rack-auth-travis 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 66e2120bb880c54b9c8fc6de7f4c71ba04e0eb8d
+  data.tar.gz: 93fc97948dcc29135dd0373c90087b6d94e9ca33
+SHA512:
+  metadata.gz: 5945ea2ec8ede2f9541208be47db7b521c3e3969da17e5d8c69aae8a453117fc909018963519929167c5ddac4283fb67e08a6ced1b06e02406beeeba581a00ad
+  data.tar.gz: 505976820d8c6c7edf49a485e263cb57aad7b550099e5777764c81a990c7cbc02a7428e7e632e36f992599d4e71d0687ec6a66b2d826bb53727132c711deb64b

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+/.bundle/
+/.config/
+/.yardoc/
+/coverage/
+/doc/
+/example/public/sha256.js
+/lib/bundler/man/
+/pkg/
+/rdoc/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+Gemfile.lock
+rack-output.html

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,8 @@
+AllCops:
+  Includes:
+    - Gemfile
+    - Rakefile
+    - Guardfile
+
+Documentation:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+2.0.0-p247

data/.simplecov

@@ -0,0 +1,5 @@
+if ENV['COVERAGE']
+  SimpleCov.start do
+    add_filter '/spec/'
+  end
+end

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+rvm:
+- 2.0.0
+- 1.9.3
+- jruby-19mode
+- rbx-19mode
+env:
+  global:
+  - COVERAGE=1
+notifications:
+  email: github+rack-auth-travis@modcloth.com

data/Gemfile

@@ -0,0 +1,5 @@
+# vim:fileencoding=utf-8
+
+source 'https://rubygems.org'
+
+gemspec

data/Guardfile

@@ -0,0 +1,7 @@
+# vim:fileencoding=utf-8
+
+guard :rspec, cli: '--format doc' do
+  watch(/^spec\/.+_spec\.rb$/)
+  watch(/^lib\/(.+)\.rb$/) { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { 'spec' }
+end

data/LICENSE.md

@@ -0,0 +1,22 @@
+# Copyright © 2013 ModCloth, Inc.
+
+## MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+# Rack::Auth::Travis
+
+It's a Rack auth thing for Travis webhook requests!
+
+## Install
+
+Depend on it!
+
+``` ruby
+# Gemfile
+gem 'rack-auth-travis'
+```
+
+## Usage
+
+Add it to your rack!
+
+Take a look at the [example](./example) or do something like this:
+
+``` ruby
+# config.ru
+require './my_fancy_app'
+require 'rack-auth-travis'
+
+use Rack::Auth::Travis
+run MyFancyApp.new
+```
+
+When `use`'d without arguments, `Rack::Auth::Travis` will add an `ENV`-based
+authenticator that will look for the following variables and use their values to
+authenticate the `Authorization` header:
+
+- `TRAVIS_AUTH_<uppercased-slug>` - generated from the "repo slug" with
+  non-alphanumeric characters replaced with underscores, e.g.
+  `octocat/Knife-Spoon` becomes `TRAVIS_AUTH_OCTOCAT_KNIFE_SPOON`
+- `TRAVIS_AUTH_DEFAULT`
+
+If one of these `ENV` variables exists, its value will be hashed with the "repo
+slug" and compared to the `Authorization` header sent from Travis.

data/Rakefile

@@ -0,0 +1,17 @@
+# vim:fileencoding=utf-8
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = '-f doc'
+end
+
+load './example/Rakefile'
+
+desc 'Run rubocop'
+task :rubocop do
+  sh('rubocop --format simple') { |ok, _| ok || abort }
+end
+
+task default: [:rubocop, :spec]

data/bin/rack-auth-travis-envify

@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+# vim:fileencoding=utf-8
+require 'json'
+require 'rack-auth-travis'
+
+if ARGV.include?('-h') || ARGV.include?('--help')
+  $stdout.puts <<-EOUSAGE.gsub(/^ {4}/, '')
+    Usage: #{File.basename($PROGRAM_NAME)} < repo-slug-token-map.json
+
+    Convert a JSON mapping of repo slugs to auth tokens into environment
+    variables usable by the Rack::Auth::Travis ENV-based authenticator.
+  EOUSAGE
+  exit 0
+end
+
+JSON.parse($stdin.read).each do |k, v|
+  $stdout.puts "#{Rack::Auth::Travis.repo_env_key(k)}=#{v}"
+end
+exit 0

data/bin/rack-auth-travis-hash

@@ -0,0 +1,22 @@
+#!/usr/bin/env ruby
+# vim:fileencoding=utf-8
+require 'json'
+require 'rack-auth-travis'
+
+def usage
+  $stdout.puts <<-EOUSAGE.gsub(/^ {4}/, '')
+    Usage: #{File.basename($PROGRAM_NAME)} <repo-slug> <token>
+
+    Get the sha256 hash of a "repo slug" and Travis token just like the one
+    expected in the 'Authorization' header of a webhook request.
+  EOUSAGE
+end
+
+if ARGV.include?('-h') || ARGV.include?('--help') || !ARGV[0] || !ARGV[1]
+  usage
+  exit 0
+end
+
+owner_name, name = ARGV[0].split('/', 2)
+$stdout.puts Rack::Auth::Travis.authz(owner_name, name, ARGV[1])
+exit 0

data/example/Gemfile

@@ -0,0 +1,9 @@
+# vim:fileencoding=utf-8
+
+source 'https://rubygems.org'
+
+gem 'puma'
+gem 'rack'
+gem 'rack-auth-travis', path: '../'
+gem 'rake'
+gem 'sinatra'

data/example/Rakefile

@@ -0,0 +1,48 @@
+# vim:fileencoding=utf-8
+
+desc 'POST a valid payload to the example app (or anywhere else)'
+task :payload do
+  require 'rack-auth-travis'
+  require 'net/http'
+  require_relative 'spec/support'
+
+  owner_name = ENV['OWNER_NAME'] || 'octocat'
+  name = ENV['NAME'] || 'Knife-Spoon'
+  ENV['TRAVIS_AUTH_DEFAULT'] ||= 'a' * 64
+  token = ENV['TRAVIS_AUTH_DEFAULT']
+  repo_env_key = Rack::Auth::Travis.repo_env_key("#{owner_name}/#{name}")
+  ENV[repo_env_key] ||= token
+  host = ENV['HOST'] || 'localhost'
+  port = Integer(ENV['PORT'] || 9292)
+
+  http = Net::HTTP.new(host, port)
+  req = Net::HTTP::Post.new('/')
+  req['Accept'] = 'application/json'
+  req['Content-Type'] = 'application/json'
+  req['Authorization'] = Rack::Auth::Travis.authz(owner_name, name, token)
+  req.body = JSON.pretty_generate(Support.valid_payload(owner_name, name))
+
+  $stdout.puts <<-EOF.gsub(/^ {4}/, '')
+    OWNER_NAME=#{owner_name}
+    NAME=#{name}
+    TRAVIS_AUTH_DEFAULT=#{token}
+    #{repo_env_key}=#{token}
+    HOST=#{host}
+    PORT=#{port}
+
+    Authorization: #{req['Authorization']}
+
+  EOF
+  http.set_debug_output($stdout)
+  reqbody = http.request(req).body
+  File.open('rack-output.html', 'w') { |f| f.puts reqbody }
+  $stdout.puts reqbody
+end
+
+desc 'Run example application'
+task :example do
+  Dir.chdir(File.expand_path('../', __FILE__)) do
+    ENV['BUNDLE_GEMFILE'] = nil
+    exec 'bundle exec rackup -I$PWD/../lib'
+  end
+end

