lockbox_middleware 1.2.2 → 1.2.3

data/README.rdoc

@@ -4,14 +4,31 @@ LockBox is a centralized API authentication service written by the DNC Innovatio
 users share a single identity across multiple services.  
 It is licensed under the New BSD License (see the LICENSE file for details).
 
-It is a Ruby on Rails application on the server side, and Rack middleware on the client side
-(which means it integrates nicely with any modern Ruby web framework). As of v1.2.0, there is an
-unfortunate Rails dependency in the middleware gem. Hopefully we'll get rid of that soon.
+The server is a Ruby on Rails application, while the client is pure Rack middleware (which means it
+integrates nicely with any modern Ruby web framework, including Rails 2.3+).
 
 Lockbox handles things like rate limiting, API key signup and management, and supports HMAC
-authentication as well as plain-text key exchange. We are working on replacing HMAC with OAuth 2.0.
+authentication as well as plain-text key exchange.
 
-== Configuration
+== Client Installation
+
+  gem install lockbox_middleware
+  
+=== Rails 2
+
+Add the following lines to the "config/environment.rb" file:
+  
+  config.gem 'lockbox_middleware'
+  config.middleware.use 'LockBox'
+  
+You may want to restrict the "config.middleware.use" line to the config/environments/production.rb file so that
+your test and development environments aren't trying to access the LockBox server.
+
+=== Rails 3
+
+Untested.
+
+== Client Configuration
 
 LockBox needs a configuration file named "lockbox.yml" in order to work. In a Rack app (incl. Rails),
 this file should be placed in app_root/config/lockbox.yml.
@@ -33,6 +50,27 @@ Here's an example lockbox.yml:
     protect_paths: 
       - ^/api/
 
+The 'all' section of the yaml file is a LockBox-specific shortcut so you can DRY up your protected path definitions.
+Settings in more specific environments will override those in the 'all' section.
+
+== Server Installation
+
+Running your own LockBox server is pretty easy. Just clone this repository (I'd stick with the master branch)
+and set it up under your favorite Rails hosting environment. It has only been tested with PostgreSQL, but it's not
+doing anything exotic with the DB, so it will probably work with other databases too.
+
+The gem dependencies are generally kept up to date in the Gemfile, so you can use bundler:
+
+  gem install bundler
+  bundle install
+
+Or you can use the Rails 2 gem installer:
+
+  rake gems:install
+
+Then you should configure the database.yml for the test environment and run 'rake spec' in the app root to have RSpec
+(gem install rspec-rails) run all of the tests. If these all pass, then you're probably good to go.
+
 == Download
 
 Github: http://github.com/dnclabs/lockbox/tree/master

data/lib/lockbox_cache.rb

@@ -37,8 +37,8 @@ module LockBoxCache
       end
     end
     
-    def initialize
-      if defined?(Rails)
+    def initialize(use_rails_cache=true)
+      if use_rails_cache && defined?(Rails)
         @cache = RailsCache.new
       else
         @cache = HashCache.new

data/lib/lockbox_middleware.rb

@@ -69,7 +69,7 @@ class LockBox
           return [app_response[0], response_headers, app_response[2]]
         else
           message = "Access Denied"
-          return [401, {'Content-Type' => 'text/plain', 'Content-Length' => "#{message.length}"}, message]
+          return [401, {'Content-Type' => 'text/plain', 'Content-Length' => "#{message.length}"}, [message]]
         end
       end
     end

data/spec/lib/lockbox_cache_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+require 'lockbox_cache'
+
+describe LockBoxCache::Cache do
+  subject { LockBoxCache::Cache.new }
+  
+  describe "#write" do
+    it "should save what you write to it" do
+      subject.write(:foo, 'bar')
+      subject.read(:foo).should == 'bar'
+    end
+  end
+  
+  describe "#read" do
+    it "should return nil when reading a non-existent key" do
+      subject.read(:foo).should be_nil
+    end
+  end
+  
+  describe "#delete" do
+    it "should delete the key and value" do
+      subject.write(:foo, 'bar')
+      subject.delete(:foo)
+      subject.read(:foo).should be_nil
+    end
+  end
+  
+  context "in a Rails app" do
+    it "should use the Rails cache" do
+      subject.write(:foo, 'bar')
+      Rails.cache.read(:foo).should == 'bar'
+    end
+  end
+  
+  context "in a Rack app" do
+    it "should still work" do
+      cache = LockBoxCache::Cache.new(false)
+      cache.write(:foo, 'bar')
+      cache.read(:foo).should == 'bar'
+      Rails.cache.read(:foo).should be_nil
+    end
+    
+    it "should still delete shit" do
+      cache = LockBoxCache::Cache.new(false)
+      cache.write(:foo, 'bar')
+      cache.delete(:foo)
+      cache.read(:foo).should be_nil
+    end
+  end
+end

data/spec/lib/lockbox_middleware_spec.rb

@@ -7,7 +7,7 @@ describe 'LockBox' do
 
   def app
     # Initialize our LockBox middleware with an "app" that just always returns 200, if it gets .called
-    LockBox.new(Proc.new {|env| [200,{},"successfully hit rails app"]})
+    LockBox.new(Proc.new {|env| [200,{'Content-Type' => 'text/plain'},["successfully hit rails app"]]})
   end
   
   def safely_edit_config_file(settings, env=nil)
@@ -105,14 +105,30 @@ describe 'LockBox' do
       LockBox.stubs(:get).with("/authentication/blah", any_parameters).returns(bad_response)
     end
   
-    it "should return 401 for a request that starts with /api with invalid api key" do
-      get "/api/some_controller/some_action?key=blah"
-      last_response.status.should == 401
+    context "with invalid api key" do
+      it "should return 401 for a protected path request" do
+        get "/api/some_controller/some_action?key=blah"
+        last_response.status.should == 401
+      end
+    
+      it "should return an array as the response body" do
+        # Rack compliance thing
+        env = Rack::MockRequest.env_for "/api/some_controller/some_action?key=blah"
+        app.call(env)[2].should be_an_instance_of(Array)
+      end
     end
       
-    it "should return 200 for a request that starts with /api and has api key" do
-      get "/api/some_controller/some_action?key=123456"
-      last_response.status.should == 200
+    context "with valid api key" do
+      it "should return 200 for a request that starts with /api and has api key" do
+        get "/api/some_controller/some_action?key=123456"
+        last_response.status.should == 200
+      end
+    
+      it "should have a Content-Type header" do
+        # Rack compliance bug
+        env = Rack::MockRequest.env_for "/api/some_controller/some_action?key=123456"
+        app.call(env)[1].should include('Content-Type')
+      end
     end
     
     it "should cache lockbox responses for max-age when Cache-Control allows it" do

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: lockbox_middleware
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 25
   prerelease: false
   segments: 
   - 1
   - 2
-  - 2
-  version: 1.2.2
+  - 3
+  version: 1.2.3
 platform: ruby
 authors: 
 - Chris Gill
@@ -18,7 +18,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-06-29 00:00:00 -04:00
+date: 2010-07-08 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -63,6 +63,7 @@ files:
 - lib/lockbox_middleware.rb
 - LICENSE
 - README.rdoc
+- spec/lib/lockbox_cache_spec.rb
 - spec/lib/lockbox_middleware_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
@@ -103,6 +104,7 @@ signing_key:
 specification_version: 3
 summary: Rack middleware for the LockBox centralized API authorization service.
 test_files: 
+- spec/lib/lockbox_cache_spec.rb
 - spec/lib/lockbox_middleware_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb