grape 0.8.0 → 0.9.0

data/lib/grape/middleware/auth/oauth2.rb

@@ -1,83 +0,0 @@
-module Grape
-  module Middleware
-    module Auth
-      # OAuth 2.0 authorization for Grape APIs.
-      class OAuth2 < Grape::Middleware::Base
-        def default_options
-          {
-            token_class: 'AccessToken',
-            realm: 'OAuth API',
-            parameter: %w(bearer_token oauth_token access_token),
-            accepted_headers: %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION),
-            header: [/Bearer (.*)/i, /OAuth (.*)/i],
-            required: true
-          }
-        end
-
-        def before
-          verify_token(token_parameter || token_header)
-        end
-
-        def request
-          @request ||= Grape::Request.new(env)
-        end
-
-        def params
-          @params ||= request.params
-        end
-
-        def token_parameter
-          Array(options[:parameter]).each do |p|
-            return params[p] if params[p]
-          end
-          nil
-        end
-
-        def token_header
-          return false unless authorization_header
-          Array(options[:header]).each do |regexp|
-            return $1 if authorization_header =~ regexp
-          end
-          nil
-        end
-
-        def authorization_header
-          options[:accepted_headers].each do |head|
-            return env[head] if env[head]
-          end
-          nil
-        end
-
-        def token_class
-          @klass ||= eval(options[:token_class]) # rubocop:disable Eval
-        end
-
-        def verify_token(token)
-          token = token_class.verify(token)
-          if token
-            if token.respond_to?(:expired?) && token.expired?
-              error_out(401, 'invalid_grant')
-            else
-              if !token.respond_to?(:permission_for?) || token.permission_for?(env)
-                env['api.token'] = token
-              else
-                error_out(403, 'insufficient_scope')
-              end
-            end
-          elsif !!options[:required]
-            error_out(401, 'invalid_grant')
-          end
-        end
-
-        def error_out(status, error)
-          throw :error,
-                message: error,
-                status: status,
-                headers: {
-                  'WWW-Authenticate' => "OAuth realm='#{options[:realm]}', error='#{error}'"
-                }
-        end
-      end
-    end
-  end
-end

data/spec/grape/middleware/auth/basic_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-
-require 'base64'
-
-describe Grape::Middleware::Auth::Basic do
-  def app
-    Rack::Builder.new do |b|
-      b.use Grape::Middleware::Error
-      b.use(Grape::Middleware::Auth::Basic) do |u, p|
-        u && p && u == p
-      end
-      b.run lambda { |env| [200, {}, ["Hello there."]] }
-    end
-  end
-
-  it 'throws a 401 if no auth is given' do
-    @proc = lambda { false }
-    get '/whatever'
-    expect(last_response.status).to eq(401)
-  end
-
-  it 'authenticates if given valid creds' do
-    get '/whatever', {}, 'HTTP_AUTHORIZATION' => encode_basic_auth('admin', 'admin')
-    expect(last_response.status).to eq(200)
-  end
-
-  it 'throws a 401 is wrong auth is given' do
-    get '/whatever', {}, 'HTTP_AUTHORIZATION' => encode_basic_auth('admin', 'wrong')
-    expect(last_response.status).to eq(401)
-  end
-end

data/spec/grape/middleware/auth/digest_spec.rb

@@ -1,47 +0,0 @@
-require 'spec_helper'
-
-RSpec::Matchers.define :be_challenge do
-  match do |actual_response|
-    actual_response.status == 401 &&
-    actual_response['WWW-Authenticate'] =~ /^Digest / &&
-    actual_response.body.empty?
-  end
-end
-
-class Test < Grape::API
-  http_digest(realm: 'Test Api', opaque: 'secret') do |username|
-    { 'foo' => 'bar' }[username]
-  end
-
-  get '/test' do
-    [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
-  end
-end
-
-describe Grape::Middleware::Auth::Digest do
-  def app
-    Test
-  end
-
-  it 'is a digest authentication challenge' do
-    get '/test'
-    expect(last_response).to be_challenge
-  end
-
-  it 'throws a 401 if no auth is given' do
-    get '/test'
-    expect(last_response.status).to eq(401)
-  end
-
-  it 'authenticates if given valid creds' do
-    digest_authorize "foo", "bar"
-    get '/test'
-    expect(last_response.status).to eq(200)
-  end
-
-  it 'throws a 401 if given invalid creds' do
-    digest_authorize "bar", "foo"
-    get '/test'
-    expect(last_response.status).to eq(401)
-  end
-end

data/spec/grape/middleware/auth/oauth2_spec.rb

@@ -1,135 +0,0 @@
-require 'spec_helper'
-
-describe Grape::Middleware::Auth::OAuth2 do
-  class FakeToken
-    attr_accessor :token
-
-    def self.verify(token)
-      FakeToken.new(token) if !!token && %w(g e).include?(token[0..0])
-    end
-
-    def initialize(token)
-      @token = token
-    end
-
-    def expired?
-      @token[0..0] == 'e'
-    end
-
-    def permission_for?(env)
-      env['PATH_INFO'] == '/forbidden' ? false : true
-    end
-  end
-
-  def app
-    Rack::Builder.app do
-      use Grape::Middleware::Auth::OAuth2, token_class: 'FakeToken'
-      run lambda { |env| [200, {}, [(env['api.token'].token if env['api.token'])]] }
-    end
-  end
-
-  context 'with the token in the query string' do
-    context 'and a valid token' do
-      before { get '/awesome?access_token=g123' }
-
-      it 'sets env["api.token"]' do
-        expect(last_response.body).to eq('g123')
-      end
-    end
-
-    context 'and an invalid token' do
-      before do
-        @err = catch :error do
-          get '/awesome?access_token=b123'
-        end
-      end
-
-      it 'throws an error' do
-        expect(@err[:status]).to eq(401)
-      end
-
-      it 'sets the WWW-Authenticate header in the response' do
-        expect(@err[:headers]['WWW-Authenticate']).to eq("OAuth realm='OAuth API', error='invalid_grant'")
-      end
-    end
-  end
-
-  context 'with an expired token' do
-    before do
-      @err = catch :error do
-        get '/awesome?access_token=e123'
-      end
-    end
-
-    it 'throws an error' do
-      expect(@err[:status]).to eq(401)
-    end
-
-    it 'sets the WWW-Authenticate header in the response to error' do
-      expect(@err[:headers]['WWW-Authenticate']).to eq("OAuth realm='OAuth API', error='invalid_grant'")
-    end
-  end
-
-  %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION).each do |head|
-    context "with the token in the #{head} header" do
-      before do
-        get '/awesome', {}, head => 'OAuth g123'
-      end
-
-      it 'sets env["api.token"]' do
-        expect(last_response.body).to eq('g123')
-      end
-    end
-  end
-
-  context 'with the token in the POST body' do
-    before do
-      post '/awesome', 'access_token' => 'g123'
-    end
-
-    it 'sets env["api.token"]' do
-      expect(last_response.body).to eq('g123')
-    end
-  end
-
-  context 'when accessing something outside its scope' do
-    before do
-      @err = catch :error do
-        get '/forbidden?access_token=g123'
-      end
-    end
-
-    it 'throws an error' do
-      expect(@err[:status]).to eq(403)
-    end
-
-    it 'sets the WWW-Authenticate header in the response to error' do
-      expect(@err[:headers]['WWW-Authenticate']).to eq("OAuth realm='OAuth API', error='insufficient_scope'")
-    end
-  end
-
-  context 'when authorization is not required' do
-    def app
-      Rack::Builder.app do
-        use Grape::Middleware::Auth::OAuth2, token_class: 'FakeToken', required: false
-        run lambda { |env| [200, {}, [(env['api.token'].token if env['api.token'])]] }
-      end
-    end
-
-    context 'with no token' do
-      before { post '/awesome' }
-
-      it 'succeeds anyway' do
-        expect(last_response.status).to eq(200)
-      end
-    end
-
-    context 'with a valid token' do
-      before { get '/awesome?access_token=g123' }
-
-      it 'sets env["api.token"]' do
-        expect(last_response.body).to eq('g123')
-      end
-    end
-  end
-end