pact_broker 1.17.2 → 1.18.0.beta.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ddeb15f7e5f35bcccea163c2bdb0f96f0f76904e
-  data.tar.gz: 3eec1a584c7dc3bf0669a08e983a620dd94950c6
+  metadata.gz: c780083d99fd7a3c73e53f16b703c3bfe5b86a78
+  data.tar.gz: aa8ef0eb97c2e18461179607d395c7b493e9f50e
 SHA512:
-  metadata.gz: f47149c6ca610fcc5e76222f25b69cf78b53928d536459ed5b854bd63b8127bf2df8fe940285169c430c064fc850072430774a0408c93d88022520c3c6f0aef1
-  data.tar.gz: 66e8590f37514286d4dcc04efdbeef38c1ad54e9b20a801307e1e9e908dfc5ff53ebea473e5c197172a46ed56bf16b3ffe419a7e22171656c9a508cfea946c9b
+  metadata.gz: 63db04af90da66ce5833f9f2de88f734529f94c7ebb759ffe4a8eb89f5a7cf5b439c221bf5464bf4d499f5e326038668dd58e5ebbff6f9db31ab7a9b92669861
+  data.tar.gz: 261ccb52f5819dc9d9eee9c1088bff11c0d6fb3269492d68e1de25f5687e66adc7a814a43ad7c69c8e3b883ec10ca5e0bf865a0e46bf5f515011384057e402fd

data/CHANGELOG.md

@@ -2,6 +2,9 @@ Do this to generate your change history
 
     $ git log --pretty=format:'  * %h - %s (%an, %ad)' vX.Y.Z..HEAD
 
+#### 1.18.0.beta.1 (2017-05-05)
+* 99e825b - Add in-built configuration for basic auth. (Beth Skurrie, Fri May 5 10:22:53 2017 +1000)
+
 #### 1.17.2 (2017-05-04)
 * b8f45e1 - fix issue with pact document link not displaying #94 (Matt Fellows, Wed May 3 11:23:09 2017 +1000)
 

data/example/config.ru

@@ -27,6 +27,8 @@ app = PactBroker::App.new do | config |
   # config.use_hal_browser = true
   config.database_connection = Sequel.connect(DATABASE_CREDENTIALS.merge(:logger => config.logger))
   config.database_connection.timezone = :utc
+  # See configuration section of wiki for more basic auth configuration options
+  # config.protect_with_basic_auth :app_read, {username: 'username', password: 'password'}
 end
 
 run app

data/example/{basic_auth → heroku}/README.md

@@ -27,7 +27,7 @@ $ git push heroku master
 Your Pact Broker instance is now available!
 
