kankri 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 136760abbcab49dfdada252777f2e0597e0167d3
+  data.tar.gz: c9da45c3e30a82533f71840801b2c8ab35907125
+SHA512:
+  metadata.gz: 122cf49d0d79df39cbc7a3b7dda429c9081f785e8047690ea88c1528f97c3e55d6b24980c9bcc6a42f3cdab289d883e4d22cd7be7e2bed006572c8888302f106
+  data.tar.gz: 12e15471a892db8476ef77b235a03f5ea4c619900a90390749fabe4dba521a3dbe409206ac03a53d184a6e1454537fbd57ecbe82861cf977a644a17f60f6d414

data/.gitignore

@@ -0,0 +1,18 @@
+*.sublime-*
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--format Fuubar
+--color

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in kankri.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Matt Windsor
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,68 @@
+# Kankri
+
+**Kankri** is an exceptionally basic authentication system for Ruby.  It's intended for small projects that don't need database authentication, ACLs or other such things.  It has no runtime dependencies other than Ruby 2.0.
+
+It takes in a hash mapping usernames (strings or symbols) to passwords (strings) as well as a hash mapping *privilege keys* (strings or symbols) to the lists of *privileges* (strings or symbols) the user has on those keys.  It's a bit like ACL... ish.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'kankri'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install kankri
+
+## Usage
+
+**Health Warning:** Don't use Kankri for mission-critical authentication.  It's both very simple and also very early in development and, although it has some RSpecs to make sure it isn't doing something stupid, it certainly isn't a replacement for a decent authentication system.
+
+Once kankri is installed, you can get an *authenticator* by doing this:
+
+    require 'kankri'
+    auth = Kankri.authenticator_from_hash(
+        username: {
+            password: 'foo',
+            privileges: {
+                key_one: :all,  # Grants all privileges
+                key_two: [:priv_one, :priv_two, :priv_three],  # Grants some privileges
+                key_three: []  # Grants no privileges
+            }
+        }
+    )
+                
+With an authenticator, you can get the *privilege set* for a user by logging in with **authenticate**:
+
+    privs = auth.authenticate(:username, 'foo')
+
+And then you can check for privileges using that privilege set:
+
+    privs.has?(:key_one, :priv_one)  #=> true
+    privs.has?(:key_one, :priv_four)  #=> true
+    privs.has?(:key_two, :priv_one)  #=> true
+    privs.has?(:key_two, :priv_four)  #=> false
+    privs.has?(:key_three, :priv_one)  #=> true
+    privs.has?(:key_three, :priv_four)  #=> false
+
+You can also use **#require**, which is like **#has?** but raises a Kankri::InsufficientPrivilegeError on failure and returns nil on success.
+
+You can include Kankri::PrivilegeSubject into a class, which will give it two new methods (**#can?** and **#fail_if_cannot**).  These take a privilege set and a privilege, and call **#has?** and **#require** respectively on that set, passing it the class's **#privilege_key** and the requested privilege.
+
+## Todo
+
+1. Password hashes instead of plaintext
+2. More comprehensive testing
+3. Better documentation?
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+task :test => :spec

data/kankri.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'kankri/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'kankri'
+  spec.version       = Kankri::VERSION
+  spec.authors       = ['Matt Windsor']
+  spec.email         = ['matt.windsor@ury.org.uk']
+  spec.description   = %q{
+    Kankri is a library for quickly setting up basic authentication with
+    object-action privileges.  It's intended to be used in projects which need
+    a simple auth system with no run-time requirements and little set-up.  It
+    isn't intended for mission critical security.
+  }
+  spec.summary       = 'Simple object-action privilege checking'
+  spec.homepage      = 'https://github.com/CaptainHayashi/kankri'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'fuubar'
+end

