knock 1.5 → 2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/Rakefile +2 -0
- data/app/controllers/knock/auth_token_controller.rb +4 -10
- data/app/model/knock/auth_token.rb +1 -6
- data/lib/generators/templates/knock.rb +0 -49
- data/lib/knock.rb +0 -10
- data/lib/knock/authenticable.rb +24 -19
- data/lib/knock/version.rb +1 -1
- data/test/dummy/app/controllers/custom_unauthorized_entity_controller.rb +13 -0
- data/test/dummy/app/controllers/protected_resources_controller.rb +1 -1
- data/test/dummy/config/application.rb +4 -2
- data/test/dummy/config/environments/test.rb +7 -2
- data/test/dummy/config/initializers/knock.rb +0 -2
- data/test/dummy/config/routes.rb +1 -0
- data/test/dummy/db/schema.rb +0 -1
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/test.log +372 -351
- data/test/dummy/test/controllers/admin_token_controller_test.rb +3 -3
- data/test/dummy/test/controllers/current_users_controller_test.rb +8 -0
- data/test/dummy/test/controllers/custom_unauthorized_entity_controller_test.rb +42 -0
- data/test/dummy/test/controllers/protected_resources_controller_test.rb +2 -2
- data/test/dummy/test/controllers/vendor_protected_controller_test.rb +1 -1
- data/test/dummy/test/controllers/vendor_token_controller_test.rb +3 -3
- data/test/model/knock/auth_token_test.rb +0 -1
- data/test/tmp/config/initializers/knock.rb +59 -0
- metadata +8 -14
- data/test/controllers/knock/auth_token_controller_test.rb +0 -39
- data/test/tmp/app/controllers/admin_token_controller.rb +0 -2
- data/test/tmp/app/controllers/admin_user_token_controller.rb +0 -2
- data/test/tmp/app/controllers/user_admin_token_controller.rb +0 -2
- data/test/tmp/app/controllers/user_token_controller.rb +0 -2
- data/test/tmp/config/routes.rb +0 -17
@@ -6,17 +6,17 @@ class AdminTokenControllerTest < ActionController::TestCase
|
|
6
6
|
end
|
7
7
|
|
8
8
|
test "responds with 404 if user does not exist" do
|
9
|
-
post :create, auth: { email: 'wrong@example.net', password: '' }
|
9
|
+
post :create, params: {auth: { email: 'wrong@example.net', password: '' }}
|
10
10
|
assert_response :not_found
|
11
11
|
end
|
12
12
|
|
13
13
|
test "responds with 404 if password is invalid" do
|
14
|
-
post :create, auth: { email: @admin.email, password: 'wrong' }
|
14
|
+
post :create, params: {auth: { email: @admin.email, password: 'wrong' }}
|
15
15
|
assert_response :not_found
|
16
16
|
end
|
17
17
|
|
18
18
|
test "responds with 201" do
|
19
|
-
post :create, auth: { email: @admin.email, password: 'secret' }
|
19
|
+
post :create, params: {auth: { email: @admin.email, password: 'secret' }}
|
20
20
|
assert_response :created
|
21
21
|
end
|
22
22
|
end
|
@@ -20,4 +20,12 @@ class CurrentUsersControllerTest < ActionController::TestCase
|
|
20
20
|
get :show
|
21
21
|
assert_response :success
|
22
22
|
end
|
23
|
+
|
24
|
+
# Run this test twice to validate that it still works
|
25
|
+
# when the getter method has already been defined.
|
26
|
+
test "responds with 200 #2" do
|
27
|
+
authenticate
|
28
|
+
get :show
|
29
|
+
assert_response :success
|
30
|
+
end
|
23
31
|
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class CustomUnauthorizedEntityControllerTest < ActionController::TestCase
|
4
|
+
def valid_auth
|
5
|
+
@user = users(:one)
|
6
|
+
@token = Knock::AuthToken.new(payload: { sub: @user.id }).token
|
7
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
8
|
+
end
|
9
|
+
|
10
|
+
def invalid_token_auth
|
11
|
+
@token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
|
12
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
13
|
+
end
|
14
|
+
|
15
|
+
def invalid_entity_auth
|
16
|
+
@token = Knock::AuthToken.new(payload: { sub: 0 }).token
|
17
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
18
|
+
end
|
19
|
+
|
20
|
+
test "responds with not found" do
|
21
|
+
get :index
|
22
|
+
assert_response :not_found
|
23
|
+
end
|
24
|
+
|
25
|
+
test "responds with not found to invalid token" do
|
26
|
+
invalid_token_auth
|
27
|
+
get :index
|
28
|
+
assert_response :not_found
|
29
|
+
end
|
30
|
+
|
31
|
+
test "responds with not found to invalid entity" do
|
32
|
+
invalid_entity_auth
|
33
|
+
get :index
|
34
|
+
assert_response :not_found
|
35
|
+
end
|
36
|
+
|
37
|
+
test "responds with success if authenticated" do
|
38
|
+
valid_auth
|
39
|
+
get :index
|
40
|
+
assert_response :success
|
41
|
+
end
|
42
|
+
end
|
@@ -28,12 +28,12 @@ class ProtectedResourcesControllerTest < ActionController::TestCase
|
|
28
28
|
end
|
29
29
|
|
30
30
|
test "responds with success with token in url" do
|
31
|
-
get :index, token: @token
|
31
|
+
get :index, params: {token: @token}
|
32
32
|
assert_response :success
|
33
33
|
end
|
34
34
|
|
35
35
|
test "responds with unauthorized with invalid token in url" do
|
36
|
-
get :index, token: "invalid"
