prx_auth 1.7.2 → 1.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8db9794b5957f93a863dd566c371420ee1d02002c7ab8a681fdc3a518cbe4f1c
-  data.tar.gz: 9938ebf515cc8c9918f8ae3e597600245a76ae48b62fecb3f102ddfbb4e2fe8c
+  metadata.gz: 076bc119886d252cc587e1e391ba10eaa3b1d24151ba559135c3e40d78565201
+  data.tar.gz: 40f6695953ad60bb9dcd8aef4e3483434c8274266c83632e4ce3f628e9022c5e
 SHA512:
-  metadata.gz: 4dd977316195060b437eca1ce1c2fb8f4fa033ee8262ca406d769200e0360d1b69a95cdc72ebb5c85b9d54d149a52faf531b453f82a3612dc423abed9a3fe590
-  data.tar.gz: 29057475f034443ef955eaf69773526044bfdd85de2e753676fcaaaa57ae275b74a64158043d0afa363961c98876c4aea169ba54887173330d1ac49c4ee57ace
+  metadata.gz: 169c89b6926a03cd9e1599298858e1d22fb5c468d9c3c56ade1b616c4893d87d707092f2704996edb9c18291e8ecf443a92559cb0ed2f30b5152d0abaa3be22a
+  data.tar.gz: edfb7b2f60fdf23e6d950d4c7ad2cd5efe3be300856ad829ee2724a3a8edf16c2702540185aba0813d151892b941eca9db9d8255eba25cf1b2c790af04c108c6

data/lib/prx_auth/resource_map.rb

@@ -43,6 +43,19 @@ module PrxAuth
       super(key.to_s, value)
     end
 
+    def except!(*keys)
+      keys.each { |key| delete(key.to_s) }
+      self
+    end
+
+    def except(*keys)
+      dup.except!(*keys)
+    end
+
+    def empty?
+      @wildcard.empty? && (super || values.all?(&:empty?))
+    end
+
     def condense
       condensed_wildcard = @wildcard.condense
       condensed_map = map do |resource, list|
@@ -100,15 +113,15 @@ module PrxAuth
         end
       end
 
-      if @wildcard.length > 0
-        result[WILDCARD_KEY] = @wildcard - (@wildcard - other_wildcard)
+      if @wildcard.length > 0 || other_wildcard.length > 0
+        result[WILDCARD_KEY] = @wildcard & other_wildcard
       end
 
       ResourceMap.new(result).condense
     end
 
     def as_json(opts = {})
-      super(opts).merge((@wildcard.length > 0) ? {WILDCARD_KEY => @wildcard}.as_json(opts) : {})
+      super.merge((@wildcard.length > 0) ? {WILDCARD_KEY => @wildcard}.as_json(opts) : {})
     end
 
     def resources(namespace = nil, scope = nil)

data/lib/prx_auth/scope_list.rb

@@ -36,7 +36,7 @@ module PrxAuth
       case list
       when PrxAuth::ScopeList then list
       when Array then super(list.join(" "))
-      else super(list)
+      else super
       end
     end
 

data/lib/prx_auth/version.rb

@@ -1,3 +1,3 @@
 module PrxAuth
-  VERSION = "1.7.2"
+  VERSION = "1.8.1"
 end

data/lib/rack/prx_auth/token_data.rb

@@ -37,6 +37,19 @@ module Rack
         resources(::PrxAuth::Rails.configuration.namespace, scope).map(&:to_i)
       end
 
+      def except!(*resources)
+        @authorized_resources = @authorized_resources.except(*resources)
+        self
+      end
+
+      def except(*resources)
+        dup.except!(*resources)
+      end
+
+      def empty_resources?
+        @authorized_resources.empty?
+      end
+
       private
 
       def unpack_aur(aur)

data/prx_auth.gemspec

@@ -23,7 +23,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "coveralls", "~> 0"
   spec.add_development_dependency "guard"
   spec.add_development_dependency "guard-minitest"
+  spec.add_development_dependency "pry"
   spec.add_development_dependency "standard"
+  spec.add_development_dependency "m"
 
   spec.add_dependency "rack", ">= 1.5.2"
   spec.add_dependency "json", ">= 1.8.1"

data/test/prx_auth/resource_map_test.rb

@@ -153,6 +153,11 @@ describe PrxAuth::ResourceMap do
       assert !map.contains?("one", :four) && !map.contains?("two", :four)
       assert map.contains?("*", :wild)
     end
+
+    it "works with global scoped wildcards" do
+      map = new_map("*" => "something") & new_map("*" => "ns1:something")
+      assert map.contains?("*", "ns1", :something)
+    end
   end
 
   describe "#as_json" do
@@ -181,4 +186,17 @@ describe PrxAuth::ResourceMap do
       refute_nil map["789"]
     end
   end
+
+  describe "#except" do
+    it "removes keys" do
+      map2 = map.except(123)
+
+      assert_equal ["123", "456"], map.keys
+      assert_equal ["456"], map2.keys
+
+      # the ! version modifies the map
+      map2.except!("456")
+      assert_equal [], map2.keys
+    end
+  end
 end

data/test/rack/prx_auth/token_data_test.rb

@@ -97,5 +97,42 @@ describe Rack::PrxAuth::TokenData do
         end
       end
     end
+
+    describe "#except" do
+      let(:token) { Rack::PrxAuth::TokenData.new("aur" => aur) }
+      let(:aur) { {"123" => "admin ns1:namespaced", "456" => "member"} }
+
+      it "removes resources from the aur" do
+        token2 = token.except(123)
+
+        assert token.authorized?(123, "admin")
+        assert token.authorized?(456, "member")
+
+        refute token2.authorized?(123, "admin")
+        assert token2.authorized?(456, "member")
+
+        # the ! version modifies the token
+        token2.except!(456)
+        refute token2.authorized?(456, "member")
+      end
+    end
+
+    describe "#empty_resources?" do
+      it "checks if the user has access to any resources" do
+        token = Rack::PrxAuth::TokenData.new("aur" => {"123" => "anything"})
+        refute token.empty_resources?
+        assert token.except("123").empty_resources?
+      end
+
+      it "checks for empty scopes" do
+        token = Rack::PrxAuth::TokenData.new("aur" => {"123" => ""})
+        assert token.empty_resources?
+      end
+
+      it "is not empty with wildcard auth" do
+        token = Rack::PrxAuth::TokenData.new("aur" => {"*" => "anything"})
+        refute token.empty_resources?
+      end
+    end
   end
 end

data/test/test_helper.rb

@@ -4,6 +4,7 @@ Coveralls.wear!
 $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
 require "prx_auth"
 require "rack/prx_auth"
+require "pry"
 
 require "minitest/autorun"
 require "minitest/spec"

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: prx_auth
 version: !ruby/object:Gem::Version
-  version: 1.7.2
+  version: 1.8.1
 platform: ruby
 authors:
 - Eve Asher
 - Chris Rhoden
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-26 00:00:00.000000000 Z
+date: 2025-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -81,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: standard
   requirement: !ruby/object:Gem::Requirement
@@ -95,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -175,7 +202,6 @@ homepage: https://github.com/PRX/prx_auth
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -190,8 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Utilites for parsing PRX JWTs and Rack middleware that verifies and attaches
   the token's claims to env.