jmoses_api-auth 1.0.4

data/spec/railtie_spec.rb

@@ -0,0 +1,114 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Rails integration" do
+  
+  API_KEY_STORE = { "1044" => "l16imAXie1sRMcJODpOG7UwC1VyoqvO13jejkfpKWX4Z09W8DC9IrU23DvCwMry7pgSFW6c5S1GIfV0OY6F/vUA==" }
+  
+  describe "Rails controller integration" do
+    
+    class ApplicationController < ActionController::Base
+      
+    private
+    
+      def require_api_auth
+        if (access_id = get_api_access_id_from_request)
+          return true if api_authenticated?(API_KEY_STORE[access_id])
+        end
+        
+        respond_to do |format|
+          format.xml { render :xml => "You are unauthorized to perform this action.", :status => 401 }
+          format.json { render :json => "You are unauthorized to perform this action.", :status => 401 }
+    			format.html { render :text => "You are unauthorized to perform this action", :status => 401 }
+        end
+      end
+
+    end
+    
+    class TestController < ApplicationController
+      before_filter :require_api_auth, :only => [:index]
+      
+      def index
+        render :text => "OK"
+      end
+      
+      def public
+        render :text => "OK"
+      end
+
+      def rescue_action(e); raise(e); end
+    end
+    ActionController::Routing::Routes.draw {|map| map.resources :test }
+    
+    it "should permit a request with properly signed headers" do
+      request = ActionController::TestRequest.new
+      request.env['DATE'] = Time.now.utc.httpdate
+      request.action = 'index'
+      request.path = "/index"
+      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+    end
+    
+    it "should forbid a request with properly signed headers but timestamp > 15 minutes" do
+      request = ActionController::TestRequest.new
+      request.env['DATE'] = "Mon, 23 Jan 1984 03:29:56 GMT"
+      request.action = 'index'
+      request.path = "/index"
+      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+    end
+    
+    it "should insert a DATE header in the request when one hasn't been specified" do
+      request = ActionController::TestRequest.new
+      request.action = 'index'
+      request.path = "/index"
+      ApiAuth.sign!(request, "1044", API_KEY_STORE["1044"])
+      request.headers['DATE'].should_not be_nil
+    end
+
+    it "should forbid an unsigned request to a protected controller action" do
+      request = ActionController::TestRequest.new
+      request.action = 'index'
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+    end
+
+    it "should forbid a request with a bogus signature" do
+      request = ActionController::TestRequest.new
+      request.action = 'index'
+      request.env['Authorization'] = "APIAuth bogus:bogus"
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "401"
+    end
+    
+    it "should allow non-protected controller actions to function as before" do
+      request = ActionController::TestRequest.new
+      request.action = 'public'
+      request.path('/public')
+      TestController.new.process(request, ActionController::TestResponse.new).code.should == "200"
+    end
+    
+  end
+  
+  describe "Rails ActiveResource integration" do
+    
+    class TestResource < ActiveResource::Base
+      with_api_auth "1044", API_KEY_STORE["1044"]
+      self.site = "http://localhost/"
+    end
+    
+    it "should send signed requests automagically" do
+      timestamp = Time.parse("Mon, 23 Jan 1984 03:29:56 GMT")
+      Time.should_receive(:now).at_least(1).times.and_return(timestamp)
+      ActiveResource::HttpMock.respond_to do |mock|
+        mock.get "/test_resources/1.xml", 
+          {
+            'Authorization' => 'APIAuth 1044:IbTx7VzSOGU55HNbV4y2jZDnVis=',
+            'Accept' => 'application/xml',
+            'DATE' => "Mon, 23 Jan 1984 03:29:56 GMT"
+          },
+          { :id => "1" }.to_xml(:root => 'test_resource')
+      end
+      TestResource.find(1)
+    end
+    
+  end
+  
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'api_auth'
+require 'amatch'
+require 'rest_client'
+require 'curb'
+
+require 'active_support'
+require 'active_support/test_case'
+require 'action_controller'
+require 'action_controller/test_process'
+require 'active_resource'
+require 'active_resource/http_mock'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

data/spec/test_helper.rb

@@ -0,0 +1,2 @@
+module TestHelper
+end

metadata

@@ -0,0 +1,212 @@
+--- !ruby/object:Gem::Specification
+name: jmoses_api-auth
+version: !ruby/object:Gem::Version
+  version: 1.0.4
+  prerelease: 
+platform: ruby
+authors:
+- Jon Moses
+- Mauricio Gomes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-07-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: amatch
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.4.0
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+- !ruby/object:Gem::Dependency
+  name: activeresource
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: curb
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+description: Full HMAC auth implementation for use in your gems and Rails apps.
+email:
+- jon@burningbush.us
+- mauricio@edge14.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .document
+- .gitignore
+- .rspec
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- api_auth.gemspec
+- lib/api-auth.rb
+- lib/api_auth.rb
+- lib/api_auth/base.rb
+- lib/api_auth/errors.rb
+- lib/api_auth/headers.rb
+- lib/api_auth/helpers.rb
+- lib/api_auth/railtie.rb
+- lib/api_auth/request_drivers/action_controller.rb
+- lib/api_auth/request_drivers/action_dispatch.rb
+- lib/api_auth/request_drivers/curb.rb
+- lib/api_auth/request_drivers/net_http.rb
+- lib/api_auth/request_drivers/rack.rb
+- lib/api_auth/request_drivers/rest_client.rb
+- spec/api_auth_spec.rb
+- spec/application_helper.rb
+- spec/headers_spec.rb
+- spec/helpers_spec.rb
+- spec/railtie_spec.rb
+- spec/spec_helper.rb
+- spec/test_helper.rb
+homepage: https://github.com/jmoses/api_auth
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Simple HMAC authentication for your APIs (fork by jmoses)
+test_files:
+- spec/api_auth_spec.rb
+- spec/application_helper.rb
+- spec/headers_spec.rb
+- spec/helpers_spec.rb
+- spec/railtie_spec.rb
+- spec/spec_helper.rb
+- spec/test_helper.rb