rails-auth 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +6 -0
  3. data/lib/rails/auth/error_page/middleware.rb +21 -2
  4. data/lib/rails/auth/version.rb +1 -1
  5. data/spec/rails/auth/error_page/middleware_spec.rb +41 -12
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e92a07d5339d2ad6e64b821ba2e1b4026de10c31
4
- data.tar.gz: aaac5ccbcf152561ad1e1f682d06f02ecd9f6bb8
3
+ metadata.gz: c432f32235dc33950f7dcbf27391d078d11f75a7
4
+ data.tar.gz: 2ba052d755a2e63d84792cfb6d28031481aecbc7
5
5
  SHA512:
6
- metadata.gz: 49a8941a641613a737835bba767ae859afeeed873c6de7034a3ca9d644ee784900fc5bda5f99e2f8d2382c4a86c47087d497f2add7ad0f6b1f38275c3d1cafe4
7
- data.tar.gz: 4fc77b8fc2b2200766c8277658a78d790e6acbe1b3b3172fe82b5c18b23c41c732e5e24e3c7007490d9fa6688a30d32db221f7efefe40c224c87d13c58c92ebc
6
+ metadata.gz: 5e39291a8adc7c55bcc2b05dfba07facad0a85ae00b4ff6420e4000687dd8fa5221c034c0b5fff1c49b507552e62c76feb8dc355fab59e2f38270f77e3632d84
7
+ data.tar.gz: f59dd32a03589e53196f25c54b4d3cb61f5dfe90a781c7346d6a2cfee63d242a07f7793c2817917a649d2d3a7770374c06b057a4ceaa5bcca0c68f7fb7093a96
data/CHANGES.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 1.3.0 (2016-07-16)
2
+
3
+ * [#30](https://github.com/square/rails-auth/pull/30)
4
+ Render JSON error responses from Rails::Auth::ErrorPage.
5
+ ([@tarcieri])
6
+
1
7
  ### 1.2.0 (2016-07-11)
2
8
 
3
9
  * [#28](https://github.com/square/rails-auth/pull/28)
data/lib/rails/auth/error_page/middleware.rb CHANGED
@@ -3,17 +3,36 @@ module Rails
3
3
  module ErrorPage
4
4
  # Render an error page in the event Rails::Auth::NotAuthorizedError is raised
5
5
  class Middleware
6
- def initialize(app, page_body: nil)
6
+ def initialize(app, page_body: nil, json_body: { message: "Access denied" })
7
7
  raise TypeError, "page_body must be a String" unless page_body.is_a?(String)
8
8
 
9
9
  @app = app
10
10
  @page_body = page_body.freeze
11
+ @json_body = json_body.to_json
11
12
  end
12
13
 
13
14
  def call(env)
14
15
  @app.call(env)
15
16
  rescue Rails::Auth::NotAuthorizedError
16
- [403, { "Content-Type" => "text/html" }, [@page_body]]
17
+ access_denied(env)
18
+ end
19
+
20
+ private
21
+
22
+ def access_denied(env)
23
+ case response_format(env)
24
+ when :json
25
+ [403, { "X-Powered-By" => "rails-auth", "Content-Type" => "application/json" }, [@json_body]]
26
+ else
27
+ [403, { "X-Powered-By" => "rails-auth", "Content-Type" => "text/html" }, [@page_body]]
28
+ end
29
+ end
30
+
31
+ def response_format(env)
32
+ accept_format = env["HTTP_ACCEPT"]
33
+ return :json if accept_format && accept_format.downcase.start_with?("application/json")
34
+ return :json if env["PATH_INFO"] && env["PATH_INFO"].end_with?(".json")
35
+ nil
17
36
  end
18
37
  end
19
38
  end
data/lib/rails/auth/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module Rails
4
4
  # Pluggable authentication and authorization for Rack/Rails
5
5
  module Auth
6
- VERSION = "1.2.0".freeze
6
+ VERSION = "1.3.0".freeze
7
7
  end
8
8
  end
data/spec/rails/auth/error_page/middleware_spec.rb CHANGED
@@ -4,23 +4,52 @@ RSpec.describe Rails::Auth::ErrorPage::Middleware do
4
4
 
5
5
  subject(:middleware) { described_class.new(app, page_body: error_page) }
6
6
 
7
- context "access granted" do
8
- let(:code) { 200 }
9
- let(:app) { ->(env) { [code, env, "Hello, world!"] } }
7
+ context "unspecified content type" do
8
+ describe "access granted" do
9
+ let(:code) { 200 }
10
+ let(:app) { ->(env) { [code, env, "Hello, world!"] } }
10
11
 
11
- it "renders the expected response" do
12
- response = middleware.call(request)
13
- expect(response.first).to eq code
12
+ it "renders the expected response" do
13
+ response = middleware.call(request)
14
+ expect(response.first).to eq code
15
+ end
16
+ end
17
+
18
+ describe "access denied" do
19
+ let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
20
+
21
+ it "renders the error page" do
22
+ code, _env, body = middleware.call(request)
23
+ expect(code).to eq 403
24
+ expect(body).to eq [error_page]
25
+ end
14
26
  end
15
27
  end
16
28
 
17
- context "access denied" do
18
- let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
29
+ context "JSON content type" do
30
+ let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
31
+ let(:message) { { message: "Access denied" }.to_json }
32
+
33
+ context "via request path" do
34
+ let(:request) { Rack::MockRequest.env_for("https://www.example.com/foobar.json?x=1&y=2") }
35
+
36
+ it "renders a JSON response" do
37
+ code, env, body = middleware.call(request)
38
+ expect(code).to eq 403
39
+ expect(env["Content-Type"]).to eq "application/json"
40
+ expect(body).to eq [message]
41
+ end
42
+ end
43
+
44
+ context "via Accept header" do
45
+ it "renders a JSON response" do
46
+ request["HTTP_ACCEPT"] = "application/json"
19
47
 
20
- it "renders the error page" do
21
- code, _env, body = middleware.call(request)
22
- expect(code).to eq 403
23
- expect(body).to eq [error_page]
48
+ code, env, body = middleware.call(request)
49
+ expect(code).to eq 403
50
+ expect(env["Content-Type"]).to eq "application/json"
51
+ expect(body).to eq [message]
52
+ end
24
53
  end
25
54
  end
26
55
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-07-12 00:00:00.000000000 Z
11
+ date: 2016-07-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack