rack-authenticate 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -14,7 +14,10 @@ module Rack
|
|
14
14
|
@app.call(env)
|
15
15
|
end
|
16
16
|
|
17
|
-
|
17
|
+
if env.has_key?('HTTP_ORIGIN')
|
18
|
+
headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN']
|
19
|
+
headers['Access-Control-Allow-Credentials'] = 'true'
|
20
|
+
end
|
18
21
|
|
19
22
|
[status, headers, body]
|
20
23
|
end
|
@@ -10,11 +10,9 @@ module Rack
|
|
10
10
|
self.timestamp_minute_tolerance ||= 30
|
11
11
|
self.hmac_secret_key { |access_id| }
|
12
12
|
self.basic_auth_validation { |u, p| false }
|
13
|
-
self.support_cross_origin_resource_sharing = false
|
14
13
|
end
|
15
14
|
|
16
15
|
attr_accessor :timestamp_minute_tolerance
|
17
|
-
attr_writer :support_cross_origin_resource_sharing
|
18
16
|
attr_reader :basic_auth_validation_block
|
19
17
|
|
20
18
|
def hmac_secret_key(&block)
|
@@ -28,10 +26,6 @@ module Rack
|
|
28
26
|
def basic_auth_validation(&block)
|
29
27
|
@basic_auth_validation_block = block
|
30
28
|
end
|
31
|
-
|
32
|
-
def support_cross_origin_resource_sharing?
|
33
|
-
@support_cross_origin_resource_sharing
|
34
|
-
end
|
35
29
|
end
|
36
30
|
|
37
31
|
class Auth < ::Rack::Auth::AbstractRequest
|
@@ -127,30 +121,13 @@ module Rack
|
|
127
121
|
def initialize(app)
|
128
122
|
@configuration = Configuration.new
|
129
123
|
yield @configuration
|
130
|
-
|
131
|
-
@middleware_stack = lambda do |env|
|
132
|
-
auth = Auth.new(env, @configuration)
|
133
|
-
_call(env, auth)
|
134
|
-
end
|
135
|
-
|
136
|
-
if @configuration.support_cross_origin_resource_sharing?
|
137
|
-
require 'rack/authenticate/cors_middleware'
|
138
|
-
@middleware_stack = ::Rack::Authenticate::CORSMiddleware.new(@middleware_stack)
|
139
|
-
end
|
140
|
-
|
141
124
|
super(app, &@configuration.basic_auth_validation_block)
|
142
125
|
end
|
143
126
|
|
144
|
-
alias basic_auth_call call
|
145
127
|
def call(env)
|
146
|
-
|
147
|
-
end
|
148
|
-
|
149
|
-
private
|
150
|
-
|
151
|
-
def _call(env, auth)
|
128
|
+
auth = Auth.new(env, @configuration)
|
152
129
|
return unauthorized unless auth.provided?
|
153
|
-
return
|
130
|
+
return super(env) if auth.basic?
|
154
131
|
return bad_request unless auth.hmac?
|
155
132
|
return bad_request unless auth.has_all_required_parts?
|
156
133
|
return unauthorized unless auth.valid?
|
@@ -59,10 +59,21 @@ module Rack
|
|
59
59
|
last_response.headers.should include('Access-Control-Allow-Origin' => origin)
|
60
60
|
end
|
61
61
|
|
62
|
+
it 'appends the Access-Control-Allow-Credentials header to every response to a request with an Origin header' do
|
63
|
+
header 'Origin', origin
|
64
|
+
get '/'
|
65
|
+
last_response.headers.should include('Access-Control-Allow-Credentials' => 'true')
|
66
|
+
end
|
67
|
+
|
62
68
|
it 'does not append a Access-Control-Allow-Origin header to a request without an Origin header' do
|
63
69
|
get '/'
|
64
70
|
last_response.headers.keys.should_not include('Access-Control-Allow-Origin')
|
65
71
|
end
|
72
|
+
|
73
|
+
it 'does not append a Access-Control-Allow-Credentials header to a request without an Origin header' do
|
74
|
+
get '/'
|
75
|
+
last_response.headers.keys.should_not include('Access-Control-Allow-Credentials')
|
76
|
+
end
|
66
77
|
end
|
67
78
|
end
|
68
79
|
end
|
@@ -359,43 +359,6 @@ module Rack
|
|
359
359
|
post '/foo', "some content"
|
360
360
|
last_response.status.should eq(200)
|
361
361
|
end
|
362
|
-
|
363
|
-
context 'when cross origin resource sharing is supported' do
|
364
|
-
