rails-auth 3.0.0 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/jruby.yml +31 -0
  3. data/.github/workflows/mri.yml +30 -0
  4. data/.rubocop.yml +4 -19
  5. data/CHANGES.md +6 -0
  6. data/Gemfile +7 -14
  7. data/lib/rails/auth/acl.rb +8 -3
  8. data/lib/rails/auth/rack.rb +1 -0
  9. data/lib/rails/auth/rspec/matchers/acl_matchers.rb +1 -1
  10. data/lib/rails/auth/version.rb +1 -1
  11. data/lib/rails/auth/x509/filter/pem.rb +1 -1
  12. data/lib/rails/auth/x509/filter/pem_urlencoded.rb +17 -0
  13. data/lib/rails/auth.rb +3 -0
  14. data/rails-auth.gemspec +4 -5
  15. data/spec/rails/auth/controller_methods_spec.rb +1 -1
  16. data/spec/rails/auth/x509/middleware_spec.rb +1 -1
  17. data/spec/spec_helper.rb +0 -3
  18. metadata +16 -33
  19. data/.travis.yml +0 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f5669f564b62464b0d3078ecfa58fe3732735e44c63bed361061a9f1a663249
4
- data.tar.gz: cbee05f42e189e543b059d961d1b926d763d84e07c93a3637165f95eba0fe776
3
+ metadata.gz: 1c24122c461b2ef37326ca28f26261614ef8215bd85b62bfc171b47f56aeac29
4
+ data.tar.gz: e6453804040de859e7da0cb344ebe8e75b34f846a221441f246499016e05b4ec
5
5
  SHA512:
6
- metadata.gz: 0be32c7166ed406dda136608370f059443a56219696c8d13a56f3978f9eca3b37b99ccf0885d4c42d13c660860be52530891d9317a2d2562f7f265d7d751ccd0
7
- data.tar.gz: e1ada71b12c7732fe2aced6bb98abd11cb7b8fa665093f9faa5808b9c21bef12dd99e3070fcd2ee343acc4b377626ae885098388f85d7d9027f37e1d08d60890
6
+ metadata.gz: aa0db28d5b895a29f3fc8563575895cb0bf18e8917f7e816d4e6148a25a5615d9b649ba089f94369a7565c2d24a9622a93eff0f1dbb7c14d62c4926ac2333c7f
7
+ data.tar.gz: ddae5587f3da9ef4291bb0b9cea00563007e58d55d830a025375ba03a9ad2c83aa754d5b86050cf4dac0a8dbb72280c8eb93c905ef4dd5cbc3f883c09da0a52f
data/.github/workflows/jruby.yml ADDED
@@ -0,0 +1,31 @@
1
+ name: CI - JRuby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ java-version:
15
+ - 8
16
+ - 11
17
+
18
+ steps:
19
+ - uses: actions/checkout@v2
20
+ - name: Set up Java
21
+ uses: actions/setup-java@v2
22
+ with:
23
+ distribution: temurin
24
+ java-version: ${{ matrix.java-version }}
25
+ - name: Set up Ruby
26
+ uses: ruby/setup-ruby@v1
27
+ with:
28
+ bundler-cache: true
29
+ ruby-version: jruby
30
+ - name: Run tests
31
+ run: bundle exec rake
data/.github/workflows/mri.yml ADDED
@@ -0,0 +1,30 @@
1
+ name: CI - MRI
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ ruby-version:
15
+ - 2.6
16
+ - 2.7
17
+ - 3.0
18
+ - 3.1
19
+ - 3.2
20
+ - 3.3
21
+
22
+ steps:
23
+ - uses: actions/checkout@v2
24
+ - name: Set up Ruby
25
+ uses: ruby/setup-ruby@v1
26
+ with:
27
+ bundler-cache: true
28
+ ruby-version: ${{ matrix.ruby-version }}
29
+ - name: Run tests
30
+ run: bundle exec rake
data/.rubocop.yml CHANGED
@@ -1,6 +1,7 @@
1
1
  AllCops:
2
+ NewCops: enable
2
3
  DisplayCopNames: true
3
- TargetRubyVersion: 2.3
4
+ TargetRubyVersion: 2.5
4
5
 
