lita 1.1.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f158cb443c81f822bc6d7e8c79686c2d88d4b54e
-  data.tar.gz: 7b69a1cf250862ccfc8e14f6744d888aca82e4bb
+  metadata.gz: 84663df9e521122035bbb09de95d53157535a474
+  data.tar.gz: ce55f59a8ff5c6d11a3d27889cad9f663df3f073
 SHA512:
-  metadata.gz: d789ea06b6c14ccbc872ff44ec44a4da8c395648e2617fb80f423022dfa1480c109a45981dbd4be6aed48d112908f476e42685cfbe2317c74d229a7f960f9161
-  data.tar.gz: d5f90787d8903222cb433f8d065a0bccd2f2dc7edd7867acc4355d351352286d2876c48264745edd37fad2e861af4331ed24de97477bf95e313376b9fa3dad95
+  metadata.gz: 39470491c57e513f944a14aa6d42364d51a56db47035302012c4914d5b0227f2f31948db4c6f4fe785d3cbd38e4e40d00c79e2a2542c133d51edc4b2c0217d32
+  data.tar.gz: e1163b8a148943e0abc833044f4a8eb092c5c6a4d39e1d07d9a06dd891fe2ec04d51e2d838ecb21c72d114e029b86ce9b62419f96683c4d236f053a784f6d90d

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.1.1 (June 23, 2013)
+
+* Fixed broken internals in the authorization API. Auth commands will now correctly detect the user making the command and will normalize group names so that capitalization and white space don't matter.
+
 ## 1.1.0 (June 23, 2013)
 
 * Added a new configuration: `config.robot.mention_name`. This allows the display name of the robot `config.robot.name` to differ from the name Lita uses to detect a message as a command. For example, on HipChat, Lita's name might be displayed as "Lita Bot", but might be mentioned in messages with "LitaBot". This value will default to `config.robot.name` if not set.

data/lib/lita/authorization.rb

@@ -1,18 +1,18 @@
 module Lita
   module Authorization
     class << self
-      def add_user_to_group(user, group)
-        return unless user_is_admin?(user)
-        redis.sadd(group, user.id)
+      def add_user_to_group(requesting_user, user, group)
+        return :unauthorized unless user_is_admin?(requesting_user)
+        redis.sadd(normalize_group(group), user.id)
       end
 
-      def remove_user_from_group(user, group)
-        return unless user_is_admin?(user)
-        redis.srem(group, user.id)
+      def remove_user_from_group(requesting_user, user, group)
+        return :unauthorized unless user_is_admin?(requesting_user)
+        redis.srem(normalize_group(group), user.id)
       end
 
       def user_in_group?(user, group)
-        redis.sismember(group, user.id)
+        redis.sismember(normalize_group(group), user.id)
       end
 
       def user_is_admin?(user)
@@ -21,6 +21,10 @@ module Lita
 
       private
 
+      def normalize_group(group)
+        group.to_s.downcase.strip
+      end
+
       def redis
         @redis ||= Redis::Namespace.new("auth", redis: Lita.redis)
       end

data/lib/lita/handlers/authorization.rb

@@ -16,7 +16,10 @@ module Lita
       def add(matches)
         return unless valid_message?
 
-        if Lita::Authorization.add_user_to_group(@user, @group)
+        case Lita::Authorization.add_user_to_group(user, @user, @group)
+        when :unauthorized
+          reply "Only administrators can add users to groups."
+        when true
           reply "#{@user.name} was added to #{@group}."
         else
           reply "#{@user.name} was already in #{@group}."
@@ -26,7 +29,10 @@ module Lita
       def remove(matches)
         return unless valid_message?
 
