grape_simple_auth 0.2.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +42 -41
  3. data/README.md +8 -2
  4. data/grape_simple_auth.gemspec +4 -4
  5. data/lib/grape_simple_auth/auth_methods/auth_methods.rb +9 -1
  6. data/lib/grape_simple_auth/auth_strategies/swagger.rb +21 -1
  7. data/lib/grape_simple_auth/errors/invalid_scope_matcher.rb +9 -0
  8. data/lib/grape_simple_auth/extension.rb +14 -3
  9. data/lib/grape_simple_auth/oauth2.rb +35 -8
  10. data/lib/grape_simple_auth/version.rb +1 -1
  11. data/lib/grape_simple_auth.rb +1 -0
  12. metadata +15 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 514832426298a7161edf6a2ee9eecc2744da6c345f5f5abb0a0c2f2bc0f7849d
4
- data.tar.gz: 925214598e994294a61ef684a08b9b385d8e6d1ae437128b658f89621a87de5d
3
+ metadata.gz: f284706ebd22652e4d0fd2afe39321cb558bf8cd3c13e040b245f30837b93ac2
4
+ data.tar.gz: 563e0dd5b540a4e8aa86615a1ed9ab3ad92bd1c9312396c7e90c38dc0386a28b
5
5
  SHA512:
6
- metadata.gz: 3300fdfa4bfbfdfd7f82449ca3ebb7584392d707bb4752b885c20f337afdc7860a159dfabaf11b23afd0cfe5a67f62cece011cf91455fa91df49ce74745ca38c
7
- data.tar.gz: 7bb618d60232690f1923744dccb5bdaf4603ca8c5038f7fe2f6135906bb9410f93e9ee0e361d596d291f763e42f2c07821b60e8e27509e8d0ffdaaf362693dd4
6
+ metadata.gz: 6c124c991f8105fd19ef3ff8642322fe4abcddcb819c938973cd9414e656d5af20ce8c67da639ea8f649a198daec880e94f9a69870957e39162296220829026a
7
+ data.tar.gz: 23392e6693e89484c3d87d60d64add602e3cd3ecfbde0980d1df5340e9c35d9cdf791eb422c26f55e40a10a2f267dd6e54632740355ced1870787c3c426079d2
data/Gemfile.lock CHANGED
@@ -1,52 +1,57 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- grape_simple_auth (0.1.2)
5
- grape (~> 1.1.0)
6
- httparty (~> 0.16.3)
4
+ grape_simple_auth (0.5.0)
5
+ grape (~> 1.6)
6
+ httparty (~> 0.20)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- activesupport (5.2.2)
11
+ activesupport (7.0.4)
12
12
  concurrent-ruby (~> 1.0, >= 1.0.2)
13
- i18n (>= 0.7, < 2)
14
- minitest (~> 5.1)
15
- tzinfo (~> 1.1)
16
- axiom-types (0.1.1)
17
- descendants_tracker (~> 0.0.4)
18
- ice_nine (~> 0.11.0)
19
- thread_safe (~> 0.3, >= 0.3.1)
20
- builder (3.2.3)
21
- coercible (1.0.0)
22
- descendants_tracker (~> 0.0.1)
23
- concurrent-ruby (1.1.4)
24
- descendants_tracker (0.0.4)
25
- thread_safe (~> 0.3, >= 0.3.1)
13
+ i18n (>= 1.6, < 2)
14
+ minitest (>= 5.1)
15
+ tzinfo (~> 2.0)
16
+ builder (3.2.4)
17
+ concurrent-ruby (1.1.10)
26
18
  diff-lcs (1.3)
27
- equalizer (0.0.11)
28
- grape (1.1.0)
19
+ dry-core (1.0.0)
20
+ concurrent-ruby (~> 1.0)
21
+ zeitwerk (~> 2.6)
22
+ dry-inflector (1.0.0)
23
+ dry-logic (1.4.0)
24
+ concurrent-ruby (~> 1.0)
25
+ dry-core (~> 1.0, < 2)
26
+ zeitwerk (~> 2.6)
27
+ dry-types (1.7.0)
28
+ concurrent-ruby (~> 1.0)
29
+ dry-core (~> 1.0, < 2)
30
+ dry-inflector (~> 1.0, < 2)
31
+ dry-logic (>= 1.4, < 2)
32
+ zeitwerk (~> 2.6)
33
+ grape (1.6.2)
29
34
  activesupport
30
35
  builder
36
+ dry-types (>= 1.1)
31
37
  mustermann-grape (~> 1.0.0)
32
38
  rack (>= 1.3.0)
33
39
  rack-accept
34
- virtus (>= 1.0.0)
35
- httparty (0.16.3)
40
+ httparty (0.20.0)
36
41
  mime-types (~> 3.0)