before { configure { |c| c.support_cross_origin_resource_sharing = true } }
|
365
|
-
let(:headers) { 'X-Authorization-Date, Content-MD5, Authorization, Content-Type' }
|
366
|
-
let(:origin) { 'http://foo.example.com' }
|
367
|
-
|
368
|
-
let(:expected_response_headers) do {
|
369
|
-
'Content-Type' => 'text/plain',
|
370
|
-
'Access-Control-Allow-Origin' => origin,
|
371
|
-
'Access-Control-Allow-Methods' => 'PUT',
|
372
|
-
'Access-Control-Allow-Credentials' => 'true',
|
373
|
-
'Access-Control-Max-Age' => CORSMiddleware::ACCESS_CONTROL_MAX_AGE.to_s
|
374
|
-
} end
|
375
|
-
|
376
|
-
it 'responds to a CORS OPTIONS request with all of the correct headers' do
|
377
|
-
header 'Origin', origin
|
378
|
-
header 'Access-Control-Request-Method', 'PUT'
|
379
|
-
options '/'
|
380
|
-
|
381
|
-
last_response.status.should eq(200)
|
382
|
-
last_response.headers.should include(expected_response_headers)
|
383
|
-
last_response.headers.should_not have_key('Access-Control-Allow-Headers')
|
384
|
-
end
|
385
|
-
end
|
386
|
-
|
387
|
-
context 'when cross origin resource sharing is not supported' do
|
388
|
-
before { configure { |c| c.support_cross_origin_resource_sharing = false } }
|
389
|
-
|
390
|
-
it 'does not respond to a CORS OPTIONS request' do
|
391
|
-
header 'Origin', 'http://foo.example.com'
|
392
|
-
header 'Access-Control-Request-Method', 'PUT'
|
393
|
-
options '/'
|
394
|
-
|
395
|
-
last_response.status.should eq(401)
|
396
|
-
last_response.headers.keys.select { |k| k.include?('Access-Control') }.should eq([])
|
397
|
-
end
|
398
|
-
end
|
399
362
|
end
|
400
363
|
end
|
401
364
|
end
|
metadata
CHANGED
@@ -1,79 +1,115 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-authenticate
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 11
|
5
5
|
prerelease:
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 5
|
9
|
+
- 0
|
10
|
+
version: 0.5.0
|
6
11
|
platform: ruby
|
7
|
-
authors:
|
12
|
+
authors:
|
8
13
|
- Myron Marston
|
9
14
|
autorequire:
|
10
15
|
bindir: bin
|
11
16
|
cert_chain: []
|
12
|
-
|
13
|
-
|
14
|
-
|
17
|
+
|
18
|
+
date: 2012-02-27 00:00:00 Z
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
15
21
|
name: ruby-hmac
|
16
|
-
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
17
24
|
none: false
|
18
|
-
requirements:
|
25
|
+
requirements:
|
19
26
|
- - ~>
|
20
|
-
- !ruby/object:Gem::Version
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
hash: 15
|
29
|
+
segments:
|
30
|
+
- 0
|
31
|
+
- 4
|
32
|
+
- 0
|
21
33
|
version: 0.4.0
|
22
34
|
type: :runtime
|
23
|
-
|
24
|
-
|
25
|
-
- !ruby/object:Gem::Dependency
|
35
|
+
version_requirements: *id001
|
36
|
+
- !ruby/object:Gem::Dependency
|
26
37
|
name: rspec
|
27
|
-
|
38
|
+
prerelease: false
|
39
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
28
40
|
none: false
|
29
|
-
requirements:
|
41
|
+
requirements:
|
30
42
|
- - ~>
|
31
|
-
- !ruby/object:Gem::Version
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
hash: 15424215
|
45
|
+
segments:
|
46
|
+
- 2
|
47
|
+
- 8
|
48
|
+
- 0
|
49
|
+
- rc
|
50
|
+
- 1
|
32
51
|
version: 2.8.0.rc1
|
33
52
|
type: :development
|
34
|
-
|
35
|
-
|
36
|
-
- !ruby/object:Gem::Dependency
|
53
|
+
version_requirements: *id002
|
54
|
+
- !ruby/object:Gem::Dependency
|
37
55
|
name: rack-test
|
38
|
-
|
56
|
+
prerelease: false
|
57
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
39
58
|
none: false
|
40
|
-
requirements:
|
59
|
+
requirements:
|
41
60
|
- - ~>
|
42
|
-
- !ruby/object:Gem::Version
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
hash: 5
|
