jpablobr-sinatra-authorization 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/.gitignore +1 -0
  2. data/README.rdoc +25 -0
  3. data/Rakefile +19 -0
  4. data/VERSION +1 -0
  5. data/lib/sinatra/authorization.rb +64 -0
  6. data/test/authorization_test.rb +66 -0
  7. metadata +67 -0
data/.gitignore ADDED
@@ -0,0 +1 @@
1
+ dist
data/README.rdoc ADDED
@@ -0,0 +1,25 @@
1
+ = Sinatra Authorization
2
+
3
+ HTTP Authorization helpers for Sinatra.
4
+
5
+ == Example
6
+
7
+ require "sinatra/authorization"
8
+
9
+ set :authorization_realm, "Protected zone"
10
+
11
+ helpers do
12
+ def authorize(login, password)
13
+ login == "admin" && password == "secret"
14
+ end
15
+ end
16
+
17
+ get "/" do
18
+ "Hello"
19
+ end
20
+
21
+ get "/admin" do
22
+ login_required
23
+
24
+ "Welcome in protected zone"
25
+ end
data/Rakefile ADDED
@@ -0,0 +1,19 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ begin
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gemspec|
7
+ gemspec.name = "jpablobr-sinatra-authorization"
8
+ gemspec.summary = "jpablobr-sinatra-authorization HTTP Authorization helpers for Sinatra."
9
+ gemspec.description = "jpablobr-sinatra-authorization HTTP Authorization helpers for Sinatra."
10
+ gemspec.email = "xjpablobrx@gmail.com"
11
+ gemspec.homepage = "http://github.com/jpablobr/sinatra-authorization"
12
+ gemspec.authors = ["Jose Pablo Barrantes"]
13
+ end
14
+ Jeweler::GemcutterTasks.new
15
+ rescue LoadError
16
+ puts "Jeweler not available. Install it with: sudo gem install jeweler -s http://gemcutter.org"
17
+ end
18
+
19
+ Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.0
data/lib/sinatra/authorization.rb ADDED
@@ -0,0 +1,64 @@
1
+ require "sinatra/base"
2
+
3
+ module Sinatra
4
+ # HTTP Authorization helpers for Sinatra.
5
+ #
6
+ # In your helpers module, include Sinatra::Authorization and then define
7
+ # an #authorize(user, password) method to handle user provided
8
+ # credentials.
9
+ #
10
+ # Inside your events, call #login_required to trigger the HTTP
11
+ # Authorization window to pop up in the browser.
12
+ #
13
+ # Code adapted from {Ryan Tomayko}[http://tomayko.com/about] and
14
+ # {Christopher Schneid}[http://gittr.com], shared under an MIT License
15
+ module Authorization
16
+ # Redefine this method on your helpers block to actually contain
17
+ # your authorization logic.
18
+ def authorize(username, password)
19
+ false
20
+ end
21
+
22
+ # From you app, call set :authorization_realm, "my app" to set this
23
+ # or define a #authorization_realm method in your helpers block.
24
+ def authorization_realm
25
+ Sinatra::Default.authorization_realm
26
+ end
27
+
28
+ # Call in any event that requires authentication
29
+ def login_required
30
+ return if authorized?
31
+ unauthorized! unless auth.provided?
32
+ bad_request! unless auth.basic?
33
+ unauthorized! unless authorize(*auth.credentials)
34
+ request.env['REMOTE_USER'] = auth.username
35
+ end
36
+
37
+ # Convenience method to determine if a user is logged in
38
+ def authorized?
39
+ !!request.env['REMOTE_USER']
40
+ end
41
+ alias :logged_in? :authorized?
42
+
43
+ # Name provided by the current user to log in
44
+ def current_user
45
+ request.env['REMOTE_USER']
46
+ end
47
+
48
+ private
49
+ def auth
50
+ @auth ||= Rack::Auth::Basic::Request.new(request.env)
51
+ end
52
+
53
+ def unauthorized!(realm=authorization_realm)
54
+ response["WWW-Authenticate"] = %(Basic realm="#{realm}")
55
+ throw :halt, [ 401, 'Authorization Required' ]
56
+ end
57
+
58
+ def bad_request!
59
+ throw :halt, [ 400, 'Bad Request' ]
60
+ end
61
+ end
62
+
63
+ helpers Authorization
64
+ end
data/test/authorization_test.rb ADDED
@@ -0,0 +1,66 @@
1
+ require "test/unit"
2
+ require "rack/test"
3
+ require "context"
4
+ require "pending"
5
+
6
+ require File.dirname(__FILE__) + "/../lib/sinatra/authorization"
7
+
8
+ class AuthorizationApp < Sinatra::Default
9
+ set :environment, :test
10
+
11
+ get "/" do
12
+ login_required
13
+
14
+ "Welcome in protected zone"
15
+ end
16
+
17
+ def authorize(username, password)
18
+ username == "user" && password = "test"
19
+ end
20
+
21
+ def authorization_realm
22
+ "Move on"
23
+ end
24
+ end
25
+
26
+ class SinatraAuthorizationTest < Test::Unit::TestCase
27
+ before do
28
+ @session = Rack::Test::Session.new(AuthorizationApp)
29
+ end
30
+
31
+ def basic_auth(user="user", password="test")
32
+ credentials = ["#{user}:#{password}"].pack("m*")
33
+
34
+ { "HTTP_AUTHORIZATION" => "Basic #{credentials}" }
35
+ end
36
+
37
+ it "is authorized with correct credentials" do
38
+ @session.get "/", {}, basic_auth
39
+ assert_equal 200, @session.last_response.status
40
+ assert_equal ["Welcome in protected zone"], @session.last_response.body
41
+ end
42
+
43
+ it "sets REMOTE_USER" do
44
+ pending "TODO"
45
+ end
46
+
47
+ it "is unauthorized without credentials" do
48
+ @session.get "/"
49
+ assert_equal 401, @session.last_response.status
50
+ end
51
+
52
+ it "is unauthorized with incorrect credentials" do
53
+ @session.get "/", {}, basic_auth("evil", "wrong")
54
+ assert_equal 401, @session.last_response.status
55
+ end
56
+
57
+ it "returns specified realm" do
58
+ @session.get "/"
59
+ assert_equal %Q(Basic realm="Move on"), @session.last_response["WWW-Authenticate"]
60
+ end
61
+
62
+ it "returns a 400, Bad Request if not basic auth" do
63
+ @session.get "/", {}, { "HTTP_AUTHORIZATION" => "Foo bar" }
64
+ assert_equal 400, @session.last_response.status
65
+ end
66
+ end
metadata ADDED
@@ -0,0 +1,67 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: jpablobr-sinatra-authorization
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 1
8
+ - 0
9
+ version: 0.1.0
10
+ platform: ruby
11
+ authors:
12
+ - Jose Pablo Barrantes
13
+ autorequire:
14
+ bindir: bin
15
+ cert_chain: []
16
+
17
+ date: 2010-04-25 00:00:00 -06:00
18
+ default_executable:
19
+ dependencies: []
20
+
21
+ description: jpablobr-sinatra-authorization HTTP Authorization helpers for Sinatra.
22
+ email: xjpablobrx@gmail.com
23
+ executables: []
24
+
25
+ extensions: []
26
+
27
+ extra_rdoc_files:
28
+ - README.rdoc
29
+ files:
30
+ - .gitignore
31
+ - README.rdoc
32
+ - Rakefile
33
+ - VERSION
34
+ - lib/sinatra/authorization.rb
35
+ - test/authorization_test.rb
36
+ has_rdoc: true
37
+ homepage: http://github.com/jpablobr/sinatra-authorization
38
+ licenses: []
39
+
40
+ post_install_message:
41
+ rdoc_options:
42
+ - --charset=UTF-8
43
+ require_paths:
44
+ - lib
45
+ required_ruby_version: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ">="
48
+ - !ruby/object:Gem::Version
49
+ segments:
50
+ - 0
51
+ version: "0"
52
+ required_rubygems_version: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - ">="
55
+ - !ruby/object:Gem::Version
56
+ segments:
57
+ - 0
58
+ version: "0"
59
+ requirements: []
60
+
61
+ rubyforge_project:
62
+ rubygems_version: 1.3.6
63
+ signing_key:
64
+ specification_version: 3
65
+ summary: jpablobr-sinatra-authorization HTTP Authorization helpers for Sinatra.
66
+ test_files:
67
+ - test/authorization_test.rb