 ## Publish consumer pacts - consumer side
-You will need to set these environment variables with your basic auth credentials 
+You will need to set these environment variables with your basic auth credentials
 ```
 export PACT_BROKER_USERNAME=admin
 export PACT_BROKER_PASSWORD=changeme

data/example/heroku/config.ru

@@ -0,0 +1,12 @@
+require 'fileutils'
+require 'logger'
+require 'sequel'
+require 'pact_broker'
+require 'pg'
+
+app = PactBroker::App.new do | config |
+  config.database_connection = Sequel.connect(ENV['DATABASE_URL'], adapter: "postgres", encoding: 'utf8')
+  config.protect_with_basic_auth :all, {username: ENV['PACT_BROKER_USERNAME'], password: ENV['PACT_BROKER_PASSWORD']}
+end
+
+run app

data/lib/pact_broker/app.rb

@@ -3,6 +3,7 @@ require 'pact_broker/db'
 require 'pact_broker/project_root'
 require 'rack/hal_browser'
 require 'rack/pact_broker/convert_file_extension_to_accept_header'
+require 'pact_broker/configuration/configure_basic_auth'
 
 module PactBroker
 
@@ -70,12 +71,12 @@ module PactBroker
       apps << PactBroker::UI::App.new
       apps << PactBroker::API
 
+      cascade = Rack::Cascade.new(apps)
+      app_with_basic_auth = PactBroker::Configuration::ConfigureBasicAuth.call(cascade, configuration)
+
       @app.map "/" do
-        run Rack::Cascade.new(apps)
+        run app_with_basic_auth
       end
-
     end
-
   end
-
-end
+end

data/lib/pact_broker/configuration.rb

@@ -4,13 +4,33 @@ module PactBroker
     @@configuration ||= Configuration.default_configuration
   end
 
+  def self.reset_configuration
+    @@configuration = Configuration.default_configuration
+  end
+
   class Configuration
 
+    REQUEST_METHOD = 'REQUEST_METHOD'.freeze
+    GET = 'GET'.freeze
+    PATH_INFO = 'PATH_INFO'.freeze
+    DIAGNOSTIC = '/diagnostic/'.freeze
+
     attr_accessor :log_dir, :database_connection, :auto_migrate_db, :use_hal_browser, :html_pact_renderer
     attr_accessor :validate_database_connection_config, :enable_diagnostic_endpoints, :version_parser
-    attr_accessor :use_case_sensitive_resource_names
+    attr_accessor :use_case_sensitive_resource_names, :basic_auth_predicates
     attr_writer :logger
 
+    def initialize
+      @basic_auth_config = {}
+      @basic_auth_predicates = [
+        [:diagnostic,  ->(env) { env[PATH_INFO].start_with? DIAGNOSTIC }],
+        [:app,         ->(env) { !env[PATH_INFO].start_with? DIAGNOSTIC } ],
+        [:app_read,    ->(env) { env[REQUEST_METHOD] == GET }],
+        [:app_write,   ->(env) { env[REQUEST_METHOD] != GET }],
+        [:all,         ->(env) { true }]
+      ]
+    end
+
     def logger
       @logger ||= create_logger log_path
     end
@@ -29,6 +49,7 @@ module PactBroker
       config
     end
 
+    # public
     def self.default_html_pact_render
       lambda { |pact|
         require 'pact_broker/api/renderers/html_pact_renderer'
@@ -36,8 +57,28 @@ module PactBroker
       }
     end
 
+    # public
+    def protect_with_basic_auth scopes, credentials
+      [*scopes].each do | scope |
+        basic_auth_config[scope] ||= []
+        basic_auth_config[scope] << credentials
+      end
+    end
+
+    # private
+    def protect_with_basic_auth? scope
+      !!basic_auth_credentials_list_for(scope)
+    end
+
+    # private
+    def basic_auth_credentials_list_for scope
+      basic_auth_config[scope]
+    end
+
     private
 
+    attr_reader :basic_auth_config
+
     def create_logger path
       FileUtils::mkdir_p File.dirname(path)
       logger = Logger.new(path)

data/lib/pact_broker/configuration/configure_basic_auth.rb

@@ -0,0 +1,83 @@
+require 'pact_broker/configuration'
+
+module PactBroker
+  class Configuration
+
+    class ConfigurableBasicAuth
+
+      def initialize(app)
+        @app = app
+        @predicates = []
+      end
+
+      def protect credentials_list, &predicate
+        basic_auth_proxy = ::Rack::Auth::Basic.new(app) do | username, password |
+          credentials_list.any? do | credentials |
+            username == credentials[:username] && password == credentials[:password]
+          end
+        end
+        predicates << [predicate, basic_auth_proxy]
+      end
+
+      def call(env)
+        predicates = matching_predicates(env)
+        if predicates.any?
+          cascade(predicates, env)
+        else
+          app.call(env)
+        end
+      end
+
+      private
+
+      attr_accessor :app, :predicates
+
+      def matching_predicates env
+        predicates.select do | predicate, basic_auth_proxy |
+          predicate.call(env)
+        end
+      end
+
+      def cascade predicates, env
+        response = nil
+        predicates.each do | predicate, basic_auth_proxy |
+          response = basic_auth_proxy.call(env)
+          return response if response.first != 401
+        end
+        response
+      end
+
+    end
+
+    class ConfigureBasicAuth
+
+      def self.call app, configuration
+        new(app, configuration).call
+      end
+
+      def initialize app, configuration
+        @configuration = configuration
+        @basic_auth_proxy = ConfigurableBasicAuth.new(app)
+      end
+
+      def call
+        configuration.basic_auth_predicates.each do | scope, predicate |
+          configure_basic_auth_for_scope scope, &predicate
+        end
+
+        basic_auth_proxy
+      end
+
+      private
+
+      attr_accessor :basic_auth_proxy, :configuration
+
+      def configure_basic_auth_for_scope scope, &predicate
+        if configuration.protect_with_basic_auth?(scope)
+          credentials = configuration.basic_auth_credentials_list_for(scope)
+          basic_auth_proxy.protect(credentials, &predicate)
+        end
+      end
+    end
+  end
+end

data/lib/pact_broker/version.rb

@@ -1,3 +1,3 @@
 module PactBroker
-  VERSION = '1.17.2'
+  VERSION = '1.18.0.beta.1'
 end

data/spec/lib/pact_broker/configuration/configure_basic_auth_spec.rb

@@ -0,0 +1,267 @@
+require 'pact_broker/configuration/configure_basic_auth'
+require 'pact_broker/app'
+
+module PactBroker
+  class Configuration
+    describe ConfigurableBasicAuth do
+
+      let(:target_app) { ->(env){  [200, {}, ["hello"]] } }
+      let(:app) do
+        auth_app = ConfigurableBasicAuth.new(target_app)
+        auth_app.protect([{username: 'username', password: 'password'}]) do | env |
+          env['PATH_INFO'] == '/foo'
+        end
+        auth_app
+      end
+
+      context "when not authorized" do
+        it "does not allow requests" do
+          get "/foo"
+          expect(last_response.status).to eq 401
+        end
+      end
+
+      context "when authorized" do
+
+        before { basic_authorize 'username', 'password' }
+
+        it "allows requests" do
+          get "/foo"
+          expect(last_response.status).to eq 200
+        end
+      end
+    end
+
+    describe ConfigureBasicAuth do
+      def read_request_to_ui
+        get "/"
+        last_response
+      end
+
+      def read_request_to_api
+        get "/pacts/latest"
+        last_response
+      end
+
+      def write_request_to_api
+        put "/pacts/provider/foo/consumer/bar/version/1.2.3", '{}', {'Content-Type' => 'application/json'}
+        last_response
+      end
+
+      def read_request_to_diagnostic
+        get "/diagnostic/status/heartbeat"
+        last_response
+      end
+
+      def authorize_request
+        basic_authorize 'username', 'password'
+      end
+
+
+      before do
+        PactBroker.reset_configuration
+      end
+
+      describe "with no basic_auth" do
+        let(:app) do
+          app = PactBroker::App.new do | config |
+            config.database_connection = PactBroker::DB.connection
+          end
+        end
+
+        context "when not authorized" do
+          it "allows GET requests to the UI" do
+            expect(read_request_to_ui.status).to_not eq 401
+          end
+
+          it "allows GET requests to the API" do
+            expect(read_request_to_api.status).to_not eq 401
+          end
+
+          it "allows non GET requests to the API" do
+            expect(write_request_to_api.status).to_not eq 401
+          end
+
+          it "allows GET requests to the diagnostics app" do
+            expect(read_request_to_diagnostic.status).to_not eq 401
+          end
+        end
+      end
+
+      describe "with basic_auth for :all" do
+        let(:app) do
+          app = PactBroker::App.new do | config |
+            config.database_connection = PactBroker::DB.connection
+            config.protect_with_basic_auth :all, {username: 'username', password: 'password'}
+          end
+        end
+
+        context "when authorized" do
+          before do
+            authorize_request
+          end
+
+          it "allows GET requests to the UI" do
+            expect(read_request_to_ui.status).to_not eq 401
+          end
+
+          it "allows GET requests to the API" do
+            expect(read_request_to_api.status).to_not eq 401
+          end
+
+          it "allows non GET requests to the API" do
+            expect(write_request_to_api.status).to_not eq 401
