gris_accounts 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +20 -0
- data/.rubocop.yml +1 -0
- data/.rubocop_todo.yml +10 -0
- data/Gemfile +3 -0
- data/MIT-LICENSE +20 -0
- data/README.md +74 -0
- data/Rakefile +15 -0
- data/gris_accounts.gemspec +29 -0
- data/lib/gris_accounts/authorization_helpers.rb +20 -0
- data/lib/gris_accounts/version.rb +3 -0
- data/lib/gris_accounts.rb +2 -0
- data/spec/authorization_helpers_spec.rb +77 -0
- data/spec/spec_helper.rb +3 -0
- metadata +145 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 3dcdb91930a83ca1949bfb729fa1e1553f1bcced
|
4
|
+
data.tar.gz: 528643073ce1d2ba690775e7b65a0ba9d14b3c8e
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 0ac42c4d4c033977b86559adadbac5d677bf05891bb4ba4193925609c4e3d03b02b1bace178cbe4c34adff3259b9d3cda61cf40d5511294594c9e4d3d6dfd148
|
7
|
+
data.tar.gz: 534b1064056979c19209575c24b7664e764aa966d34ac26c102b379183e730d68ad9a1b7efbd814d82fef39d07491634bc45c61c6240b05c6d8fde4a23e239c8
|
data/.gitignore
ADDED
data/.rubocop.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
inherit_from: .rubocop_todo.yml
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
# This configuration was generated by `rubocop --auto-gen-config`
|
2
|
+
# on 2015-08-07 21:57:08 -0400 using RuboCop version 0.32.1.
|
3
|
+
# The point is for the user to remove these configuration records
|
4
|
+
# one by one as the offenses are removed from the code base.
|
5
|
+
# Note that changes in the inspected code, or installation of new
|
6
|
+
# versions of RuboCop, may require this file to be generated again.
|
7
|
+
|
8
|
+
# Offense count: 4
|
9
|
+
Style/Documentation:
|
10
|
+
Enabled: false
|
data/Gemfile
ADDED
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2015 Dylan Fareed
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# GrisAccounts
|
2
|
+
|
3
|
+
[GrisAccounts](https://github.com/dylanfareed/gris_accounts) provides helpers for handling account resource authorization with decoded [Gris](https://github.com/artsy/gris) JSON Web Tokens. It is likely best used with [Gris::Middleware::JsonWebTokenDecoder](https://github.com/dylanfareed/gris-middleware-json_web_token_decoder).
|
4
|
+
|
5
|
+
GrisAccounts is alpha software.
|
6
|
+
|
7
|
+
---
|
8
|
+
|
9
|
+
### Installation
|
10
|
+
|
11
|
+
GrisAccounts is [available as a gem on rubygems](https://rubygems.org/gems/gris_accounts), to install it run:
|
12
|
+
|
13
|
+
```
|
14
|
+
gem install gris_accounts
|
15
|
+
```
|
16
|
+
|
17
|
+
Otherwise, if your project uses [Bundler](http://bundler.io/), add GrisAccounts to your Gemfile:
|
18
|
+
|
19
|
+
```
|
20
|
+
gem 'gris_accounts'
|
21
|
+
```
|
22
|
+
|
23
|
+
And run:
|
24
|
+
|
25
|
+
```
|
26
|
+
$ bundle install
|
27
|
+
```
|
28
|
+
|
29
|
+
---
|
30
|
+
|
31
|
+
### Usage
|
32
|
+
|
33
|
+
The example below includes `GrisAccounts::AuthorizationHelper` in a [Grape](https://github.com/ruby-grape/grape) endpoint and makes use of `user_id_from_payload` and `require_access_to_account` helpers to provide some resource authorization.
