rails-auth 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/jruby.yml +31 -0
  3. data/.github/workflows/mri.yml +30 -0
  4. data/.rubocop.yml +4 -19
  5. data/CHANGES.md +6 -0
  6. data/Gemfile +7 -14
  7. data/lib/rails/auth/acl.rb +8 -3
  8. data/lib/rails/auth/rack.rb +1 -0
  9. data/lib/rails/auth/rspec/matchers/acl_matchers.rb +1 -1
  10. data/lib/rails/auth/version.rb +1 -1
  11. data/lib/rails/auth/x509/filter/pem.rb +1 -1
  12. data/lib/rails/auth/x509/filter/pem_urlencoded.rb +17 -0
  13. data/lib/rails/auth.rb +3 -0
  14. data/rails-auth.gemspec +4 -5
  15. data/spec/rails/auth/controller_methods_spec.rb +1 -1
  16. data/spec/rails/auth/x509/middleware_spec.rb +1 -1
  17. data/spec/spec_helper.rb +0 -3
  18. metadata +16 -33
  19. data/.travis.yml +0 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f5669f564b62464b0d3078ecfa58fe3732735e44c63bed361061a9f1a663249
4
- data.tar.gz: cbee05f42e189e543b059d961d1b926d763d84e07c93a3637165f95eba0fe776
3
+ metadata.gz: 1c24122c461b2ef37326ca28f26261614ef8215bd85b62bfc171b47f56aeac29
4
+ data.tar.gz: e6453804040de859e7da0cb344ebe8e75b34f846a221441f246499016e05b4ec
5
5
  SHA512:
6
- metadata.gz: 0be32c7166ed406dda136608370f059443a56219696c8d13a56f3978f9eca3b37b99ccf0885d4c42d13c660860be52530891d9317a2d2562f7f265d7d751ccd0
7
- data.tar.gz: e1ada71b12c7732fe2aced6bb98abd11cb7b8fa665093f9faa5808b9c21bef12dd99e3070fcd2ee343acc4b377626ae885098388f85d7d9027f37e1d08d60890
6
+ metadata.gz: aa0db28d5b895a29f3fc8563575895cb0bf18e8917f7e816d4e6148a25a5615d9b649ba089f94369a7565c2d24a9622a93eff0f1dbb7c14d62c4926ac2333c7f
7
+ data.tar.gz: ddae5587f3da9ef4291bb0b9cea00563007e58d55d830a025375ba03a9ad2c83aa754d5b86050cf4dac0a8dbb72280c8eb93c905ef4dd5cbc3f883c09da0a52f
data/.github/workflows/jruby.yml ADDED
@@ -0,0 +1,31 @@
1
+ name: CI - JRuby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ java-version:
15
+ - 8
16
+ - 11
17
+
18
+ steps:
19
+ - uses: actions/checkout@v2
20
+ - name: Set up Java
21
+ uses: actions/setup-java@v2
22
+ with:
23
+ distribution: temurin
24
+ java-version: ${{ matrix.java-version }}
25
+ - name: Set up Ruby
26
+ uses: ruby/setup-ruby@v1
27
+ with:
28
+ bundler-cache: true
29
+ ruby-version: jruby
30
+ - name: Run tests
31
+ run: bundle exec rake
data/.github/workflows/mri.yml ADDED
@@ -0,0 +1,30 @@
1
+ name: CI - MRI
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ ruby-version:
15
+ - 2.6
16
+ - 2.7
17
+ - 3.0
18
+ - 3.1
19
+ - 3.2
20
+ - 3.3
21
+
22
+ steps:
23
+ - uses: actions/checkout@v2
24
+ - name: Set up Ruby
25
+ uses: ruby/setup-ruby@v1
26
+ with:
27
+ bundler-cache: true
28
+ ruby-version: ${{ matrix.ruby-version }}
29
+ - name: Run tests
30
+ run: bundle exec rake
data/.rubocop.yml CHANGED
@@ -1,6 +1,7 @@
1
1
  AllCops:
2
+ NewCops: enable
2
3
  DisplayCopNames: true
3
- TargetRubyVersion: 2.3
4
+ TargetRubyVersion: 2.5
4
5
 
