rack-authenticate 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/lib/rack/authenticate/cors_middleware.rb +4 -1
  2. data/lib/rack/authenticate/middleware.rb +2 -25
  3. data/lib/rack/authenticate/version.rb +1 -1
  4. data/spec/rack/authenticate/cors_middleware_spec.rb +11 -0
  5. data/spec/rack/authenticate/middleware_spec.rb +0 -37
  6. metadata +97 -59
data/lib/rack/authenticate/cors_middleware.rb CHANGED
@@ -14,7 +14,10 @@ module Rack
14
14
  @app.call(env)
15
15
  end
16
16
 
17
- headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN'] if env.has_key?('HTTP_ORIGIN')
17
+ if env.has_key?('HTTP_ORIGIN')
18
+ headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN']
19
+ headers['Access-Control-Allow-Credentials'] = 'true'
20
+ end
18
21
 
19
22
  [status, headers, body]
20
23
  end
data/lib/rack/authenticate/middleware.rb CHANGED
@@ -10,11 +10,9 @@ module Rack
10
10
  self.timestamp_minute_tolerance ||= 30
11
11
  self.hmac_secret_key { |access_id| }
12
12
  self.basic_auth_validation { |u, p| false }
13
- self.support_cross_origin_resource_sharing = false
14
13
  end
15
14
 
16
15
  attr_accessor :timestamp_minute_tolerance
17
- attr_writer :support_cross_origin_resource_sharing
18
16
  attr_reader :basic_auth_validation_block
19
17
 
20
18
  def hmac_secret_key(&block)
@@ -28,10 +26,6 @@ module Rack
28
26
  def basic_auth_validation(&block)
29
27
  @basic_auth_validation_block = block
30
28
  end
31
-
32
- def support_cross_origin_resource_sharing?
33
- @support_cross_origin_resource_sharing
34
- end
35
29
  end
36
30
 
37
31
  class Auth < ::Rack::Auth::AbstractRequest
@@ -127,30 +121,13 @@ module Rack
127
121
  def initialize(app)
128
122
  @configuration = Configuration.new
129
123
  yield @configuration
130
-
131
- @middleware_stack = lambda do |env|
132
- auth = Auth.new(env, @configuration)
133
- _call(env, auth)
134
- end
135
-
136
- if @configuration.support_cross_origin_resource_sharing?
137
- require 'rack/authenticate/cors_middleware'
138
- @middleware_stack = ::Rack::Authenticate::CORSMiddleware.new(@middleware_stack)
139
- end
140
-
141
124
  super(app, &@configuration.basic_auth_validation_block)
142
125
  end
143
126
 
144
- alias basic_auth_call call
145
127
  def call(env)
146
- @middleware_stack.call(env)
147
- end
148
-
149
- private
150
-
151
- def _call(env, auth)
128
+ auth = Auth.new(env, @configuration)
152
129
  return unauthorized unless auth.provided?
153
- return basic_auth_call(env) if auth.basic?
130
+ return super(env) if auth.basic?
154
131
  return bad_request unless auth.hmac?
155
132
  return bad_request unless auth.has_all_required_parts?
156
133
  return unauthorized unless auth.valid?
data/lib/rack/authenticate/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Authenticate
3
- VERSION = "0.4.0"
3
+ VERSION = "0.5.0"
4
4
  end
5
5
  end
data/spec/rack/authenticate/cors_middleware_spec.rb CHANGED
@@ -59,10 +59,21 @@ module Rack
59
59
  last_response.headers.should include('Access-Control-Allow-Origin' => origin)
60
60
  end
61
61
 
