knock 1.5 → 2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. checksums.yaml +8 -8
  2. data/Rakefile +2 -0
  3. data/app/controllers/knock/auth_token_controller.rb +4 -10
  4. data/app/model/knock/auth_token.rb +1 -6
  5. data/lib/generators/templates/knock.rb +0 -49
  6. data/lib/knock.rb +0 -10
  7. data/lib/knock/authenticable.rb +24 -19
  8. data/lib/knock/version.rb +1 -1
  9. data/test/dummy/app/controllers/custom_unauthorized_entity_controller.rb +13 -0
  10. data/test/dummy/app/controllers/protected_resources_controller.rb +1 -1
  11. data/test/dummy/config/application.rb +4 -2
  12. data/test/dummy/config/environments/test.rb +7 -2
  13. data/test/dummy/config/initializers/knock.rb +0 -2
  14. data/test/dummy/config/routes.rb +1 -0
  15. data/test/dummy/db/schema.rb +0 -1
  16. data/test/dummy/db/test.sqlite3 +0 -0
  17. data/test/dummy/log/test.log +372 -351
  18. data/test/dummy/test/controllers/admin_token_controller_test.rb +3 -3
  19. data/test/dummy/test/controllers/current_users_controller_test.rb +8 -0
  20. data/test/dummy/test/controllers/custom_unauthorized_entity_controller_test.rb +42 -0
  21. data/test/dummy/test/controllers/protected_resources_controller_test.rb +2 -2
  22. data/test/dummy/test/controllers/vendor_protected_controller_test.rb +1 -1
  23. data/test/dummy/test/controllers/vendor_token_controller_test.rb +3 -3
  24. data/test/model/knock/auth_token_test.rb +0 -1
  25. data/test/tmp/config/initializers/knock.rb +59 -0
  26. metadata +8 -14
  27. data/test/controllers/knock/auth_token_controller_test.rb +0 -39
  28. data/test/tmp/app/controllers/admin_token_controller.rb +0 -2
  29. data/test/tmp/app/controllers/admin_user_token_controller.rb +0 -2
  30. data/test/tmp/app/controllers/user_admin_token_controller.rb +0 -2
  31. data/test/tmp/app/controllers/user_token_controller.rb +0 -2
  32. data/test/tmp/config/routes.rb +0 -17
@@ -6,17 +6,17 @@ class AdminTokenControllerTest < ActionController::TestCase
6
6
  end
7
7
 
8
8
  test "responds with 404 if user does not exist" do
9
- post :create, auth: { email: 'wrong@example.net', password: '' }
9
+ post :create, params: {auth: { email: 'wrong@example.net', password: '' }}
10
10
  assert_response :not_found
11
11
  end
12
12
 
13
13
  test "responds with 404 if password is invalid" do
14
- post :create, auth: { email: @admin.email, password: 'wrong' }
14
+ post :create, params: {auth: { email: @admin.email, password: 'wrong' }}
15
15
  assert_response :not_found
16
16
  end
17
17
 
