prx_auth-rails 0.3.0 → 1.4.1

data/test/dummy/public/500.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/test/prx_auth/rails/configuration_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+
+describe PrxAuth::Rails::Configuration do
+
+  subject { PrxAuth::Rails::Configuration.new }
+
+  it 'initializes with a namespace defined by rails app name' do
+    assert subject.namespace == :dummy
+  end
+
+  it 'can be reconfigured using the namespace attr' do
+    PrxAuth::Rails.stub(:configuration, subject) do
+      PrxAuth::Rails.configure do |config|
+        config.namespace = :new_test
+      end
+
+      assert PrxAuth::Rails.configuration.namespace == :new_test
+    end
+  end
+
+  it 'defaults to enabling the middleware' do
+    PrxAuth::Rails.stub(:configuration, subject) do
+      assert PrxAuth::Rails.configuration.install_middleware
+    end
+  end
+
+  it 'allows overriding of the middleware automatic installation' do
+    PrxAuth::Rails.stub(:configuration, subject) do
+      PrxAuth::Rails.configure do |config|
+        config.install_middleware = false
+      end
+
+      assert !PrxAuth::Rails.configuration.install_middleware
+    end
+  end
+end

data/test/prx_auth/rails/sessions_controller_test.rb

@@ -0,0 +1,98 @@
+require "test_helper"
+
+module PrxAuth::Rails
+  class SessionsControllerTest < ActionController::TestCase
+
+    setup do
+      @routes = PrxAuth::Rails::Engine.routes
+      @nonce_session_key = SessionsController::ID_NONCE_SESSION_KEY
+      @token_params = {id_token: 'sometok', access_token: 'othertok'}
+      @stub_claims = {'nonce' => '123', 'sub' => '1'}
+    end
+
+    test "new creates nonce" do
+      nonce = session[@nonce_session_key]
+      assert nonce == nil
+
+      get :new
+
+      nonce = session[@nonce_session_key]
+      assert nonce.match(/[a-zA-Z\d]{32}/)
+      assert nonce.length == 32
+    end
+
+    test 'new should should not overwrite the saved nonce' do
+      get :new
+      nonce1 = session[@nonce_session_key]
+
+      get :new
+      nonce2 = session[@nonce_session_key]
+      assert nonce1 == nonce2
+    end
+
+    test 'create should validate a token and set the session variable' do
+      @controller.stub(:validate_token, @stub_claims) do
+        @controller.stub(:lookup_and_register_accounts_names, nil) do
+          session[@nonce_session_key] = '123'
+          post :create, params: @token_params, format: :json
+          assert session['prx.auth']['id_token']['nonce'] == '123'
+        end
+      end
+    end
+
+    test 'create should call test_nonce! if upon verification' do
+      @controller.stub(:validate_token, {'nonce' => 'not matching', 'aud' => '1'}) do
+        session[@nonce_session_key] = 'nonce'
+        post :create, params: @token_params, format: :json
+        assert session[@nonce_session_key] == nil
+      end
+    end
+
+    test 'create should reset the nonce after consumed' do
+      @controller.stub(:validate_token, @stub_claims) do
+        @controller.stub(:lookup_and_register_accounts_names, nil) do
+          session[@nonce_session_key] = '123'
+          post :create, params: @token_params, format: :json
+
+          assert session[@nonce_session_key] == nil
+          assert response.code == '302'
+          assert response.body.match?(/after-sign-in-path/)
+        end
+      end
+    end
+
+    test 'should respond with aredirect to the auth error page / code if the nonce does not match' do
+      @controller.stub(:validate_token, @stub_claims) do
+        session[@nonce_session_key] = 'nonce-does-not-match'
+        post :create, params: @token_params, format: :json
+        assert response.code == '302'
+        assert response.body.match(/auth_error\?error=verification_failed/)
+      end
+    end
+
+    test 'auth_error should return a formatted error message to the user' do
+      get :auth_error, params: {error: 'error_message'}
+      assert response.code == '200'
+      assert response.body.match?(/Message was: <pre>error_message/)
+    end
+
+    test 'auth_error should expect the error param' do
+      assert_raises ActionController::ParameterMissing do
+        get :auth_error, params: {}
+      end
+    end
+
+    test 'validates that the user id matches in both tokens' do
+      @controller.stub(:id_claims, @stub_claims) do
+        @controller.stub(:access_claims, @stub_claims.merge('sub' => '444')) do
+
+        session[@nonce_session_key] = '123'
+        post :create, params: @token_params, format: :json
+
+        assert response.code == '302'
+        assert response.body.match?(/error=verification_failed/)
+      end
+      end
+    end
+  end
+end

