rails-auth 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5b48234e95be0db7806d0126d60590261a585409
-  data.tar.gz: 02ae7923ef2a6f12da93fbe0ecea10818c167fb5
+  metadata.gz: 5b53b6e5c83754e0969eb6316702cb4c86d400ef
+  data.tar.gz: 742a2563345cbfa9e46f76455e751a8401d121e7
 SHA512:
-  metadata.gz: ffac862f2da1d9054751ba8bdcd05cc292851ce87bf0fea120eb9ec001003bee782b7740f400ef9e02e0a6dd634ab668a96f347e3313391f1bbdd6e7c3b82a39
-  data.tar.gz: 1a6a4ed4a30071156042b36755ae8db7ae1b8cc749ba5fad792970ab588e9f051be9199a90af78a60ef0abc59f4befb092785d6e8256872e9ea0ae3401f59c07
+  metadata.gz: f2dc8374a0087e53aa9abb7f9a9525154b1d77af73ff19438d41e344aad213f6a98b835a8013ec454988418833970dff6f5b3c6dbce70a922709347e737be4ee
+  data.tar.gz: 57c08bf49162fef4de03e307fa2895353edfd8709cc3f453ac4def792a19723bd053639a2fb0419672dbc952582b4b08e29be5f15ce5d38ff63b69a73ddd1f1a

data/CHANGES.md

@@ -1,3 +1,9 @@
+### 0.5.0 (2016-04-24)
+
+* [#19](https://github.com/square/rails-auth/pull/19)
+  Add Rails::Auth::Credentials::InjectorMiddleware.
+  ([@tarcieri])
+
 ### 0.4.1 (2016-04-23)
 
 * [#17](https://github.com/square/rails-auth/pull/17)

data/README.md

@@ -353,55 +353,6 @@ object will be added to the Rack environment under `env["rails-auth.credentials"
 This middleware will never add any certificate to the environment's credentials
 that hasn't been verified against the configured CA bundle.
 
-## RSpec integration
-
-Rails::Auth includes built-in matchers that allow you to write tests for your
-ACLs to ensure they have the behavior you expect.
-
-To enable RSpec support, require the following:
-
-```ruby
-require "rails/auth/rspec"
-```
-
-Below is an example of how to write an ACL spec:
-
-```ruby
-RSpec.describe "example_acl.yml", acl_spec: true do
-  let(:example_credentials) { x509_certificate_hash(ou: "ponycopter") }
-
-  subject do
-    Rails::Auth::ACL.from_yaml(
-      File.read("/path/to/example_acl.yml"),
-      matchers: { allow_x509_subject: Rails::Auth::X509::Matcher }
-    )
-  end
-
-  describe "/path/to/resource" do
-    it { is_expected.to     permit get_request(credentials: example_credentials) }
-    it { is_expected.not_to permit get_request) }
-  end
-end
-```
-
-The following helper methods are available:
-
-* `x509_certificate`, `x509_certificate_hash`: create instance doubles of Rails::Auth::X509::Certificate
-* Request builders: The following methods build requests from the described path:
-  * `get_request`
-  * `head_request`
-  * `put_request`
-  * `post_request`
-  * `delete_request`
-  * `options_request`
-  * `path_request`
-  * `link_request`
-  * `unlink_request`
-
-The following matchers are available:
-
-* `allow_request`: allows a request with the given Rack environment, and optional credentials
-
 ### Error Page Middleware
 