data/lib/kankri.rb

@@ -0,0 +1,44 @@
+require 'kankri/password_check'
+require 'kankri/privilege_set'
+require 'kankri/privilege_subject'
+require 'kankri/simple_authenticator'
+require 'kankri/version'
+
+# Main module for Kankri
+#
+# Kankri is a library for quickly setting up basic authentication with object-
+# action privileges.
+#
+# It's intended to be used in projects which need a simple auth system with no
+# run-time requirements and little set-up.  It isn't intended for mission
+# critical security.
+module Kankri
+  # Creates an authenticator object from a hash
+  #
+  # The hash should map username strings to hashes with the following Symbol
+  # keys:
+  #
+  # - password: The plain-text password for the user.
+  # - privileges: A hash mapping String or Symbol 'privilege keys' to either
+  #     the String 'all' or Symbol :all, meaning the user has all privileges
+  #     for that key, or a list of String or Symbol privileges the user has for
+  #     that key.
+  #
+  # @api public
+  # @example  Create an authenticator from a hash of users.
+  #   Kankri.authenticator_From_hash(
+  #     admin: {
+  #       password: 'hunter2',
+  #       privileges: {
+  #         foo: 'all',
+  #         bar: ['abc', 'def', 'ghi'],
+  #         baz: []
+  #       }
+  #     }
+  #   )
+  #
+  # @return [Object]  An authenticator for the given hash.
+  def self.authenticator_from_hash(hash)
+    SimpleAuthenticator.new(hash)
+  end
+end

data/lib/kankri/exceptions.rb

@@ -0,0 +1,7 @@
+module Kankri
+  # Exception generated when authentication fails.
+  AuthenticationFailure = Class.new(RuntimeError)
+
+  # Exception generated when required privileges are missing.
+  InsufficientPrivilegeError = Class.new(RuntimeError)
+end

data/lib/kankri/password_check.rb

@@ -0,0 +1,34 @@
+module Kankri
+  # A method object that represents a check on username/password pairs
+  class PasswordCheck
+    def initialize(username, password, passwords)
+      @username = username
+      @password = password
+      @passwords = passwords
+    end
+
+    def ok?
+      auth_present? && user_known? && password_match?
+    end
+
+    def auth_present?
+      username_present? && password_present?
+    end
+
+    def username_present?
+      !(@username.nil? || @username.empty?)
+    end
+
+    def password_present?
+      !(@password.nil? || @password.empty?)
+    end
+
+    def password_match?
+      @passwords.fetch(@username) == @password
+    end
+
+    def user_known?
+      @passwords.key?(@username)
+    end
+  end
+end

data/lib/kankri/privilege_set.rb

@@ -0,0 +1,87 @@
+require 'kankri/exceptions'
+
+module Kankri
+  # Wrapper around a set of privileges a client has
+  class PrivilegeSet
+    # Initialises a privilege set.
+    #
+    # @api public
+    # @example Create a privilege set with no privileges.
+    #   PrivilegeSet.new({})
+    # @example Create a privilege set with some privileges.
+    #   PrivilegeSet.new({channel_set: [:get, :put]})
+    def initialize(privileges)
+      @privileges = privileges
+      symbolise_privileges
+    end
+
+    # Requires a certain privilege on a certain target
+    def require(target, privilege)
+      fail(InsufficientPrivilegeError) unless has?(target, privilege)
+    end
+
+    # Checks to see if a certain privilege exists on a given target
+    #
+    # @api public
+    # @example Check your privilege.
+    #   privs.has?(:channel, :put)
+    #   #=> false
+    #
+    # @param target [Symbol] The handler target the privilege is for.
+    # @param privilege [Symbol] The privilege (one of :get, :put, :post or
+    #   :delete).
+    #
+    # @return [Boolean] true if the privileges are sufficient; false
+    #   otherwise.
+    def has?(privilege, target)
+      PrivilegeChecker.new(target, privilege, @privileges).check?
+    end
+
+    private
+
+    def symbolise_privileges
+      @privileges = Hash[@privileges.map do |key, key_privs|
+        [key.to_sym, symbolise_privilege_list(key_privs)]
+      end]
+    end
+
+    def symbolise_privilege_list(privlist)
+      privlist.is_a?(Array) ? privlist.map(&:to_sym) : privlist.to_sym
+    end
+  end
+
+  # A method object for checking privileges.
+  class PrivilegeChecker
+    def initialize(target, requisite, privileges)
+      @target = target.intern
+      @requisite = requisite.intern
+      @privileges = privileges
+    end
+
+    def check?
+      has_all? || has_direct?
+    end
+
+    private
+
+    # @return [Boolean] true if this privilege set has all privileges for a
+    #   target.
+    def has_all?
+      @privileges[@target] == :all
+    end
+
+    # @return [Boolean] true if this privilege set explicitly has a certain
+    #   privilege for a certain target.
+    def has_direct?
+      target_in_privileges? && requisite_in_target_privileges?
+    end
+
+    def target_in_privileges?
+      @privileges.key?(@target)
+    end
+
+    def requisite_in_target_privileges?
+      @privileges[@target].include?(@requisite)
+    end
+  end
+end