5
6
  Style/StringLiterals:
6
7
  EnforcedStyle: double_quotes
@@ -8,24 +9,8 @@ Style/StringLiterals:
8
9
  Layout/HashAlignment:
9
10
  Enabled: false
10
11
 
11
- Metrics/BlockLength:
12
- ExcludedMethods: ['describe', 'context']
13
-
14
- Metrics/ParameterLists:
15
- Max: 5
16
- CountKeywordArgs: false
17
-
18
- Metrics/LineLength:
19
- Max: 128
20
-
21
- Metrics/MethodLength:
22
- Max: 25
23
-
24
- Metrics/AbcSize:
25
- Max: 25
26
-
27
- Metrics/CyclomaticComplexity:
28
- Max: 8
12
+ Metrics:
13
+ Enabled: false
29
14
 
30
15
  Naming/MethodParameterName:
31
16
  MinNameLength: 2
data/CHANGES.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 3.1.0 (2021-10-26)
2
+
3
+ * [#70](https://github.com/square/rails-auth/pull/70)
4
+ Support URL-encoded PEMs to support new Puma header requirements.
5
+ ([@drcapulet])
6
+
1
7
  ### 3.0.0 (2020-08-10)
2
8
 
3
9
  * [#68](https://github.com/square/rails-auth/pull/68)
data/Gemfile CHANGED
@@ -2,19 +2,12 @@
2
2
 
3
3
  source "https://rubygems.org"
4
4
 
5
- group :development do
6
- gem "guard-rspec"
7
- end
8
-
9
- group :development, :test do
10
- gem "activesupport", "~> 4"
11
- gem "certificate_authority", require: false
12
- gem "coveralls", require: false
13
- # Workaround for: https://github.com/bundler/bundler/pull/4650
14
- gem "rack", "~> 1.x"
15
- gem "rake"
16
- gem "rspec"
17
- gem "rubocop", "0.77.0"
18
- end
5
+ gem "activesupport"
6
+ gem "certificate_authority", require: false
7
+ gem "guard-rspec"
8
+ gem "pry-byebug", platform: :mri
9
+ gem "rake"
10
+ gem "rspec"
11
+ gem "rubocop"
19
12
 
20
13
  gemspec
data/lib/rails/auth/acl.rb CHANGED
@@ -19,9 +19,14 @@ module Rails
19
19
  # @param [String] :yaml serialized YAML to load an ACL from
20
20
  def self.from_yaml(yaml, **args)
21
21
  require "yaml"
22
- # rubocop:todo Security/YAMLLoad
23
- new(YAML.load(yaml), **args)
24
- # rubocop:enable Security/YAMLLoad
22
+ new(
23
+ if YAML::VERSION >= "4.0"
24
+ YAML.safe_load(yaml, aliases: true)
25
+ else
26
+ YAML.safe_load(yaml, [], [], true)
27
+ end,
28
+ **args
29
+ )
25
30
  end
26
31
 
27
32
  # @param [Array<Hash>] :acl Access Control List configuration
data/lib/rails/auth/rack.rb CHANGED
@@ -24,6 +24,7 @@ require "rails/auth/monitor/middleware"
24
24
 
25
25
  require "rails/auth/x509/certificate"
26
26
  require "rails/auth/x509/filter/pem"
27
+ require "rails/auth/x509/filter/pem_urlencoded"
27
28
  require "rails/auth/x509/filter/java" if defined?(JRUBY_VERSION)
28
29
  require "rails/auth/x509/matcher"
29
30
  require "rails/auth/x509/middleware"
data/lib/rails/auth/rspec/matchers/acl_matchers.rb CHANGED
@@ -6,7 +6,7 @@ RSpec::Matchers.define(:permit) do |env|
6
6
  credentials = Rails::Auth.credentials(env)
7
7
  message = "allow #{method}s by "
8
8
 
9
- return message + "unauthenticated clients" if credentials.count.zero?
9
+ return "#{message}unauthenticated clients" if credentials.count.zero?
10
10
 