+          end
+
+          it "allows GET requests to the diagnostics app" do
+            expect(read_request_to_diagnostic.status).to_not eq 401
+          end
+        end
+
+        context "when not authorized" do
+          it "does not allow GET requests to the UI" do
+            expect(read_request_to_ui.status).to eq 401
+          end
+
+          it "does not allow GET requests the API" do
+            expect(read_request_to_api.status).to eq 401
+          end
+
+          it "does not allow non GET requests the API" do
+            expect(write_request_to_api.status).to eq 401
+          end
+
+          it "does not allow GET requests to the diagnostics app" do
+            expect(read_request_to_diagnostic.status).to eq 401
+          end
+        end
+      end
+
+      describe "with basic_auth for :app_write" do
+
+        let(:app) do
+          app = PactBroker::App.new do | config |
+            config.database_connection = PactBroker::DB.connection
+            config.protect_with_basic_auth :app_write, {username: 'username', password: 'password'}
+          end
+        end
+
+        context "when authorized" do
+          before do
+            authorize_request
+          end
+
+          it "allows GET requests to the diagnostics app" do
+            expect(read_request_to_diagnostic.status).to_not eq 401
+          end
+
+          it "allows GET requests to the app_write app" do
+            expect(read_request_to_diagnostic.status).to_not eq 401
+          end
+        end
+
+        context "when not authorized" do
+
+          it "allows GET requests to the UI" do
+            expect(read_request_to_ui.status).to_not eq 401
+          end
+
+          it "allows GET requests the API" do
+            expect(read_request_to_api.status).to_not eq 401
+          end
+
+          it "does not allow non GET requests the API" do
+            expect(write_request_to_api.status).to eq 401
+          end
+
+          it "allows GET requests to the diagnostics app" do
+            expect(read_request_to_diagnostic.status).to_not eq 401
+          end
+        end
+      end
+
+      describe "with multiple users for for :app_write" do
+        let(:app) do
+          app = PactBroker::App.new do | config |
+            config.database_connection = PactBroker::DB.connection
+            config.protect_with_basic_auth :app_write, {username: 'read_username', password: 'password'}
+            config.protect_with_basic_auth :app_write, {username: 'another_read_username', password: 'password'}
+          end
+        end
+
+        context "when the first credentials are used" do
+          before { basic_authorize 'read_username', 'password' }
+
+          it "allows a request" do
+            write_request_to_api
+            expect(last_response.status).to_not eq 401
+          end
+        end
+
+        context "when the second credentials are used" do
+          before { basic_authorize 'another_read_username', 'password' }
+
+          it "allows a request" do
+            write_request_to_api
+            expect(last_response.status).to_not eq 401
+          end
+        end
+
+        context "when the wrong credentials are used" do
+          before { basic_authorize 'wrong_username', 'password' }
+
+          it "does not allow the request" do
+            write_request_to_api
+            expect(last_response.status).to eq 401
+          end
+        end
+
+        context "when no credentials are used" do
+          it "does not allow the request" do
+            write_request_to_api
+            expect(last_response.status).to eq 401
+          end
+        end
+
+      end
+
+      describe "with an app_read user and an app user" do
+        let(:app) do
+          app = PactBroker::App.new do | config |
+            config.database_connection = PactBroker::DB.connection
+            config.protect_with_basic_auth :app_read, {username: 'read_username', password: 'password'}
+            config.protect_with_basic_auth :app, {username: 'read_and_write_username', password: 'password'}
+          end
+        end
+
+        context "when the app credentials are used" do
+          before { basic_authorize 'read_and_write_username', 'password' }
+
+          it "allows a read request" do
+            read_request_to_api
+            expect(last_response.status).to_not eq 401
+          end
+
+          it "allows a write request" do
+            write_request_to_api