5
6
  Style/StringLiterals:
6
7
  EnforcedStyle: double_quotes
@@ -8,24 +9,8 @@ Style/StringLiterals:
8
9
  Layout/HashAlignment:
9
10
  Enabled: false
10
11
 
11
- Metrics/BlockLength:
12
- ExcludedMethods: ['describe', 'context']
13
-
14
- Metrics/ParameterLists:
15
- Max: 5
16
- CountKeywordArgs: false
17
-
18
- Metrics/LineLength:
19
- Max: 128
20
-
21
- Metrics/MethodLength:
22
- Max: 25
23
-
24
- Metrics/AbcSize:
25
- Max: 25
26
-
27
- Metrics/CyclomaticComplexity:
28
- Max: 8
12
+ Metrics:
13
+ Enabled: false
29
14
 
30
15
  Naming/MethodParameterName:
31
16
  MinNameLength: 2
data/CHANGES.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 3.1.0 (2021-10-26)
2
+
3
+ * [#70](https://github.com/square/rails-auth/pull/70)
4
+ Support URL-encoded PEMs to support new Puma header requirements.
5
+ ([@drcapulet])
6
+
1
7
  ### 3.0.0 (2020-08-10)
2
8
 
3
9
  * [#68](https://github.com/square/rails-auth/pull/68)
data/Gemfile CHANGED
@@ -2,19 +2,12 @@
2
2
 
3
3
  source "https://rubygems.org"
4
4
 
5
- group :development do
6
- gem "guard-rspec"
7
- end
8
-
9
- group :development, :test do
10
- gem "activesupport", "~> 4"
11
- gem "certificate_authority", require: false
12
- gem "coveralls", require: false
13
- # Workaround for: https://github.com/bundler/bundler/pull/4650
14
- gem "rack", "~> 1.x"
15
- gem "rake"
16
- gem "rspec"
17
- gem "rubocop", "0.77.0"
18
- end
5
+ gem "activesupport"
6
+ gem "certificate_authority", require: false
7
+ gem "guard-rspec"
8
+ gem "pry-byebug", platform: :mri
9
+ gem "rake"
10
+ gem "rspec"
11
+ gem "rubocop"
19
12
 
20
13
  gemspec
data/lib/rails/auth/acl.rb CHANGED
@@ -19,9 +19,14 @@ module Rails
19
19
  # @param [String] :yaml serialized YAML to load an ACL from
20
20
  def self.from_yaml(yaml, **args)
21
21
  require "yaml"
22
- # rubocop:todo Security/YAMLLoad
23
- new(YAML.load(yaml), **args)
24
- # rubocop:enable Security/YAMLLoad
22
+ new(
23
+ if YAML::VERSION >= "4.0"
24
+ YAML.safe_load(yaml, aliases: true)
25
+ else
26
+ YAML.safe_load(yaml, [], [], true)
27
+ end,
28
+ **args
29
+ )
25
30
  end
26
31
 
27
32
  # @param [Array<Hash>] :acl Access Control List configuration
data/lib/rails/auth/rack.rb CHANGED
@@ -24,6 +24,7 @@ require "rails/auth/monitor/middleware"
24
24
 
25
25
  require "rails/auth/x509/certificate"
26
26
  require "rails/auth/x509/filter/pem"
27
+ require "rails/auth/x509/filter/pem_urlencoded"
27
28
  require "rails/auth/x509/filter/java" if defined?(JRUBY_VERSION)
28
29
  require "rails/auth/x509/matcher"
29
30
  require "rails/auth/x509/middleware"
data/lib/rails/auth/rspec/matchers/acl_matchers.rb CHANGED
@@ -6,7 +6,7 @@ RSpec::Matchers.define(:permit) do |env|
6
6
  credentials = Rails::Auth.credentials(env)
7
7
  message = "allow #{method}s by "
8
8
 
9
- return message + "unauthenticated clients" if credentials.count.zero?
9
+ return "#{message}unauthenticated clients" if credentials.count.zero?
10
10
 
