Base
+      def initialize(options)
+        super(message: compose_message("unknown_options", options: options))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/unknown_validator.rb ADDED

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module Grape
+  module Exceptions
+    class UnknownValidator < Base
+      def initialize(validator_type)
+        super(message: compose_message("unknown_validator", validator_type: validator_type))
+      end
+    end
+  end
+end

data/lib/grape/exceptions/validation.rb ADDED

@@ -0,0 +1,26 @@
+require 'grape/exceptions/base'
+module Grape
+  module Exceptions
+    class Validation < Grape::Exceptions::Base
+      attr_accessor :param
+      def initialize(args = {})
+        raise "Param is missing:" unless args.key? :param
+        @param = args[:param]
+        args[:message] = translate_message(args[:message_key]) if args.key? :message_key
+        super
+      end
+      # remove all the unnecessary stuff from Grape::Exceptions::Base like status
+      # and headers when converting a validation error to json or string
+      def as_json(*args)
+        to_s
+      end
+      def to_s
+        message
+      end
+    end
+  end
+end

data/lib/grape/exceptions/validation_errors.rb ADDED

@@ -0,0 +1,43 @@
+require 'grape/exceptions/base'
+module Grape
+  module Exceptions
+    class ValidationErrors < Grape::Exceptions::Base
+      include Enumerable
+      attr_reader :errors
+      def initialize(args = {})
+        @errors = {}
+        args[:errors].each do |validation_error|
+          @errors[validation_error.param] ||= []
+          @errors[validation_error.param] << validation_error
+        end
+        super message: full_messages.join(', '), status: 400
+      end
+      def each
+        errors.each_pair do |attribute, errors|
+          errors.each do |error|
+            yield attribute, error
+          end
+        end
+      end
+      private
+      def full_messages
+        map { |attribute, error| full_message(attribute, error) }.uniq
+      end
+      def full_message(attribute, error)
+        I18n.t(
+          "grape.errors.format".to_sym,
+          default: "%{attribute} %{message}",
+          attribute: translate_attribute(attribute),
+          message: error.message
+        )
+      end
+    end
+  end
+end

data/lib/grape/formatter/base.rb ADDED

@@ -0,0 +1,31 @@
+module Grape
+  module Formatter
+    module Base
+      class << self
+        FORMATTERS = {
+          json: Grape::Formatter::Json,
+          jsonapi: Grape::Formatter::Json,
+          serializable_hash: Grape::Formatter::SerializableHash,
+          txt: Grape::Formatter::Txt,
+          xml: Grape::Formatter::Xml
+        }
+        def formatters(options)
+          FORMATTERS.merge(options[:formatters] || {})
+        end
+        def formatter_for(api_format, options = {})
+          spec = formatters(options)[api_format]
+          case spec
+          when nil
+            lambda { |obj, env| obj }
+          when Symbol
+            method(spec)
+          else
+            spec
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape/formatter/json.rb ADDED

@@ -0,0 +1,12 @@
+module Grape
+  module Formatter
+    module Json
+      class << self
+        def call(object, env)
+          return object.to_json if object.respond_to?(:to_json)
+          MultiJson.dump(object)
+        end
+      end
+    end
+  end
+end

data/lib/grape/formatter/serializable_hash.rb ADDED

@@ -0,0 +1,35 @@
+module Grape
+  module Formatter
+    module SerializableHash
+      class << self
+        def call(object, env)
+          return object if object.is_a?(String)
+          return MultiJson.dump(serialize(object)) if serializable?(object)
+          return object.to_json if object.respond_to?(:to_json)
+          MultiJson.dump(object)
+        end
+        private
+        def serializable?(object)
+          object.respond_to?(:serializable_hash) || object.kind_of?(Array) && !object.map { |o| o.respond_to? :serializable_hash }.include?(false) || object.kind_of?(Hash)
+        end
+        def serialize(object)
+          if object.respond_to? :serializable_hash
+            object.serializable_hash
+          elsif object.kind_of?(Array) && !object.map { |o| o.respond_to? :serializable_hash }.include?(false)
+            object.map { |o| o.serializable_hash }
+          elsif object.kind_of?(Hash)
+            object.inject({}) do |h, (k, v)|
+              h[k] = serialize(v)
+              h
+            end
+          else
+            object
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape/formatter/txt.rb ADDED

@@ -0,0 +1,11 @@
+module Grape
+  module Formatter
+    module Txt
+      class << self
+        def call(object, env)
+          object.respond_to?(:to_txt) ? object.to_txt : object.to_s
+        end
+      end
+    end
+  end
+end

data/lib/grape/formatter/xml.rb ADDED

@@ -0,0 +1,12 @@
+module Grape
+  module Formatter
+    module Xml
+      class << self
+        def call(object, env)
+          return object.to_xml if object.respond_to?(:to_xml)
+          raise Grape::Exceptions::InvalidFormatter.new(object.class, 'xml')
+        end
+      end
+    end
+  end
+end

data/lib/grape/http/request.rb ADDED

@@ -0,0 +1,26 @@
+module Grape
+  class Request < Rack::Request
+    def params
+      @params ||= begin
+        params = Hashie::Mash.new(super)
+        if env['rack.routing_args']
+          args = env['rack.routing_args'].dup
+          # preserve version from query string parameters
+          args.delete(:version)
+          params.deep_merge!(args)
+        end
+        params
+      end
+    end
+    def headers
+      @headers ||= env.dup.inject({}) do |h, (k, v)|
+        if k.to_s.start_with? 'HTTP_'
+          k = k[5..-1].gsub('_', '-').downcase.gsub(/^.|[-_\s]./) { |x| x.upcase }
+          h[k] = v
+        end
+        h
+      end
+    end
+  end
+end