18
18
  test "responds with 201" do
19
- post :create, auth: { email: @admin.email, password: 'secret' }
19
+ post :create, params: {auth: { email: @admin.email, password: 'secret' }}
20
20
  assert_response :created
21
21
  end
22
22
  end
@@ -20,4 +20,12 @@ class CurrentUsersControllerTest < ActionController::TestCase
20
20
  get :show
21
21
  assert_response :success
22
22
  end
23
+
24
+ # Run this test twice to validate that it still works
25
+ # when the getter method has already been defined.
26
+ test "responds with 200 #2" do
27
+ authenticate
28
+ get :show
29
+ assert_response :success
30
+ end
23
31
  end
@@ -0,0 +1,42 @@
1
+ require 'test_helper'
2
+
3
+ class CustomUnauthorizedEntityControllerTest < ActionController::TestCase
4
+ def valid_auth
5
+ @user = users(:one)
6
+ @token = Knock::AuthToken.new(payload: { sub: @user.id }).token
7
+ @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
8
+ end
9
+
10
+ def invalid_token_auth
11
+ @token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
12
+ @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
13
+ end
14
+
15
+ def invalid_entity_auth
16
+ @token = Knock::AuthToken.new(payload: { sub: 0 }).token
17
+ @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
18
+ end
19
+
20
+ test "responds with not found" do
21
+ get :index
22
+ assert_response :not_found
23
+ end
24
+
25
+ test "responds with not found to invalid token" do
26
+ invalid_token_auth
27
+ get :index
28
+ assert_response :not_found
29
+ end
30
+
31
+ test "responds with not found to invalid entity" do
32
+ invalid_entity_auth
33
+ get :index
34
+ assert_response :not_found
35
+ end
36
+
37
+ test "responds with success if authenticated" do
38
+ valid_auth
39
+ get :index
40
+ assert_response :success
41
+ end
42
+ end
@@ -28,12 +28,12 @@ class ProtectedResourcesControllerTest < ActionController::TestCase
28
28
  end
29
29
 
30
30
  test "responds with success with token in url" do
31
- get :index, token: @token
31
+ get :index, params: {token: @token}
32
32
  assert_response :success
33
33
  end
34
34
 
35
35
  test "responds with unauthorized with invalid token in url" do
36
- get :index, token: "invalid"
36
+ get :index, params: {token: "invalid"}
37
37
  assert_response :unauthorized
38
38
  end
39
39
 
@@ -49,7 +49,7 @@ class VendorProtectedControllerTest < ActionController::TestCase
49
49
 
50
50
  test "raises method missing error appropriately" do
51
51
  assert_raises(NoMethodError) do
52
- get :show, id: 1
52
+ get :show, params: {id: 1}
53
53
  end
54
54
  end
55
55
  end
@@ -6,17 +6,17 @@ class VendorTokenControllerTest < ActionController::TestCase
6
6
  end
7
7
 
8
8
  test "responds with 404 if user does not exist" do
9
- post :create, auth: { email: 'wrong@example.net', password: '' }
9
+ post :create, params: {auth: { email: 'wrong@example.net', password: '' }}
10
10
  assert_response :not_found
11
11
  end
12
12
 
13
13
  test "responds with 404 if password is invalid" do
14
- post :create, auth: { email: @vendor.email, password: 'wrong' }
14
+ post :create, params: {auth: { email: @vendor.email, password: 'wrong' }}
15
15
  assert_response :not_found
16
16
  end
17
17
 
18
18
  test "responds with 201" do
19
- post :create, auth: { email: @vendor.email, password: 'secret' }
19
+ post :create, params: {auth: { email: @vendor.email, password: 'secret' }}
20
20
  assert_response :created
21
21
  end
22
22
  end
@@ -41,7 +41,6 @@ module Knock
41
41
 
42
42
  test "verify audience when token_audience is present" do
43
43
  Knock.token_audience = -> { 'bar' }
44
- key = Knock.token_secret_signature_key.call
45
44
 