data/example/config.ru

@@ -0,0 +1,32 @@
+# vim:fileencoding=utf-8
+
+require 'open-uri'
+require 'rack/lint'
+require 'rack/urlmap'
+require 'rack-auth-travis'
+require './echoplex'
+
+ENV['TRAVIS_AUTH_DEFAULT'] ||= 'a' * 20
+ENV['TRAVIS_REPO_OWNER_NAME'] ||= 'foo'
+ENV['TRAVIS_REPO_NAME'] ||= 'bar'
+
+sha256js = File.expand_path('../public/sha256.js', __FILE__)
+
+if !File.exist?(sha256js)
+  File.open(sha256js, 'w') do |f|
+    open(
+      'http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha256.js'
+    ) do |uri_f|
+      uri_f.each_line { |l| f.write l }
+    end
+  end
+end
+
+app = Echoplex::App.new
+protected_app = Rack::Auth::Travis.new(app, realm: 'echoplex')
+
+run Rack::URLMap.new(
+  '/unprotected' => Rack::Lint.new(app),
+  '/protected' => Rack::Lint.new(protected_app),
+  '/' => Rack::Directory.new(File.expand_path('../public', __FILE__))
+)

data/example/echoplex.rb

@@ -0,0 +1,51 @@
+# vim:fileencoding=utf-8
+
+require 'json'
+require 'sinatra/base'
+
+module Echoplex
+  class App < Sinatra::Base
+    set :public_dir, File.expand_path('../public', __FILE__)
+
+    get '/' do
+      @owner_name = ENV['TRAVIS_REPO_OWNER_NAME']
+      @name = ENV['TRAVIS_REPO_NAME']
+      @token = ENV['TRAVIS_AUTH_DEFAULT']
+      @default_json = JSON.pretty_generate(
+        payload: { repository: { owner_name: @owner_name, name: @name } }
+      )
+      erb :index
+    end
+
+    post '/' do
+      rack_input, input_json, error = extract_post_data(request)
+      @authz = request.env['HTTP_AUTHORIZATION']
+      @input_length = rack_input.length
+      @owner_name = (
+        (input_json['payload'] || {})['repository'] || {}
+      )['owner_name']
+      @name = (
+        (input_json['payload'] || {})['repository'] || {}
+      )['name']
+      @error = error
+      @env = request.env
+      erb :result, layout: !request.xhr?
+    end
+
+    private
+
+    def extract_post_data(request)
+      rack_input = request.env['rack.input'].read
+      input_json = {}
+      error = nil
+
+      begin
+        input_json = JSON.parse(rack_input)
+      rescue => e
+        error = "#{e.class.name} #{e.message}"
+      end
+
+      [rack_input, input_json, error]
+    end
+  end
+end

data/example/views/index.erb

@@ -0,0 +1,72 @@
+<form action="protected" method="post">
+  <div>
+    <label for="owner_name">Repo Owner</label>
+  </div>
+  <div>
+    <input type="text" id="owner_name" name="owner_name"
+      placeholder="<github user or org>" value="<%= @owner_name %>"
+      size="40" autofocus />
+  </div>
+  <div>
+    <label for="name">Repo Name</label>
+  </div>
+  <div>
+    <input type="text" id="name" name="name"
+      placeholder="<github repo>" value="<%= @name %>"
+      size="40" />
+  </div>
+  <div>
+    <label for="token">Token</label>
+  </div>
+  <div>
+    <input type="text" id="token" name="token"
+      placeholder="<travis token>" value="<%= @token %>"
+      size="30" maxlength="20" />
+  </div>
+  <div>
+    <label for="payload">JSON payload</label>
+  </div>
+  <textarea id="payload" name="payload" rows="20" cols="80">
+<%= @default_json %>
+  </textarea>
+  <div>
+    <button id="fake_submit">POST</button>
+  </div>
+</form>
+<script
+  src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js">
+</script>
+<script src="/sha256.js"></script>
+<script type="text/javascript">
+$( function () {
+  function travisAuthz ( ownerName, name, token ) {
+    var toHash = ownerName + '/' + name + token;
+    return CryptoJS.SHA256( toHash ).toString( CryptoJS.enc.Hex );
+  }
+
+  $( '#fake_submit' ).click( function ( event ) {
+    event.preventDefault();
+    var payload = $( '#payload' ).val();
+    console.log( 'sending payload %o', payload );
+    $.ajax({
+      url: 'protected',
+      type: 'POST',
+      headers: {
+        'Authorization': travisAuthz(
+          $( '#owner_name' ).val(),
+          $( '#name' ).val(),
+          $( '#token' ).val()
+        ),
+        'Accept': 'text/html'
+      },
+      contentType: 'application/json',
+      data: payload,
+      dataType: 'html',
+      success: function( data ) {
+        window.history.pushState(null, "result", "protected");
+        $( '#content' ).html( data );
+      }
+    });
+  });
+});
+</script>

data/example/views/layout.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>rack-auth-travis example</title>
+    <style type="text/css">body { font-family: Menlo, monospace; }</style>
+  </head>
+  <body>
+    <h1>rack-auth-travis example</h1>
+    <div id="content">
+      <%= yield %>
+    </div>
+  </body>
+</html>

data/example/views/result.erb

@@ -0,0 +1,17 @@
+<p><a id="redo" href="unprotected">again again!</a></p>
+<dl>
+  <dt>authz</dt>
+  <dd><%= @authz.inspect %></dd>
+  <dt>rack input length</dt>
+  <dd><%= @input_length.inspect %></dd>
+  <dt>repo owner name</dt>
+  <dd><%= @owner_name.inspect %></dd>
+  <dt>repo name</dt>
+  <dd><%= @name.inspect %></dd>
+  <dt>error</dt>
+  <dd><%= @error.inspect %></dd>
+</dl>
+
+<% @env.sort.each do |k, v| %>
+<!-- <%= k.to_s.gsub(/--/, '- - ') %>=<%= v.to_s.gsub(/--/, '- - ') %> -->
+<% end %>

data/lib/rack-auth-travis.rb

@@ -0,0 +1,3 @@
+# vim:fileencoding=utf-8
+
+require 'rack/auth/travis'

