rails-auth 0.4.1 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +6 -0
- data/README.md +96 -49
- data/lib/rails/auth/credentials/injector_middleware.rb +20 -0
- data/lib/rails/auth/rack.rb +3 -1
- data/lib/rails/auth/version.rb +1 -1
- data/spec/rails/auth/credentials/injector_middleware_spec.rb +11 -0
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5b53b6e5c83754e0969eb6316702cb4c86d400ef
|
4
|
+
data.tar.gz: 742a2563345cbfa9e46f76455e751a8401d121e7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f2dc8374a0087e53aa9abb7f9a9525154b1d77af73ff19438d41e344aad213f6a98b835a8013ec454988418833970dff6f5b3c6dbce70a922709347e737be4ee
|
7
|
+
data.tar.gz: 57c08bf49162fef4de03e307fa2895353edfd8709cc3f453ac4def792a19723bd053639a2fb0419672dbc952582b4b08e29be5f15ce5d38ff63b69a73ddd1f1a
|
data/CHANGES.md
CHANGED
data/README.md
CHANGED
@@ -353,55 +353,6 @@ object will be added to the Rack environment under `env["rails-auth.credentials"
|
|
353
353
|
This middleware will never add any certificate to the environment's credentials
|
354
354
|
that hasn't been verified against the configured CA bundle.
|
355
355
|
|
356
|
-
## RSpec integration
|
357
|
-
|
358
|
-
Rails::Auth includes built-in matchers that allow you to write tests for your
|
359
|
-
ACLs to ensure they have the behavior you expect.
|
360
|
-
|
361
|
-
To enable RSpec support, require the following:
|
362
|
-
|
363
|
-
```ruby
|
364
|
-
require "rails/auth/rspec"
|
365
|
-
```
|
366
|
-
|
367
|
-
Below is an example of how to write an ACL spec:
|
368
|
-
|
369
|
-
```ruby
|
370
|
-
RSpec.describe "example_acl.yml", acl_spec: true do
|
371
|
-
let(:example_credentials) { x509_certificate_hash(ou: "ponycopter") }
|
372
|
-
|
373
|
-
subject do
|
374
|
-
Rails::Auth::ACL.from_yaml(
|
375
|
-
File.read("/path/to/example_acl.yml"),
|
376
|
-
matchers: { allow_x509_subject: Rails::Auth::X509::Matcher }
|
377
|
-
)
|
378
|
-
end
|
379
|
-
|
380
|
-
describe "/path/to/resource" do
|
381
|
-
it { is_expected.to permit get_request(credentials: example_credentials) }
|
382
|
-
it { is_expected.not_to permit get_request) }
|
383
|
-
end
|
384
|
-
end
|
385
|
-
```
|
386
|
-
|
387
|
-
The following helper methods are available:
|
388
|
-
|
389
|
-
* `x509_certificate`, `x509_certificate_hash`: create instance doubles of Rails::Auth::X509::Certificate
|
390
|
-
* Request builders: The following methods build requests from the described path:
|
391
|
-
* `get_request`
|
392
|
-
* `head_request`
|
393
|
-
* `put_request`
|
394
|
-
* `post_request`
|
395
|
-
* `delete_request`
|
396
|
-
* `options_request`
|
397
|
-
* `path_request`
|
398
|
-
* `link_request`
|
399
|
-
* `unlink_request`
|
400
|
-
|
401
|
-
The following matchers are available:
|
402
|
-
|
403
|
-
* `allow_request`: allows a request with the given Rack environment, and optional credentials
|
404
|
-
|
405
356
|
### Error Page Middleware
|
406
357
|
|
407
358
|
When an authorization error occurs, the `Rails::Auth::NotAuthorizedError`
|
@@ -475,6 +426,102 @@ error_page = Rails::Auth::ErrorPage::Middleware.new(
|
|
475
426
|
run error_page
|
476
427
|
```
|
477
428
|
|
429
|
+
## Testing Support
|
430
|
+
|
431
|
+
### RSpec integration
|
432
|
+
|
433
|
+
Rails::Auth includes built-in matchers that allow you to write tests for your
|
434
|
+
ACLs to ensure they have the behavior you expect.
