jsonrpc2 0.0.2 → 0.0.3

data/lib/jsonrpc2/auth.rb

@@ -5,9 +5,40 @@ class Auth
   # Validate an API request
   # 
   # 
-  def check(env, rpc)
+  def client_check(env, rpc)
     true
   end
+
+  # Check authorisation for customers accessing API
+  def browser_check(env)
+    true
+  end
+
+  # Never show internal details of an API object
+  def inspect
+    "#<#{self.class.name}:#{object_id.to_s(16)}>"
+  end
+  protected
+  # Parse Authorization: header
+  #
+  # @param [String] auth Header value 
+  # @return [Array, false] [username, password] or false
+  def parse_basic_auth(auth)
+    return false unless auth
+
+    m = /Basic\s+([A-Za-z0-9+\/]+=*)/.match(auth)
+    user, pass = Base64.decode64(m[1]).split(/:/, 2)
+
+    [user, pass]
+  end
+
+  # Throw a 401 Rack response
+  def throw_401
+    throw(:rack_response, [401, {
+          'Content-Type'     => 'text/html',
+          'WWW-Authenticate' => 'Basic realm="API"'
+    }, ["<html><head/><body>Authentication Required</body></html>"]])
+  end
 end
 
 # @abstract Base class for http-based authentication methods, e.g.
@@ -31,21 +62,28 @@ class BasicAuth < HttpAuth
   # @param [Hash,Rack::Request] env Rack environment hash
   # @param [Hash] rpc JSON-RPC2 call content
   # @return [true] Returns true or throws :rack_response, [ 401, ... ]
-  def check(env, rpc)
-    valid?(env) or
-    throw(:rack_response, [401, {
-          'Content-Type'     => 'text/html',
-          'WWW-Authenticate' => 'Basic realm="API"'
-    }, ["<html><head/><body>Authentication Required</body></html>"]])
+  def client_check(env, rpc)
+    browser_check(env)
   end
 
+  # Checks that the browser is authorised to access the API (used by HTML API introspection)
+  #
+  # @param [Hash,Rack::Request] env Rack environment hash
+  # @return [true] Returns true or throws :rack_response, [ 401, ... ]
+  def browser_check(env)
+    valid?(env) or throw_401
+  end
+
+  protected
+  # Checks that http auth info is supplied and the username/password combo is valid
+  #
+  # @param [Hash] env Rack environment
+  # @return [Boolean] True if authentication details are ok
   def valid?(env)
-    auth = env['HTTP_AUTHORIZATION']
+    user, pass = parse_basic_auth(env['HTTP_AUTHORIZATION'])
 
-    return false unless auth
+    return false unless user && pass
 
-    m = /Basic\s+([A-Za-z0-9+\/]+=*)/.match(auth)
-    user, pass = Base64.decode64(m[1]).split(/:/, 2)
     user_valid?(user, pass)
   end
 

data/lib/jsonrpc2/html.rb

@@ -53,9 +53,9 @@ HTML5
   def call(interface, request)
     #require 'pp'; pp interface.about
 
-    if interface.auth_with.kind_of?(JSONRPC2::HttpAuth)
+    if interface.auth_with
       response = catch(:rack_response) do
-        interface.auth_with.check(request.env, {}); nil
+        interface.auth_with.browser_check(request.env); nil
       end
       return response if response
     end
@@ -111,7 +111,14 @@ HTML5
 
 <hr>
 
+<div class="row">
+<div class="span6">
 <h2>Test method</h2>
+</div>
+<div class="span6">
+<h3>Result</h3>
+</div>
+</div>
 <div class="row">
 <div class="span6">
 <form method="POST" action="#{request.script_name}/#{info[:name]}">
@@ -124,10 +131,7 @@ HTML5
 </form>
 </div>
 <div class="span6">
-<h3>Result</h3>
-<xmp>
-#{options[:result]}
-</xmp>
+<pre style="white-space: prewrap">#{CGI.escapeHTML(JSON.pretty_unparse(JSON.parse(options[:result])))}</pre>
 </div>
 </div>
 

data/lib/jsonrpc2/interface.rb

@@ -45,9 +45,9 @@ class Interface
       request = Rack::Request.new(environment)
       catch :rack_response do
         case JSONRPC2::HTTPUtils.which(environment['HTTP_ACCEPT'], %w[text/html application/json-rpc application/json])
-        when 'text/html', nil
+        when 'text/html'
           JSONRPC2::HTML.call(self, request)
-        when 'application/json-rpc', 'application/json'
+        when 'application/json-rpc', 'application/json', nil # Assume correct by default
           environment['rack.input'].rewind
           data = JSON.parse(environment['rack.input'].read)
           self.new(environment).rack_dispatch(data)
@@ -76,7 +76,6 @@ class Interface
     end
   end
 
-	protected
   # Dispatch call to api method(s)
   #
   # @param [Hash,Array] rpc_data Array of calls or Hash containing one call
@@ -89,6 +88,8 @@ class Interface
 			dispatch_single(rpc_data).to_json
 		end
 	end
+
+	protected
   # JSON result helper
 	def response_ok(id, result)
 		{ 'jsonrpc' => '2.0', 'result' => result, 'id' => id }
@@ -111,7 +112,7 @@ class Interface
 				
 		begin
       if self.class.auth_with 
-        self.class.auth_with.check(@env, rpc) or raise AuthFail, "Invalid credentials"
+        self.class.auth_with.client_check(@env, rpc) or raise AuthFail, "Invalid credentials"
       end
 
 			call(rpc['method'], rpc['id'], rpc['params'])
@@ -127,7 +128,7 @@ class Interface
   #
   # @return [Array] List of api method names
   def api_methods
-    public_methods(false).map(&:to_s) - ['rack_dispatch']
+    public_methods(false).map(&:to_s) - ['rack_dispatch', 'dispatch']
   end
 
   # Call method, checking param and return types

data/lib/jsonrpc2/version.rb

@@ -1,5 +1,5 @@
 # JSONRPC2 namespace module
 module JSONRPC2
   # Version
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: jsonrpc2
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 25
   prerelease: 
   segments: 
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 3
+  version: 0.0.3
 platform: ruby
 authors: 
 - Geoff Youngs