-        if Lita::Authorization.remove_user_from_group(@user, @group)
+        case Lita::Authorization.remove_user_from_group(user, @user, @group)
+        when :unauthorized
+          reply "Only administrators can remove users from groups."
+        when true
           reply "#{@user.name} was removed from #{@group}."
         else
           reply "#{@user.name} was not in #{@group}."

data/lib/lita/version.rb

@@ -1,3 +1,3 @@
 module Lita
-  VERSION = "1.1.0"
+  VERSION = "1.1.1"
 end

data/spec/lita/authorization_spec.rb

@@ -1,46 +1,63 @@
 require "spec_helper"
 
 describe Lita::Authorization, lita: true do
-  let(:user) do
-    user = double("User")
-    allow(user).to receive(:id).and_return("1")
-    user
+  let(:requesting_user) { double("Lita::User", id: "1") }
+  let(:user) { double("Lita::User", id: "2") }
+
+  before do
+    Lita.config.robot.admins = ["1"]
   end
 
   describe ".add_user_to_group" do
     it "adds users to an auth group" do
-      allow(described_class).to receive(:user_is_admin?).and_return(true)
-      described_class.add_user_to_group(user, "employees")
+      described_class.add_user_to_group(requesting_user, user, "employees")
       expect(described_class.user_in_group?(user, "employees")).to be_true
     end
 
     it "can only be called by admins" do
-      allow(described_class).to receive(:user_is_admin?).and_return(false)
-      described_class.add_user_to_group(user, "employees")
+      Lita.config.robot.admins = nil
+      result = described_class.add_user_to_group(
+        requesting_user,
+        user,
+        "employees"
+      )
+      expect(result).to eq(:unauthorized)
       expect(described_class.user_in_group?(user, "employees")).to be_false
     end
+
+    it "normalizes the group name" do
+      described_class.add_user_to_group(requesting_user, user, "eMPLoYeeS")
+      expect(described_class.user_in_group?(user, "  EmplOyEEs  ")).to be_true
+    end
   end
 
   describe ".remove_user_from_group" do
     it "removes users from an auth group" do
-      allow(described_class).to receive(:user_is_admin?).and_return(true)
-      described_class.add_user_to_group(user, "employees")
-      described_class.remove_user_from_group(user, "employees")
+      described_class.add_user_to_group(requesting_user, user, "employees")
+      described_class.remove_user_from_group(requesting_user, user, "employees")
       expect(described_class.user_in_group?(user, "employees")).to be_false
     end
 
     it "can only be called by admins" do
-      allow(described_class).to receive(:user_is_admin?).and_return(true)
-      described_class.add_user_to_group(user, "employees")
-      allow(described_class).to receive(:user_is_admin?).and_return(false)
-      described_class.remove_user_from_group(user, "employees")
+      described_class.add_user_to_group(requesting_user, user, "employees")
+      Lita.config.robot.admins = nil
+      result = described_class.remove_user_from_group(
+        requesting_user,
+        user,
+        "employees"
+      )
+      expect(result).to eq(:unauthorized)
       expect(described_class.user_in_group?(user, "employees")).to be_true
     end
+
+    it "normalizes the group name" do
+      described_class.add_user_to_group(requesting_user, user, "eMPLoYeeS")
+      described_class.remove_user_from_group(requesting_user, user, "EmployeeS")
+      expect(described_class.user_in_group?(user, "  EmplOyEEs  ")).to be_false
+    end
   end
 
   describe ".user_in_group?" do
-    # Positive case is covered by .add_user_to_group's example.
-
     it "returns false if the user is in the group" do
       expect(described_class.user_in_group?(user, "employees")).to be_false
     end
@@ -48,8 +65,7 @@ describe Lita::Authorization, lita: true do
 
   describe ".user_is_admin?" do
     it "returns true if the user's ID is in the config" do
-      Lita.config.robot.admins = "1"
-      expect(described_class.user_is_admin?(user)).to be_true
+      expect(described_class.user_is_admin?(requesting_user)).to be_true
     end
 
     it "returns false if the user's ID is not in the config" do

data/spec/lita/handlers/authorization_spec.rb

@@ -1,7 +1,14 @@
 require "spec_helper"
 