data/lib/kankri/privilege_subject.rb

@@ -0,0 +1,17 @@
+module Kankri
+  # Mixin that allows classes to require privileges from a PrivilegeSet
+  #
+  # This expects the including class to define a method, 'privilege_key',
+  # which identifies the object in the privilege set.
+  module PrivilegeSubject
+    # Checks whether an operation can proceed on this privilege subject
+    def can?(operation, privilege_set)
+      privilege_set.has?(operation, privilege_key)
+    end
+
+    # Fails if an operation cannot proceed on this model object
+    def fail_if_cannot(operation, privilege_set)
+      privilege_set.require(operation, privilege_key)
+    end
+  end
+end

data/lib/kankri/simple_authenticator.rb

@@ -0,0 +1,78 @@
+require 'kankri'
+
+module Kankri
+  # An object that takes in a user hash and authenticates users
+  #
+  # This object holds user data in memory, including passwords.  It is thus
+  # not secure for mission-critical applications.
+  class SimpleAuthenticator
+    # Makes hashing functions for users based on SHA256.
+    def self.sha256_hasher(usernames)
+      digest_hasher(usernames, Digest::SHA256)
+    end
+
+    # Makes hashing functions for users based on a Digest implementation.
+    def self.digest_hasher(usernames, hasher)
+      Hash[
+        usernames.map do |username|
+          salt = SecureRandom.random_bytes
+          [username, ->(password) { hasher.digest(password + salt) } ]
+        end
+      ]
+    end
+
+    def initialize(users, hash_maker = nil)
+      hash_maker ||= self.class.method(:sha256_hasher)
+      @users = users
+
+      @hashers = hash_maker.call(@users.keys)
+      @passwords = passwords
+      @privilege_sets = privilege_sets
+    end
+
+    def authenticate(username, password)
+      auth_fail unless auth_ok?(username.intern, password.to_s)
+      privileges_for(username.intern)
+    end
+
+    private
+
+    def privileges_for(username)
+      @privilege_sets[username]
+    end
+
+    # Creates a hash mapping username symbols to their password strings
+    def passwords
+      transform_users do |name, entry|
+        plaintext = entry.fetch(:password).to_s
+        @hashers.fetch(name).call(plaintext)
+      end
+    end
+
+    # Creates a hash mapping username symbols to their privilege sets
+    def privilege_sets
+      transform_users { |_, entry| PrivilegeSet.new(entry.fetch(:privileges)) }
+    end
+
+    def transform_users
+      Hash[@users.map { |name, entry| [name.intern, (yield name, entry)] }]
+    end
+
+    def auth_fail
+      fail(Kankri::AuthenticationFailure)
+    end
+
+    def auth_ok?(username, password)
+      username_present?(username) && password_ok?(username, password)
+    end
+
+    def username_present?(username)
+      @hashers.key?(username) && @passwords.key?(username)
+    end
+
+    def password_ok?(username, password)
+      hashed_pass = @hashers.fetch(username).call(password)
+      PasswordCheck.new(username, hashed_pass, @passwords).ok?
+    end
+  end
+end

data/lib/kankri/version.rb

@@ -0,0 +1,3 @@
+module Kankri
+  VERSION = "0.1.0"
+end

data/spec/kankri_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+require 'kankri'
+
+describe Kankri do
+  describe '#authenticator_from_hash' do
+    let(:auth) { ->{ Kankri.authenticator_from_hash(hash) } }
+    context 'when given a valid hash of users' do
+      let(:hash) do
+        {
+          username: {
+            password: 'foo',
+            privileges: {
+              key_one: :all,
+              key_two: [:priv_one, :priv_two, :priv_three],
+              key_three: []
+            }
+          }
+        }
+      end
+
+      specify { expect(auth.call).to respond_to(:authenticate) }
+    end
+    context 'when given a hash with a user with no password' do
+      let(:hash) do
+        {
+          test: {
+            privileges: {
+              channel_set: ['get'],
+              channel: 'all'
+            }
+          }
+        }
+      end
+
+      specify { expect { auth.call }.to raise_error }
+    end
+    context 'when given a hash with a user with no privileges' do
+      let(:hash) do
+        {
+          test: {
+            password: 'hunter2'
+          }
+        }
+      end
+
+      specify { expect { auth.call }.to raise_error }
+    end
+
+    context 'when given something that is not a hash' do
+      let(:hash) { 'not a hash' }
+
+      specify { expect { auth.call }.to raise_error }
+    end
+  end
+end

