rack-authenticate 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/lib/rack/authenticate/cors_middleware.rb +4 -1
  2. data/lib/rack/authenticate/middleware.rb +2 -25
  3. data/lib/rack/authenticate/version.rb +1 -1
  4. data/spec/rack/authenticate/cors_middleware_spec.rb +11 -0
  5. data/spec/rack/authenticate/middleware_spec.rb +0 -37
  6. metadata +97 -59
data/lib/rack/authenticate/cors_middleware.rb CHANGED
@@ -14,7 +14,10 @@ module Rack
14
14
  @app.call(env)
15
15
  end
16
16
 
17
- headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN'] if env.has_key?('HTTP_ORIGIN')
17
+ if env.has_key?('HTTP_ORIGIN')
18
+ headers['Access-Control-Allow-Origin'] = env['HTTP_ORIGIN']
19
+ headers['Access-Control-Allow-Credentials'] = 'true'
20
+ end
18
21
 
19
22
  [status, headers, body]
20
23
  end
data/lib/rack/authenticate/middleware.rb CHANGED
@@ -10,11 +10,9 @@ module Rack
10
10
  self.timestamp_minute_tolerance ||= 30
11
11
  self.hmac_secret_key { |access_id| }
12
12
  self.basic_auth_validation { |u, p| false }
13
- self.support_cross_origin_resource_sharing = false
14
13
  end
15
14
 
16
15
  attr_accessor :timestamp_minute_tolerance
17
- attr_writer :support_cross_origin_resource_sharing
18
16
  attr_reader :basic_auth_validation_block
19
17
 
20
18
  def hmac_secret_key(&block)
@@ -28,10 +26,6 @@ module Rack
28
26
  def basic_auth_validation(&block)
29
27
  @basic_auth_validation_block = block
30
28
  end
31
-
32
- def support_cross_origin_resource_sharing?
33
- @support_cross_origin_resource_sharing
34
- end
35
29
  end
36
30
 
37
31
  class Auth < ::Rack::Auth::AbstractRequest
@@ -127,30 +121,13 @@ module Rack
127
121
  def initialize(app)
128
122
  @configuration = Configuration.new
129
123
  yield @configuration
130
-
131
- @middleware_stack = lambda do |env|
132
- auth = Auth.new(env, @configuration)
133
- _call(env, auth)
134
- end
135
-
136
- if @configuration.support_cross_origin_resource_sharing?
137
- require 'rack/authenticate/cors_middleware'
138
- @middleware_stack = ::Rack::Authenticate::CORSMiddleware.new(@middleware_stack)
139
- end
140
-
141
124
  super(app, &@configuration.basic_auth_validation_block)
142
125
  end
143
126
 
144
- alias basic_auth_call call
145
127
  def call(env)
146
- @middleware_stack.call(env)
147
- end
148
-
149
- private
150
-
151
- def _call(env, auth)
128
+ auth = Auth.new(env, @configuration)
152
129
  return unauthorized unless auth.provided?
153
- return basic_auth_call(env) if auth.basic?
130
+ return super(env) if auth.basic?
154
131
  return bad_request unless auth.hmac?
155
132
  return bad_request unless auth.has_all_required_parts?
156
133
  return unauthorized unless auth.valid?
data/lib/rack/authenticate/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Authenticate
3
- VERSION = "0.4.0"
3
+ VERSION = "0.5.0"
4
4
  end
5
5
  end
data/spec/rack/authenticate/cors_middleware_spec.rb CHANGED
@@ -59,10 +59,21 @@ module Rack
59
59
  last_response.headers.should include('Access-Control-Allow-Origin' => origin)
60
60
  end
61
61
 
62
+ it 'appends the Access-Control-Allow-Credentials header to every response to a request with an Origin header' do
63
+ header 'Origin', origin
64
+ get '/'
65
+ last_response.headers.should include('Access-Control-Allow-Credentials' => 'true')
66
+ end
67
+
62
68
  it 'does not append a Access-Control-Allow-Origin header to a request without an Origin header' do
63
69
  get '/'
64
70
  last_response.headers.keys.should_not include('Access-Control-Allow-Origin')
65
71
  end
72
+
73
+ it 'does not append a Access-Control-Allow-Credentials header to a request without an Origin header' do
74
+ get '/'
75
+ last_response.headers.keys.should_not include('Access-Control-Allow-Credentials')
76
+ end
66
77
  end
67
78
  end
68
79
  end
data/spec/rack/authenticate/middleware_spec.rb CHANGED
@@ -359,43 +359,6 @@ module Rack
359
359
  post '/foo', "some content"
360
360
  last_response.status.should eq(200)
361
361
  end
362
-
363
- context 'when cross origin resource sharing is supported' do
364
- before { configure { |c| c.support_cross_origin_resource_sharing = true } }
365
- let(:headers) { 'X-Authorization-Date, Content-MD5, Authorization, Content-Type' }
366
- let(:origin) { 'http://foo.example.com' }
367
-
368
- let(:expected_response_headers) do {
369
- 'Content-Type' => 'text/plain',
370
- 'Access-Control-Allow-Origin' => origin,
371
- 'Access-Control-Allow-Methods' => 'PUT',
372
- 'Access-Control-Allow-Credentials' => 'true',
373
- 'Access-Control-Max-Age' => CORSMiddleware::ACCESS_CONTROL_MAX_AGE.to_s
374
- } end
375
-
376
- it 'responds to a CORS OPTIONS request with all of the correct headers' do
377
- header 'Origin', origin
378
- header 'Access-Control-Request-Method', 'PUT'
379
- options '/'
380
-
381
- last_response.status.should eq(200)
382
- last_response.headers.should include(expected_response_headers)
383
- last_response.headers.should_not have_key('Access-Control-Allow-Headers')
384
- end
385
- end
386
-
387
- context 'when cross origin resource sharing is not supported' do
388
- before { configure { |c| c.support_cross_origin_resource_sharing = false } }
389
-
390
- it 'does not respond to a CORS OPTIONS request' do
391
- header 'Origin', 'http://foo.example.com'
392
- header 'Access-Control-Request-Method', 'PUT'
393
- options '/'
394
-
395
- last_response.status.should eq(401)
396
- last_response.headers.keys.select { |k| k.include?('Access-Control') }.should eq([])
397
- end
398
- end
399
362
  end
400
363
  end
401
364
  end
metadata CHANGED
@@ -1,79 +1,115 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack-authenticate
3
- version: !ruby/object:Gem::Version
4
- version: 0.4.0
3
+ version: !ruby/object:Gem::Version
4
+ hash: 11
5
5
  prerelease:
6
+ segments:
7
+ - 0
8
+ - 5
9
+ - 0
10
+ version: 0.5.0
6
11
  platform: ruby
7
- authors:
12
+ authors:
8
13
  - Myron Marston
9
14
  autorequire:
10
15
  bindir: bin
11
16
  cert_chain: []
12
- date: 2012-02-14 00:00:00.000000000Z
13
- dependencies:
14
- - !ruby/object:Gem::Dependency
17
+
18
+ date: 2012-02-27 00:00:00 Z
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
15
21
  name: ruby-hmac
16
- requirement: &2152601180 !ruby/object:Gem::Requirement
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
17
24
  none: false
18
- requirements:
25
+ requirements:
19
26
  - - ~>
20
- - !ruby/object:Gem::Version
27
+ - !ruby/object:Gem::Version
28
+ hash: 15
29
+ segments:
30
+ - 0
31
+ - 4
32
+ - 0
21
33
  version: 0.4.0
22
34
  type: :runtime
23
- prerelease: false
24
- version_requirements: *2152601180
25
- - !ruby/object:Gem::Dependency
35
+ version_requirements: *id001
36
+ - !ruby/object:Gem::Dependency
26
37
  name: rspec
27
- requirement: &2152600560 !ruby/object:Gem::Requirement
38
+ prerelease: false
39
+ requirement: &id002 !ruby/object:Gem::Requirement
28
40
  none: false
29
- requirements:
41
+ requirements:
30
42
  - - ~>
31
- - !ruby/object:Gem::Version
43
+ - !ruby/object:Gem::Version
44
+ hash: 15424215
45
+ segments:
46
+ - 2
47
+ - 8
48
+ - 0
49
+ - rc
50
+ - 1
32
51
  version: 2.8.0.rc1
33
52
  type: :development
