knock 1.4.2 → 1.5

data/test/dummy/test/controllers/admin_protected_controller_test.rb

@@ -0,0 +1,49 @@
+require 'test_helper'
+
+class AdminProtectedControllerTest < ActionController::TestCase
+  def valid_auth
+    @admin = admins(:one)
+    @token = Knock::AuthToken.new(payload: { sub: @admin.id }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  def invalid_token_auth
+    @token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  def invalid_entity_auth
+    @token = Knock::AuthToken.new(payload: { sub: 0 }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  test "responds with unauthorized" do
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with unauthorized to invalid token" do
+    invalid_token_auth
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with unauthorized to invalid entity" do
+    invalid_entity_auth
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with success if authenticated" do
+    valid_auth
+    get :index
+    assert_response :success
+  end
+
+  test "has a current_admin after authentication" do
+    valid_auth
+    get :index
+    assert_response :success
+    assert @controller.current_admin.id == @admin.id
+  end
+end

data/test/dummy/test/controllers/admin_token_controller_test.rb

@@ -0,0 +1,22 @@
+require 'test_helper'
+
+class AdminTokenControllerTest < ActionController::TestCase
+  def setup
+    @admin = admins(:one)
+  end
+
+  test "responds with 404 if user does not exist" do
+    post :create, auth: { email: 'wrong@example.net', password: '' }
+    assert_response :not_found
+  end
+
+  test "responds with 404 if password is invalid" do
+    post :create, auth: { email: @admin.email, password: 'wrong' }
+    assert_response :not_found
+  end
+
+  test "responds with 201" do
+    post :create, auth: { email: @admin.email, password: 'secret' }
+    assert_response :created
+  end
+end

data/test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb

@@ -0,0 +1,49 @@
+require 'test_helper'
+
+class CompositeNameEntityProtectedControllerTest < ActionController::TestCase
+  def valid_auth
+    @composite_name_entity = composite_name_entities(:one)
+    @token = Knock::AuthToken.new(payload: { sub: @composite_name_entity.id }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  def invalid_token_auth
+    @token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  def invalid_entity_auth
+    @token = Knock::AuthToken.new(payload: { sub: 0 }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  test "responds with unauthorized" do
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with unauthorized to invalid token" do
+    invalid_token_auth
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with unauthorized to invalid entity" do
+    invalid_entity_auth
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with success if authenticated" do
+    valid_auth
+    get :index
+    assert_response :success
+  end
+
+  test "has a current_composite_name_entity after authentication" do
+    valid_auth
+    get :index
+    assert_response :success
+    assert @controller.current_composite_name_entity.id == @composite_name_entity.id
+  end
+end

data/test/dummy/test/controllers/vendor_protected_controller_test.rb

@@ -0,0 +1,55 @@
+require 'test_helper'
+
+class VendorProtectedControllerTest < ActionController::TestCase
+  def valid_auth
+    @vendor = vendors(:one)
+    @token = Knock::AuthToken.new(payload: { sub: @vendor.id }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  def invalid_token_auth
+    @token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  def invalid_entity_auth
+    @token = Knock::AuthToken.new(payload: { sub: 0 }).token
+    @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
+  end
+
+  test "responds with unauthorized" do
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with unauthorized to invalid token" do
+    invalid_token_auth
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with unauthorized to invalid entity" do
+    invalid_entity_auth
+    get :index
+    assert_response :unauthorized
+  end
+
+  test "responds with success if authenticated" do
+    valid_auth
+    get :index
+    assert_response :success
+  end
+
+  test "has a current_vendor after authentication" do
+    valid_auth
+    get :index
+    assert_response :success
+    assert @controller.current_vendor.id == @vendor.id
+  end
+
+  test "raises method missing error appropriately" do
+    assert_raises(NoMethodError) do
+      get :show, id: 1
+    end
+  end
+end

data/test/dummy/test/controllers/vendor_token_controller_test.rb

@@ -0,0 +1,22 @@
+require 'test_helper'
+
+class VendorTokenControllerTest < ActionController::TestCase
+  def setup
+    @vendor = vendors(:one)
+  end
+
+  test "responds with 404 if user does not exist" do
+    post :create, auth: { email: 'wrong@example.net', password: '' }
+    assert_response :not_found
+  end
+
+  test "responds with 404 if password is invalid" do
+    post :create, auth: { email: @vendor.email, password: 'wrong' }
+    assert_response :not_found
+  end
+
+  test "responds with 201" do
+    post :create, auth: { email: @vendor.email, password: 'secret' }
+    assert_response :created
+  end
+end

data/test/dummy/test/models/admin_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class AdminTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/test/dummy/test/models/vendor_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class VendorTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