46
45
  assert_raises(JWT::InvalidAudError) {
47
46
  AuthToken.new token: @token
@@ -0,0 +1,59 @@
1
+ Knock.setup do |config|
2
+
3
+ ## Expiration claim
4
+ ## ----------------
5
+ ##
6
+ ## How long before a token is expired. If nil is provided, token will
7
+ ## last forever.
8
+ ##
9
+ ## Default:
10
+ # config.token_lifetime = 1.day
11
+
12
+
13
+ ## Audience claim
14
+ ## --------------
15
+ ##
16
+ ## Configure the audience claim to identify the recipients that the token
17
+ ## is intended for.
18
+ ##
19
+ ## Default:
20
+ # config.token_audience = nil
21
+
22
+ ## If using Auth0, uncomment the line below
23
+ # config.token_audience = -> { Rails.application.secrets.auth0_client_id }
24
+
25
+ ## Signature algorithm
26
+ ## -------------------
27
+ ##
28
+ ## Configure the algorithm used to encode the token
29
+ ##
30
+ ## Default:
31
+ # config.token_signature_algorithm = 'HS256'
32
+
33
+ ## Signature key
34
+ ## -------------
35
+ ##
36
+ ## Configure the key used to sign tokens.
37
+ ##
38
+ ## Default:
39
+ # config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
40
+
41
+ ## If using Auth0, uncomment the line below
42
+ # config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret }
43
+
44
+ ## Public key
45
+ ## ----------
46
+ ##
47
+ ## Configure the public key used to decode tokens, if required.
48
+ ##
49
+ ## Default:
50
+ # config.token_public_key = nil
51
+
52
+ ## Exception Class
53
+ ## ---------------
54
+ ##
55
+ ## Configure the exception to be used when user cannot be found.
56
+ ##
57
+ ## Default:
58
+ # config.not_found_exception_class_name = 'ActiveRecord::RecordNotFound'
59
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: knock
3
3
  version: !ruby/object:Gem::Version
4
- version: '1.5'
4
+ version: '2.0'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Arnaud MESUREUR
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-05-29 00:00:00.000000000 Z
12
+ date: 2016-10-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rails
@@ -103,7 +103,6 @@ files:
103
103
  - lib/knock/engine.rb
104
104
  - lib/knock/version.rb
105
105
  - lib/tasks/knock_tasks.rake
106
- - test/controllers/knock/auth_token_controller_test.rb
107
106
  - test/dummy/README.rdoc
108
107
  - test/dummy/Rakefile
109
108
  - test/dummy/app/assets/javascripts/application.js
@@ -113,6 +112,7 @@ files:
113
112
  - test/dummy/app/controllers/application_controller.rb
114
113
  - test/dummy/app/controllers/composite_name_entity_protected_controller.rb
115
114
  - test/dummy/app/controllers/current_users_controller.rb
115
+ - test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
116
116
  - test/dummy/app/controllers/protected_resources_controller.rb
117
117
  - test/dummy/app/controllers/vendor_protected_controller.rb
118
118
  - test/dummy/app/controllers/vendor_token_controller.rb
@@ -161,6 +161,7 @@ files:
161
161
  - test/dummy/test/controllers/admin_token_controller_test.rb
162
162
  - test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb
163
163
  - test/dummy/test/controllers/current_users_controller_test.rb
164
+ - test/dummy/test/controllers/custom_unauthorized_entity_controller_test.rb
164
165
  - test/dummy/test/controllers/protected_resources_controller_test.rb
165
166
  - test/dummy/test/controllers/vendor_protected_controller_test.rb
166
167
  - test/dummy/test/controllers/vendor_token_controller_test.rb
@@ -177,11 +178,7 @@ files:
177
178
  - test/model/knock/auth_token_test.rb
178
179
  - test/support/generators_test_helper.rb
179
180
  - test/test_helper.rb
180
- - test/tmp/app/controllers/admin_token_controller.rb
181
- - test/tmp/app/controllers/admin_user_token_controller.rb
182
- - test/tmp/app/controllers/user_admin_token_controller.rb
183
- - test/tmp/app/controllers/user_token_controller.rb
184
- - test/tmp/config/routes.rb
181
+ - test/tmp/config/initializers/knock.rb
185
182
  homepage: https://github.com/nsarno/knock
186
183
  licenses:
187