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
class AccountsEndpoint < Grape::API
|
37
|
+
format :json
|
38
|
+
formatter :json, Grape::Formatter::Roar
|
39
|
+
content_type :json, 'application/hal+json'
|
40
|
+
|
41
|
+
use Gris::Middleware::JsonWebTokenDecoder
|
42
|
+
helpers GrisAccounts::AuthorizationHelper
|
43
|
+
|
44
|
+
namespace :accounts do
|
45
|
+
desc 'Create new account.'
|
46
|
+
params do
|
47
|
+
requires :account, type: Hash do
|
48
|
+
requires :name, type: String
|
49
|
+
end
|
50
|
+
end
|
51
|
+
post do
|
52
|
+
# Get current user ID from decoded JSON Web Token.
|
53
|
+
# Returns @user_id
|
54
|
+
#
|
55
|
+
user_id_from_payload
|
56
|
+
account = AccountCreatorService.call params[:account][:name], @user_id
|
57
|
+
present account, with: AccountPresenter
|
58
|
+
end
|
59
|
+
|
60
|
+
desc 'Retrieve existing account.'
|
61
|
+
params do
|
62
|
+
requires :id
|
63
|
+
end
|
64
|
+
get ':id' do
|
65
|
+
# Ensure that decoded JSON Web Token includes current account.
|
66
|
+
# Raises error unless decoded token includes account_ids with params[:id]
|
67
|
+
#
|
68
|
+
require_access_to_account params[:id]
|
69
|
+
account = Account.find params[:id]
|
70
|
+
present account, with: AccountPresenter
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
```
|
data/Rakefile
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'bundler/gem_tasks'
|
4
|
+
require 'rspec/core/rake_task'
|
5
|
+
require 'rubocop/rake_task'
|
6
|
+
|
7
|
+
RSpec::Core::RakeTask.new
|
8
|
+
|
9
|
+
desc 'Run RuboCop'
|
10
|
+
RuboCop::RakeTask.new(:rubocop) do |task|
|
11
|
+
task.fail_on_error = true
|
12
|
+
task.options = %w(-D --auto-correct)
|
13
|
+
end
|
14
|
+
|
15
|
+
task default: [:rubocop, :spec]
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'gris_accounts/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = 'gris_accounts'
|
8
|
+
spec.version = GrisAccounts::VERSION
|
9
|
+
spec.authors = ['Dylan Fareed']
|
10
|
+
spec.email = %w(email@dylanfareed.com)
|
11
|
+
spec.summary = 'Gris JWT Account resource authorization helpers.'
|
12
|
+
spec.description = 'Helpers for handling Account resource authorization
|
13
|
+
with decoded Gris JSON Web Tokens.'
|
14
|
+
spec.homepage = 'https://github.com/dylanfareed/gris_accounts'
|
15
|
+
spec.license = 'MIT'
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0")
|
18
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
19
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
20
|
+
spec.require_paths = ['lib']
|
21
|
+
|
22
|
+
spec.add_dependency 'gris'
|
23
|
+
|
24
|
+
spec.add_development_dependency 'bundler'
|
25
|
+
spec.add_development_dependency 'rake'
|
26
|
+
spec.add_development_dependency 'rspec'
|
27
|
+
spec.add_development_dependency 'rubocop'
|
28
|
+
spec.add_development_dependency 'byebug'
|
29
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module GrisAccounts
|
2
|
+
module AuthorizationHelpers
|
3
|
+
def require_access_to_account(account_id)
|
4
|
+
@account_ids = payload_content['account_ids'] if payload_content
|
5
|
+
fail 'Forbidden.' unless @account_ids &&
|
6
|
+
(@account_ids.include? account_id.to_i)
|
7
|
+
end
|
8
|
+
|
9
|
+
def user_id_from_payload
|
10
|
+
@user_id = payload_content['id'] if payload_content
|
11
|
+
fail 'Forbidden.' unless @user_id
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def payload_content
|
17
|
+
@env['GRIS_JWT_PAYLOAD'].first if @env['GRIS_JWT_PAYLOAD']
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe GrisAccounts::AuthorizationHelpers do
|
4
|
+
class EndpointClass
|
5
|
+
include GrisAccounts::AuthorizationHelpers
|
6
|
+
end
|
7
|
+
|
8
|
+
let(:helper) { EndpointClass.new }
|
9
|
+
|
10
|
+
context 'require_access_to_account' do
|
11
|
+
let(:account_id) { 1 }
|
12
|
+
|
13
|
+
context 'when payload account_ids includes account_id' do
|
14
|
+
let(:payload) do
|
15
|
+
Hashie::Mash.new(
|
16
|
+
'GRIS_JWT_PAYLOAD' => [{ account_ids: [account_id] }]
|
17
|
+
)
|
18
|
+
end
|
19
|
+
|
20
|
+
before do
|
21
|
+
helper.instance_variable_set(:@env, payload)
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'assigns @account_ids' do
|
25
|
+
helper.require_access_to_account(account_id)
|
26
|
+
expect(helper.instance_variable_get(:@account_ids)).to eq [account_id]
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context 'when payload account_ids does not include account_id' do
|
31
|
+
let(:payload) do
|
32
|
+
Hashie::Mash.new('GRIS_JWT_PAYLOAD' => [{ account_ids: [] }])
|
33
|
+
end
|
34
|
+
|
35
|
+
before do
|
36
|
+
helper.instance_variable_set(:@env, payload)
|
37
|
+
end
|
38
|
+
|
39
|
+
it 'raises Forbidden error' do
|
40
|
+
expect do
|
41
|
+
helper.require_access_to_account(account_id)
|
42
|
+
end.to raise_error(RuntimeError, 'Forbidden.')