data/test/prx_auth/rails/token_test.rb

@@ -0,0 +1,45 @@
+require 'test_helper'
+
+describe PrxAuth::Rails::Token do
+  let (:aur) { { "123" => "test_app:read other_namespace:write", "*" => "test_app:add" } }
+  let (:sub) { "123" }
+  let (:scope) { "one two three" }
+  let (:token_data) { Rack::PrxAuth::TokenData.new("aur" => aur, "scope" => scope, "sub" => sub)}
+  let (:mock_token_data) { Minitest::Mock.new(token_data) }
+  let (:token) { PrxAuth::Rails::Token.new(mock_token_data) }
+
+  it 'automatically namespaces requests' do
+    mock_token_data.expect(:authorized?, true, ["123", :test_app, :read])
+    assert token.authorized?("123", :read)
+
+    mock_token_data.expect(:resources, ["123"], [:test_app, :read])
+    assert token.resources(:read) === ['123']
+
+    mock_token_data.expect(:globally_authorized?, true, [:test_app, :add])
+    assert token.globally_authorized?(:add) 
+
+    mock_token_data.verify
+  end
+
+  it 'allows unscoped calls to authorized?' do
+    assert token.authorized?("123")
+  end
+
+  it 'allows unscoped calls to resources' do
+    assert token.resources == [ "123" ]
+  end
+
+  it 'allows manual setting of namespace' do
+    assert token.authorized?("123", :other_namespace, :write)
+    assert !token.authorized?("123", :other_namespace, :read)
+
+    assert token.resources(:other_namespace, :write) == ["123"]
+    assert token.resources(:other_namespace, :read) == []
+
+    assert token.globally_authorized?(:add)
+    assert token.globally_authorized?(:test_app, :add)
+    assert !token.globally_authorized?(:other_namespace, :add)
+  end
+
+  
+end

data/test/test_helper.rb

@@ -0,0 +1,35 @@
+require 'coveralls'
+
+Coveralls.wear!
+
+require 'minitest/autorun'
+require 'minitest/spec'
+require 'minitest/pride'
+require 'action_pack'
+require 'action_controller'
+require 'action_view'
+require 'rails'
+require 'rails/generators'
+require 'rails/generators/test_case'
+require 'pry'
+
+require 'prx_auth/rails'
+
+# Configure Rails Environment
+ENV["RAILS_ENV"] = "test"
+ENV['PRX_CLIENT_ID'] = '12345'
+
+
+require_relative "../test/dummy/config/environment"
+ActiveRecord::Migrator.migrations_paths = [File.expand_path("../test/dummy/db/migrate", __dir__)]
+ActiveRecord::Migrator.migrations_paths << File.expand_path('../db/migrate', __dir__)
+require "rails/test_help"
+
+
+# Load fixtures from the engine
+if ActiveSupport::TestCase.respond_to?(:fixture_path=)
+  ActiveSupport::TestCase.fixture_path = File.expand_path("fixtures", __dir__)
+  ActionDispatch::IntegrationTest.fixture_path = ActiveSupport::TestCase.fixture_path
+  ActiveSupport::TestCase.file_fixture_path = ActiveSupport::TestCase.fixture_path + "/files"
+  ActiveSupport::TestCase.fixtures :all
+end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.4.1
 platform: ruby
 authors:
 - Chris Rhoden
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-03 00:00:00.000000000 Z
+date: 2021-02-18 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -39,22 +53,106 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rack-prx_auth
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.0
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: prx_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: '1.2'
 description: 'Rails integration for next generation PRX Authorization system.
 
-'
+  '
 email:
 - carhoden@gmail.com
 executables: []
@@ -63,14 +161,82 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- app/controllers/prx_auth/rails/sessions_controller.rb
+- app/views/prx_auth/rails/sessions/auth_error.html.erb
+- app/views/prx_auth/rails/sessions/show.html.erb
+- config/routes.rb
 - lib/prx_auth/rails.rb
+- lib/prx_auth/rails/configuration.rb
+- lib/prx_auth/rails/engine.rb
 - lib/prx_auth/rails/ext/controller.rb
 - lib/prx_auth/rails/railtie.rb
+- lib/prx_auth/rails/token.rb
 - lib/prx_auth/rails/version.rb
 - prx_auth-rails.gemspec
+- test/dummy/Rakefile
+- test/dummy/app/assets/config/manifest.js
+- test/dummy/app/assets/images/.keep
+- test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/channels/application_cable/channel.rb
+- test/dummy/app/channels/application_cable/connection.rb
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/concerns/.keep
+- test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/javascript/packs/application.js
+- test/dummy/app/jobs/application_job.rb
+- test/dummy/app/mailers/application_mailer.rb
+- test/dummy/app/models/application_record.rb
+- test/dummy/app/models/concerns/.keep
+- test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/layouts/mailer.html.erb
+- test/dummy/app/views/layouts/mailer.text.erb
+- test/dummy/bin/rails
+- test/dummy/bin/rake
+- test/dummy/bin/setup
+- test/dummy/bin/spring
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/cable.yml
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/development.rb
+- test/dummy/config/environments/production.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/application_controller_renderer.rb
+- test/dummy/config/initializers/assets.rb
+- test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/content_security_policy.rb
+- test/dummy/config/initializers/cookies_serializer.rb
+- test/dummy/config/initializers/filter_parameter_logging.rb
+- test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/permissions_policy.rb
+- test/dummy/config/initializers/prx_auth.rb
+- test/dummy/config/initializers/wrap_parameters.rb
+- test/dummy/config/locales/en.yml
+- test/dummy/config/puma.rb
+- test/dummy/config/routes.rb
+- test/dummy/config/spring.rb
+- test/dummy/config/storage.yml
+- test/dummy/lib/assets/.keep
+- test/dummy/log/.keep
+- test/dummy/public/404.html
+- test/dummy/public/422.html
+- test/dummy/public/500.html
+- test/dummy/public/apple-touch-icon-precomposed.png
+- test/dummy/public/apple-touch-icon.png
+- test/dummy/public/favicon.ico
+- test/dummy/storage/.keep
+- test/log/development.log
+- test/prx_auth/rails/configuration_test.rb
+- test/prx_auth/rails/sessions_controller_test.rb
+- test/prx_auth/rails/token_test.rb
+- test/test_helper.rb
 homepage: https://github.com/PRX/prx_auth-rails
 licenses:
 - MIT
@@ -90,8 +256,68 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Rails integration for next generation PRX Authorization system.
-test_files: []
+test_files:
+- test/dummy/Rakefile
+- test/dummy/app/assets/config/manifest.js
+- test/dummy/app/assets/images/.keep
+- test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/channels/application_cable/channel.rb
+- test/dummy/app/channels/application_cable/connection.rb
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/concerns/.keep
+- test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/javascript/packs/application.js
+- test/dummy/app/jobs/application_job.rb
+- test/dummy/app/mailers/application_mailer.rb
+- test/dummy/app/models/application_record.rb
+- test/dummy/app/models/concerns/.keep
+- test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/layouts/mailer.html.erb
+- test/dummy/app/views/layouts/mailer.text.erb
+- test/dummy/bin/rails
+- test/dummy/bin/rake
+- test/dummy/bin/setup
+- test/dummy/bin/spring
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/cable.yml
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/development.rb
+- test/dummy/config/environments/production.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/application_controller_renderer.rb
+- test/dummy/config/initializers/assets.rb
+- test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/content_security_policy.rb
+- test/dummy/config/initializers/cookies_serializer.rb
+- test/dummy/config/initializers/filter_parameter_logging.rb
+- test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/permissions_policy.rb
+- test/dummy/config/initializers/prx_auth.rb
+- test/dummy/config/initializers/wrap_parameters.rb
+- test/dummy/config/locales/en.yml
+- test/dummy/config/puma.rb
+- test/dummy/config/routes.rb
+- test/dummy/config/spring.rb
+- test/dummy/config/storage.yml
+- test/dummy/lib/assets/.keep
+- test/dummy/log/.keep
+- test/dummy/public/404.html
+- test/dummy/public/422.html
+- test/dummy/public/500.html
+- test/dummy/public/apple-touch-icon-precomposed.png
+- test/dummy/public/apple-touch-icon.png
+- test/dummy/public/favicon.ico
+- test/dummy/storage/.keep
+- test/log/development.log
+- test/prx_auth/rails/configuration_test.rb
+- test/prx_auth/rails/sessions_controller_test.rb
+- test/prx_auth/rails/token_test.rb
+- test/test_helper.rb