prx_auth-rails 0.3.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aca25d4b6fa954267347e83a2f3565f88d6590130894f87813153cb89b7540af
-  data.tar.gz: 3375fab69a09cce240744a2b6acb8a25ea08eca18640db3e47f2479f6c1038c9
+  metadata.gz: fb5677550d3e64273eddb57f84d6dc658d3f9ed82a2cb01e6966d9267ad76b53
+  data.tar.gz: d6f0ec6305622e5dbdaaf747e78678361d70d92410f84f77396db5d1254de4ec
 SHA512:
-  metadata.gz: 249ed7915081dd4a1efe69b69bc631a3353c0536697306d8e4794512f2a79d55b788a0a8fc665f1b47048044122a591c961c898b7853d279c85a8722f015448b
-  data.tar.gz: e00d920cbef8460ea423784aba18e002b2c150d78b87922960fae49ce0f5492c7ffb45e19f2cd4b1a4118f95029e63bfa22b036c81accb9c94102267d47cf1e9
+  metadata.gz: 720cfa888bbc17b9a677bc8c1944f8735db028a8196f1f170dd18b301c547687b52f466f1c1759f09820064a8317dc4d1499855a60c80a81ba4d2dd464df84aa
+  data.tar.gz: 151ffa59471a1c5c7543148c93f29e02ed67cbcc2d06551f9451d1599375962685bcf460179570a5ea363a237c1958dcadba8a9b234eaf73261f4fc124a879aa

data/.gitignore

@@ -15,3 +15,5 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+.ruby-version
+.DS_Store

data/Guardfile

@@ -0,0 +1,8 @@
+guard :minitest, all_after_pass: true do
+  watch(%r{^test/(.*)\/?test_(.*)\.rb})
+  watch(%r{^lib/(.*/)?([^/]+)\.rb})                      { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  watch(%r{^lib/(.+)\.rb})                               { |m| "test/#{m[1]}_test.rb" }
+  watch(%r{^lib/(.+)\.rb})                                    { |m| "test/#{m[1]}_test.rb" }
+  watch(%r{^test/.+_test\.rb})
+  watch(%r{^test/test_helper\.rb})                            { 'test' }
+end

data/README.md

@@ -14,7 +14,30 @@ And then execute:
 
 ## Usage
 
-That should be it, I think.
+Installing the gem in a Rails project will automatically add the appropriate Rack middleware to your Rails application and add two methods to your controllers. These methods are:
+
+* `prx_auth_token`: returns a token (similar to PrxAuth::Token) which automatically namespaces queries. The main methods you will be interested in are `authorized?`, `globally_authorized?` and `resources`. More information can be found in PrxAuth.
+
+* `prx_authenticated?`: returns whether or not this request includes a valid PrxAuth token.
+
+### Configuration
+
+Generally, configuration is not required and the gem aims for great defaults, but you can override some settings if you need to change the default behavior.
+
+In your rails app, add a file to config/initializers called `prx_auth.rb`:
+
+```ruby
+PrxAuth::Rails.configure do |config|
+
+  # enables automatic installation of token parser middleware
+  config.install_middleware = false # default: true
+
+  # automatically adds namespace to all scoped queries, e.g. .authorized?(:foo) will be treated
+  # as .authorized?(:my_great_ns, :foo). Has no impact on unscoped queries.
+  config.namespace = :my_great_ns   # default: derived from Rails::Application name.
+                                    #          e.g. class Feeder < Rails::Application => :feeder
+end
+```
 