data/lib/rack/auth/travis.rb

@@ -0,0 +1,153 @@
+# vim:fileencoding=utf-8
+
+require 'digest'
+require 'json'
+require 'rack/auth/abstract/handler'
+require 'rack/auth/abstract/request'
+
+module Rack
+  module Auth
+    class Travis < ::Rack::Auth::AbstractHandler
+      VERSION = '0.1.0'
+
+      def self.authz(owner_name, name, token)
+        ::Digest::SHA256.hexdigest([owner_name, name].join('/') + token)
+      end
+
+      def self.repo_env_key(repo_slug)
+        "TRAVIS_AUTH_#{repo_slug.gsub(/[^\p{Alnum}]/, '_').upcase}"
+      end
+
+      def self.valid?(env)
+        ::Rack::Auth::Travis::Request.new(env).valid?
+      end
+
+      def self.default_authenticators
+        [
+          ::Rack::Auth::Travis::ENVAuthenticator.new
+        ]
+      end
+
+      def initialize(app, config = {}, &authenticator)
+        @config = config
+        @config[:sources] ||= [:env]
+        super(app, config[:realm], &authenticator)
+        configure_authenticators
+      end
+
+      def call(env)
+        auth_req = Travis::Request.new(env, @authenticators)
+        return unauthorized unless auth_req.provided?
+        return bad_request unless auth_req.travis? && auth_req.json?
+        return @app.call(env) if auth_req.valid?
+        unauthorized
+      end
+
+      def build_env_authenticator
+        ENVAuthenticator.new
+      end
+
+      def configure_authenticators
+        @authenticators = []
+        @config[:sources].each do |source|
+          method_name = "build_#{source}_authenticator"
+          @authenticators << send(method_name) if respond_to?(method_name)
+        end
+        if @authenticator
+          @authenticators << DIYAuthenticator.new(@authenticator)
+        end
+      end
+
+      def challenge
+        %Q(Travis realm="#{realm}")
+      end
+
+      class DIYAuthenticator
+        def initialize(authenticator_block)
+          @authenticator_block = authenticator_block
+        end
+
+        def valid?(auth_req)
+          @authenticator_block.call(auth_req.repo_slug, auth_req.token)
+        end
+      end
+
+      class ENVAuthenticator
+        def valid?(auth_req)
+          [
+            Travis.repo_env_key(auth_req.repo_slug),
+            'TRAVIS_AUTH_DEFAULT'
+          ].each do |k|
+            env_auth_token = ENV[k]
+            next unless env_auth_token
+            return true if auth_req.token == authz(auth_req, env_auth_token)
+          end
+          false
+        end
+
+        def authz(auth_req, env_auth_token)
+          Travis.authz(auth_req.owner_name, auth_req.name, env_auth_token)
+        end
+      end
+
+      class Request < ::Rack::Auth::AbstractRequest
+        JSON_REGEXP = /^application\/([\w!#\$%&\*`\-\.\^~]*\+)?json$/i
+
+        def initialize(env, authenticators = Travis.default_authenticators)
+          super(env)
+          @authenticators = authenticators || []
+        end
+
+        def travis?
+          token =~ /[\da-f]{64}/i
+        end
+
+        def json?
+          request.env['CONTENT_TYPE'] =~ JSON_REGEXP
+        end
+
+        def valid?
+          return false unless provided? && travis? && json?
+          @authenticators.each do |authenticator|
+            return true if authenticator.valid?(self)
+          end
+          false
+        end
+
+        def owner_name
+          @owner ||= repository['owner_name']
+        end
+
+        def name
+          @name ||= repository['name']
+        end
+
+        def repo_slug
+          [owner_name, name].join('/')
+        end
+
+        def token
+          @token ||= parts.first.to_s
+        end
+
+        private
+
+        def repository
+          @repository ||= ((
+            JSON.parse(request_body) || {}
+          )['payload'] || {})['repository'] || {}
+        rescue
+          {}
+        end
+
+        def request_body
+          @request_body ||= begin
+                              body = request.env['rack.input'].read
+                              request.env['rack.input'].rewind
+                              body
+                            end
+        end
+      end
+    end
+  end
+end

data/rack-auth-travis.gemspec

@@ -0,0 +1,28 @@
+# vim:fileencoding=utf-8
+Gem::Specification.new do |spec|
+  spec.name          = 'rack-auth-travis'
+  spec.version       = '0.1.0'
+  spec.authors       = ['Dan Buch']
+  spec.email         = ['d.buch@modcloth.com']
+  spec.summary       = %q{Rack auth for Travis CI webhook requests!}
+  spec.description   = spec.summary
+  spec.homepage      = 'https://github.com/modcloth-labs/rack-auth-travis'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'rack'
+
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'puma'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'shotgun'
+  spec.add_development_dependency 'simplecov'
+end