data/spec/password_check_spec.rb

@@ -0,0 +1,29 @@
+
+describe Kankri::PasswordCheck do
+  let(:passwords) { { test: 'hunter2' } }
+  subject { ->(u, p) { Kankri::PasswordCheck.new(u, p, passwords) } }
+
+  describe '#ok?' do
+    context 'with a valid username and password' do
+      specify { expect(subject.call(:test, 'hunter2').ok?).to be_true }
+    end
+    context 'with a valid username and invalid password' do
+      specify { expect(subject.call(:test, 'nope').ok?).to be_false }
+    end
+    context 'with an invalid username and password' do
+      specify { expect(subject.call(:toast, 'nope').ok?).to be_false }
+    end
+    context 'with a valid username and blank password' do
+      specify { expect(subject.call(:test, '').ok?).to be_false }
+    end
+    context 'with a blank username and password' do
+      specify { expect(subject.call(:'', '').ok?).to be_false }
+    end
+    context 'with a valid username and nil password' do
+      specify { expect(subject.call(:test, nil).ok?).to be_false }
+    end
+    context 'with a nil username and password' do
+      specify { expect(subject.call(nil, nil).ok?).to be_false }
+    end
+  end
+end

data/spec/privilege_set_spec.rb

@@ -0,0 +1,65 @@
+require 'spec_helper'
+require 'kankri'
+
+describe Kankri::PrivilegeSet do
+  subject do
+    Kankri::PrivilegeSet.new(
+      foo: [:get, :put],
+      bar: :all
+    )
+  end
+
+  describe '#require' do
+    context 'when #has? returns true' do
+      it 'does nothing' do
+        allow(subject).to receive(:has?).and_return(true)
+        subject.require(:get, :foo)
+      end
+    end
+    context 'when #has? returns false' do
+      it 'fails' do
+        allow(subject).to receive(:has?).and_return(false)
+        expect { subject.require(:get, :foo) }.to raise_error
+      end
+    end
+  end
+
+  describe '#has?' do
+    context 'when given a valid target' do
+      context 'and the privilege is directly in the PrivilegeSet' do
+        context 'and the privilege and target are both Symbols' do
+          specify { expect(subject.has?(:get, :foo)).to be_true }
+        end
+        context 'and the privilege and target are both Strings' do
+          specify { expect(subject.has?('get', 'foo')).to be_true }
+        end
+        context 'and the privilege is a Symbol and the target is a String' do
+          specify { expect(subject.has?(:get, 'foo')).to be_true }
+        end
+        context 'and the privilege is a String and the target is a Symbol' do
+          specify { expect(subject.has?('get', :foo)).to be_true }
+        end
+      end
+      context 'and the target is covered by an :all' do
+        context 'and the privilege and target are both Symbols' do
+          specify { expect(subject.has?(:get, :bar)).to be_true }
+        end
+        context 'and the privilege and target are both Strings' do
+          specify { expect(subject.has?('get', 'bar')).to be_true }
+        end
+        context 'and the privilege is a Symbol and the target is a String' do
+          specify { expect(subject.has?(:get, 'bar')).to be_true }
+        end
+        context 'and the privilege is a String and the target is a Symbol' do
+          specify { expect(subject.has?('get', :bar)).to be_true }
+        end
+      end
+      context 'and the privilege is not allowed for that target' do
+        specify { expect(subject.has?(:delete, :foo)).to be_false }
+      end
+    end
+    context 'when given a target not in the PrivilegeSet' do
+      specify { expect(subject.has?(:get, :baz)).to be_false }
+    end
+  end
+end

data/spec/privilege_subject_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+require 'kankri'
+
+class MockPrivilegeSubject
+  include Kankri::PrivilegeSubject
+
+  def privilege_key
+    :fake_key
+  end
+end
+
+describe MockPrivilegeSubject do
+  let(:privilege_set) { double(:privilege_set) }
+  let(:operation) { double(:operation) }
+
+  {fail_if_cannot: :require, can?: :has?}.each do |subject_meth, set_meth|
+    describe "##{subject_meth}" do
+      context 'when given a valid privilege set and operation' do
+        it "calls ##{set_meth} on the privilege set with the handler target" do
+          expect(privilege_set).to receive(set_meth).once.with(
+            operation, subject.privilege_key
+          )
+          subject.send(subject_meth, operation, privilege_set)
+        end
+      end
+    end
+  end
+end