 ## Contributing
 

data/Rakefile

@@ -1 +1,10 @@
-require "bundler/gem_tasks"
+require 'bundler/gem_tasks'
+require 'rake'
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*test.rb'
+end
+
+task default: :test

data/lib/prx_auth/rails.rb

@@ -1,10 +1,17 @@
 require "prx_auth/rails/version"
+require "prx_auth/rails/configuration"
 require "prx_auth/rails/railtie" if defined?(Rails)
+
 module PrxAuth
   module Rails
     class << self
-      attr_accessor :middleware
+      attr_accessor :configuration
+
+      def configure
+        yield configuration
+      end
     end
-    self.middleware = true
+
+    self.configuration = Configuration.new
   end
 end

data/lib/prx_auth/rails/configuration.rb

@@ -0,0 +1,17 @@
+class PrxAuth::Rails::Configuration
+  attr_accessor :install_middleware, :namespace
+
+  def initialize
+    @install_middleware = true
+    if defined?(::Rails)
+      klass = ::Rails.application.class
+      klass_name = if klass.parent_name.present?
+                     klass.parent_name
+                   else
+                     klass.name
+                   end
+
+      @namespace = klass_name.underscore.intern
+    end
+  end
+end

data/lib/prx_auth/rails/ext/controller.rb

@@ -1,8 +1,14 @@
+require 'prx_auth/rails/token'
+
 module PrxAuth
   module Rails
     module Controller
       def prx_auth_token
-        request.env['prx.auth']
+        if !defined? @_prx_auth_token
+          @_prx_auth_token = request.env['prx.auth'] && PrxAuth::Rails::Token.new(request.env['prx.auth'])
+        else
+          @_prx_auth_token
+        end
       end
 
       def prx_authenticated?

data/lib/prx_auth/rails/railtie.rb

@@ -9,7 +9,7 @@ module PrxAuth::Rails
     end
 
     initializer 'prx_auth.insert_middleware' do |app|
-      if PrxAuth::Rails.middleware
+      if PrxAuth::Rails.configuration.install_middleware
         app.config.middleware.insert_after Rack::Head, Rack::PrxAuth
       end
     end

data/lib/prx_auth/rails/token.rb

@@ -0,0 +1,31 @@
+require 'rack/prx_auth'
+
+class PrxAuth::Rails::Token
+  def initialize(token_data)
+    @token_data = token_data
+    @namespace = PrxAuth::Rails.configuration.namespace
+  end
+
+  def authorized?(resource, namespace=nil, scope=nil)
+    namespace, scope = @namespace, namespace if scope.nil? && !namespace.nil?
+    @token_data.authorized?(resource, namespace, scope)
+  end
+
+  def globally_authorized?(namespace, scope=nil)
+    namespace, scope = @namespace, namespace if scope.nil?
+    @token_data.globally_authorized?(namespace, scope)
+  end
+
+  def resources(namespace=nil, scope=nil)
+    namespace, scope = @namespace, namespace if scope.nil? && !namespace.nil?
+    @token_data.resources(namespace, scope)
+  end
+
+  def scopes
+    @token_data.scopes
+  end
+
+  def user_id
+    @token_data.user_id
+  end
+end

data/lib/prx_auth/rails/version.rb

@@ -1,5 +1,5 @@
 module PrxAuth
   module Rails
-    VERSION = "0.3.0"
+    VERSION = "1.0.0"
   end
 end

data/prx_auth-rails.gemspec

@@ -22,8 +22,16 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "rake"
+  spec.add_runtime_dependency 'actionpack'
 
-  spec.add_runtime_dependency "rack-prx_auth", "~> 0.3.0"
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'coveralls', '~> 0'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-minitest'
+  spec.add_development_dependency 'rails'
+
+
+
+  spec.add_runtime_dependency 'rack-prx_auth', "~> 1.0"
 end

data/test/prx_auth/rails/configuration_test.rb

@@ -0,0 +1,30 @@
+require 'test_helper'
+
+describe PrxAuth::Rails::Configuration do
+
+  after(:each) { PrxAuth::Rails.configuration =  PrxAuth::Rails::Configuration.new }
+  subject { PrxAuth::Rails::Configuration.new }
+  
+  it 'initializes with a namespace defined by rails app name' do
+    assert subject.namespace == :test_app
+  end
+
+  it 'can be reconfigured using the namespace attr' do
+    PrxAuth::Rails.configure do |config|
+      config.namespace = :new_test
+    end
+
+    assert PrxAuth::Rails.configuration.namespace == :new_test
+  end
+
+  it 'defaults to enabling the middleware' do
+    assert PrxAuth::Rails.configuration.install_middleware
+  end
+
+  it 'allows overriding of the middleware automatic installation' do
+    PrxAuth::Rails.configure do |config|
+      config.install_middleware = false
+    end
+    assert !PrxAuth::Rails.configuration.install_middleware
+  end
+end

