grape_simple_auth 0.2.1 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +42 -41
  3. data/README.md +8 -2
  4. data/grape_simple_auth.gemspec +4 -4
  5. data/lib/grape_simple_auth/auth_methods/auth_methods.rb +9 -1
  6. data/lib/grape_simple_auth/auth_strategies/swagger.rb +21 -1
  7. data/lib/grape_simple_auth/errors/invalid_scope_matcher.rb +9 -0
  8. data/lib/grape_simple_auth/extension.rb +14 -3
  9. data/lib/grape_simple_auth/oauth2.rb +35 -8
  10. data/lib/grape_simple_auth/version.rb +1 -1
  11. data/lib/grape_simple_auth.rb +1 -0
  12. metadata +15 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 514832426298a7161edf6a2ee9eecc2744da6c345f5f5abb0a0c2f2bc0f7849d
4
- data.tar.gz: 925214598e994294a61ef684a08b9b385d8e6d1ae437128b658f89621a87de5d
3
+ metadata.gz: f284706ebd22652e4d0fd2afe39321cb558bf8cd3c13e040b245f30837b93ac2
4
+ data.tar.gz: 563e0dd5b540a4e8aa86615a1ed9ab3ad92bd1c9312396c7e90c38dc0386a28b
5
5
  SHA512:
6
- metadata.gz: 3300fdfa4bfbfdfd7f82449ca3ebb7584392d707bb4752b885c20f337afdc7860a159dfabaf11b23afd0cfe5a67f62cece011cf91455fa91df49ce74745ca38c
7
- data.tar.gz: 7bb618d60232690f1923744dccb5bdaf4603ca8c5038f7fe2f6135906bb9410f93e9ee0e361d596d291f763e42f2c07821b60e8e27509e8d0ffdaaf362693dd4
6
+ metadata.gz: 6c124c991f8105fd19ef3ff8642322fe4abcddcb819c938973cd9414e656d5af20ce8c67da639ea8f649a198daec880e94f9a69870957e39162296220829026a
7
+ data.tar.gz: 23392e6693e89484c3d87d60d64add602e3cd3ecfbde0980d1df5340e9c35d9cdf791eb422c26f55e40a10a2f267dd6e54632740355ced1870787c3c426079d2
data/Gemfile.lock CHANGED
@@ -1,52 +1,57 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- grape_simple_auth (0.1.2)
5
- grape (~> 1.1.0)
6
- httparty (~> 0.16.3)
4
+ grape_simple_auth (0.5.0)
5
+ grape (~> 1.6)
6
+ httparty (~> 0.20)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- activesupport (5.2.2)
11
+ activesupport (7.0.4)
12
12
  concurrent-ruby (~> 1.0, >= 1.0.2)
13
- i18n (>= 0.7, < 2)
14
- minitest (~> 5.1)
15
- tzinfo (~> 1.1)
16
- axiom-types (0.1.1)
17
- descendants_tracker (~> 0.0.4)
18
- ice_nine (~> 0.11.0)
19
- thread_safe (~> 0.3, >= 0.3.1)
20
- builder (3.2.3)
21
- coercible (1.0.0)
22
- descendants_tracker (~> 0.0.1)
23
- concurrent-ruby (1.1.4)
24
- descendants_tracker (0.0.4)
25
- thread_safe (~> 0.3, >= 0.3.1)
13
+ i18n (>= 1.6, < 2)
14
+ minitest (>= 5.1)
15
+ tzinfo (~> 2.0)
16
+ builder (3.2.4)
17
+ concurrent-ruby (1.1.10)
26
18
  diff-lcs (1.3)
27
- equalizer (0.0.11)
28
- grape (1.1.0)
19
+ dry-core (1.0.0)
20
+ concurrent-ruby (~> 1.0)
21
+ zeitwerk (~> 2.6)
22
+ dry-inflector (1.0.0)
23
+ dry-logic (1.4.0)
24
+ concurrent-ruby (~> 1.0)
25
+ dry-core (~> 1.0, < 2)
26
+ zeitwerk (~> 2.6)
27
+ dry-types (1.7.0)
28
+ concurrent-ruby (~> 1.0)
29
+ dry-core (~> 1.0, < 2)
30
+ dry-inflector (~> 1.0, < 2)
31
+ dry-logic (>= 1.4, < 2)
32
+ zeitwerk (~> 2.6)
33
+ grape (1.6.2)
29
34
  activesupport
30
35
  builder
36
+ dry-types (>= 1.1)
31
37
  mustermann-grape (~> 1.0.0)
32
38
  rack (>= 1.3.0)
33
39
  rack-accept
34
- virtus (>= 1.0.0)
35
- httparty (0.16.3)
40
+ httparty (0.20.0)
36
41
  mime-types (~> 3.0)
37
42
  multi_xml (>= 0.5.2)
38
- i18n (1.3.0)
43
+ i18n (1.12.0)
39
44
  concurrent-ruby (~> 1.0)
40
- ice_nine (0.11.2)
41
- mime-types (3.2.2)
45
+ mime-types (3.4.1)
42
46
  mime-types-data (~> 3.2015)
43
- mime-types-data (3.2018.0812)
44
- minitest (5.11.3)
47
+ mime-types-data (3.2022.0105)
48
+ minitest (5.16.3)
45
49
  multi_xml (0.6.0)
46
- mustermann (1.0.3)
47
- mustermann-grape (1.0.0)
48
- mustermann (~> 1.0.0)
49
- rack (2.0.6)
50
+ mustermann (3.0.0)
51
+ ruby2_keywords (~> 0.0.1)
52
+ mustermann-grape (1.0.2)
53
+ mustermann (>= 1.0.0)
54
+ rack (3.0.1)
50
55
  rack-accept (0.4.5)
51
56
  rack (>= 0.4)
52
57
  rake (10.5.0)
@@ -63,23 +68,19 @@ GEM
63
68
  diff-lcs (>= 1.2.0, < 2.0)
64
69
  rspec-support (~> 3.7.0)
65
70
  rspec-support (3.7.0)
66
- thread_safe (0.3.6)
67
- tzinfo (1.2.5)
68
- thread_safe (~> 0.1)
69
- virtus (1.0.5)
70
- axiom-types (~> 0.1)
71
- coercible (~> 1.0)
72
- descendants_tracker (~> 0.0, >= 0.0.3)
73
- equalizer (~> 0.0, >= 0.0.9)
71
+ ruby2_keywords (0.0.5)
72
+ tzinfo (2.0.5)
73
+ concurrent-ruby (~> 1.0)
74
+ zeitwerk (2.6.6)
74
75
 
75
76
  PLATFORMS
76
77
  ruby
77
78
 
78
79
  DEPENDENCIES
79
- bundler (~> 1.16)
80
+ bundler (~> 2.3)
80
81
  grape_simple_auth!
81
82
  rake (~> 10.0)
82
- rspec (~> 3.0)
83
+ rspec (~> 3.7)
83
84
 
84
85
  BUNDLED WITH
85
- 1.16.4
86
+ 2.3.26
data/README.md CHANGED
@@ -62,14 +62,20 @@ end
62
62
  rescue_from GrapeSimpleAuth::Errors::InvalidScope do |e|
63
63
  error!(e, 401)
64
64
  end
65
+ rescue_from GrapeSimpleAuth::Errors::InvalidScopeMatcher do |e|
66
+ error!(e, 401)
67
+ end
65
68
  ```
66
69
 
67
70
  ### Protecting your endpoint
68
71
 
69
72
  In your endpoint you need to define which protected endpoint by adding this DSL :
70
73
 
71
- 1. `oauth2`
72
- 2. `oauth2 "email"`
74
+ 1. `oauth2` => Any scopes as long as the token is valid
75
+ 2. `oauth2 "email"` => Scope can be "email"
76
+ 3. `oauth2 "email", match: "all"` => Scope must be "email"
77
+ 4. `oauth2 "email", "phone"` Scopes can match "email" or "phone"
78
+ 5. `oauth2 "email", "phone", match: "all"` Scopes must match "email" and "phone"
73
79
 
74
80
  Example :
75
81
 
data/grape_simple_auth.gemspec CHANGED
@@ -32,9 +32,9 @@ Gem::Specification.new do |spec|
32
32
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
33
33
  spec.require_paths = ["lib"]
34
34
 
35
- spec.add_development_dependency "bundler", "~> 1.16"
35
+ spec.add_development_dependency "bundler", "~> 2.3"
36
36
  spec.add_development_dependency "rake", "~> 10.0"
37
- spec.add_development_dependency "rspec", "~> 3.0"
38
- spec.add_dependency "httparty", "~> 0.16.3"
39
- spec.add_dependency "grape", "~> 1.1.0"
37
+ spec.add_development_dependency "rspec", "~> 3.7"
38
+ spec.add_dependency "httparty", "~> 0.20"
39
+ spec.add_dependency "grape", "~> 1.6"
40
40
  end
data/lib/grape_simple_auth/auth_methods/auth_methods.rb CHANGED
@@ -10,6 +10,14 @@ module GrapeSimpleAuth
10
10
  @protected_endpoint || false
11
11
  end
12
12
 
13
+ def optional_endpoint=(opt)
14
+ @optional_endpoint = opt
15
+ end
16
+
17
+ def optional_endpoint?