data/test/{dummy/test/fixtures/users.yml → fixtures/admins.yml}

@@ -1,9 +1,5 @@
 # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 
 one:
-  email: one@example.net
-  password_digest: <%= BCrypt::Password.create('secret', cost: 4) %>
-
-two:
-  email: two@example.net
+  email: admin.one@example.net
   password_digest: <%= BCrypt::Password.create('secret', cost: 4) %>

data/test/fixtures/composite_name_entities.yml

@@ -0,0 +1,5 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  email: composite_name_entity.one@example.net
+  password_digest: <%= BCrypt::Password.create('secret', cost: 4) %>

data/test/fixtures/vendors.yml

@@ -0,0 +1,5 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  email: vendor.one@example.net
+  password_digest: <%= BCrypt::Password.create('secret', cost: 4) %>

data/test/generators/token_controller_generator_test.rb

@@ -0,0 +1,31 @@
+require "test_helper"
+
+class TokenControllerGeneratorTest < Rails::Generators::TestCase
+  include GeneratorsTestHelper
+
+  tests Knock::TokenControllerGenerator
+  destination File.expand_path("../tmp", File.dirname(__FILE__))
+
+  setup :prepare_destination
+  setup :copy_routes
+
+  test "assert all files are properly created" do
+    run_generator ['User']
+    assert_file "app/controllers/user_token_controller.rb"
+
+    run_generator ['Admin']
+    assert_file "app/controllers/user_token_controller.rb"
+
+    run_generator ['AdminUser']
+    assert_file "app/controllers/admin_user_token_controller.rb"
+
+    require File.join(destination_root, "app/controllers/admin_user_token_controller.rb")
+    assert Object.const_defined?('AdminUserTokenController'), 'uninitialized constant AdminUserTokenController'
+
+    run_generator ['user_admin']
+    assert_file "app/controllers/user_admin_token_controller.rb"
+
+    require File.join(destination_root, "app/controllers/user_admin_token_controller.rb")
+    assert Object.const_defined?('UserAdminTokenController'), 'uninitialized constant UserAdminTokenController'
+  end
+end

data/test/model/knock/auth_token_test.rb

@@ -1,26 +1,28 @@
 require 'test_helper'
 require 'jwt'
+require 'timecop'
 
 module Knock
   class AuthTokenTest < ActiveSupport::TestCase
-    test "verify algorithm" do
-      Knock.token_signature_algorithm = 'RS256'
+    setup do
       key = Knock.token_secret_signature_key.call
+      @token = JWT.encode({sub: '1'}, key, 'HS256')
+    end
 
-      token = JWT.encode({sub: '1'}, key, 'HS256')
+    test "verify algorithm" do
+      Knock.token_signature_algorithm = 'RS256'
 
       assert_raises(JWT::IncorrectAlgorithm) {
-        AuthToken.new(token: token)
+        AuthToken.new(token: @token)
       }
     end
 
     test "decode RSA encoded tokens" do
-      user = users(:one)
       rsa_private = OpenSSL::PKey::RSA.generate 2048
       Knock.token_public_key = rsa_private.public_key
       Knock.token_signature_algorithm = 'RS256'
 
-      token = JWT.encode({sub: user.id}, rsa_private, 'RS256')
+      token = JWT.encode({sub: "1"}, rsa_private, 'RS256')
 
       assert_nothing_raised { AuthToken.new(token: token) }
     end
@@ -41,11 +43,33 @@ module Knock
       Knock.token_audience = -> { 'bar' }
       key = Knock.token_secret_signature_key.call
 
-      token = JWT.encode({sub: 'foo'}, key, 'HS256')
-
       assert_raises(JWT::InvalidAudError) {
-        AuthToken.new token: token
+        AuthToken.new token: @token
       }
     end
+
+    test "validate expiration claim by default" do
+      token = Knock::AuthToken.new(payload: { sub: 'foo' }).token
+      Timecop.travel(25.hours.from_now) do
+        assert_raises(JWT::ExpiredSignature) {
+          Knock::AuthToken.new(token: token)
+        }
+      end
+    end
+
+    test "does not validate expiration claim with a nil token_lifetime" do
+      Knock.token_lifetime = nil
+
+      token = Knock::AuthToken.new(payload: { sub: 'foo' }).token
+      Timecop.travel(10.years.from_now) do
+        assert_not Knock::AuthToken.new(token: token).payload.has_key?('exp')
+      end
+    end
+
+    test "is serializable" do
+      auth_token = AuthToken.new token: @token
+
+      assert_equal("{\"jwt\":\"#{@token}\"}", auth_token.to_json)
+    end
   end
 end

data/test/support/generators_test_helper.rb

@@ -0,0 +1,9 @@
+module GeneratorsTestHelper
+  def copy_routes
+    routes = File.expand_path("../../dummy/config/routes.rb", __FILE__)
+    destination = File.join(destination_root, "config")
+
+    FileUtils.mkdir_p(destination)
+    FileUtils.cp routes, destination
+  end
+end

data/test/test_helper.rb

@@ -1,4 +1,7 @@
+require 'simplecov'
 require "codeclimate-test-reporter"
+
+SimpleCov.start
 CodeClimate::TestReporter.start
 