|
435
|
+
|
436
|
+
To enable RSpec support, require the following:
|
437
|
+
|
438
|
+
```ruby
|
439
|
+
require "rails/auth/rspec"
|
440
|
+
```
|
441
|
+
|
442
|
+
Below is an example of how to write an ACL spec:
|
443
|
+
|
444
|
+
```ruby
|
445
|
+
RSpec.describe "example_acl.yml", acl_spec: true do
|
446
|
+
let(:example_credentials) { x509_certificate_hash(ou: "ponycopter") }
|
447
|
+
|
448
|
+
subject do
|
449
|
+
Rails::Auth::ACL.from_yaml(
|
450
|
+
File.read("/path/to/example_acl.yml"),
|
451
|
+
matchers: { allow_x509_subject: Rails::Auth::X509::Matcher }
|
452
|
+
)
|
453
|
+
end
|
454
|
+
|
455
|
+
describe "/path/to/resource" do
|
456
|
+
it { is_expected.to permit get_request(credentials: example_credentials) }
|
457
|
+
it { is_expected.not_to permit get_request) }
|
458
|
+
end
|
459
|
+
end
|
460
|
+
```
|
461
|
+
|
462
|
+
The following helper methods are available:
|
463
|
+
|
464
|
+
* `x509_certificate`, `x509_certificate_hash`: create instance doubles of Rails::Auth::X509::Certificate
|
465
|
+
* Request builders: The following methods build requests from the described path:
|
466
|
+
* `get_request`
|
467
|
+
* `head_request`
|
468
|
+
* `put_request`
|
469
|
+
* `post_request`
|
470
|
+
* `delete_request`
|
471
|
+
* `options_request`
|
472
|
+
* `path_request`
|
473
|
+
* `link_request`
|
474
|
+
* `unlink_request`
|
475
|
+
|
476
|
+
The following matchers are available:
|
477
|
+
|
478
|
+
* `allow_request`: allows a request with the given Rack environment, and optional credentials
|
479
|
+
|
480
|
+
### Credential Injector Middleware
|
481
|
+
|
482
|
+
`Rails::Auth::Credentials::InjectorMiddleware` allows you to arbitrarily override
|
483
|
+
the credentials in the Rack environment. This is useful for development and testing
|
484
|
+
purposes when you'd like to simulate certain credentials being in place without
|
485
|
+
e.g. actually configuring unique X.509 certificates for each scenario.
|
486
|
+
|
487
|
+
Below is an example of how you might configure Rails' `config/environments/development.rb`
|
488
|
+
and `config/environments/test.rb` files to use the middleware:
|
489
|
+
|
490
|
+
#### config/environments/development.rb example
|
491
|
+
|
492
|
+
```ruby
|
493
|
+
Rails.application.configure do
|
494
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
495
|
+
[...]
|
496
|
+
|
497
|
+
# Simulate being "joeadmin" when used in development
|
498
|
+
config.middleware.insert_before Rails::Auth::ACL::Middleware,
|
499
|
+
Rails::Auth::Credentials::InjectorMiddleware,
|
500
|
+
"user_token" => MyCredential.new(
|
501
|
+
username: "joeadmin",
|
502
|
+
claims: %w(admins),
|
503
|
+
)
|
504
|
+
end
|
505
|
+
```
|
506
|
+
|
507
|
+
#### config/environments/test.rb example
|
508
|
+
|
509
|
+
```ruby
|
510
|
+
Rails.application.configure do
|
511
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
512
|
+
[...]
|
513
|
+
|
514
|
+
# Support configurable test credentials for simulating various scenarios in tests
|
515
|
+
config.x.test.credentials = {}
|
516
|
+
config.middleware.insert_before Rails::Auth::ACL::Middleware,
|
517
|
+
Rails::Auth::Credentials::InjectorMiddleware,
|
518
|
+
config.x.test.credentials
|
519
|
+
end
|
520
|
+
```
|
521
|
+
|
522
|
+
Now in your tests, you can change `Rails.configuration.x.test.credentials` and it
|
523
|
+
will be injected into the Rack environment.