|
36
|
+
get :index, params: {token: "invalid"}
|
37
37
|
assert_response :unauthorized
|
38
38
|
end
|
39
39
|
|
@@ -6,17 +6,17 @@ class VendorTokenControllerTest < ActionController::TestCase
|
|
6
6
|
end
|
7
7
|
|
8
8
|
test "responds with 404 if user does not exist" do
|
9
|
-
post :create, auth: { email: 'wrong@example.net', password: '' }
|
9
|
+
post :create, params: {auth: { email: 'wrong@example.net', password: '' }}
|
10
10
|
assert_response :not_found
|
11
11
|
end
|
12
12
|
|
13
13
|
test "responds with 404 if password is invalid" do
|
14
|
-
post :create, auth: { email: @vendor.email, password: 'wrong' }
|
14
|
+
post :create, params: {auth: { email: @vendor.email, password: 'wrong' }}
|
15
15
|
assert_response :not_found
|
16
16
|
end
|
17
17
|
|
18
18
|
test "responds with 201" do
|
19
|
-
post :create, auth: { email: @vendor.email, password: 'secret' }
|
19
|
+
post :create, params: {auth: { email: @vendor.email, password: 'secret' }}
|
20
20
|
assert_response :created
|
21
21
|
end
|
22
22
|
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
Knock.setup do |config|
|
2
|
+
|
3
|
+
## Expiration claim
|
4
|
+
## ----------------
|
5
|
+
##
|
6
|
+
## How long before a token is expired. If nil is provided, token will
|
7
|
+
## last forever.
|
8
|
+
##
|
9
|
+
## Default:
|
10
|
+
# config.token_lifetime = 1.day
|
11
|
+
|
12
|
+
|
13
|
+
## Audience claim
|
14
|
+
## --------------
|
15
|
+
##
|
16
|
+
## Configure the audience claim to identify the recipients that the token
|
17
|
+
## is intended for.
|
18
|
+
##
|
19
|
+
## Default:
|
20
|
+
# config.token_audience = nil
|
21
|
+
|
22
|
+
## If using Auth0, uncomment the line below
|
23
|
+
# config.token_audience = -> { Rails.application.secrets.auth0_client_id }
|
24
|
+
|
25
|
+
## Signature algorithm
|
26
|
+
## -------------------
|
27
|
+
##
|
28
|
+
## Configure the algorithm used to encode the token
|
29
|
+
##
|
30
|
+
## Default:
|
31
|
+
# config.token_signature_algorithm = 'HS256'
|
32
|
+
|
33
|
+
## Signature key
|
34
|
+
## -------------
|
35
|
+
##
|
36
|
+
## Configure the key used to sign tokens.
|
37
|
+
##
|
38
|
+
## Default:
|
39
|
+
# config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
|
40
|
+
|
41
|
+
## If using Auth0, uncomment the line below
|
42
|
+
# config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret }
|
43
|
+
|
44
|
+
## Public key
|
45
|
+
## ----------
|
46
|
+
##
|
47
|
+
## Configure the public key used to decode tokens, if required.
|
48
|
+
##
|
49
|
+
## Default:
|
50
|
+
# config.token_public_key = nil
|
51
|
+
|
52
|
+
## Exception Class
|
53
|
+
## ---------------
|
54
|
+
##
|
55
|
+