 # Configure Rails Environment
@@ -22,6 +25,11 @@ if ActiveSupport::TestCase.respond_to?(:fixture_path=)
   ActiveSupport::TestCase.fixtures :all
 end
 
+module Knock
+  class MyCustomException < StandardError
+  end
+end
+
 # Make sure knock global configuration is reset before every tests
 # to avoid order dependent failures.
 class ActiveSupport::TestCase
@@ -34,5 +42,6 @@ class ActiveSupport::TestCase
     Knock.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
     Knock.token_public_key = nil
     Knock.token_audience = nil
+    Knock.token_lifetime = 1.day
   end
 end

data/test/tmp/app/controllers/admin_token_controller.rb

@@ -0,0 +1,2 @@
+class AdminTokenController < Knock::AuthTokenController
+end

data/test/tmp/app/controllers/admin_user_token_controller.rb

@@ -0,0 +1,2 @@
+class AdminUserTokenController < Knock::AuthTokenController
+end

data/test/tmp/app/controllers/user_admin_token_controller.rb

@@ -0,0 +1,2 @@
+class UserAdminTokenController < Knock::AuthTokenController
+end

data/test/tmp/app/controllers/user_token_controller.rb

@@ -0,0 +1,2 @@
+class UserTokenController < Knock::AuthTokenController
+end

data/test/tmp/config/routes.rb

@@ -0,0 +1,17 @@
+Rails.application.routes.draw do
+  post 'user_admin_token' => 'user_admin_token#create'
+  post 'admin_user_token' => 'admin_user_token#create'
+  post 'admin_token' => 'admin_token#create'
+  post 'user_token' => 'user_token#create'
+  post 'admin_token' => 'admin_token#create'
+  post 'vendor_token' => 'vendor_token#create'
+
+  resources :protected_resources
+  resource :current_user
+
+  resources :admin_protected
+  resources :composite_name_entity_protected
+  resources :vendor_protected
+
+  mount Knock::Engine => "/knock"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: knock
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: '1.5'
 platform: ruby
 authors:
 - Arnaud MESUREUR
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-28 00:00:00.000000000 Z
+date: 2016-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -67,6 +67,20 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.0
 description: Authentication solution for Rails based on JWT
 email:
 - arnaud.mesureur@gmail.com
@@ -81,6 +95,8 @@ files:
 - app/model/knock/auth_token.rb
 - config/routes.rb
 - lib/generators/knock/install_generator.rb
+- lib/generators/knock/token_controller_generator.rb
+- lib/generators/templates/entity_token_controller.rb.erb
 - lib/generators/templates/knock.rb
 - lib/knock.rb
 - lib/knock/authenticable.rb
@@ -92,11 +108,19 @@ files:
 - test/dummy/Rakefile
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/admin_protected_controller.rb
+- test/dummy/app/controllers/admin_token_controller.rb
 - test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/composite_name_entity_protected_controller.rb
 - test/dummy/app/controllers/current_users_controller.rb
 - test/dummy/app/controllers/protected_resources_controller.rb
+- test/dummy/app/controllers/vendor_protected_controller.rb
+- test/dummy/app/controllers/vendor_token_controller.rb
 - test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/models/admin.rb
+- test/dummy/app/models/composite_name_entity.rb
 - test/dummy/app/models/user.rb
+- test/dummy/app/models/vendor.rb
 - test/dummy/app/views/layouts/application.html.erb
 - test/dummy/bin/bundle
 - test/dummy/bin/rails
@@ -115,6 +139,7 @@ files:
 - test/dummy/config/initializers/cookies_serializer.rb
 - test/dummy/config/initializers/filter_parameter_logging.rb
 - test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/knock.rb
 - test/dummy/config/initializers/mime_types.rb
 - test/dummy/config/initializers/session_store.rb
 - test/dummy/config/initializers/wrap_parameters.rb
@@ -122,6 +147,9 @@ files:
 - test/dummy/config/routes.rb
 - test/dummy/config/secrets.yml
 - test/dummy/db/migrate/20150713101607_create_users.rb
+- test/dummy/db/migrate/20160519075733_create_admins.rb
+- test/dummy/db/migrate/20160522051816_create_vendors.rb
+- test/dummy/db/migrate/20160522181712_create_composite_name_entities.rb
 - test/dummy/db/schema.rb
 - test/dummy/db/test.sqlite3
 - test/dummy/log/test.log
@@ -129,16 +157,31 @@ files:
 - test/dummy/public/422.html
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
+- test/dummy/test/controllers/admin_protected_controller_test.rb