data/spec/lib/rack/auth/travis_spec.rb

@@ -0,0 +1,151 @@
+# vim:fileencoding=utf-8
+
+require 'base64'
+require 'json'
+require 'rack/lobster'
+
+describe Rack::Auth::Travis do
+  include Rack::Test::Methods
+
+  let :unprotected_app do
+    Rack::Lobster.new
+  end
+
+  subject :protected_app do
+    described_class.new(unprotected_app)
+  end
+
+  let :owner do
+    "octocat#{rand(10..19)}"
+  end
+
+  let :repo do
+    "deathrace#{rand(2000..2999)}"
+  end
+
+  let :repo_slug do
+    [owner, repo].join('/')
+  end
+
+  let :token do
+    Base64.encode64("#{rand(100..999)}#{rand(10e4..10e5)}")[0, 20]
+  end
+
+  let :valid_auth_header do
+    described_class.authz(owner, repo, token)
+  end
+
+  let :valid_payload do
+    Support.valid_payload(owner, repo)
+  end
+
+  let :valid_payload_json do
+    JSON.pretty_generate(valid_payload)
+  end
+
+  it 'inherits from Rack::Auth::AbstractHandler' do
+    subject.class.superclass.should == Rack::Auth::AbstractHandler
+  end
+
+  it 'accepts config as a hash' do
+    described_class.new(unprotected_app, realm: 'foo').realm.should == 'foo'
+  end
+
+  it 'provides an array of default authenticators' do
+    described_class.default_authenticators.should_not be_empty
+  end
+
+  it 'provides a `.valid?` method for checking arbitrary request envs' do
+    described_class.valid?('HTTP_JUST_KIDDING' => '1').should be_false
+  end
+
+  context 'when initialized with an authenticator block' do
+    it 'adds a DIYAuthenticator' do
+      handler = described_class.new(unprotected_app) { |r, t| true }
+      authenticators = handler.instance_variable_get(:@authenticators)
+      authenticators.map do |a|
+        a.class.name
+      end.should include('Rack::Auth::Travis::DIYAuthenticator')
+    end
+
+    context 'when the request is authenticated' do
+      def app
+        described_class.new(unprotected_app) { |r, t| true }
+      end
+
+      it 'responds 200' do
+        post '/', valid_payload_json, {
+          'HTTP_AUTHORIZATION' => valid_auth_header,
+          'CONTENT_TYPE' => 'application/json'
+        }
+        last_response.status.should == 200
+      end
+    end
+  end
+
+  context 'when the payload is not valid JSON' do
+    def app
+      protected_app
+    end
+
+    it 'does not explode' do
+      post '/', '{asd', {
+        'HTTP_AUTHORIZATION' => 'a' * 64,
+        'CONTENT_TYPE' => 'application/json'
+      }
+      (last_response.status < 500).should be_true
+    end
+  end
+
+  context 'when initialized without config or block' do
+    it 'adds an ENVAuthenticator' do
+      handler = described_class.new(unprotected_app)
+      authenticators = handler.instance_variable_get(:@authenticators)
+      authenticators.map do |a|
+        a.class.name
+      end.should == ['Rack::Auth::Travis::ENVAuthenticator']
+    end
+  end
+
+  context 'when no Authorization is provided' do
+    def app
+      protected_app
+    end
+
+    it 'responds 401' do
+      post '/foo', '{}'
+      last_response.status.should == 401
+    end
+  end
+
+  context 'when invalid Authorization is provided' do
+    def app
+      protected_app
+    end
+
+    it 'responds 401' do
+      post '/', valid_payload_json, {
+        'HTTP_AUTHORIZATION' => 'a' * 64,
+        'CONTENT_TYPE' => 'application/json'
+      }
+      last_response.status.should == 401
+    end
+  end
+
+  context 'when valid Authorization is provided' do
+    def app
+      protected_app
+    end
+
+    it 'responds 200' do
+      env_key = described_class.repo_env_key(repo_slug)
+      ENV[env_key] = token
+      post '/', valid_payload_json, {
+        'HTTP_AUTHORIZATION' => valid_auth_header,
+        'CONTENT_TYPE' => 'application/json'
+      }
+      ENV[env_key] = nil
+      last_response.status.should == 200
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+# vim:fileencoding=utf-8
+
+require 'rack/test'
+require_relative 'support'
+
+require 'simplecov'
+require 'rack/auth/travis'