62
+ it 'appends the Access-Control-Allow-Credentials header to every response to a request with an Origin header' do
63
+ header 'Origin', origin
64
+ get '/'
65
+ last_response.headers.should include('Access-Control-Allow-Credentials' => 'true')
66
+ end
67
+
62
68
  it 'does not append a Access-Control-Allow-Origin header to a request without an Origin header' do
63
69
  get '/'
64
70
  last_response.headers.keys.should_not include('Access-Control-Allow-Origin')
65
71
  end
72
+
73
+ it 'does not append a Access-Control-Allow-Credentials header to a request without an Origin header' do
74
+ get '/'
75
+ last_response.headers.keys.should_not include('Access-Control-Allow-Credentials')
76
+ end
66
77
  end
67
78
  end
68
79
  end
data/spec/rack/authenticate/middleware_spec.rb CHANGED
@@ -359,43 +359,6 @@ module Rack
359
359
  post '/foo', "some content"
360
360
  last_response.status.should eq(200)
361
361
  end
362
-
363
- context 'when cross origin resource sharing is supported' do
364
- before { configure { |c| c.support_cross_origin_resource_sharing = true } }
365
- let(:headers) { 'X-Authorization-Date, Content-MD5, Authorization, Content-Type' }
366
- let(:origin) { 'http://foo.example.com' }
367
-
368
- let(:expected_response_headers) do {
369
- 'Content-Type' => 'text/plain',
370
- 'Access-Control-Allow-Origin' => origin,
371
- 'Access-Control-Allow-Methods' => 'PUT',
372
- 'Access-Control-Allow-Credentials' => 'true',
373
- 'Access-Control-Max-Age' => CORSMiddleware::ACCESS_CONTROL_MAX_AGE.to_s
374
- } end
375
-
376
- it 'responds to a CORS OPTIONS request with all of the correct headers' do
377
- header 'Origin', origin
378
- header 'Access-Control-Request-Method', 'PUT'
379
- options '/'
380
-
381
- last_response.status.should eq(200)
382
- last_response.headers.should include(expected_response_headers)
383
- last_response.headers.should_not have_key('Access-Control-Allow-Headers')
384
- end
385
- end
386
-
387
- context 'when cross origin resource sharing is not supported' do
388
- before { configure { |c| c.support_cross_origin_resource_sharing = false } }
389
-
390
- it 'does not respond to a CORS OPTIONS request' do
391
- header 'Origin', 'http://foo.example.com'
392
- header 'Access-Control-Request-Method', 'PUT'
393
- options '/'
394
-
395
- last_response.status.should eq(401)
396
- last_response.headers.keys.select { |k| k.include?('Access-Control') }.should eq([])
397
- end
398
- end
399
362
  end
400
363
  end
401
364
  end
metadata CHANGED
@@ -1,79 +1,115 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack-authenticate
3
- version: !ruby/object:Gem::Version
4
- version: 0.4.0
3
+ version: !ruby/object:Gem::Version
4
+ hash: 11
5
5
  prerelease:
6
+ segments:
7
+ - 0
8
+ - 5
9
+ - 0
10
+ version: 0.5.0
6
11
  platform: ruby
7
- authors:
12
+ authors:
8
13
  - Myron Marston
9
14
  autorequire:
10
15
  bindir: bin
11
16
  cert_chain: []
12
- date: 2012-02-14 00:00:00.000000000Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
17
+
18
+ date: 2012-02-27 00:00:00 Z
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
15
21
  name: ruby-hmac
16
- requirement: &2152601180 !ruby/object:Gem::Requirement
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
17
24
  none: false
18
- requirements:
25
+ requirements:
19
26
  - - ~>
20
- - !ruby/object:Gem::Version
27
+ - !ruby/object:Gem::Version
28
+ hash: 15
29
+ segments:
30
+ - 0
31
+ - 4
32
+ - 0
21
33
  version: 0.4.0
22
34
  type: :runtime
23
- prerelease: false
24
- version_requirements: *2152601180
25
- - !ruby/object:Gem::Dependency
35
+ version_requirements: *id001
36
+ - !ruby/object:Gem::Dependency
26
37
  name: rspec
27
- requirement: &2152600560 !ruby/object:Gem::Requirement
38
+ prerelease: false
39
+ requirement: &id002 !ruby/object:Gem::Requirement
28
40
  none: false
29
- requirements:
41
+ requirements:
30
42
  - - ~>
31
- - !ruby/object:Gem::Version
43
+ - !ruby/object:Gem::Version
44
+ hash: 15424215
45
+ segments:
46
+ - 2
47
+ - 8
48
+ - 0
49
+ - rc
50
+ - 1
32
51
  version: 2.8.0.rc1
33
52
  type: :development
34
- prerelease: false
35
- version_requirements: *2152600560
36
- - !ruby/object:Gem::Dependency
53
+ version_requirements: *id002
54
+ - !ruby/object:Gem::Dependency
37
55
  name: rack-test
38
- requirement: &2152599640 !ruby/object:Gem::Requirement
56
+ prerelease: false
57
+ requirement: &id003 !ruby/object:Gem::Requirement
39
58
  none: false
40
- requirements:
59
+ requirements:
41
60
  - - ~>
42
- - !ruby/object:Gem::Version
61
+ - !ruby/object:Gem::Version
62
+ hash: 5
63
+ segments:
64
+ - 0
65
+ - 6
66
+ - 1
43
67
  version: 0.6.1
44
68
  type: :development
45
- prerelease: false
46
- version_requirements: *2152599640
47
- - !ruby/object:Gem::Dependency
69
+ version_requirements: *id003
70
+ - !ruby/object:Gem::Dependency
48
71
  name: timecop
49
- requirement: &2152588140 !ruby/object:Gem::Requirement
72
+ prerelease: false
73
+ requirement: &id004 !ruby/object:Gem::Requirement
50
74
  none: false
51
- requirements:
75
+ requirements:
52
76
  - - ~>
53
- - !ruby/object:Gem::Version
77
+ - !ruby/object:Gem::Version
78
+ hash: 25
79
+ segments:
80
+ - 0
81
+ - 3
82
+ - 5
54
83
  version: 0.3.5
55
84
  type: :development
56
- prerelease: false
57
- version_requirements: *2152588140
58
- - !ruby/object:Gem::Dependency
85
+ version_requirements: *id004
86
+ - !ruby/object:Gem::Dependency
59
87
  name: rake
60
- requirement: &2152586640 !ruby/object:Gem::Requirement
88
+ prerelease: false
89
+ requirement: &id005 !ruby/object:Gem::Requirement
61
90
  none: false
62
- requirements:
91
+ requirements:
63
92
  - - ~>
64
- - !ruby/object:Gem::Version
93
+ - !ruby/object:Gem::Version
94
+ hash: 11
95
+ segments:
96
+ - 0
97
+ - 9
98
+ - 2
99
+ - 2
65
100
  version: 0.9.2.2
66
101
  type: :development
67
- prerelease: false
68
- version_requirements: *2152586640
69
- description: A rack middleware that authenticates requests either using basic auth
70
- or via signed HMAC.
71
- email:
102
+ version_requirements: *id005
103
+ description: A rack middleware that authenticates requests either using basic auth or via signed HMAC.
104
+ email:
72
105
  - myron.marston@gmail.com
73
106
  executables: []
107
+
74
108
  extensions: []
109
+
75
110
  extra_rdoc_files: []
76
- files:
111
+
112
+ files:
77
113
  - .gitignore
78
114
  - .rspec
79
115
  - .rvmrc
@@ -99,38 +135,40 @@ files:
99
135
  - spec/rack/authenticate/cors_middleware_spec.rb
100
136
  - spec/rack/authenticate/middleware_spec.rb
101
137
  - spec/rack/authenticate_spec.rb
102
- homepage: ''
138
+ homepage: ""
103
139
  licenses: []
140
+
104
141
  post_install_message:
105
142
  rdoc_options: []
106
- require_paths:
143
+
144
+ require_paths:
107
145
  - lib
108
- required_ruby_version: !ruby/object:Gem::Requirement
146
+ required_ruby_version: !ruby/object:Gem::Requirement
109
147
  none: false
110
- requirements:
111
- - - ! '>='
112
- - !ruby/object:Gem::Version
113
- version: '0'
114
- segments:
148
+ requirements:
149
+ - - ">="
150
+ - !ruby/object:Gem::Version
151
+ hash: 3
152
+ segments:
115
153
  - 0
116
- hash: -359603919774236080
117
- required_rubygems_version: !ruby/object:Gem::Requirement
154
+ version: "0"
155
+ required_rubygems_version: !ruby/object:Gem::Requirement
118
156
  none: false
119
- requirements:
120
- - - ! '>='
121
- - !ruby/object:Gem::Version
122
- version: '0'
123
- segments:
157
+ requirements:
158
+ - - ">="
159
+ - !ruby/object:Gem::Version
160
+ hash: 3
161
+ segments:
124
162
  - 0
125
- hash: -359603919774236080
163
+ version: "0"
126
164
  requirements: []
165
+
127
166
  rubyforge_project: rack-authenticate
128
167
  rubygems_version: 1.8.6
129
168
  signing_key:
130
169
  specification_version: 3
131
- summary: A rack middleware that authenticates requests either using basic auth or
132
- via signed HMAC.
133
- test_files:
170
+ summary: A rack middleware that authenticates requests either using basic auth or via signed HMAC.
171
+ test_files:
134
172
  - spec/rack/authenticate/client_spec.rb
135
173
  - spec/rack/authenticate/cors_middleware_spec.rb
136
174
  - spec/rack/authenticate/middleware_spec.rb