## Configure the exception to be used when user cannot be found.
|
56
|
+
##
|
57
|
+
## Default:
|
58
|
+
# config.not_found_exception_class_name = 'ActiveRecord::RecordNotFound'
|
59
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knock
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '
|
4
|
+
version: '2.0'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Arnaud MESUREUR
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-
|
12
|
+
date: 2016-10-23 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -103,7 +103,6 @@ files:
|
|
103
103
|
- lib/knock/engine.rb
|
104
104
|
- lib/knock/version.rb
|
105
105
|
- lib/tasks/knock_tasks.rake
|
106
|
-
- test/controllers/knock/auth_token_controller_test.rb
|
107
106
|
- test/dummy/README.rdoc
|
108
107
|
- test/dummy/Rakefile
|
109
108
|
- test/dummy/app/assets/javascripts/application.js
|
@@ -113,6 +112,7 @@ files:
|
|
113
112
|
- test/dummy/app/controllers/application_controller.rb
|
114
113
|
- test/dummy/app/controllers/composite_name_entity_protected_controller.rb
|
115
114
|
- test/dummy/app/controllers/current_users_controller.rb
|
115
|
+
- test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
|
116
116
|
- test/dummy/app/controllers/protected_resources_controller.rb
|
117
117
|
- test/dummy/app/controllers/vendor_protected_controller.rb
|
118
118
|
- test/dummy/app/controllers/vendor_token_controller.rb
|
@@ -161,6 +161,7 @@ files:
|
|
161
161
|
- test/dummy/test/controllers/admin_token_controller_test.rb
|
162
162
|
- test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb
|
163
163
|
- test/dummy/test/controllers/current_users_controller_test.rb
|
164
|
+
- test/dummy/test/controllers/custom_unauthorized_entity_controller_test.rb
|
164
165
|
- test/dummy/test/controllers/protected_resources_controller_test.rb
|
165
166
|
- test/dummy/test/controllers/vendor_protected_controller_test.rb
|
166
167
|
- test/dummy/test/controllers/vendor_token_controller_test.rb
|
@@ -177,11 +178,7 @@ files:
|
|
177
178
|
- test/model/knock/auth_token_test.rb
|
178
179
|
- test/support/generators_test_helper.rb
|
179
180
|
- test/test_helper.rb
|
180
|
-
- test/tmp/
|
181
|
-
- test/tmp/app/controllers/admin_user_token_controller.rb
|
182
|
-
- test/tmp/app/controllers/user_admin_token_controller.rb
|
183
|
-
- test/tmp/app/controllers/user_token_controller.rb
|
184
|
-
- test/tmp/config/routes.rb
|
181
|
+
- test/tmp/config/initializers/knock.rb
|
185
182
|
homepage: https://github.com/nsarno/knock
|
186
183
|
licenses:
|
187
184
|
- MIT
|
@@ -207,7 +204,6 @@ signing_key:
|
|
207
204
|
specification_version: 4
|
208
205
|
summary: Seamless JWT authentication for Rails API.