data/spec/support.rb

@@ -0,0 +1,83 @@
+# vim:fileencoding=utf-8
+
+class Support
+  PAYLOAD_TMPL = {
+    'payload' => {
+      'id' => 1,
+      'number' => 1,
+      'status' => nil,
+      'started_at' => nil,
+      'finished_at' => nil,
+      'status_message' => 'Passed',
+      'commit' => '62aae5f70ceee39123ef',
+      'branch' => 'master',
+      'message' => 'the commit message',
+      'compare_url' => (
+        'https://github.com/___OWNER___/minimal/compare/master...develop'
+      ),
+      'committed_at' => '2011-11-11T11: 11: 11Z',
+      'committer_name' => 'Sven Fuchs',
+      'committer_email' => 'svenfuchs@artweb-design.de',
+      'author_name' => 'Sven Fuchs',
+      'author_email' => 'svenfuchs@artweb-design.de',
+      'repository' => {
+        'id' => 1,
+        'name' => '___REPO___',
+        'owner_name' => '___OWNER___',
+        'url' => 'http://github.com/___OWNER___/minimal'
+      },
+      'matrix' => [
+        {
+          'id' => 2,
+          'repository_id' => 1,
+          'number' => '1.1',
+          'state' => 'created',
+          'started_at' => nil,
+          'finished_at' => nil,
+          'config' => {
+            'notifications' => {
+              'webhooks' => [
+                'http://evome.fr/notifications',
+                'http://example.com/'
+              ]
+            }
+          },
+          'status' => nil,
+          'log' => '',
+          'result' => nil,
+          'parent_id' => 1,
+          'commit' => '62aae5f70ceee39123ef',
+          'branch' => 'master',
+          'message' => 'the commit message',
+          'committed_at' => '2011-11-11T11: 11: 11Z',
+          'committer_name' => 'Sven Fuchs',
+          'committer_email' => 'svenfuchs@artweb-design.de',
+          'author_name' => 'Sven Fuchs',
+          'author_email' => 'svenfuchs@artweb-design.de',
+          'compare_url' => (
+            'https://github.com/___OWNER___/minimal/compare/master...develop'
+          )
+        }
+      ]
+    }
+  }.freeze
+
+  def self.valid_payload(owner = 'foo', repo = 'bar')
+    PAYLOAD_TMPL.clone.tap do |payload|
+      substitute_payload_vars!(payload['payload'], owner, repo)
+    end
+  end
+
+  def self.substitute_payload_vars!(payload, owner, repo)
+    payload['compare_url'] = payload['compare_url'].sub(/___OWNER___/, owner)
+    payload['repository'].merge!(
+      'name' => repo,
+      'owner_name' => owner,
+      'url' => payload['repository']['url'].sub(/___OWNER___/, owner)
+    )
+    compare_url = payload['matrix'].first['compare_url']
+    payload['matrix'].first.merge!(
+      'compare_url' => compare_url.sub(/___OWNER___/, owner)
+    )
+  end
+end

metadata

@@ -0,0 +1,216 @@
+--- !ruby/object:Gem::Specification
+name: rack-auth-travis
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Dan Buch
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-10-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shotgun
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rack auth for Travis CI webhook requests!
+email:
+- d.buch@modcloth.com
+executables:
+- rack-auth-travis-envify
+- rack-auth-travis-hash
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .rubocop.yml
+- .ruby-version
+- .simplecov
+- .travis.yml
+- Gemfile
+- Guardfile
+- LICENSE.md
+- README.md
+- Rakefile
+- bin/rack-auth-travis-envify
+- bin/rack-auth-travis-hash
+- example/Gemfile
+- example/Rakefile
+- example/config.ru
+- example/echoplex.rb
+- example/public/.gitkeep
+- example/views/index.erb
+- example/views/layout.erb
+- example/views/result.erb
+- lib/rack-auth-travis.rb
+- lib/rack/auth/travis.rb
+- rack-auth-travis.gemspec
+- spec/lib/rack/auth/travis_spec.rb
+- spec/spec_helper.rb
+- spec/support.rb
+homepage: https://github.com/modcloth-labs/rack-auth-travis
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Rack auth for Travis CI webhook requests!
+test_files:
+- spec/lib/rack/auth/travis_spec.rb
+- spec/spec_helper.rb
+- spec/support.rb