34
- prerelease: false
35
- version_requirements: *2152600560
36
- - !ruby/object:Gem::Dependency
53
+ version_requirements: *id002
54
+ - !ruby/object:Gem::Dependency
37
55
  name: rack-test
38
- requirement: &2152599640 !ruby/object:Gem::Requirement
56
+ prerelease: false
57
+ requirement: &id003 !ruby/object:Gem::Requirement
39
58
  none: false
40
- requirements:
59
+ requirements:
41
60
  - - ~>
42
- - !ruby/object:Gem::Version
61
+ - !ruby/object:Gem::Version
62
+ hash: 5
63
+ segments:
64
+ - 0
65
+ - 6
66
+ - 1
43
67
  version: 0.6.1
44
68
  type: :development
45
- prerelease: false
46
- version_requirements: *2152599640
47
- - !ruby/object:Gem::Dependency
69
+ version_requirements: *id003
70
+ - !ruby/object:Gem::Dependency
48
71
  name: timecop
49
- requirement: &2152588140 !ruby/object:Gem::Requirement
72
+ prerelease: false
73
+ requirement: &id004 !ruby/object:Gem::Requirement
50
74
  none: false
51
- requirements:
75
+ requirements:
52
76
  - - ~>
53
- - !ruby/object:Gem::Version
77
+ - !ruby/object:Gem::Version
78
+ hash: 25
79
+ segments:
80
+ - 0
81
+ - 3
82
+ - 5
54
83
  version: 0.3.5
55
84
  type: :development
56
- prerelease: false
57
- version_requirements: *2152588140
58
- - !ruby/object:Gem::Dependency
85
+ version_requirements: *id004
86
+ - !ruby/object:Gem::Dependency
59
87
  name: rake
60
- requirement: &2152586640 !ruby/object:Gem::Requirement
88
+ prerelease: false
89
+ requirement: &id005 !ruby/object:Gem::Requirement
61
90
  none: false
62
- requirements:
91
+ requirements:
63
92
  - - ~>
64
- - !ruby/object:Gem::Version
93
+ - !ruby/object:Gem::Version
94
+ hash: 11
95
+ segments:
96
+ - 0
97
+ - 9
98
+ - 2
99
+ - 2
65
100
  version: 0.9.2.2
66
101
  type: :development
67
- prerelease: false
68
- version_requirements: *2152586640
69
- description: A rack middleware that authenticates requests either using basic auth
70
- or via signed HMAC.
71
- email:
102
+ version_requirements: *id005
103
+ description: A rack middleware that authenticates requests either using basic auth or via signed HMAC.
104
+ email:
72
105
  - myron.marston@gmail.com
73
106
  executables: []
107
+
74
108
  extensions: []
109
+
75
110
  extra_rdoc_files: []
76
- files:
111
+
112
+ files:
77
113
  - .gitignore
78
114
  - .rspec
79
115
  - .rvmrc
@@ -99,38 +135,40 @@ files:
99
135
  - spec/rack/authenticate/cors_middleware_spec.rb
100
136
  - spec/rack/authenticate/middleware_spec.rb
101
137
  - spec/rack/authenticate_spec.rb
102
- homepage: ''
138
+ homepage: ""
103
139
  licenses: []
140
+
104
141
  post_install_message:
105
142
  rdoc_options: []
106
- require_paths:
143
+
144
+ require_paths:
107
145
  - lib
108
- required_ruby_version: !ruby/object:Gem::Requirement
146
+ required_ruby_version: !ruby/object:Gem::Requirement
109
147
  none: false
110
- requirements:
111
- - - ! '>='
112
- - !ruby/object:Gem::Version
113
- version: '0'
114
- segments:
148
+ requirements:
149
+ - - ">="
150
+ - !ruby/object:Gem::Version
151
+ hash: 3
152
+ segments:
115
153
  - 0
116
- hash: -359603919774236080
117
- required_rubygems_version: !ruby/object:Gem::Requirement
154
+ version: "0"
155
+ required_rubygems_version: !ruby/object:Gem::Requirement
118
156
  none: false
119
- requirements:
120
- - - ! '>='
121
- - !ruby/object:Gem::Version
122
- version: '0'
123
- segments:
157
+ requirements:
158
+ - - ">="
159
+ - !ruby/object:Gem::Version
160
+ hash: 3
161
+ segments:
124
162
  - 0
125
- hash: -359603919774236080
163
+ version: "0"
126
164
  requirements: []
165
+
127
166
  rubyforge_project: rack-authenticate
128
167
  rubygems_version: 1.8.6
129
168
  signing_key:
130
169
  specification_version: 3
131
- summary: A rack middleware that authenticates requests either using basic auth or
132
- via signed HMAC.
133
- test_files:
170
+ summary: A rack middleware that authenticates requests either using basic auth or via signed HMAC.
171
+ test_files:
134
172
  - spec/rack/authenticate/client_spec.rb
135
173
  - spec/rack/authenticate/cors_middleware_spec.rb
136
174
  - spec/rack/authenticate/middleware_spec.rb