11
11
  message + credentials.values.map(&:inspect).join(", ")
12
12
  end
data/lib/rails/auth/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module Rails
4
4
  # Pluggable authentication and authorization for Rack/Rails
5
5
  module Auth
6
- VERSION = "3.0.0"
6
+ VERSION = "3.2.0"
7
7
  end
8
8
  end
data/lib/rails/auth/x509/filter/pem.rb CHANGED
@@ -11,7 +11,7 @@ module Rails
11
11
  # certificates are normally formatted in otherwise parsing with fail
12
12
  # with a 'nested asn1 error'. split(" ") handles sequential whitespace
13
13
  # characters like \t, \n, and space.
14
- OpenSSL::X509::Certificate.new(pem.split(" ").instance_eval do
14
+ OpenSSL::X509::Certificate.new(pem.split.instance_eval do
15
15
  [[self[0], self[1]].join(" "), self[2...-2], [self[-2], self[-1]].join(" ")]
16
16
  .flatten.join("\n")
17
17
  end).freeze
data/lib/rails/auth/x509/filter/pem_urlencoded.rb ADDED
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Rails
4
+ module Auth
5
+ module X509
6
+ module Filter
7
+ # Extract OpenSSL::X509::Certificates from Privacy Enhanced Mail (PEM) certificates
8
+ # that are URL encoded ($ssl_client_escaped_cert from Nginx).
9
+ class PemUrlencoded < Pem
10
+ def call(encoded_pem)
11
+ super(URI.decode_www_form_component(encoded_pem))
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
data/lib/rails/auth.rb CHANGED
@@ -1,5 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "active_support"
4
+ require "active_support/core_ext/object"
5
+
3
6
  # Pull in core library components that work with any Rack application
4
7
  require "rails/auth/rack"
5
8
 
data/rails-auth.gemspec CHANGED
@@ -21,15 +21,14 @@ Gem::Specification.new do |spec|
21
21
 
22
22
  # Only allow gem to be pushed to https://rubygems.org
23
23
  spec.metadata["allowed_push_host"] = "https://rubygems.org"
24
+ spec.metadata["rubygems_mfa_required"] = "true"
24
25
 
25
26
  spec.files = `git ls-files`.split("\n")
26
27
  spec.bindir = "exe"
27
28
  spec.require_paths = ["lib"]
28
29
 
29
- spec.required_ruby_version = ">= 2.3.0"
30
+ spec.required_ruby_version = ">= 2.5.0"
30
31
 
31
- spec.add_runtime_dependency "rack"
32
-
33
- spec.add_development_dependency "bundler", ">= 1.10", "< 3"
34
- spec.add_development_dependency "rake", "~> 10.0"
32
+ spec.add_dependency "activesupport"
33
+ spec.add_dependency "rack"
35
34
  end
data/spec/rails/auth/controller_methods_spec.rb CHANGED
@@ -6,7 +6,7 @@ RSpec.describe Rails::Auth::ControllerMethods do
6
6
  attr_reader :request
7
7
 
8
8
  def initialize(env)
9
- @request = OpenStruct.new(env: env)
9
+ @request = Struct.new(:env).new(env)
10
10
  end
11
11
 
12
12
  include Rails::Auth::ControllerMethods
data/spec/rails/auth/x509/middleware_spec.rb CHANGED
@@ -14,7 +14,7 @@ RSpec.describe Rails::Auth::X509::Middleware do
14
14
  described_class.new(
15
15
  app,
16
16
  cert_filters: { example_key => cert_filter },
17
- logger: Logger.new(STDERR)
17
+ logger: Logger.new($stderr)
18
18
  )
19
19
  end
20
20
 
data/spec/spec_helper.rb CHANGED
@@ -1,8 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "coveralls"
4
- Coveralls.wear!
5
-
6
3
  $LOAD_PATH.unshift File.expand_path("../lib", __dir__)
7
4
  require "rails/auth"
8
5
  require "rails/auth/rspec"
metadata CHANGED
@@ -1,17 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-08-11 00:00:00.000000000 Z
11
+ date: 2024-08-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rack
14
+ name: activesupport
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
@@ -25,39 +25,19 @@ dependencies:
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
- name: bundler
28
+ name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '1.10'
34
- - - "<"
35
- - !ruby/object:Gem::Version
36
- version: '3'
37
- type: :development
33
+ version: '0'
34
+ type: :runtime
38
35
  prerelease: false
39
36
  version_requirements: !ruby/object:Gem::Requirement
40
37
  requirements:
41
38
  - - ">="
42
39
  - !ruby/object:Gem::Version
43
- version: '1.10'
44
- - - "<"
45
- - !ruby/object:Gem::Version
46
- version: '3'
47
- - !ruby/object:Gem::Dependency
48
- name: rake
49
- requirement: !ruby/object:Gem::Requirement
50
- requirements:
51
- - - "~>"
52
- - !ruby/object:Gem::Version
53
- version: '10.0'
54
- type: :development
55
- prerelease: false
56
- version_requirements: !ruby/object:Gem::Requirement
57
- requirements:
58
- - - "~>"
59
- - !ruby/object:Gem::Version
60
- version: '10.0'
40
+ version: '0'
61
41
  description: A plugin-based framework for supporting multiple authentication and authorization
62
42
  systems in Rails/Rack apps. Supports resource-oriented route-by-route access control
63
43
  lists with TLS authentication.
@@ -67,10 +47,11 @@ executables: []
67
47
  extensions: []
68
48
  extra_rdoc_files: []
69
49
  files:
50
+ - ".github/workflows/jruby.yml"
51
+ - ".github/workflows/mri.yml"
70
52
  - ".gitignore"
71
53
  - ".rspec"
72
54
  - ".rubocop.yml"
73
- - ".travis.yml"
74
55
  - BUG-BOUNTY.md
75
56
  - CHANGES.md
76
57
  - CONDUCT.md
@@ -106,6 +87,7 @@ files:
106
87
  - lib/rails/auth/x509/certificate.rb
107
88
  - lib/rails/auth/x509/filter/java.rb
108
89
  - lib/rails/auth/x509/filter/pem.rb
90
+ - lib/rails/auth/x509/filter/pem_urlencoded.rb
109
91
  - lib/rails/auth/x509/matcher.rb
110
92
  - lib/rails/auth/x509/middleware.rb
111
93
  - lib/rails/auth/x509/subject_alt_name_extension.rb
@@ -137,7 +119,8 @@ licenses:
137
119
  - Apache-2.0
138
120
  metadata:
139
121
  allowed_push_host: https://rubygems.org
140
- post_install_message:
122
+ rubygems_mfa_required: 'true'
123
+ post_install_message:
141
124
  rdoc_options: []
142
125
  require_paths:
143
126
  - lib
@@ -145,15 +128,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
145
128
  requirements:
146
129
  - - ">="
147
130
  - !ruby/object:Gem::Version
148
- version: 2.3.0
131
+ version: 2.5.0
149
132
  required_rubygems_version: !ruby/object:Gem::Requirement
150
133
  requirements:
151
134
  - - ">="
152
135
  - !ruby/object:Gem::Version
153
136
  version: '0'
154
137
  requirements: []
155
- rubygems_version: 3.0.3
156
- signing_key:
138
+ rubygems_version: 3.5.9
139
+ signing_key:
157
140
  specification_version: 4
158
141
  summary: Modular resource-oriented authentication and authorization for Rails/Rack
159
142
  test_files: []
data/.travis.yml DELETED
@@ -1,24 +0,0 @@
1
- language: ruby
2
- sudo: false
3
- branches:
4
- only:
5
- - master
6
-
7
- before_install:
8
- - gem install bundler
9
-
10
- bundler_args: --without development
11
-
12
- rvm:
13
- - 2.4
14
- - 2.5
15
- - 2.6
16
- matrix:
17
- include:
18
- - rvm: jruby
19
- jdk: openjdk8
20
- env: JRUBY_OPTS="--debug" # for simplecov
21
- - rvm: jruby
22
- jdk: openjdk11
23
- env: JRUBY_OPTS="--debug" # for simplecov
24
- fast_finish: true