data/spec/simple_authenticator_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+require 'kankri'
+
+describe Kankri::SimpleAuthenticator do
+  let(:config) do
+    {
+      test: {
+        password: 'hunter2',
+        privileges: {
+          channel_set: ['get'],
+          channel: 'all'
+        }
+      }
+    }
+  end
+  let(:no_password) do
+    {
+      test: {
+        privileges: {
+          channel_set: ['get'],
+          channel: 'all'
+        }
+      }
+    }
+  end
+  let(:no_privs) do
+    {
+      test: {
+        password: 'hunter2'
+      }
+    }
+  end
+
+  subject { Kankri::SimpleAuthenticator.new(config) }
+
+  describe '#initialize' do
+    context 'when the config is valid' do
+      it 'succeeds' do
+        Kankri::SimpleAuthenticator.new(config)
+      end
+    end
+    context 'when a user is missing a password' do
+      specify do
+        expect { Kankri::SimpleAuthenticator.new(no_password) }.to raise_error
+      end
+    end
+    context 'when a user is missing a privilege hash' do
+      specify do
+        expect { Kankri::SimpleAuthenticator.new(no_privs) }.to raise_error
+      end
+    end
+    context 'when the input is not a hash' do
+      specify do
+        expect { Kankri::SimpleAuthenticator.new('nope') }.to raise_error
+      end
+    end
+  end
+
+  describe '#authenticate' do
+    context 'when the user and password are valid strings' do
+      it 'returns a privilege set matching the config' do
+        privs = subject.authenticate('test', 'hunter2')
+        expect(privs.has?(:get, :channel_set)).to be_true
+        expect(privs.has?(:put, :channel_set)).to be_false
+        expect(privs.has?(:get, :channel)).to be_true
+        expect(privs.has?(:put, :channel)).to be_true
+        expect(privs.has?(:get, :player)).to be_false
+        expect(privs.has?(:put, :player)).to be_false
+      end
+    end
+    context 'when the user and password are valid symbols' do
+      it 'returns a privilege set matching the config' do
+        privs = subject.authenticate(:test, :hunter2)
+        expect(privs.has?(:get, :channel_set)).to be_true
+        expect(privs.has?(:put, :channel_set)).to be_false
+        expect(privs.has?(:get, :channel)).to be_true
+        expect(privs.has?(:put, :channel)).to be_true
+        expect(privs.has?(:get, :player)).to be_false
+        expect(privs.has?(:put, :player)).to be_false
+      end
+    end
+    context 'when the user is not authorised' do
+      specify do
+        expect { subject.authenticate('wrong', 'hunter2') }.to raise_error(
+          Kankri::AuthenticationFailure
+        )
+      end
+    end
+    context 'when the password is incorrect' do
+      specify do
+        expect { subject.authenticate('test', 'wrong') }.to raise_error(
+          Kankri::AuthenticationFailure
+        )
+      end
+    end
+    context 'when the password is blank' do
+      specify do
+        expect { subject.authenticate('test', '') }.to raise_error(
+          Kankri::AuthenticationFailure
+        )
+      end
+    end
+    context 'when the username is blank' do
+      specify do
+        expect { subject.authenticate('', 'hunter2') }.to raise_error(
+          Kankri::AuthenticationFailure
+        )
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'simplecov'
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end
+
+SimpleCov.start do
+  add_filter 'spec'
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: kankri
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Matt Windsor
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-12-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fuubar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "\n    Kankri is a library for quickly setting up basic authentication
+  with\n    object-action privileges.  It's intended to be used in projects which
+  need\n    a simple auth system with no run-time requirements and little set-up.
+  \ It\n    isn't intended for mission critical security.\n  "
+email:
+- matt.windsor@ury.org.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- kankri.gemspec
+- lib/kankri.rb
+- lib/kankri/exceptions.rb
+- lib/kankri/password_check.rb
+- lib/kankri/privilege_set.rb
+- lib/kankri/privilege_subject.rb
+- lib/kankri/simple_authenticator.rb
+- lib/kankri/version.rb
+- spec/kankri_spec.rb
+- spec/password_check_spec.rb
+- spec/privilege_set_spec.rb
+- spec/privilege_subject_spec.rb
+- spec/simple_authenticator_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/CaptainHayashi/kankri
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.11
+signing_key: 
+specification_version: 4
+summary: Simple object-action privilege checking
+test_files:
+- spec/kankri_spec.rb
+- spec/password_check_spec.rb
+- spec/privilege_set_spec.rb
+- spec/privilege_subject_spec.rb
+- spec/simple_authenticator_spec.rb
+- spec/spec_helper.rb