master_api_key 1.1.1 → 1.2.0

data/spec/master_api_key/api_gatekeeper_spec.rb

@@ -91,4 +91,78 @@ RSpec.describe ApplicationController, :type => :controller do
       }.to raise_error(ArgumentError)
     end
   end
+
+  context 'with a controller with additional authorizers' do
+    class ExtendedApiKey < MasterApiKey::ApiKey
+       def allowed_id
+         nil
+       end
+
+       def allowed_filter
+         nil
+       end
+    end
+
+    controller do
+      belongs_to_api_group(:allowed_group)
+      authorize_with authorizers: [:first_authorizer, :second_authorizer], only:[:index]
+
+      def index
+        head(:ok)
+      end
+
+      def show
+        authorize_action(:first_authorizer) do
+          head(:ok)
+        end
+      end
+
+      def first_authorizer
+        @api_key.allowed_id == params.require(:id).to_i
+      end
+
+      def second_authorizer
+        @api_key.allowed_filter == params.require(:filter)
+      end
+    end
+
+    before(:each) do
+      @allowed_filter = 'allowed_key'
+      @valid_api_key = ExtendedApiKey.create!(:group => 'allowed_group')
+      controller.request.headers['X-API-TOKEN'] = @valid_api_key.api_token
+
+      allow(MasterApiKey::ApiKey).to receive(:find_by_api_token).with(@valid_api_key.api_token).and_return(@valid_api_key)
+      allow(@valid_api_key).to receive(:allowed_id).and_return(1)
+      allow(@valid_api_key).to receive(:allowed_filter).and_return(@allowed_filter)
+    end
+
+    context 'with two additional authorization factors' do
+      it 'should fail authorization when one of the additional authorization factors fail' do
+        get :index, :id => 1, :filter => 'not_allowed_filter'
+
+        expect(response).to have_http_status(403)
+      end
+
+      it 'should pass authorization when both authorization factors succeed' do
+        get :index, :id => 1, :filter => @allowed_filter
+
+        expect(response).to have_http_status(200)
+      end
+    end
+
+    context 'with one additional authorization factor' do
+      it 'should pass authorization when additional authorization factor succeeds' do
+        get :show, :id => 1
+
+        expect(response).to have_http_status(200)
+      end
+
+      it 'should fail authorization when additional authorization factor fails' do
+
+        get :show, :id => 2
+
+        expect(response).to have_http_status(403)
+      end
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: master_api_key
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Flynn Jones
@@ -73,7 +73,7 @@ cert_chain:
   7xfdQKID/bwhqUq9whTwTX2J61RCxyS+eqIRfWOYAUphZanwFD9c3uNWa+8KAhC2
   oHN/0fktfVzQYUsHnZ4=
   -----END CERTIFICATE-----
-date: 2016-04-18 00:00:00.000000000 Z
+date: 2016-04-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -124,21 +124,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.4'
 - !ruby/object:Gem::Dependency
-  name: activerecord-jdbcmysql-adapter
+  name: mysql2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
-description: This gem gives a developer a set of tools to provide authorized access
-  their endpoints.
+        version: '0.4'
+description: This gem gives a developer a set of tools for securing access to their
+  endpoints.
 email:
 - flynn.jones@outlook.com
 - pvadrevu@amplify.com