63
|
+
segments:
|
64
|
+
- 0
|
65
|
+
- 6
|
66
|
+
- 1
|
43
67
|
version: 0.6.1
|
44
68
|
type: :development
|
45
|
-
|
46
|
-
|
47
|
-
- !ruby/object:Gem::Dependency
|
69
|
+
version_requirements: *id003
|
70
|
+
- !ruby/object:Gem::Dependency
|
48
71
|
name: timecop
|
49
|
-
|
72
|
+
prerelease: false
|
73
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
50
74
|
none: false
|
51
|
-
requirements:
|
75
|
+
requirements:
|
52
76
|
- - ~>
|
53
|
-
- !ruby/object:Gem::Version
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
hash: 25
|
79
|
+
segments:
|
80
|
+
- 0
|
81
|
+
- 3
|
82
|
+
- 5
|
54
83
|
version: 0.3.5
|
55
84
|
type: :development
|
56
|
-
|
57
|
-
|
58
|
-
- !ruby/object:Gem::Dependency
|
85
|
+
version_requirements: *id004
|
86
|
+
- !ruby/object:Gem::Dependency
|
59
87
|
name: rake
|
60
|
-
|
88
|
+
prerelease: false
|
89
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
61
90
|
none: false
|
62
|
-
requirements:
|
91
|
+
requirements:
|
63
92
|
- - ~>
|
64
|
-
- !ruby/object:Gem::Version
|
93
|
+
- !ruby/object:Gem::Version
|
94
|
+
hash: 11
|
95
|
+
segments:
|
96
|
+
- 0
|
97
|
+
- 9
|
98
|
+
- 2
|
99
|
+
- 2
|
65
100
|
version: 0.9.2.2
|
66
101
|
type: :development
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
or via signed HMAC.
|
71
|
-
email:
|
102
|
+
version_requirements: *id005
|
103
|
+
description: A rack middleware that authenticates requests either using basic auth or via signed HMAC.
|
104
|
+
email:
|
72
105
|
- myron.marston@gmail.com
|
73
106
|
executables: []
|
107
|
+
|
74
108
|
extensions: []
|
109
|
+
|
75
110
|
extra_rdoc_files: []
|
76
|
-
|
111
|
+
|
112
|
+
files:
|
77
113
|
- .gitignore
|
78
114
|
- .rspec
|
79
115
|
- .rvmrc
|
@@ -99,38 +135,40 @@ files:
|
|
99
135
|
- spec/rack/authenticate/cors_middleware_spec.rb
|
100
136
|
- spec/rack/authenticate/middleware_spec.rb
|
101
137
|
- spec/rack/authenticate_spec.rb
|
102
|
-
homepage:
|
138
|
+
homepage: ""
|
103
139
|
licenses: []
|
140
|
+
|
104
141
|
post_install_message:
|
105
142
|
rdoc_options: []
|
106
|
-
|
143
|
+
|
144
|
+
require_paths:
|
107
145
|
- lib
|
108
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
146
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
109
147
|
none: false
|
110
|
-
requirements:
|
111
|
-
- -
|
112
|
-
- !ruby/object:Gem::Version
|
113
|
-
|
114
|
-
segments:
|
148
|
+
requirements:
|
149
|
+
- - ">="
|
150
|
+
- !ruby/object:Gem::Version
|
151
|
+
hash: 3
|
152
|
+
segments:
|
115
153
|
- 0
|
116
|
-
|
117
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
154
|
+
version: "0"
|
155
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
156
|
none: false
|
119
|
-
requirements:
|
120
|
-
- -
|
121
|
-
- !ruby/object:Gem::Version
|
122
|
-
|
123
|
-
segments:
|
157
|
+
requirements:
|
158
|
+
- - ">="
|
159
|
+
- !ruby/object:Gem::Version
|
160
|
+
hash: 3
|
161
|
+
segments:
|
124
162
|
- 0
|
125
|
-
|
163
|
+
version: "0"
|
126
164
|
requirements: []
|
165
|
+
|
127
166
|
rubyforge_project: rack-authenticate
|
128
167
|
rubygems_version: 1.8.6
|
129
168
|
signing_key:
|
130
169
|
specification_version: 3
|
131
|
-
summary: A rack middleware that authenticates requests either using basic auth or
|
132
|
-
|
133
|
-
test_files:
|
170
|
+
summary: A rack middleware that authenticates requests either using basic auth or via signed HMAC.
|
171
|
+
test_files:
|
134
172
|
- spec/rack/authenticate/client_spec.rb
|
135
173
|
- spec/rack/authenticate/cors_middleware_spec.rb
|
136
174
|
- spec/rack/authenticate/middleware_spec.rb
|