37
42
  multi_xml (>= 0.5.2)
38
- i18n (1.3.0)
43
+ i18n (1.12.0)
39
44
  concurrent-ruby (~> 1.0)
40
- ice_nine (0.11.2)
41
- mime-types (3.2.2)
45
+ mime-types (3.4.1)
42
46
  mime-types-data (~> 3.2015)
43
- mime-types-data (3.2018.0812)
44
- minitest (5.11.3)
47
+ mime-types-data (3.2022.0105)
48
+ minitest (5.16.3)
45
49
  multi_xml (0.6.0)
46
- mustermann (1.0.3)
47
- mustermann-grape (1.0.0)
48
- mustermann (~> 1.0.0)
49
- rack (2.0.6)
50
+ mustermann (3.0.0)
51
+ ruby2_keywords (~> 0.0.1)
52
+ mustermann-grape (1.0.2)
53
+ mustermann (>= 1.0.0)
54
+ rack (3.0.1)
50
55
  rack-accept (0.4.5)
51
56
  rack (>= 0.4)
52
57
  rake (10.5.0)
@@ -63,23 +68,19 @@ GEM
63
68
  diff-lcs (>= 1.2.0, < 2.0)
64
69
  rspec-support (~> 3.7.0)
65
70
  rspec-support (3.7.0)
66
- thread_safe (0.3.6)
67
- tzinfo (1.2.5)
68
- thread_safe (~> 0.1)
69
- virtus (1.0.5)
70
- axiom-types (~> 0.1)
71
- coercible (~> 1.0)
72
- descendants_tracker (~> 0.0, >= 0.0.3)
73
- equalizer (~> 0.0, >= 0.0.9)
71
+ ruby2_keywords (0.0.5)
72
+ tzinfo (2.0.5)
73
+ concurrent-ruby (~> 1.0)
74
+ zeitwerk (2.6.6)
74
75
 
75
76
  PLATFORMS
76
77
  ruby
77
78
 
78
79
  DEPENDENCIES
79
- bundler (~> 1.16)
80
+ bundler (~> 2.3)
80
81
  grape_simple_auth!
81
82
  rake (~> 10.0)
82
- rspec (~> 3.0)
83
+ rspec (~> 3.7)
83
84
 
84
85
  BUNDLED WITH
85
- 1.16.4
86
+ 2.3.26
data/README.md CHANGED
@@ -62,14 +62,20 @@ end
62
62
  rescue_from GrapeSimpleAuth::Errors::InvalidScope do |e|
63
63
  error!(e, 401)
64
64
  end
65
+ rescue_from GrapeSimpleAuth::Errors::InvalidScopeMatcher do |e|
66
+ error!(e, 401)
67
+ end
65
68
  ```
66
69
 
67
70
  ### Protecting your endpoint
68
71
 
69
72
  In your endpoint you need to define which protected endpoint by adding this DSL :
70
73
 
71
- 1. `oauth2`
72
- 2. `oauth2 "email"`
74
+ 1. `oauth2` => Any scopes as long as the token is valid
75
+ 2. `oauth2 "email"` => Scope can be "email"
76
+ 3. `oauth2 "email", match: "all"` => Scope must be "email"
77
+ 4. `oauth2 "email", "phone"` Scopes can match "email" or "phone"
78
+ 5. `oauth2 "email", "phone", match: "all"` Scopes must match "email" and "phone"
73
79
 
74
80
  Example :
75
81
 
data/grape_simple_auth.gemspec CHANGED
@@ -32,9 +32,9 @@ Gem::Specification.new do |spec|
32
32
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
33
33
  spec.require_paths = ["lib"]
34
34
 
35
- spec.add_development_dependency "bundler", "~> 1.16"
35
+ spec.add_development_dependency "bundler", "~> 2.3"
36
36
  spec.add_development_dependency "rake", "~> 10.0"
37
- spec.add_development_dependency "rspec", "~> 3.0"
38
- spec.add_dependency "httparty", "~> 0.16.3"
39
- spec.add_dependency "grape", "~> 1.1.0"
37
+ spec.add_development_dependency "rspec", "~> 3.7"
38
+ spec.add_dependency "httparty", "~> 0.20"
39
+ spec.add_dependency "grape", "~> 1.6"
40
40
  end
data/lib/grape_simple_auth/auth_methods/auth_methods.rb CHANGED
@@ -10,6 +10,14 @@ module GrapeSimpleAuth
10
10
  @protected_endpoint || false
11
11
  end
12
12
 
13
+ def optional_endpoint=(opt)
14
+ @optional_endpoint = opt
15
+ end
16
+
17
+ def optional_endpoint?
18
+ @optional_endpoint || false
19
+ end
20
+
13
21
  def the_access_token
14
22
  @_the_access_token
15
23
  end
@@ -25,7 +33,7 @@ module GrapeSimpleAuth
25
33
  def current_user
26
34
  @_current_user
27
35
  end
28
-
36
+
29
37
  def credentials=(data)
30
38
  @credentials = JSON.parse(data.to_json, object_class: DataStruct)
31
39
  end
data/lib/grape_simple_auth/auth_strategies/swagger.rb CHANGED
@@ -2,6 +2,10 @@ module GrapeSimpleAuth
2
2
  module AuthStrategies
3
3
  class Swagger < GrapeSimpleAuth::BaseStrategy
4
4
 
5
+ def optional_endpoint?
6
+ has_authorizations? && !!optional_oauth2
7
+ end
8
+
5
9
  def endpoint_protected?
6
10
  has_authorizations? && !!authorization_type_oauth2
7
11
  end
@@ -11,7 +15,15 @@ module GrapeSimpleAuth
11
15
  end
12
16
 
13
17
  def auth_scopes
14
- authorization_type_oauth2.map { |hash| hash[:scope].to_sym }
18
+ if optional_endpoint?
19
+ optional_oauth2.map { |hash| hash[:scope].to_sym }
20
+ else
21
+ authorization_type_oauth2.map { |hash| hash[:scope].to_sym }
22
+ end
23
+ end
24
+
25
+ def auth_scope_match
26
+ authorization_type_oauth2_scope_match
15
27
  end
16
28
 
17
29
  private
@@ -28,6 +40,14 @@ module GrapeSimpleAuth
28
40
  endpoint_authorizations[:oauth2]
29
41
  end
30
42
 
43
+ def authorization_type_oauth2_scope_match
44
+ endpoint_authorizations[:scope_match]
45
+ end
46
+
47
+ def optional_oauth2
48
+ endpoint_authorizations[:optional_oauth2]
49
+ end
50
+
31
51
  end
32
52
  end
33
53
  end
data/lib/grape_simple_auth/errors/invalid_scope_matcher.rb ADDED
@@ -0,0 +1,9 @@
1
+ module GrapeSimpleAuth
2
+ module Errors
3
+ class InvalidScopeMatcher < StandardError
4
+ def initialize msg = "match must be one of all or any"
5
+ super
6
+ end
7
+ end
8
+ end
9
+ end
data/lib/grape_simple_auth/extension.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module GrapeSimpleAuth
2
2
  module Extension
3
3
 
4
- def oauth2(*scopes)
4
+ def oauth2(*scopes, match: 'any')
5
5
  description = if respond_to?(:route_setting) # >= grape-0.10.0
6
6
  route_setting(:description) || route_setting(:description, {})
7
7
  else
@@ -9,9 +9,20 @@ module GrapeSimpleAuth
9
9
  end
10
10
 
11
11
  description[:auth] = { scopes: scopes }
12
- description[:authorizations] = { oauth2: scopes.map { |x| { scope: x } } }
12
+ description[:authorizations] = { oauth2: scopes.map { |x| { scope: x } }, scope_match: match }
13
13
  end
14
14
 
15
- Grape::API.extend self
15
+ def optional_oauth2(*scopes)
16
+ description = if respond_to?(:route_setting) # >= grape-0.10.0
17
+ route_setting(:description) || route_setting(:description, {})
18
+ else
19
+ @last_description ||= {}
20
+ end
21
+
22
+ description[:authorizations] = { optional_oauth2: scopes.map { |x| { scope: x } } }
23
+ end
24
+
25
+ grape_api = defined?(Grape::API::Instance) ? Grape::API::Instance : Grape::API
26
+ grape_api.extend self
16
27
  end
17
28
  end
data/lib/grape_simple_auth/oauth2.rb CHANGED
@@ -39,6 +39,10 @@ module GrapeSimpleAuth
39
39
  auth_strategy.endpoint_protected?
40
40
  end
41
41
 
42
+ def optional_endpoint?
43
+ auth_strategy.optional_endpoint?
44
+ end
45
+
42
46
  def auth_scopes
43
47
  return *nil unless auth_strategy.has_auth_scopes?
44
48
  auth_strategy.auth_scopes
@@ -47,9 +51,25 @@ module GrapeSimpleAuth
47
51
  def authorize!(*scopes)
48
52
  response = HTTParty.get(GrapeSimpleAuth.verify_url, {query: {access_token: token}})
49
53
  if response.code == 200
50
- scopes = response.parsed_response["data"]["credential"]["scopes"]
51
- unless auth_strategy.auth_scopes & scopes == auth_strategy.auth_scopes
52
- raise GrapeSimpleAuth::Errors::InvalidScope
54
+ begin
55
+ scopes = response.parsed_response["data"]["credential"]["scopes"]
56
+ rescue NoMethodError
57
+ raise GrapeSimpleAuth::Errors::InvalidToken
58
+ end
59
+ if auth_strategy.auth_scope_match == 'all'
60
+ unless auth_strategy.auth_scopes.sort && scopes.map(&:to_sym).sort == auth_strategy.auth_scopes.sort
61
+ raise GrapeSimpleAuth::Errors::InvalidScope
62
+ end
63
+ elsif auth_strategy.auth_scope_match == 'any'
64
+ if auth_strategy.auth_scopes.any?