18
+ @optional_endpoint || false
19
+ end
20
+
13
21
  def the_access_token
14
22
  @_the_access_token
15
23
  end
@@ -25,7 +33,7 @@ module GrapeSimpleAuth
25
33
  def current_user
26
34
  @_current_user
27
35
  end
28
-
36
+
29
37
  def credentials=(data)
30
38
  @credentials = JSON.parse(data.to_json, object_class: DataStruct)
31
39
  end
data/lib/grape_simple_auth/auth_strategies/swagger.rb CHANGED
@@ -2,6 +2,10 @@ module GrapeSimpleAuth
2
2
  module AuthStrategies
3
3
  class Swagger < GrapeSimpleAuth::BaseStrategy
4
4
 
5
+ def optional_endpoint?
6
+ has_authorizations? && !!optional_oauth2
7
+ end
8
+
5
9
  def endpoint_protected?
6
10
  has_authorizations? && !!authorization_type_oauth2
7
11
  end
@@ -11,7 +15,15 @@ module GrapeSimpleAuth
11
15
  end
12
16
 
13
17
  def auth_scopes
14
- authorization_type_oauth2.map { |hash| hash[:scope].to_sym }
18
+ if optional_endpoint?
19
+ optional_oauth2.map { |hash| hash[:scope].to_sym }
20
+ else
21
+ authorization_type_oauth2.map { |hash| hash[:scope].to_sym }
22
+ end
23
+ end
24
+
25
+ def auth_scope_match
26
+ authorization_type_oauth2_scope_match
15
27
  end
16
28
 
17
29
  private
@@ -28,6 +40,14 @@ module GrapeSimpleAuth
28
40
  endpoint_authorizations[:oauth2]
29
41
  end
30
42
 
43
+ def authorization_type_oauth2_scope_match
44
+ endpoint_authorizations[:scope_match]
45
+ end
46
+
47
+ def optional_oauth2
48
+ endpoint_authorizations[:optional_oauth2]
49
+ end
50
+
31
51
  end
32
52
  end
33
53
  end
data/lib/grape_simple_auth/errors/invalid_scope_matcher.rb ADDED
@@ -0,0 +1,9 @@
1
+ module GrapeSimpleAuth
2
+ module Errors
3
+ class InvalidScopeMatcher < StandardError
4
+ def initialize msg = "match must be one of all or any"
5
+ super
6
+ end
7
+ end
8
+ end
9
+ end
data/lib/grape_simple_auth/extension.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module GrapeSimpleAuth
2
2
  module Extension
3
3
 
4
- def oauth2(*scopes)
4
+ def oauth2(*scopes, match: 'any')
5
5
  description = if respond_to?(:route_setting) # >= grape-0.10.0
6
6
  route_setting(:description) || route_setting(:description, {})
7
7
  else
@@ -9,9 +9,20 @@ module GrapeSimpleAuth
9
9
  end
10
10
 
11
11
  description[:auth] = { scopes: scopes }
12
- description[:authorizations] = { oauth2: scopes.map { |x| { scope: x } } }
12
+ description[:authorizations] = { oauth2: scopes.map { |x| { scope: x } }, scope_match: match }
13
13
  end
14
14
 
15
- Grape::API.extend self
15
+ def optional_oauth2(*scopes)
16
+ description = if respond_to?(:route_setting) # >= grape-0.10.0
17
+ route_setting(:description) || route_setting(:description, {})
18
+ else
19
+ @last_description ||= {}
20
+ end
21
+
22
+ description[:authorizations] = { optional_oauth2: scopes.map { |x| { scope: x } } }
23
+ end
24
+
25
+ grape_api = defined?(Grape::API::Instance) ? Grape::API::Instance : Grape::API
26
+ grape_api.extend self
16
27
  end
17
28
  end
data/lib/grape_simple_auth/oauth2.rb CHANGED
@@ -39,6 +39,10 @@ module GrapeSimpleAuth
39
39
  auth_strategy.endpoint_protected?
40
40
  end
41
41
 
42
+ def optional_endpoint?
43
+ auth_strategy.optional_endpoint?
44
+ end
45
+
42
46
  def auth_scopes
43
47
  return *nil unless auth_strategy.has_auth_scopes?
44
48
  auth_strategy.auth_scopes
@@ -47,9 +51,25 @@ module GrapeSimpleAuth
47
51
  def authorize!(*scopes)
48
52
  response = HTTParty.get(GrapeSimpleAuth.verify_url, {query: {access_token: token}})
49
53
  if response.code == 200
50
- scopes = response.parsed_response["data"]["credential"]["scopes"]
51
- unless auth_strategy.auth_scopes & scopes == auth_strategy.auth_scopes
52
- raise GrapeSimpleAuth::Errors::InvalidScope
54
+ begin
55
+ scopes = response.parsed_response["data"]["credential"]["scopes"]
56
+ rescue NoMethodError
57
+ raise GrapeSimpleAuth::Errors::InvalidToken
58
+ end
59
+ if auth_strategy.auth_scope_match == 'all'
60
+ unless auth_strategy.auth_scopes.sort && scopes.map(&:to_sym).sort == auth_strategy.auth_scopes.sort
61
+ raise GrapeSimpleAuth::Errors::InvalidScope
62
+ end
63
+ elsif auth_strategy.auth_scope_match == 'any'
64
+ if auth_strategy.auth_scopes.any?