 When an authorization error occurs, the `Rails::Auth::NotAuthorizedError`
@@ -475,6 +426,102 @@ error_page = Rails::Auth::ErrorPage::Middleware.new(
 run error_page
 ```
 
+## Testing Support
+
+### RSpec integration
+
+Rails::Auth includes built-in matchers that allow you to write tests for your
+ACLs to ensure they have the behavior you expect.
+
+To enable RSpec support, require the following:
+
+```ruby
+require "rails/auth/rspec"
+```
+
+Below is an example of how to write an ACL spec:
+
+```ruby
+RSpec.describe "example_acl.yml", acl_spec: true do
+  let(:example_credentials) { x509_certificate_hash(ou: "ponycopter") }
+
+  subject do
+    Rails::Auth::ACL.from_yaml(
+      File.read("/path/to/example_acl.yml"),
+      matchers: { allow_x509_subject: Rails::Auth::X509::Matcher }
+    )
+  end
+
+  describe "/path/to/resource" do
+    it { is_expected.to     permit get_request(credentials: example_credentials) }
+    it { is_expected.not_to permit get_request) }
+  end
+end
+```
+
+The following helper methods are available:
+
+* `x509_certificate`, `x509_certificate_hash`: create instance doubles of Rails::Auth::X509::Certificate
+* Request builders: The following methods build requests from the described path:
+  * `get_request`
+  * `head_request`
+  * `put_request`
+  * `post_request`
+  * `delete_request`
+  * `options_request`
+  * `path_request`
+  * `link_request`
+  * `unlink_request`
+
+The following matchers are available:
+
+* `allow_request`: allows a request with the given Rack environment, and optional credentials
+
+### Credential Injector Middleware
+
+`Rails::Auth::Credentials::InjectorMiddleware` allows you to arbitrarily override
+the credentials in the Rack environment. This is useful for development and testing
+purposes when you'd like to simulate certain credentials being in place without
+e.g. actually configuring unique X.509 certificates for each scenario.
+
+Below is an example of how you might configure Rails' `config/environments/development.rb`
+and `config/environments/test.rb` files to use the middleware:
+
+#### config/environments/development.rb example
+
+```ruby
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+  [...]
+
+  # Simulate being "joeadmin" when used in development
+  config.middleware.insert_before Rails::Auth::ACL::Middleware,
+    Rails::Auth::Credentials::InjectorMiddleware,
+    "user_token" => MyCredential.new(
+      username:  "joeadmin",
+      claims:    %w(admins),
+    )
+end
+```
+
+#### config/environments/test.rb example
+
+```ruby
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+  [...]
+
+  # Support configurable test credentials for simulating various scenarios in tests
+  config.x.test.credentials = {}
+  config.middleware.insert_before Rails::Auth::ACL::Middleware,
+    Rails::Auth::Credentials::InjectorMiddleware,
+    config.x.test.credentials
+end
+```
+
+Now in your tests, you can change `Rails.configuration.x.test.credentials` and it
+will be injected into the Rack environment.
+
 ## Contributing
 
 Any contributors to the master *rails-auth* repository must sign the

data/lib/rails/auth/credentials/injector_middleware.rb

@@ -0,0 +1,20 @@
+module Rails
+  module Auth
+    module Credentials
+      # A middleware for injecting an arbitrary credentials hash into the Rack environment
+      # This is intended for development and testing purposes where you would like to
+      # simulate a given X.509 certificate being used in a request or user logged in
+      class InjectorMiddleware
+        def initialize(app, credentials)
+          @app = app
+          @credentials = credentials
+        end
+
+        def call(env)
+          env[Rails::Auth::CREDENTIALS_ENV_KEY] = @credentials
+          @app.call(env)
+        end
+      end
+    end
+  end
+end

data/lib/rails/auth/rack.rb

@@ -6,13 +6,15 @@ require "openssl"
 
 require "rails/auth/version"
 
-require "rails/auth/credentials"
 require "rails/auth/exceptions"
 
 require "rails/auth/acl"
 require "rails/auth/acl/middleware"
 require "rails/auth/acl/resource"
 
+require "rails/auth/credentials"
+require "rails/auth/credentials/injector_middleware"
+
 require "rails/auth/error_page/middleware"
 require "rails/auth/error_page/debug_middleware"
 

data/lib/rails/auth/version.rb

@@ -3,6 +3,6 @@
 module Rails
   # Pluggable authentication and authorization for Rack/Rails
   module Auth
-    VERSION = "0.4.1".freeze
+    VERSION = "0.5.0".freeze
   end
 end

data/spec/rails/auth/credentials/injector_middleware_spec.rb

@@ -0,0 +1,11 @@
+RSpec.describe Rails::Auth::Credentials::InjectorMiddleware do
+  let(:request)     { Rack::MockRequest.env_for("https://www.example.com") }
+  let(:app)         { ->(env) { [200, env, "Hello, world!"] } }
+  let(:middleware)  { described_class.new(app, credentials) }
+  let(:credentials) { { "foo" => "bar" } }
+
+  it "overrides rails-auth credentials in the rack environment" do
+    _response, env = middleware.call(request)
+    expect(env[Rails::Auth::CREDENTIALS_ENV_KEY]).to eq credentials
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-auth
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Tony Arcieri
@@ -82,6 +82,7 @@ files:
 - lib/rails/auth/acl/resource.rb
 - lib/rails/auth/controller_methods.rb
 - lib/rails/auth/credentials.rb
+- lib/rails/auth/credentials/injector_middleware.rb
 - lib/rails/auth/error_page/debug_middleware.rb
 - lib/rails/auth/error_page/debug_page.html.erb
 - lib/rails/auth/error_page/middleware.rb
@@ -103,6 +104,7 @@ files:
 - spec/rails/auth/acl/resource_spec.rb
 - spec/rails/auth/acl_spec.rb
 - spec/rails/auth/controller_methods_spec.rb
+- spec/rails/auth/credentials/injector_middleware_spec.rb
 - spec/rails/auth/credentials_spec.rb
 - spec/rails/auth/error_page/debug_middleware_spec.rb
 - spec/rails/auth/error_page/middleware_spec.rb