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
context 'user_id_from_payload' do
|
48
|
+
let(:id) { 'michael-heizer' }
|
49
|
+
|
50
|
+
context 'when payload includes id' do
|
51
|
+
let(:payload) { Hashie::Mash.new('GRIS_JWT_PAYLOAD' => [{ id: id }]) }
|
52
|
+
|
53
|
+
before do
|
54
|
+
helper.instance_variable_set(:@env, payload)
|
55
|
+
end
|
56
|
+
|
57
|
+
it 'assigns @user_id' do
|
58
|
+
helper.user_id_from_payload
|
59
|
+
expect(helper.instance_variable_get(:@user_id)).to eq id
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
context 'when payload does not include id' do
|
64
|
+
let(:payload) { Hashie::Mash.new('GRIS_JWT_PAYLOAD' => [{}]) }
|
65
|
+
|
66
|
+
before do
|
67
|
+
helper.instance_variable_set(:@env, payload)
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'raises Forbidden error' do
|
71
|
+
expect do
|
72
|
+
helper.user_id_from_payload
|
73
|
+
end.to raise_error(RuntimeError, 'Forbidden.')
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,145 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: gris_accounts
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Dylan Fareed
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-08-20 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: gris
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rubocop
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: byebug
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
description: |-
|
98
|
+
Helpers for handling Account resource authorization
|
99
|
+
with decoded Gris JSON Web Tokens.
|
100
|
+
email:
|
101
|
+
- email@dylanfareed.com
|
102
|
+
executables: []
|
103
|
+
extensions: []
|
104
|
+
extra_rdoc_files: []
|
105
|
+
files:
|
106
|
+
- ".gitignore"
|
107
|
+
- ".rubocop.yml"
|
108
|
+
- ".rubocop_todo.yml"
|
109
|
+
- Gemfile
|
110
|
+
- MIT-LICENSE
|
111
|
+
- README.md
|
112
|
+
- Rakefile
|
113
|
+
- gris_accounts.gemspec
|
114
|
+
- lib/gris_accounts.rb
|
115
|
+
- lib/gris_accounts/authorization_helpers.rb
|
116
|
+
- lib/gris_accounts/version.rb
|
117
|
+
- spec/authorization_helpers_spec.rb
|
118
|
+
- spec/spec_helper.rb
|
119
|
+
homepage: https://github.com/dylanfareed/gris_accounts
|
120
|
+
licenses:
|
121
|
+
- MIT
|
122
|
+
metadata: {}
|
123
|
+
post_install_message:
|
124
|
+
rdoc_options: []
|
125
|
+
require_paths:
|
126
|
+
- lib
|
127
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
133
|
+
requirements:
|
134
|
+
- - ">="
|
135
|
+
- !ruby/object:Gem::Version
|
136
|
+
version: '0'
|
137
|
+
requirements: []
|
138
|
+
rubyforge_project:
|
139
|
+
rubygems_version: 2.4.5
|
140
|
+
signing_key:
|
141
|
+
specification_version: 4
|
142
|
+
summary: Gris JWT Account resource authorization helpers.
|
143
|
+
test_files:
|
144
|
+
- spec/authorization_helpers_spec.rb
|
145
|
+
- spec/spec_helper.rb
|