rails-auth 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +6 -0
  3. data/lib/rails/auth/error_page/middleware.rb +21 -2
  4. data/lib/rails/auth/version.rb +1 -1
  5. data/spec/rails/auth/error_page/middleware_spec.rb +41 -12
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e92a07d5339d2ad6e64b821ba2e1b4026de10c31
4
- data.tar.gz: aaac5ccbcf152561ad1e1f682d06f02ecd9f6bb8
3
+ metadata.gz: c432f32235dc33950f7dcbf27391d078d11f75a7
4
+ data.tar.gz: 2ba052d755a2e63d84792cfb6d28031481aecbc7
5
5
  SHA512:
6
- metadata.gz: 49a8941a641613a737835bba767ae859afeeed873c6de7034a3ca9d644ee784900fc5bda5f99e2f8d2382c4a86c47087d497f2add7ad0f6b1f38275c3d1cafe4
7
- data.tar.gz: 4fc77b8fc2b2200766c8277658a78d790e6acbe1b3b3172fe82b5c18b23c41c732e5e24e3c7007490d9fa6688a30d32db221f7efefe40c224c87d13c58c92ebc
6
+ metadata.gz: 5e39291a8adc7c55bcc2b05dfba07facad0a85ae00b4ff6420e4000687dd8fa5221c034c0b5fff1c49b507552e62c76feb8dc355fab59e2f38270f77e3632d84
7
+ data.tar.gz: f59dd32a03589e53196f25c54b4d3cb61f5dfe90a781c7346d6a2cfee63d242a07f7793c2817917a649d2d3a7770374c06b057a4ceaa5bcca0c68f7fb7093a96
data/CHANGES.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 1.3.0 (2016-07-16)
2
+
3
+ * [#30](https://github.com/square/rails-auth/pull/30)
4
+ Render JSON error responses from Rails::Auth::ErrorPage.
5
+ ([@tarcieri])
6
+
1
7
  ### 1.2.0 (2016-07-11)
2
8
 
3
9
  * [#28](https://github.com/square/rails-auth/pull/28)
data/lib/rails/auth/error_page/middleware.rb CHANGED
@@ -3,17 +3,36 @@ module Rails
3
3
  module ErrorPage
4
4
  # Render an error page in the event Rails::Auth::NotAuthorizedError is raised
5
5
  class Middleware
6
- def initialize(app, page_body: nil)
6
+ def initialize(app, page_body: nil, json_body: { message: "Access denied" })
7
7
  raise TypeError, "page_body must be a String" unless page_body.is_a?(String)
8
8
 
9
9
  @app = app
10
10
  @page_body = page_body.freeze
11
+ @json_body = json_body.to_json
11
12
  end
12
13
 
13
14
  def call(env)
14
15
  @app.call(env)
15
16
  rescue Rails::Auth::NotAuthorizedError
16
- [403, { "Content-Type" => "text/html" }, [@page_body]]
17
+ access_denied(env)
18
+ end
19
+
20
+ private
21
+
22
+ def access_denied(env)
23
+ case response_format(env)
24
+ when :json
25
+ [403, { "X-Powered-By" => "rails-auth", "Content-Type" => "application/json" }, [@json_body]]
26
+ else
27
+ [403, { "X-Powered-By" => "rails-auth", "Content-Type" => "text/html" }, [@page_body]]
28
+ end
29
+ end
30
+
31
+ def response_format(env)
32
+ accept_format = env["HTTP_ACCEPT"]
33
+ return :json if accept_format && accept_format.downcase.start_with?("application/json")
34
+ return :json if env["PATH_INFO"] && env["PATH_INFO"].end_with?(".json")
35
+ nil
17
36
  end
18
37
  end
19
38
  end
data/lib/rails/auth/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module Rails
4
4
  # Pluggable authentication and authorization for Rack/Rails
5
5
  module Auth
6
- VERSION = "1.2.0".freeze
6
+ VERSION = "1.3.0".freeze
7
7
  end
8
8
  end
data/spec/rails/auth/error_page/middleware_spec.rb CHANGED
@@ -4,23 +4,52 @@ RSpec.describe Rails::Auth::ErrorPage::Middleware do
4
4
 
5
5
  subject(:middleware) { described_class.new(app, page_body: error_page) }
6
6
 
7
- context "access granted" do
8
- let(:code) { 200 }
9
- let(:app) { ->(env) { [code, env, "Hello, world!"] } }
7
+ context "unspecified content type" do
8
+ describe "access granted" do
9
+ let(:code) { 200 }
10
+ let(:app) { ->(env) { [code, env, "Hello, world!"] } }
10
11
 
11
- it "renders the expected response" do
12
- response = middleware.call(request)
13
- expect(response.first).to eq code
12
+ it "renders the expected response" do
13
+ response = middleware.call(request)
14
+ expect(response.first).to eq code
15
+ end
16
+ end
17
+
18
+ describe "access denied" do
19
+ let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
20
+
21
+ it "renders the error page" do
22
+ code, _env, body = middleware.call(request)
23
+ expect(code).to eq 403
24
+ expect(body).to eq [error_page]
25
+ end
14
26
  end
15
27
  end
16
28
 
17
- context "access denied" do
18
- let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
29
+ context "JSON content type" do
30
+ let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
31
+ let(:message) { { message: "Access denied" }.to_json }
32
+
33
+ context "via request path" do
34
+ let(:request) { Rack::MockRequest.env_for("https://www.example.com/foobar.json?x=1&y=2") }
35
+
36
+ it "renders a JSON response" do
37
+ code, env, body = middleware.call(request)
38
+ expect(code).to eq 403
39
+ expect(env["Content-Type"]).to eq "application/json"
40
+ expect(body).to eq [message]
41
+ end
42
+ end
43
+
44
+ context "via Accept header" do
45
+ it "renders a JSON response" do
46
+ request["HTTP_ACCEPT"] = "application/json"
19
47
 
20
- it "renders the error page" do
21
- code, _env, body = middleware.call(request)
22
- expect(code).to eq 403
23
- expect(body).to eq [error_page]
48
+ code, env, body = middleware.call(request)
49
+ expect(code).to eq 403
50
+ expect(env["Content-Type"]).to eq "application/json"
51
+ expect(body).to eq [message]
52
+ end
24
53
  end
25
54
  end
26
55
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-07-12 00:00:00.000000000 Z
11
+ date: 2016-07-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack