prx_auth 1.7.2 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8db9794b5957f93a863dd566c371420ee1d02002c7ab8a681fdc3a518cbe4f1c
-  data.tar.gz: 9938ebf515cc8c9918f8ae3e597600245a76ae48b62fecb3f102ddfbb4e2fe8c
+  metadata.gz: 80b52f104115aa7226438db0566660e430cec97a304798bf2098467d69a73547
+  data.tar.gz: a40db03c0c4a4f529231a8d7f63c80a8c6c50b5f7010c6cc84d6d63f399e5752
 SHA512:
-  metadata.gz: 4dd977316195060b437eca1ce1c2fb8f4fa033ee8262ca406d769200e0360d1b69a95cdc72ebb5c85b9d54d149a52faf531b453f82a3612dc423abed9a3fe590
-  data.tar.gz: 29057475f034443ef955eaf69773526044bfdd85de2e753676fcaaaa57ae275b74a64158043d0afa363961c98876c4aea169ba54887173330d1ac49c4ee57ace
+  metadata.gz: cb2093473b3f817c9e0b7edf4eacd9427d3efa30d3338c344956a64c004876b788e1342615f72d20f2fcfd7e3ff79a1247180da65c9691c30a960dbafd7b0e2d
+  data.tar.gz: ed0ee1c6557b1a5420e9f6e195067de9b5440175c59cb8d6708f668464e86018c89d162d146b8e92fddf5c81594aedc86011d4c48a670796a9b989a62af81026

data/lib/prx_auth/resource_map.rb

@@ -43,6 +43,19 @@ module PrxAuth
       super(key.to_s, value)
     end
 
+    def except!(*keys)
+      keys.each { |key| delete(key.to_s) }
+      self
+    end
+
+    def except(*keys)
+      dup.except!(*keys)
+    end
+
+    def empty?
+      @wildcard.empty? && (super || values.all?(&:empty?))
+    end
+
     def condense
       condensed_wildcard = @wildcard.condense
       condensed_map = map do |resource, list|

data/lib/prx_auth/version.rb

@@ -1,3 +1,3 @@
 module PrxAuth
-  VERSION = "1.7.2"
+  VERSION = "1.8.0"
 end

data/lib/rack/prx_auth/token_data.rb

@@ -37,6 +37,19 @@ module Rack
         resources(::PrxAuth::Rails.configuration.namespace, scope).map(&:to_i)
       end
 
+      def except!(*resources)
+        @authorized_resources = @authorized_resources.except(*resources)
+        self
+      end
+
+      def except(*resources)
+        dup.except!(*resources)
+      end
+
+      def empty_resources?
+        @authorized_resources.empty?
+      end
+
       private
 
       def unpack_aur(aur)

data/prx_auth.gemspec

@@ -23,6 +23,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "coveralls", "~> 0"
   spec.add_development_dependency "guard"
   spec.add_development_dependency "guard-minitest"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "pry-byebug"
   spec.add_development_dependency "standard"
 
   spec.add_dependency "rack", ">= 1.5.2"

data/test/prx_auth/resource_map_test.rb

@@ -181,4 +181,17 @@ describe PrxAuth::ResourceMap do
       refute_nil map["789"]
     end
   end
+
+  describe "#except" do
+    it "removes keys" do
+      map2 = map.except(123)
+
+      assert_equal ["123", "456"], map.keys
+      assert_equal ["456"], map2.keys
+
+      # the ! version modifies the map
+      map2.except!("456")
+      assert_equal [], map2.keys
+    end
+  end
 end

data/test/rack/prx_auth/token_data_test.rb

@@ -97,5 +97,42 @@ describe Rack::PrxAuth::TokenData do
         end
       end
     end
+
+    describe "#except" do
+      let(:token) { Rack::PrxAuth::TokenData.new("aur" => aur) }
+      let(:aur) { {"123" => "admin ns1:namespaced", "456" => "member"} }
+
+      it "removes resources from the aur" do
+        token2 = token.except(123)
+
+        assert token.authorized?(123, "admin")
+        assert token.authorized?(456, "member")
+
+        refute token2.authorized?(123, "admin")
+        assert token2.authorized?(456, "member")
+
+        # the ! version modifies the token
+        token2.except!(456)
+        refute token2.authorized?(456, "member")
+      end
+    end
+
+    describe "#empty_resources?" do
+      it "checks if the user has access to any resources" do
+        token = Rack::PrxAuth::TokenData.new("aur" => {"123" => "anything"})
+        refute token.empty_resources?
+        assert token.except("123").empty_resources?
+      end
+
+      it "checks for empty scopes" do
+        token = Rack::PrxAuth::TokenData.new("aur" => {"123" => ""})
+        assert token.empty_resources?
+      end
+
+      it "is not empty with wildcard auth" do
+        token = Rack::PrxAuth::TokenData.new("aur" => {"*" => "anything"})
+        refute token.empty_resources?
+      end
+    end
   end
 end

data/test/test_helper.rb

@@ -4,6 +4,8 @@ Coveralls.wear!
 $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
 require "prx_auth"
 require "rack/prx_auth"
+require "pry"
+require "pry-byebug"
 
 require "minitest/autorun"
 require "minitest/spec"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth
 version: !ruby/object:Gem::Version
-  version: 1.7.2
+  version: 1.8.0
 platform: ruby
 authors:
 - Eve Asher
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-26 00:00:00.000000000 Z
+date: 2023-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -81,6 +81,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: standard
   requirement: !ruby/object:Gem::Requirement