65
+ match_any = false
66
+ scopes.map(&:to_sym).each do |scope|
67
+ match_any = true if scope.in?(auth_strategy.auth_scopes)
68
+ end
69
+ raise GrapeSimpleAuth::Errors::InvalidScope unless match_any
70
+ end
71
+ elsif auth_strategy.auth_scope_match.nil?
72
+ raise GrapeSimpleAuth::Errors::InvalidScopeMatcher
53
73
  end
54
74
  return response
55
75
  end
@@ -66,13 +86,20 @@ module GrapeSimpleAuth
66
86
  context.extend(GrapeSimpleAuth::AuthMethods)
67
87
 
68
88
  context.protected_endpoint = endpoint_protected?
69
- return unless context.protected_endpoint?
89
+ context.optional_endpoint = optional_endpoint?
70
90
 
91
+ return unless context.protected_endpoint? || context.optional_endpoint?
92
+
71
93
  self.the_request = env
72
- resp = authorize!(*auth_scopes)
73
- context.the_access_token = token
74
- context.current_user = resp.parsed_response["data"]["info"] rescue nil
75
- context.credentials = resp.parsed_response["data"]["credential"] rescue nil
94
+
95
+ if token.present? && (context.protected_endpoint? || context.optional_endpoint?)
96
+ resp = authorize!(*auth_scopes)
97
+ context.the_access_token = token
98
+ context.current_user = resp.parsed_response["data"]["info"] rescue nil
99
+ context.credentials = resp.parsed_response["data"]["credential"] rescue nil
100
+ elsif token.nil? && context.protected_endpoint?
101
+ raise GrapeSimpleAuth::Errors::InvalidToken
102
+ end
76
103
  end
77
104
 
78
105
 
data/lib/grape_simple_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GrapeSimpleAuth
2
- VERSION = "0.2.1"
2
+ VERSION = "0.5.0"
3
3
  end
data/lib/grape_simple_auth.rb CHANGED
@@ -15,6 +15,7 @@ require 'grape_simple_auth/auth_methods/auth_methods'
15
15
 
16
16
  require 'grape_simple_auth/errors/invalid_token'
17
17
  require 'grape_simple_auth/errors/invalid_scope'
18
+ require 'grape_simple_auth/errors/invalid_scope_matcher'
18
19
 
19
20
  module GrapeSimpleAuth
20
21
  extend GrapeSimpleAuth::Configuration
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: grape_simple_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yunan Helmy
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-31 00:00:00.000000000 Z
11
+ date: 2022-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.16'
19
+ version: '2.3'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.16'
26
+ version: '2.3'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -44,42 +44,42 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.0'
47
+ version: '3.7'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.0'
54
+ version: '3.7'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: httparty
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 0.16.3
61
+ version: '0.20'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 0.16.3
68
+ version: '0.20'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: grape
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 1.1.0
75
+ version: '1.6'
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 1.1.0
82
+ version: '1.6'
83
83
  description: Grape Simple Auth is a Grape middleware to connect your API resources
84
84
  with your API authenticator.
85
85
  email:
@@ -108,6 +108,7 @@ files:
108
108
  - lib/grape_simple_auth/base_strategy.rb
109
109
  - lib/grape_simple_auth/configuration.rb
110
110
  - lib/grape_simple_auth/errors/invalid_scope.rb
111
+ - lib/grape_simple_auth/errors/invalid_scope_matcher.rb
111
112
  - lib/grape_simple_auth/errors/invalid_token.rb
112
113
  - lib/grape_simple_auth/extension.rb
113
114
  - lib/grape_simple_auth/helpers.rb
@@ -118,7 +119,7 @@ licenses:
118
119
  - MIT
119
120
  metadata:
120
121
  allowed_push_host: https://rubygems.org/
121
- post_install_message:
122
+ post_install_message:
122
123
  rdoc_options: []
123
124
  require_paths:
124
125
  - lib
@@ -133,9 +134,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
133
134
  - !ruby/object:Gem::Version
134
135
  version: '0'
135
136
  requirements: []
136
- rubyforge_project:
137
- rubygems_version: 2.7.7
138
- signing_key:
137
+ rubygems_version: 3.3.7
138
+ signing_key:
139
139
  specification_version: 4
140
140
  summary: Grape Simple Auth is a Grape middleware to connect your API resources with
141
141
  your API authenticator.