+            expect(last_response.status).to_not eq 401
+          end
+        end
+
+        context "when the read_username credentials are used" do
+          before { basic_authorize 'read_username', 'password' }
+
+          it "allows a read request" do
+            read_request_to_api
+            expect(last_response.status).to_not eq 401
+          end
+
+          it "does not allow a write request" do
+            write_request_to_api
+            expect(last_response.status).to eq 401
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/pact_broker/configuration_spec.rb

@@ -7,15 +7,35 @@ module PactBroker
 
     context "default configuration" do
       describe ".html_pact_renderer" do
-
         let(:pact) { double('pact') }
 
         it "calls the inbuilt HtmlPactRenderer" do
           expect(PactBroker::Api::Renderers::HtmlPactRenderer).to receive(:call).with(pact)
           PactBroker.configuration.html_pact_renderer.call pact
         end
+      end
+
+      describe "protect_with_basic_auth" do
+        let(:config) do
+          config = Configuration.new
+          config.protect_with_basic_auth [:foo, :bar], {some: 'credentials'}
+          config.protect_with_basic_auth :foo, {some: 'othercredentials'}
+          config
+        end
 
+        it "groups credentials by scope" do
+          expect(config.basic_auth_credentials_list_for(:foo)).to eq([{some: 'credentials'},{some: 'othercredentials'}])
+          expect(config.basic_auth_credentials_list_for(:bar)).to eq([{some: 'credentials'}])
+        end
+
+        describe "protect_with_basic_auth?" do
+          it "indicates whether a scope is protected" do
+            expect(config.protect_with_basic_auth?(:foo)).to be true
+            expect(config.protect_with_basic_auth?(:bar)).to be true
+            expect(config.protect_with_basic_auth?(:wiffle)).to be false
+          end
+        end
       end
     end
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pact_broker
 version: !ruby/object:Gem::Version
-  version: 1.17.2
+  version: 1.18.0.beta.1
 platform: ruby
 authors:
 - Bethany Skurrie
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-04 00:00:00.000000000 Z
+date: 2017-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -395,11 +395,11 @@ files:
 - db/migrations/migration_helper.rb
 - db/pact_broker_database.sqlite3
 - example/Gemfile
-- example/basic_auth/Gemfile
-- example/basic_auth/Procfile
-- example/basic_auth/README.md
-- example/basic_auth/config.ru
 - example/config.ru
+- example/heroku/Gemfile
+- example/heroku/Procfile
+- example/heroku/README.md
+- example/heroku/config.ru
 - example/pact_broker_database.sqlite3
 - lib/db.rb
 - lib/pact_broker.rb
@@ -462,6 +462,7 @@ files:
 - lib/pact_broker/api/resources/webhooks.rb
 - lib/pact_broker/app.rb
 - lib/pact_broker/configuration.rb
+- lib/pact_broker/configuration/configure_basic_auth.rb
 - lib/pact_broker/constants.rb
 - lib/pact_broker/date_helper.rb
 - lib/pact_broker/db.rb
@@ -633,6 +634,7 @@ files:
 - spec/lib/pact_broker/api/resources/webhook_execution_spec.rb
 - spec/lib/pact_broker/api/resources/webhook_spec.rb
 - spec/lib/pact_broker/api/resources/webhooks_spec.rb
+- spec/lib/pact_broker/configuration/configure_basic_auth_spec.rb
 - spec/lib/pact_broker/configuration_spec.rb
 - spec/lib/pact_broker/db/validate_encoding_spec.rb
 - spec/lib/pact_broker/diagnostic/resources/dependencies_spec.rb
@@ -730,9 +732,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.6.11
@@ -795,6 +797,7 @@ test_files:
 - spec/lib/pact_broker/api/resources/webhook_execution_spec.rb
 - spec/lib/pact_broker/api/resources/webhook_spec.rb
 - spec/lib/pact_broker/api/resources/webhooks_spec.rb
+- spec/lib/pact_broker/configuration/configure_basic_auth_spec.rb
 - spec/lib/pact_broker/configuration_spec.rb
 - spec/lib/pact_broker/db/validate_encoding_spec.rb
 - spec/lib/pact_broker/diagnostic/resources/dependencies_spec.rb

data/example/basic_auth/config.ru

@@ -1,19 +0,0 @@
-require 'fileutils'
-require 'logger'
-require 'sequel'
-require 'pact_broker'
-require 'pg'
-
-use Rack::Auth::Basic, "Restricted Area" do |username, password|
-  username == ENV['PACT_BROKER_USERNAME'] and password == ENV['PACT_BROKER_PASSWORD']
-end
-
-app = PactBroker::App.new do | config |
-  # change these from their default values if desired
-  # config.log_dir = "./log"
-  # config.auto_migrate_db = true
-  # config.use_hal_browser = true
-  config.database_connection = Sequel.connect(ENV['DATABASE_URL'], adapter: "postgres", encoding: 'utf8')
-end
-
-run app