184
  - MIT
@@ -207,7 +204,6 @@ signing_key:
207
204
  specification_version: 4
208
205
  summary: Seamless JWT authentication for Rails API.
209
206
  test_files:
210
- - test/controllers/knock/auth_token_controller_test.rb
211
207
  - test/dummy/README.rdoc
212
208
  - test/dummy/Rakefile
213
209
  - test/dummy/app/assets/javascripts/application.js
@@ -217,6 +213,7 @@ test_files:
217
213
  - test/dummy/app/controllers/application_controller.rb
218
214
  - test/dummy/app/controllers/composite_name_entity_protected_controller.rb
219
215
  - test/dummy/app/controllers/current_users_controller.rb
216
+ - test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
220
217
  - test/dummy/app/controllers/protected_resources_controller.rb
221
218
  - test/dummy/app/controllers/vendor_protected_controller.rb
222
219
  - test/dummy/app/controllers/vendor_token_controller.rb
@@ -265,6 +262,7 @@ test_files:
265
262
  - test/dummy/test/controllers/admin_token_controller_test.rb
266
263
  - test/dummy/test/controllers/composite_name_entity_protected_controller_test.rb
267
264
  - test/dummy/test/controllers/current_users_controller_test.rb
265
+ - test/dummy/test/controllers/custom_unauthorized_entity_controller_test.rb
268
266
  - test/dummy/test/controllers/protected_resources_controller_test.rb
269
267
  - test/dummy/test/controllers/vendor_protected_controller_test.rb
270
268
  - test/dummy/test/controllers/vendor_token_controller_test.rb
@@ -281,8 +279,4 @@ test_files:
281
279
  - test/model/knock/auth_token_test.rb
282
280
  - test/support/generators_test_helper.rb
283
281
  - test/test_helper.rb
284
- - test/tmp/config/routes.rb
285
- - test/tmp/app/controllers/user_token_controller.rb
286
- - test/tmp/app/controllers/admin_token_controller.rb
287
- - test/tmp/app/controllers/admin_user_token_controller.rb
288
- - test/tmp/app/controllers/user_admin_token_controller.rb
282
+ - test/tmp/config/initializers/knock.rb
@@ -1,39 +0,0 @@
1
- require 'test_helper'
2
-
3
- module Knock
4
- class AuthTokenControllerTest < ActionController::TestCase
5
- setup do
6
- @routes = Engine.routes
7
- end
8
-
9
- def user
10
- @user ||= users(:one)
11
- end
12
-
13
- test "it's using configured custom exception" do
14
- assert_equal Knock.not_found_exception_class, Knock::MyCustomException
15
- end
16
-
17
- test "responds with 404 if user does not exist" do
18
- post :create, auth: { email: 'wrong@example.net', password: '' }
19
- assert_response :not_found
20
- end
21
-
22
- test "responds with 404 if password is invalid" do
23
- post :create, auth: { email: user.email, password: 'wrong' }
24
- assert_response :not_found
25
- end
26
-
27
- test "responds with 201" do
28
- post :create, auth: { email: user.email, password: 'secret' }
29
- assert_response :created
30
- end
31
-
32
- test "response contains token" do
33
- post :create, auth: { email: user.email, password: 'secret' }
34
-
35
- content = JSON.parse(response.body)
36
- assert_equal true, content.has_key?("jwt")
37
- end
38
- end
39
- end
@@ -1,2 +0,0 @@
1
- class AdminTokenController < Knock::AuthTokenController
2
- end
@@ -1,2 +0,0 @@
1
- class AdminUserTokenController < Knock::AuthTokenController
2
- end
@@ -1,2 +0,0 @@
1
- class UserAdminTokenController < Knock::AuthTokenController
2
- end
@@ -1,2 +0,0 @@
1
- class UserTokenController < Knock::AuthTokenController
2
- end
@@ -1,17 +0,0 @@
1
- Rails.application.routes.draw do
2
- post 'user_admin_token' => 'user_admin_token#create'
3
- post 'admin_user_token' => 'admin_user_token#create'
4
- post 'admin_token' => 'admin_token#create'
5
- post 'user_token' => 'user_token#create'
6
- post 'admin_token' => 'admin_token#create'
7
- post 'vendor_token' => 'vendor_token#create'
8
-
9
- resources :protected_resources
10
- resource :current_user
11
-
12
- resources :admin_protected
13
- resources :composite_name_entity_protected
14
- resources :vendor_protected
15
-
16
- mount Knock::Engine => "/knock"
17
- end