|
209
206
|
test_files:
|
210
|
-
- test/controllers/knock/auth_token_controller_test.rb
|
211
207
|
- test/dummy/README.rdoc
|
212
208
|
- test/dummy/Rakefile
|
213
209
|
- test/dummy/app/assets/javascripts/application.js
|
@@ -217,6 +213,7 @@ test_files:
|
|
217
213
|
- test/dummy/app/controllers/application_controller.rb
|
218
214
|
- test/dummy/app/controllers/composite_name_entity_protected_controller.rb
|
219
215
|
- test/dummy/app/controllers/current_users_controller.rb
|
216
|
+
- test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
|
220
217
|
- test/dummy/app/controllers/protected_resources_controller.rb
|
221
218
|
- test/dummy/app/controllers/vendor_protected_controller.rb
|
222
219
|
- test/dummy/app/controllers/vendor_token_controller.rb
|
@@ -265,6 +262,7 @@ test_files:
|
|
265
262
|
- test/dummy/test/controllers/admin_token_controller_test.rb
|
266
263
|
- test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb
|
267
264
|
- test/dummy/test/controllers/current_users_controller_test.rb
|
265
|
+
- test/dummy/test/controllers/custom_unauthorized_entity_controller_test.rb
|
268
266
|
- test/dummy/test/controllers/protected_resources_controller_test.rb
|
269
267
|
- test/dummy/test/controllers/vendor_protected_controller_test.rb
|
270
268
|
- test/dummy/test/controllers/vendor_token_controller_test.rb
|
@@ -281,8 +279,4 @@ test_files:
|
|
281
279
|
- test/model/knock/auth_token_test.rb
|
282
280
|
- test/support/generators_test_helper.rb
|
283
281
|
- test/test_helper.rb
|
284
|
-
- test/tmp/config/
|
285
|
-
- test/tmp/app/controllers/user_token_controller.rb
|
286
|
-
- test/tmp/app/controllers/admin_token_controller.rb
|
287
|
-
- test/tmp/app/controllers/admin_user_token_controller.rb
|
288
|
-
- test/tmp/app/controllers/user_admin_token_controller.rb
|
282
|
+
- test/tmp/config/initializers/knock.rb
|
@@ -1,39 +0,0 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
module Knock
|
4
|
-
class AuthTokenControllerTest < ActionController::TestCase
|
5
|
-
setup do
|
6
|
-
@routes = Engine.routes
|
7
|
-
end
|
8
|
-
|
9
|
-
def user
|
10
|
-
@user ||= users(:one)
|
11
|
-
end
|
12
|
-
|
13
|
-
test "it's using configured custom exception" do
|
14
|
-
assert_equal Knock.not_found_exception_class, Knock::MyCustomException
|
15
|
-
end
|
16
|
-
|
17
|
-
test "responds with 404 if user does not exist" do
|
18
|
-
post :create, auth: { email: 'wrong@example.net', password: '' }
|
19
|
-
assert_response :not_found
|
20
|
-
end
|
21
|
-
|
22
|
-
test "responds with 404 if password is invalid" do
|
23
|
-
post :create, auth: { email: user.email, password: 'wrong' }
|
24
|
-
assert_response :not_found
|
25
|
-
end
|
26
|
-
|
27
|
-
test "responds with 201" do
|
28
|
-
post :create, auth: { email: user.email, password: 'secret' }
|
29
|
-
assert_response :created
|
30
|
-
end
|
31
|
-
|
32
|
-
test "response contains token" do
|
33
|
-
post :create, auth: { email: user.email, password: 'secret' }
|
34
|
-
|
35
|
-
content = JSON.parse(response.body)
|
36
|
-
assert_equal true, content.has_key?("jwt")
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
data/test/tmp/config/routes.rb
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
Rails.application.routes.draw do
|
2
|
-
post 'user_admin_token' => 'user_admin_token#create'
|
3
|
-
post 'admin_user_token' => 'admin_user_token#create'
|
4
|
-
post 'admin_token' => 'admin_token#create'
|
5
|
-
post 'user_token' => 'user_token#create'
|
6
|
-
post 'admin_token' => 'admin_token#create'
|
7
|
-
post 'vendor_token' => 'vendor_token#create'
|
8
|
-
|
9
|
-
resources :protected_resources
|
10
|
-
resource :current_user
|
11
|
-
|
12
|
-
resources :admin_protected
|
13
|
-
resources :composite_name_entity_protected
|
14
|
-
resources :vendor_protected
|
15
|
-
|
16
|
-
mount Knock::Engine => "/knock"
|
17
|
-
end
|