+- test/dummy/test/controllers/admin_token_controller_test.rb
+- test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb
 - test/dummy/test/controllers/current_users_controller_test.rb
 - test/dummy/test/controllers/protected_resources_controller_test.rb
-- test/dummy/test/fixtures/users.yml
+- test/dummy/test/controllers/vendor_protected_controller_test.rb
+- test/dummy/test/controllers/vendor_token_controller_test.rb
+- test/dummy/test/models/admin_test.rb
 - test/dummy/test/models/user_test.rb
+- test/dummy/test/models/vendor_test.rb
+- test/fixtures/admins.yml
+- test/fixtures/composite_name_entities.yml
 - test/fixtures/users.yml
+- test/fixtures/vendors.yml
 - test/generators/install_generator_test.rb
+- test/generators/token_controller_generator_test.rb
 - test/knock_test.rb
 - test/model/knock/auth_token_test.rb
+- test/support/generators_test_helper.rb
 - test/test_helper.rb
-- test/tmp/config/initializers/knock.rb
+- test/tmp/app/controllers/admin_token_controller.rb
+- test/tmp/app/controllers/admin_user_token_controller.rb
+- test/tmp/app/controllers/user_admin_token_controller.rb
+- test/tmp/app/controllers/user_token_controller.rb
+- test/tmp/config/routes.rb
 homepage: https://github.com/nsarno/knock
 licenses:
 - MIT
@@ -169,11 +212,19 @@ test_files:
 - test/dummy/Rakefile
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/admin_protected_controller.rb
+- test/dummy/app/controllers/admin_token_controller.rb
 - test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/composite_name_entity_protected_controller.rb
 - test/dummy/app/controllers/current_users_controller.rb
 - test/dummy/app/controllers/protected_resources_controller.rb
+- test/dummy/app/controllers/vendor_protected_controller.rb
+- test/dummy/app/controllers/vendor_token_controller.rb
 - test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/models/admin.rb
+- test/dummy/app/models/composite_name_entity.rb
 - test/dummy/app/models/user.rb
+- test/dummy/app/models/vendor.rb
 - test/dummy/app/views/layouts/application.html.erb
 - test/dummy/bin/bundle
 - test/dummy/bin/rails
@@ -192,6 +243,7 @@ test_files:
 - test/dummy/config/initializers/cookies_serializer.rb
 - test/dummy/config/initializers/filter_parameter_logging.rb
 - test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/knock.rb
 - test/dummy/config/initializers/mime_types.rb
 - test/dummy/config/initializers/session_store.rb
 - test/dummy/config/initializers/wrap_parameters.rb
@@ -199,6 +251,9 @@ test_files:
 - test/dummy/config/routes.rb
 - test/dummy/config/secrets.yml
 - test/dummy/db/migrate/20150713101607_create_users.rb
+- test/dummy/db/migrate/20160519075733_create_admins.rb
+- test/dummy/db/migrate/20160522051816_create_vendors.rb
+- test/dummy/db/migrate/20160522181712_create_composite_name_entities.rb
 - test/dummy/db/schema.rb
 - test/dummy/db/test.sqlite3
 - test/dummy/log/test.log
@@ -206,13 +261,28 @@ test_files:
 - test/dummy/public/422.html
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
+- test/dummy/test/controllers/admin_protected_controller_test.rb
+- test/dummy/test/controllers/admin_token_controller_test.rb
+- test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb
 - test/dummy/test/controllers/current_users_controller_test.rb
 - test/dummy/test/controllers/protected_resources_controller_test.rb
-- test/dummy/test/fixtures/users.yml
+- test/dummy/test/controllers/vendor_protected_controller_test.rb
+- test/dummy/test/controllers/vendor_token_controller_test.rb
+- test/dummy/test/models/admin_test.rb
 - test/dummy/test/models/user_test.rb
+- test/dummy/test/models/vendor_test.rb
+- test/fixtures/admins.yml
+- test/fixtures/composite_name_entities.yml
 - test/fixtures/users.yml
+- test/fixtures/vendors.yml
 - test/generators/install_generator_test.rb
+- test/generators/token_controller_generator_test.rb
 - test/knock_test.rb
 - test/model/knock/auth_token_test.rb
+- test/support/generators_test_helper.rb
 - test/test_helper.rb
-- test/tmp/config/initializers/knock.rb
+- test/tmp/config/routes.rb
+- test/tmp/app/controllers/user_token_controller.rb
+- test/tmp/app/controllers/admin_token_controller.rb
+- test/tmp/app/controllers/admin_user_token_controller.rb
+- test/tmp/app/controllers/user_admin_token_controller.rb