11
11
  message + credentials.values.map(&:inspect).join(", ")
12
12
  end
data/lib/rails/auth/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module Rails
4
4
  # Pluggable authentication and authorization for Rack/Rails
5
5
  module Auth
6
- VERSION = "3.0.0"
6
+ VERSION = "3.2.0"
7
7
  end
8
8
  end
data/lib/rails/auth/x509/filter/pem.rb CHANGED
@@ -11,7 +11,7 @@ module Rails
11
11
  # certificates are normally formatted in otherwise parsing with fail
12
12
  # with a 'nested asn1 error'. split(" ") handles sequential whitespace
13
13
  # characters like \t, \n, and space.
14
- OpenSSL::X509::Certificate.new(pem.split(" ").instance_eval do
14
+ OpenSSL::X509::Certificate.new(pem.split.instance_eval do
15
15
  [[self[0], self[1]].join(" "), self[2...-2], [self[-2], self[-1]].join(" ")]
16
16
  .flatten.join("\n")
17
17
  end).freeze
data/lib/rails/auth/x509/filter/pem_urlencoded.rb ADDED
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Rails
4
+ module Auth
5
+ module X509
6
+ module Filter
7
+ # Extract OpenSSL::X509::Certificates from Privacy Enhanced Mail (PEM) certificates
8
+ # that are URL encoded ($ssl_client_escaped_cert from Nginx).
9
+ class PemUrlencoded < Pem
10
+ def call(encoded_pem)
11
+ super(URI.decode_www_form_component(encoded_pem))
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
data/lib/rails/auth.rb CHANGED
@@ -1,5 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "active_support"
4
+ require "active_support/core_ext/object"
5
+
3
6
  # Pull in core library components that work with any Rack application
4
7
  require "rails/auth/rack"
5
8
 
data/rails-auth.gemspec CHANGED
@@ -21,15 +21,14 @@ Gem::Specification.new do |spec|
21
21
 
22
22
  # Only allow gem to be pushed to https://rubygems.org
23
23
  spec.metadata["allowed_push_host"] = "https://rubygems.org"
24
+ spec.metadata["rubygems_mfa_required"] = "true"
24
25
 
25
26
  spec.files = `git ls-files`.split("\n")
26
27
  spec.bindir = "exe"
27
28
  spec.require_paths = ["lib"]
28
29
 
29
- spec.required_ruby_version = ">= 2.3.0"
30
+ spec.required_ruby_version = ">= 2.5.0"
30
31
 
31
- spec.add_runtime_dependency "rack"
32
-
33
- spec.add_development_dependency "bundler", ">= 1.10", "< 3"
34
- spec.add_development_dependency "rake", "~> 10.0"
32
+ spec.add_dependency "activesupport"
33
+ spec.add_dependency "rack"
35
34
  end
data/spec/rails/auth/controller_methods_spec.rb CHANGED
@@ -6,7 +6,7 @@ RSpec.describe Rails::Auth::ControllerMethods do
6
6
  attr_reader :request
7
7
 
8
8
  def initialize(env)
9
- @request = OpenStruct.new(env: env)
9
+ @request = Struct.new(:env).new(env)
10
10
  end
11
11
 
12
12
  include Rails::Auth::ControllerMethods
data/spec/rails/auth/x509/middleware_spec.rb CHANGED
@@ -14,7 +14,7 @@ RSpec.describe Rails::Auth::X509::Middleware do
14
14
  described_class.new(
15
15
  app,
16
16
  cert_filters: { example_key => cert_filter },
17
- logger: Logger.new(STDERR)
17
+ logger: Logger.new($stderr)
18
18
  )
19
19
  end
20
20
 
