prx_auth 1.7.1 → 1.8.0

data/test/prx_auth/resource_map_test.rb

@@ -1,109 +1,108 @@
-require 'test_helper'
+require "test_helper"
 
 describe PrxAuth::ResourceMap do
-
   def new_map(val)
     PrxAuth::ResourceMap.new(val)
   end
 
   let(:map) { PrxAuth::ResourceMap.new(input) }
-  let(:input) { {'123' => 'admin one two three ns1:namespaced', '456' => 'member four five six' } }
+  let(:input) { {"123" => "admin one two three ns1:namespaced", "456" => "member four five six"} }
 
-  describe '#authorized?' do
-    it 'contains scopes in list' do
+  describe "#authorized?" do
+    it "contains scopes in list" do
       assert map.contains?(123, :admin)
     end
 
-    it 'does not include across aur limits' do
+    it "does not include across aur limits" do
       assert !map.contains?(123, :member)
     end
 
-    it 'does not require a scope' do
+    it "does not require a scope" do
       assert map.contains?(123)
     end
 
-    it 'does not match if it hasnt seen the resource' do
+    it "does not match if it hasnt seen the resource" do
       assert !map.contains?(789)
     end
 
-    it 'works with namespaced scopes' do
+    it "works with namespaced scopes" do
       assert map.contains?(123, :ns1, :namespaced)
     end
 
-    describe 'with wildcard resource' do
+    describe "with wildcard resource" do
       let(:input) do
         {
-          '*' => 'peek',
-          '123' => 'admin one two three',
-          '456' => 'member four five six'
+          "*" => "peek",
+          "123" => "admin one two three",
+          "456" => "member four five six"
         }
       end
 
-      it 'applies wildcard lists to queries with no matching value' do
+      it "applies wildcard lists to queries with no matching value" do
         assert map.contains?(789, :peek)
       end
 
-      it 'does not scan unscoped for wildcard resources' do
+      it "does not scan unscoped for wildcard resources" do
         assert !map.contains?(789)
       end
 
-      it 'allows querying by wildcard resource directly' do
-        assert map.contains?('*', :peek)
-        assert !map.contains?('*', :admin)
+      it "allows querying by wildcard resource directly" do
+        assert map.contains?("*", :peek)
+        assert !map.contains?("*", :admin)
       end
 
-      it 'treats wildcard lists as additive to other explicit ones' do
+      it "treats wildcard lists as additive to other explicit ones" do
         assert map.contains?(123, :peek)
       end
 
-      it 'refuses to run against wildcard with no scope' do
+      it "refuses to run against wildcard with no scope" do
         assert_raises ArgumentError do
-          map.contains?('*')
+          map.contains?("*")
         end
       end
     end
   end
 
-  describe '#resources' do
-    let (:input) do
+  describe "#resources" do
+    let(:input) do
       {
-        '*' => 'read wildcard',
-        '123' => 'read write buy',
-        '456' => 'read ns1:buy'
+        "*" => "read wildcard",
+        "123" => "read write buy",
+        "456" => "read ns1:buy"
       }
     end
 
-    let (:resources) { map.resources }
+    let(:resources) { map.resources }
 
-    it 'returns resource ids' do
-      assert resources.include?('123')
-      assert resources.include?('456')
+    it "returns resource ids" do
+      assert resources.include?("123")
+      assert resources.include?("456")
     end
 
-    it 'excludes wildcard values' do
-      assert !resources.include?('*')
+    it "excludes wildcard values" do
+      assert !resources.include?("*")
     end
 
-    it 'filters for scope' do
+    it "filters for scope" do
       resources = map.resources(:write)
-      assert resources.include?('123')
-      assert !resources.include?('456')
-      assert !resources.include?('*')
+      assert resources.include?("123")
+      assert !resources.include?("456")
+      assert !resources.include?("*")
     end
 
-    it 'works with namespaces' do
+    it "works with namespaces" do
       resources = map.resources(:ns1, :buy)
-      assert resources.include?('123')
-      assert resources.include?('456')
+      assert resources.include?("123")
+      assert resources.include?("456")
 
       resources = map.resources(:buy)
-      assert !resources.include?('456')
+      assert !resources.include?("456")
     end
   end
 