65
+ match_any = false
66
+ scopes.map(&:to_sym).each do |scope|
67
+ match_any = true if scope.in?(auth_strategy.auth_scopes)
68
+ end
69
+ raise GrapeSimpleAuth::Errors::InvalidScope unless match_any
70
+ end
71
+ elsif auth_strategy.auth_scope_match.nil?
72
+ raise GrapeSimpleAuth::Errors::InvalidScopeMatcher
53
73
  end
54
74
  return response
55
75
  end
@@ -66,13 +86,20 @@ module GrapeSimpleAuth
66
86
  context.extend(GrapeSimpleAuth::AuthMethods)
67
87
 
68
88
  context.protected_endpoint = endpoint_protected?
69
- return unless context.protected_endpoint?
89
+ context.optional_endpoint = optional_endpoint?
70
90
 
91
+ return unless context.protected_endpoint? || context.optional_endpoint?
92
+
71
93
  self.the_request = env
72
- resp = authorize!(*auth_scopes)
73
- context.the_access_token = token
74
- context.current_user = resp.parsed_response["data"]["info"] rescue nil
75
- context.credentials = resp.parsed_response["data"]["credential"] rescue nil
94
+
95
+ if token.present? && (context.protected_endpoint? || context.optional_endpoint?)
96
+ resp = authorize!(*auth_scopes)
97
+ context.the_access_token = token
98
+ context.current_user = resp.parsed_response["data"]["info"] rescue nil
99
+ context.credentials = resp.parsed_response["data"]["credential"] rescue nil
100
+ elsif token.nil? && context.protected_endpoint?
101
+ raise GrapeSimpleAuth::Errors::InvalidToken
102
+ end
76
103
  end
77
104
 
78
105
 
data/lib/grape_simple_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GrapeSimpleAuth
2
- VERSION = "0.2.1"
2
+ VERSION = "0.5.0"
3
3
  end
data/lib/grape_simple_auth.rb CHANGED
@@ -15,6 +15,7 @@ require 'grape_simple_auth/auth_methods/auth_methods'
15
15
 
16
16
  require 'grape_simple_auth/errors/invalid_token'
17
17
  require 'grape_simple_auth/errors/invalid_scope'
18
+ require 'grape_simple_auth/errors/invalid_scope_matcher'
18
19
 
19
20
  module GrapeSimpleAuth
20
21
  extend GrapeSimpleAuth::Configuration
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: grape_simple_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yunan Helmy
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-31 00:00:00.000000000 Z
11
+ date: 2022-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.16'
19
+ version: '2.3'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.16'
26
+ version: '2.3'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -44,42 +44,42 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.0'
47
+ version: '3.7'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.0'
54
+ version: '3.7'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: httparty
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 0.16.3
61
+ version: '0.20'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 0.16.3
68
+ version: '0.20'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: grape
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 1.1.0
75
+ version: '1.6'
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 1.1.0
82
+ version: '1.6'
83
83
  description: Grape Simple Auth is a Grape middleware to connect your API resources
84
84
  with your API authenticator.
85
85
  email:
@@ -108,6 +108,7 @@ files:
108
108
  - lib/grape_simple_auth/base_strategy.rb
109
109
  - lib/grape_simple_auth/configuration.rb
110
110
  - lib/grape_simple_auth/errors/invalid_scope.rb
111
+ - lib/grape_simple_auth/errors/invalid_scope_matcher.rb
111
112
  - lib/grape_simple_auth/errors/invalid_token.rb
112
113
  - lib/grape_simple_auth/extension.rb
113
114
  - lib/grape_simple_auth/helpers.rb
@@ -118,7 +119,7 @@ licenses:
118
119
  - MIT
119
120
  metadata:
120
121
  allowed_push_host: https://rubygems.org/
121
- post_install_message:
122
+ post_install_message:
122
123
  rdoc_options: []
123
124
  require_paths:
124
125
  - lib
@@ -133,9 +134,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
133
134
  - !ruby/object:Gem::Version
134
135
  version: '0'
135
136
  requirements: []
136
- rubyforge_project:
137
- rubygems_version: 2.7.7
138
- signing_key:
137
+ rubygems_version: 3.3.7
138
+ signing_key:
139
139
  specification_version: 4
140
140
  summary: Grape Simple Auth is a Grape middleware to connect your API resources with
141
141
  your API authenticator.