data/spec/spec_helper.rb CHANGED
@@ -1,8 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "coveralls"
4
- Coveralls.wear!
5
-
6
3
  $LOAD_PATH.unshift File.expand_path("../lib", __dir__)
7
4
  require "rails/auth"
8
5
  require "rails/auth/rspec"
metadata CHANGED
@@ -1,17 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-08-11 00:00:00.000000000 Z
11
+ date: 2024-08-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rack
14
+ name: activesupport
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
@@ -25,39 +25,19 @@ dependencies:
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
- name: bundler
28
+ name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '1.10'
34
- - - "<"
35
- - !ruby/object:Gem::Version
36
- version: '3'
37
- type: :development
33
+ version: '0'
34
+ type: :runtime
38
35
  prerelease: false
39
36
  version_requirements: !ruby/object:Gem::Requirement
40
37
  requirements:
41
38
  - - ">="
42
39
  - !ruby/object:Gem::Version
43
- version: '1.10'
44
- - - "<"
45
- - !ruby/object:Gem::Version
46
- version: '3'
47
- - !ruby/object:Gem::Dependency
48
- name: rake
49
- requirement: !ruby/object:Gem::Requirement
50
- requirements:
51
- - - "~>"
52
- - !ruby/object:Gem::Version
53
- version: '10.0'
54
- type: :development
55
- prerelease: false
56
- version_requirements: !ruby/object:Gem::Requirement
57
- requirements:
58
- - - "~>"
59
- - !ruby/object:Gem::Version
60
- version: '10.0'
40
+ version: '0'
61
41
  description: A plugin-based framework for supporting multiple authentication and authorization
62
42
  systems in Rails/Rack apps. Supports resource-oriented route-by-route access control
63
43
  lists with TLS authentication.
@@ -67,10 +47,11 @@ executables: []
67
47
  extensions: []
68
48
  extra_rdoc_files: []
69
49
  files:
50
+ - ".github/workflows/jruby.yml"
51
+ - ".github/workflows/mri.yml"
70
52
  - ".gitignore"
71
53
  - ".rspec"
72
54
  - ".rubocop.yml"
73
- - ".travis.yml"
74
55
  - BUG-BOUNTY.md
75
56
  - CHANGES.md
76
57
  - CONDUCT.md
@@ -106,6 +87,7 @@ files:
106
87
  - lib/rails/auth/x509/certificate.rb
107
88
  - lib/rails/auth/x509/filter/java.rb
108
89
  - lib/rails/auth/x509/filter/pem.rb
90
+ - lib/rails/auth/x509/filter/pem_urlencoded.rb
109
91
  - lib/rails/auth/x509/matcher.rb
110
92
  - lib/rails/auth/x509/middleware.rb
111
93
  - lib/rails/auth/x509/subject_alt_name_extension.rb
@@ -137,7 +119,8 @@ licenses:
137
119
  - Apache-2.0
138
120
  metadata:
139
121
  allowed_push_host: https://rubygems.org
140
- post_install_message:
122
+ rubygems_mfa_required: 'true'
123
+ post_install_message:
141
124
  rdoc_options: []
142
125
  require_paths:
143
126
  - lib
@@ -145,15 +128,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
145
128
  requirements:
146
129
  - - ">="
147
130
  - !ruby/object:Gem::Version
148
- version: 2.3.0
131
+ version: 2.5.0
149
132
  required_rubygems_version: !ruby/object:Gem::Requirement
150
133
  requirements:
151
134
  - - ">="
152
135
  - !ruby/object:Gem::Version
153
136
  version: '0'
154
137
  requirements: []
155
- rubygems_version: 3.0.3
156
- signing_key:
138
+ rubygems_version: 3.5.9
139
+ signing_key:
157
140
  specification_version: 4
158
141
  summary: Modular resource-oriented authentication and authorization for Rails/Rack
159
142
  test_files: []
data/.travis.yml DELETED
@@ -1,24 +0,0 @@
1
- language: ruby
2
- sudo: false
3
- branches:
4
- only:
5
- - master
6
-
7
- before_install:
8
- - gem install bundler
9
-
10
- bundler_args: --without development
11
-
12
- rvm:
13
- - 2.4
14
- - 2.5
15
- - 2.6
16
- matrix:
17
- include:
18
- - rvm: jruby
19
- jdk: openjdk8
20
- env: JRUBY_OPTS="--debug" # for simplecov
21
- - rvm: jruby
22
- jdk: openjdk11
23
- env: JRUBY_OPTS="--debug" # for simplecov
24
- fast_finish: true