-  describe '#condense' do
-    let (:input) {{ "one" => "one two three ns1:one", "two" => "two three",  "three" => "two", "*" => "two" }}
-    let (:json) { map.condense.as_json }
+  describe "#condense" do
+    let(:input) { {"one" => "one two three ns1:one", "two" => "two three", "three" => "two", "*" => "two"} }
+    let(:json) { map.condense.as_json }
 
     it "removes redundant values which are in the wildcard" do
       assert !json["one"].include?("two")
@@ -114,30 +113,30 @@ describe PrxAuth::ResourceMap do
     end
   end
 
-  describe '#+' do
-    it 'adds values' do
+  describe "#+" do
+    it "adds values" do
       map = new_map("one" => "two", "two" => "four") + new_map("one" => "three", "three" => "six")
-      assert map.contains?('one', :two) && map.contains?('one', :three)
-      assert map.contains?('two', :four) && map.contains?('three', :six)
+      assert map.contains?("one", :two) && map.contains?("one", :three)
+      assert map.contains?("two", :four) && map.contains?("three", :six)
     end
   end
 
-  describe '#-' do
-    it 'subtracts values' do
+  describe "#-" do
+    it "subtracts values" do
       map = new_map("one" => "two three", "two" => "four") - new_map("one" => "three four")
-      assert map.contains?('one', :two)
-      assert map.contains?('two', :four)
-      assert !map.contains?('one', :three) && !map.contains?('one', :four)
+      assert map.contains?("one", :two)
+      assert map.contains?("two", :four)
+      assert !map.contains?("one", :three) && !map.contains?("one", :four)
     end
 
-    it 'works on wildcards on right side of operator' do
+    it "works on wildcards on right side of operator" do
       map = new_map("one" => "two three") - new_map("*" => "two")
       assert !map.contains?("one", :two)
     end
   end
 
-  describe '#&' do
-    it 'computes the intersection' do
+  describe "#&" do
+    it "computes the intersection" do
       map = (
         new_map("one" => "two three", "four" => "five six", "five" => "five") &
         new_map("one" => "three four", "four" => "six seven", "six" => "six")
@@ -148,38 +147,51 @@ describe PrxAuth::ResourceMap do
       assert !map.contains?("five", :five) && !map.contains?("six", :six)
     end
 
-    it 'works with wildcards' do
-      map = new_map("*" => "three wild", "one" => "four two" ) & new_map("*" => "two wild", "two" => "three four")
+    it "works with wildcards" do
+      map = new_map("*" => "three wild", "one" => "four two") & new_map("*" => "two wild", "two" => "three four")
       assert map.contains?("two", :three) && map.contains?("one", :two)
       assert !map.contains?("one", :four) && !map.contains?("two", :four)
       assert map.contains?("*", :wild)
     end
   end
 
-  describe '#as_json' do
-    it 'does not include wildcard key if list is empty' do
+  describe "#as_json" do
+    it "does not include wildcard key if list is empty" do
       map = new_map("foo" => "asdf")
-      refute map.as_json.has_key?('*')
+      refute map.as_json.has_key?("*")
       map2 = new_map("foo" => "asdf", "*" => "")
-      refute map2.as_json.has_key?('*')
+      refute map2.as_json.has_key?("*")
     end
 
-    it 'includes the wildcard key if the list is not empty' do
+    it "includes the wildcard key if the list is not empty" do
       map = new_map("*" => "asdf")
-      assert map.as_json.has_key?('*')
+      assert map.as_json.has_key?("*")
     end
   end
 
-  describe '#[]' do
-    it 'automatically stringifies' do
+  describe "#[]" do
+    it "automatically stringifies" do
       refute_nil map[123]
     end
   end
 
-  describe '#[]=' do
-    it 'automatically stringifies' do
+  describe "#[]=" do
+    it "automatically stringifies" do
       map[789] = PrxAuth::ScopeList.new("")
       refute_nil map["789"]
     end
   end
-end
+
+  describe "#except" do
+    it "removes keys" do
+      map2 = map.except(123)
+
+      assert_equal ["123", "456"], map.keys
+      assert_equal ["456"], map2.keys
+
+      # the ! version modifies the map
+      map2.except!("456")
+      assert_equal [], map2.keys
+    end
+  end
+end

data/test/prx_auth/scope_list_test.rb

@@ -1,139 +1,137 @@
-require 'test_helper'
+require "test_helper"
 
 describe PrxAuth::ScopeList do
-
   def new_list(val)
     PrxAuth::ScopeList.new(val)
   end
 
-  let (:scopes) { 'read write sell  top-up' }
-  let (:list) { PrxAuth::ScopeList.new(scopes) }
+  let(:scopes) { "read write sell  top-up" }
+  let(:list) { PrxAuth::ScopeList.new(scopes) }
 
-  it 'looks up successfully for a given scope' do
-    assert list.contains?('write')
+  it "looks up successfully for a given scope" do
+    assert list.contains?("write")
   end
 
-  it 'scans for symbols' do
+  it "scans for symbols" do
     assert list.contains?(:read)
   end
 
-  it 'handles hyphen to underscore conversions' do
+  it "handles hyphen to underscore conversions" do
     assert list.contains?(:top_up)
   end
 
-  it 'fails for contents not in the list' do
+  it "fails for contents not in the list" do
     assert !list.contains?(:buy)
   end
 
-  describe 'with namespace' do
-    let (:scopes) { 'ns1:hello ns2:goodbye aloha 1:23' }
+  describe "with namespace" do
+    let(:scopes) { "ns1:hello ns2:goodbye aloha 1:23" }
 
-    it 'works for namespaced lookups' do
+    it "works for namespaced lookups" do
       assert list.contains?(:ns1, :hello)
     end
 
-    it 'fails when the wrong namespace is passed' do
+    it "fails when the wrong namespace is passed" do
       assert !list.contains?(:ns1, :goodbye)
     end
 
-    it 'looks up global scopes when namespaced fails' do
+    it "looks up global scopes when namespaced fails" do
       assert list.contains?(:ns1, :aloha)
       assert list.contains?(:ns3, :aloha)
     end
 
-    it 'works with non-symbol namespaces' do
+    it "works with non-symbol namespaces" do
       assert list.contains?(1, 23)
     end
   end
 
-  describe '#condense' do
-    let (:scopes) { "ns1:foo foo ns1:bar" }
-    it 'removes redundant scopes based on namespace wildcards' do
+  describe "#condense" do
+    let(:scopes) { "ns1:foo foo ns1:bar" }
+    it "removes redundant scopes based on namespace wildcards" do
       assert list.condense.to_s == "foo ns1:bar"
     end
   end
 
-  describe '#-' do
-    it 'subtracts scopes' do
-      sl = new_list('one two') - new_list('two')
-      assert sl.kind_of? PrxAuth::ScopeList
+  describe "#-" do
+    it "subtracts scopes" do
+      sl = new_list("one two") - new_list("two")
+      assert sl.is_a? PrxAuth::ScopeList
       assert !sl.contains?(:two)
       assert sl.contains?(:one)
     end
 
-    it 'works with scope wildcards' do
-      sl = new_list('ns1:one ns2:two') - new_list('one')
+    it "works with scope wildcards" do
+      sl = new_list("ns1:one ns2:two") - new_list("one")
       assert !sl.contains?(:ns1, :one)
     end
 
-    it 'accepts nil' do
-      sl = new_list('one two') - nil
+    it "accepts nil" do
+      sl = new_list("one two") - nil
       assert sl.contains?(:one) && sl.contains?(:two)
     end
 
-    it 'maintains dashes and capitalization in the result' do
-      sl = new_list('The-Beginning the-middle the-end') - new_list('the-Middle')
-      assert sl.to_s == 'The-Beginning the-end'
+    it "maintains dashes and capitalization in the result" do
+      sl = new_list("The-Beginning the-middle the-end") - new_list("the-Middle")
+      assert sl.to_s == "The-Beginning the-end"
     end
 
-    it 'dedups and condenses' do
-      sl = new_list('one ns1:two ns2:two one three three') - new_list('ns1:two three')
+    it "dedups and condenses" do
+      sl = new_list("one ns1:two ns2:two one three three") - new_list("ns1:two three")
       assert_equal sl.length, 2
-      assert_equal sl.to_s, 'one ns2:two'
+      assert_equal sl.to_s, "one ns2:two"
     end
   end
 
-  describe '#+' do
-    it 'adds scopes' do
-      sl = new_list('one') + new_list('two')
-      assert sl.kind_of? PrxAuth::ScopeList
+  describe "#+" do
+    it "adds scopes" do
+      sl = new_list("one") + new_list("two")
+      assert sl.is_a? PrxAuth::ScopeList
       assert sl.contains?(:one)
       assert sl.contains?(:two)
     end
 
-    it 'dedups and condenses' do
-      sl = new_list('one ns1:one two') + new_list('two three') + new_list('two')
+    it "dedups and condenses" do
+      sl = new_list("one ns1:one two") + new_list("two three") + new_list("two")
       assert_equal sl.length, 3
-      assert_equal sl.to_s, 'one two three'
+      assert_equal sl.to_s, "one two three"
     end
 
-    it 'accepts nil' do
-      sl = new_list('one two') + nil
+    it "accepts nil" do
+      sl = new_list("one two") + nil
       assert sl.contains?(:one) && sl.contains?(:two)
     end
   end
 
-  describe '#&' do
-    it 'gets the intersect of scopes' do
-      sl = (new_list('one two three four') & new_list('two four six'))
-      assert sl.kind_of? PrxAuth::ScopeList
+  describe "#&" do
+    it "gets the intersect of scopes" do
+      sl = (new_list("one two three four") & new_list("two four six"))
+      assert sl.is_a? PrxAuth::ScopeList
       assert sl.contains?(:two) && sl.contains?(:four)
-      assert !sl.contains?(:one) && !sl.contains?(:three)  && !sl.contains?(:six)
+      assert !sl.contains?(:one) && !sl.contains?(:three) && !sl.contains?(:six)
     end
 
-    it 'accepts nil' do
-      sl = new_list('one') & nil
+    it "accepts nil" do
+      sl = new_list("one") & nil
       assert !sl.contains?(:one)
     end
 
-    it 'works when either side has non-namespaced values correctly' do
-      sl = PrxAuth::ScopeList.new('foo:bar') & PrxAuth::ScopeList.new('bar')
+    it "works when either side has non-namespaced values correctly" do
+      sl = PrxAuth::ScopeList.new("foo:bar") & PrxAuth::ScopeList.new("bar")
       assert sl.contains?(:foo, :bar)
       refute sl.contains?(:bar)
 
-      sl = PrxAuth::ScopeList.new('bar') & PrxAuth::ScopeList.new('foo:bar')
+      sl = PrxAuth::ScopeList.new("bar") & PrxAuth::ScopeList.new("foo:bar")
       assert sl.contains?(:foo, :bar)
       refute sl.contains?(:bar)
     end
   end
 
-  describe '==' do
-
-    it 'is equal when they are functionally equal' do
+  describe "==" do
+    it "is equal when they are functionally equal" do
       assert_equal PrxAuth::ScopeList.new("foo ns:foo bar ns2:baz"), PrxAuth::ScopeList.new("ns2:baz bar foo")
     end
 
-    it 'is not equal when they are not functionally equal' do
+    it "is not equal when they are not functionally equal" do
       refute_equal PrxAuth::ScopeList.new("foo bar"), PrxAuth::ScopeList.new("foo:bar bar:foo")
     end
   end

data/test/rack/prx_auth/auth_validator_test.rb

@@ -1,38 +1,38 @@
-require 'test_helper'
+require "test_helper"
 
 describe Rack::PrxAuth::AuthValidator do
-  let(:app) { Proc.new {|env| env } }
-  let(:auth_validator) { Rack::PrxAuth::AuthValidator.new(token, certificate, 'id.local.test') }
+  let(:app) { proc { |env| env } }
+  let(:auth_validator) { Rack::PrxAuth::AuthValidator.new(token, certificate, "id.local.test") }
 
-  let(:token) { 'some.token.foo' }
+  let(:token) { "some.token.foo" }
 
   let(:iat) { Time.now.to_i }
   let(:exp) { 3600 }
-  let(:claims) { {'sub'=>3, 'exp'=>exp, 'iat'=>iat, 'token_type'=>'bearer', 'scope'=>nil, 'iss'=>'id.prx.org'} }
+  let(:claims) { {"sub" => 3, "exp" => exp, "iat" => iat, "token_type" => "bearer", "scope" => nil, "iss" => "id.prx.org"} }
   let(:certificate) { Rack::PrxAuth::Certificate.new }
 
-  describe '#token_issuer_matches' do
-    it 'false if the token is from another issuer' do
+  describe "#token_issuer_matches" do
+    it "false if the token is from another issuer" do
       auth_validator.stub(:claims, claims) do
         refute auth_validator.token_issuer_matches?
       end
     end
 
-    it 'is false if the issuer in the validator does not match' do
-      auth_validator.stub(:issuer, 'id.foo.com') do
+    it "is false if the issuer in the validator does not match" do
+      auth_validator.stub(:issuer, "id.foo.com") do
         refute auth_validator.token_issuer_matches?
       end
     end
   end
 
-  describe '#valid?' do
-    it 'is false if token is invalid' do
+  describe "#valid?" do
+    it "is false if token is invalid" do
       auth_validator.stub(:claims, claims) do
         refute auth_validator.valid?
       end
     end
 