 describe Lita::Handlers::Authorization, lita: true do
-  before { allow(robot).to receive(:send_messages) }
+  before do
+    allow(robot).to receive(:send_messages)
+    allow(Lita::Authorization).to receive(:user_is_admin?).with(
+      user
+    ).and_return(true)
+  end
+
+  let(:target_user) { double("Lita::User", id: "1", name: "Carl") }
 
   it { routes("#{robot.name}: auth add foo bar").to(:add) }
   it { routes("#{robot.name}: auth add foo@bar.com baz").to(:add) }
@@ -15,10 +22,6 @@ describe Lita::Handlers::Authorization, lita: true do
   end
 
   describe "#add" do
-    before do
-      allow(Lita::Authorization).to receive(:user_is_admin?).and_return(true)
-    end
-
     it "replies with the proper format if the require commands are missing" do
       expect_reply(/^Format:/)
       send_test_message("#{robot.name}: auth add foo")
@@ -29,41 +32,51 @@ describe Lita::Handlers::Authorization, lita: true do
       send_test_message("#{robot.name}: auth add foo bar")
     end
 
-    it "replies with success if the valid user ID and group were supplied" do
-      allow(Lita::User).to receive(:find_by_id).and_return(user)
-      expect_reply("#{user.name} was added to bar.")
+    it "replies with success if a valid user and group were supplied" do
+      allow(Lita::User).to receive(:find_by_id).and_return(target_user)
+      expect_reply("#{target_user.name} was added to bar.")
       send_test_message("#{robot.name}: auth add foo bar")
     end
 
-    it "replies with success if the valid user ID and group were supplied" do
-      allow(Lita::User).to receive(:find_by_name).and_return(user)
-      expect_reply("#{user.name} was added to bar.")
+    it "replies with a warning if the user was already in the group" do
+      allow(Lita::User).to receive(:find_by_id).and_return(target_user)
+      send_test_message("#{robot.name}: auth add foo bar")
+      expect_reply("#{target_user.name} was already in bar.")
       send_test_message("#{robot.name}: auth add foo bar")
     end
 
-    it "replies with a warning if the user was already in the group" do
-      allow(Lita::User).to receive(:find_by_id).and_return(user)
-      send_test_message("#{robot.name}: auth add foo bar")
-      expect_reply("#{user.name} was already in bar.")
+    it "replies with a warning if the requesting user is not an admin" do
+      allow(Lita::User).to receive(:find_by_id).and_return(target_user)
+      allow(Lita::Authorization).to receive(:user_is_admin?).with(
+        user
+      ).and_return(false)
+      expect_reply(/Only administrators can add/)
       send_test_message("#{robot.name}: auth add foo bar")
     end
   end
 
   describe "#remove" do
     before do
-      allow(Lita::Authorization).to receive(:user_is_admin?).and_return(true)
-      allow(Lita::User).to receive(:find_by_id).and_return(user)
+      allow(Lita::User).to receive(:find_by_id).and_return(target_user)
       send_test_message("#{robot.name}: auth add foo bar")
     end
 
-    it "replies with success if the valid user ID and group were supplied" do
-      expect_reply("#{user.name} was removed from bar.")
+    it "replies with success if a valid user and group were supplied" do
+      expect_reply("#{target_user.name} was removed from bar.")
       send_test_message("#{robot.name}: auth remove foo bar")
     end
 
     it "replies with a warning if the user was already in the group" do
       send_test_message("#{robot.name}: auth remove foo bar")
-      expect_reply("#{user.name} was not in bar.")
+      expect_reply("#{target_user.name} was not in bar.")
+      send_test_message("#{robot.name}: auth remove foo bar")
+    end
+
+    it "replies with a warning if the requesting user is not an admin" do
+      allow(Lita::Authorization).to receive(:user_is_admin?).with(
+        user
+      ).and_return(false)
+      expect_reply(/Only administrators can remove/)
       send_test_message("#{robot.name}: auth remove foo bar")
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lita
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Jimmy Cuadra