data/test/prx_auth/rails/token_test.rb

@@ -0,0 +1,45 @@
+require 'test_helper'
+
+describe PrxAuth::Rails::Token do
+  let (:aur) { { "123" => "test_app:read other_namespace:write", "*" => "test_app:add" } }
+  let (:sub) { "123" }
+  let (:scope) { "one two three" }
+  let (:token_data) { Rack::PrxAuth::TokenData.new("aur" => aur, "scope" => scope, "sub" => sub)}
+  let (:mock_token_data) { Minitest::Mock.new(token_data) }
+  let (:token) { PrxAuth::Rails::Token.new(mock_token_data) }
+
+  it 'automatically namespaces requests' do
+    mock_token_data.expect(:authorized?, true, ["123", :test_app, :read])
+    assert token.authorized?("123", :read)
+
+    mock_token_data.expect(:resources, ["123"], [:test_app, :read])
+    assert token.resources(:read) === ['123']
+
+    mock_token_data.expect(:globally_authorized?, true, [:test_app, :add])
+    assert token.globally_authorized?(:add) 
+
+    mock_token_data.verify
+  end
+
+  it 'allows unscoped calls to authorized?' do
+    assert token.authorized?("123")
+  end
+
+  it 'allows unscoped calls to resources' do
+    assert token.resources == [ "123" ]
+  end
+
+  it 'allows manual setting of namespace' do
+    assert token.authorized?("123", :other_namespace, :write)
+    assert !token.authorized?("123", :other_namespace, :read)
+
+    assert token.resources(:other_namespace, :write) == ["123"]
+    assert token.resources(:other_namespace, :read) == []
+
+    assert token.globally_authorized?(:add)
+    assert token.globally_authorized?(:test_app, :add)
+    assert !token.globally_authorized?(:other_namespace, :add)
+  end
+
+  
+end

data/test/test_helper.rb

@@ -0,0 +1,24 @@
+require 'coveralls'
+Coveralls.wear!
+
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+
+require 'minitest/autorun'
+require 'minitest/spec'
+require 'minitest/pride'
+require 'action_pack'
+require 'action_controller'
+require 'action_view'
+require 'rails'
+require 'rails/generators'
+require 'rails/generators/test_case'
+# Bundler.require(:default)
+
+class TestApp < Rails::Application
+  config.root = File.dirname(__FILE__)
+  config.eager_load = false
+end
+
+TestApp.initialize!
+
+require 'prx_auth/rails'

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Chris Rhoden
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-03 00:00:00.000000000 Z
+date: 2020-04-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -38,20 +52,76 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-prx_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: '1.0'
 description: 'Rails integration for next generation PRX Authorization system.
 
 '
@@ -63,14 +133,21 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/prx_auth/rails.rb
+- lib/prx_auth/rails/configuration.rb
 - lib/prx_auth/rails/ext/controller.rb
 - lib/prx_auth/rails/railtie.rb
+- lib/prx_auth/rails/token.rb
 - lib/prx_auth/rails/version.rb
 - prx_auth-rails.gemspec
+- test/log/development.log
+- test/prx_auth/rails/configuration_test.rb
+- test/prx_auth/rails/token_test.rb
+- test/test_helper.rb
 homepage: https://github.com/PRX/prx_auth-rails
 licenses:
 - MIT
@@ -94,4 +171,8 @@ rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Rails integration for next generation PRX Authorization system.
-test_files: []
+test_files:
+- test/log/development.log
+- test/prx_auth/rails/configuration_test.rb
+- test/prx_auth/rails/token_test.rb
+- test/test_helper.rb