-    it 'is false if the token is nil' do
+    it "is false if the token is nil" do
       certificate.stub(:valid?, true) do
         auth_validator.stub(:token, nil) do
           refute auth_validator.valid?
@@ -41,101 +41,100 @@ describe Rack::PrxAuth::AuthValidator do
     end
   end
 
-  describe '#expired?' do
-
+  describe "#expired?" do
     def expired?(claims)
       auth_validator.stub(:claims, claims) do
         auth_validator.expired?
       end
     end
 
-    describe 'with a malformed exp' do
+    describe "with a malformed exp" do
       let(:iat) { Time.now.to_i }
       let(:exp) { 3600 }
 
-      it 'is expired if iat + exp are in the past' do
-        claims['iat'] -= 3631
+      it "is expired if iat + exp are in the past" do
+        claims["iat"] -= 3631
 
         assert expired?(claims)
       end
 
-      it 'is not expired if iat + exp are in the future' do
-        claims['iat'] = Time.now.to_i - 3599
+      it "is not expired if iat + exp are in the future" do
+        claims["iat"] = Time.now.to_i - 3599
 
         refute expired?(claims)
       end
 
-      it 'allows a 30s clock jitter' do
-        claims['iat'] = Time.now.to_i - 3629
+      it "allows a 30s clock jitter" do
+        claims["iat"] = Time.now.to_i - 3629
 
         refute expired?(claims)
       end
     end
 
-    describe 'with a corrected exp' do
+    describe "with a corrected exp" do
       let(:iat) { Time.now.to_i - 3600 }
       let(:exp) { Time.now.to_i + 1 }
 
-      it 'is not expired if exp is in the future' do
+      it "is not expired if exp is in the future" do
         refute expired?(claims)
       end
 
-      it 'is expired if exp is in the past (with 30s jitter grace)' do
-        claims['exp'] = Time.now.to_i - 31
+      it "is expired if exp is in the past (with 30s jitter grace)" do
+        claims["exp"] = Time.now.to_i - 31
         assert expired?(claims)
-        claims['exp'] = Time.now.to_i - 29
+        claims["exp"] = Time.now.to_i - 29
         refute expired?(claims)
       end
     end
   end
 
-  describe '#time_to_live' do
+  describe "#time_to_live" do
     def time_to_live(claims)
       auth_validator.stub(:claims, claims) do
         auth_validator.time_to_live
       end
     end
 
-    it 'returns the ttl without any clock jitter correction' do
-      claims['exp'] = Time.now.to_i + 999
+    it "returns the ttl without any clock jitter correction" do
+      claims["exp"] = Time.now.to_i + 999
       assert_equal time_to_live(claims), 999
     end
 
-    it 'handles missing exp' do
-      claims['exp'] = nil
+    it "handles missing exp" do
+      claims["exp"] = nil
       assert_equal time_to_live(claims), 0
     end
 
-    it 'handles missing iat' do
-      claims['iat'] = nil
-      claims['exp'] = Time.now.to_i + 999
+    it "handles missing iat" do
+      claims["iat"] = nil
+      claims["exp"] = Time.now.to_i + 999
       assert_equal time_to_live(claims), 999
     end
 
-    it 'handles malformed exp' do
-      claims['iat'] = Time.now.to_i
-      claims['exp'] = 999
+    it "handles malformed exp" do
+      claims["iat"] = Time.now.to_i
+      claims["exp"] = 999
       assert_equal time_to_live(claims), 999
     end
   end
 
-  describe '#decode_token' do
-    it 'should return an empty result for a nil token' do
-        auth_validator.stub(:token, nil) do
-          assert auth_validator.decode_token == {}
-        end
+  describe "#decode_token" do
+    it "should return an empty result for a nil token" do
+      auth_validator.stub(:token, nil) do
+        assert auth_validator.decode_token == {}
+      end
     end
 
-    it 'should return an empty result for an empty token' do
-        auth_validator.stub(:token, '') do
-          assert auth_validator.decode_token == {}
-        end
+    it "should return an empty result for an empty token" do
+      auth_validator.stub(:token, "") do
+        assert auth_validator.decode_token == {}
+      end
     end
 
-    it 'should return an empty result for a malformed token' do
-        auth_validator.stub(:token, token) do
-          assert auth_validator.decode_token == {}
-        end
+    it "should return an empty result for a malformed token" do
+      auth_validator.stub(:token, token) do
+        assert auth_validator.decode_token == {}
+      end
     end
   end
 end