|
524
|
+
|
478
525
|
## Contributing
|
479
526
|
|
480
527
|
Any contributors to the master *rails-auth* repository must sign the
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Rails
|
2
|
+
module Auth
|
3
|
+
module Credentials
|
4
|
+
# A middleware for injecting an arbitrary credentials hash into the Rack environment
|
5
|
+
# This is intended for development and testing purposes where you would like to
|
6
|
+
# simulate a given X.509 certificate being used in a request or user logged in
|
7
|
+
class InjectorMiddleware
|
8
|
+
def initialize(app, credentials)
|
9
|
+
@app = app
|
10
|
+
@credentials = credentials
|
11
|
+
end
|
12
|
+
|
13
|
+
def call(env)
|
14
|
+
env[Rails::Auth::CREDENTIALS_ENV_KEY] = @credentials
|
15
|
+
@app.call(env)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
data/lib/rails/auth/rack.rb
CHANGED
@@ -6,13 +6,15 @@ require "openssl"
|
|
6
6
|
|
7
7
|
require "rails/auth/version"
|
8
8
|
|
9
|
-
require "rails/auth/credentials"
|
10
9
|
require "rails/auth/exceptions"
|
11
10
|
|
12
11
|
require "rails/auth/acl"
|
13
12
|
require "rails/auth/acl/middleware"
|
14
13
|
require "rails/auth/acl/resource"
|
15
14
|
|
15
|
+
require "rails/auth/credentials"
|
16
|
+
require "rails/auth/credentials/injector_middleware"
|
17
|
+
|
16
18
|
require "rails/auth/error_page/middleware"
|
17
19
|
require "rails/auth/error_page/debug_middleware"
|
18
20
|
|
data/lib/rails/auth/version.rb
CHANGED
@@ -0,0 +1,11 @@
|
|
1
|
+
RSpec.describe Rails::Auth::Credentials::InjectorMiddleware do
|
2
|
+
let(:request) { Rack::MockRequest.env_for("https://www.example.com") }
|
3
|
+
let(:app) { ->(env) { [200, env, "Hello, world!"] } }
|
4
|
+
let(:middleware) { described_class.new(app, credentials) }
|
5
|
+
let(:credentials) { { "foo" => "bar" } }
|
6
|
+
|
7
|
+
it "overrides rails-auth credentials in the rack environment" do
|
8
|
+
_response, env = middleware.call(request)
|
9
|
+
expect(env[Rails::Auth::CREDENTIALS_ENV_KEY]).to eq credentials
|
10
|
+
end
|
11
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tony Arcieri
|
@@ -82,6 +82,7 @@ files:
|
|
82
82
|
- lib/rails/auth/acl/resource.rb
|
83
83
|
- lib/rails/auth/controller_methods.rb
|
84
84
|
- lib/rails/auth/credentials.rb
|
85
|
+
- lib/rails/auth/credentials/injector_middleware.rb
|
85
86
|
- lib/rails/auth/error_page/debug_middleware.rb
|
86
87
|
- lib/rails/auth/error_page/debug_page.html.erb
|
87
88
|
- lib/rails/auth/error_page/middleware.rb
|
@@ -103,6 +104,7 @@ files:
|
|
103
104
|
- spec/rails/auth/acl/resource_spec.rb
|
104
105
|
- spec/rails/auth/acl_spec.rb
|
105
106
|
- spec/rails/auth/controller_methods_spec.rb
|
107
|
+
- spec/rails/auth/credentials/injector_middleware_spec.rb
|
106
108
|
- spec/rails/auth/credentials_spec.rb
|
107
109
|
- spec/rails/auth/error_page/debug_middleware_spec.rb
|
108
110
|
- spec/rails/auth/error_page/middleware_spec.rb
|