rails-auth 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +6 -0
- data/lib/rails/auth/error_page/middleware.rb +21 -2
- data/lib/rails/auth/version.rb +1 -1
- data/spec/rails/auth/error_page/middleware_spec.rb +41 -12
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c432f32235dc33950f7dcbf27391d078d11f75a7
|
4
|
+
data.tar.gz: 2ba052d755a2e63d84792cfb6d28031481aecbc7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5e39291a8adc7c55bcc2b05dfba07facad0a85ae00b4ff6420e4000687dd8fa5221c034c0b5fff1c49b507552e62c76feb8dc355fab59e2f38270f77e3632d84
|
7
|
+
data.tar.gz: f59dd32a03589e53196f25c54b4d3cb61f5dfe90a781c7346d6a2cfee63d242a07f7793c2817917a649d2d3a7770374c06b057a4ceaa5bcca0c68f7fb7093a96
|
data/CHANGES.md
CHANGED
@@ -3,17 +3,36 @@ module Rails
|
|
3
3
|
module ErrorPage
|
4
4
|
# Render an error page in the event Rails::Auth::NotAuthorizedError is raised
|
5
5
|
class Middleware
|
6
|
-
def initialize(app, page_body: nil)
|
6
|
+
def initialize(app, page_body: nil, json_body: { message: "Access denied" })
|
7
7
|
raise TypeError, "page_body must be a String" unless page_body.is_a?(String)
|
8
8
|
|
9
9
|
@app = app
|
10
10
|
@page_body = page_body.freeze
|
11
|
+
@json_body = json_body.to_json
|
11
12
|
end
|
12
13
|
|
13
14
|
def call(env)
|
14
15
|
@app.call(env)
|
15
16
|
rescue Rails::Auth::NotAuthorizedError
|
16
|
-
|
17
|
+
access_denied(env)
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
def access_denied(env)
|
23
|
+
case response_format(env)
|
24
|
+
when :json
|
25
|
+
[403, { "X-Powered-By" => "rails-auth", "Content-Type" => "application/json" }, [@json_body]]
|
26
|
+
else
|
27
|
+
[403, { "X-Powered-By" => "rails-auth", "Content-Type" => "text/html" }, [@page_body]]
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def response_format(env)
|
32
|
+
accept_format = env["HTTP_ACCEPT"]
|
33
|
+
return :json if accept_format && accept_format.downcase.start_with?("application/json")
|
34
|
+
return :json if env["PATH_INFO"] && env["PATH_INFO"].end_with?(".json")
|
35
|
+
nil
|
17
36
|
end
|
18
37
|
end
|
19
38
|
end
|
data/lib/rails/auth/version.rb
CHANGED
@@ -4,23 +4,52 @@ RSpec.describe Rails::Auth::ErrorPage::Middleware do
|
|
4
4
|
|
5
5
|
subject(:middleware) { described_class.new(app, page_body: error_page) }
|
6
6
|
|
7
|
-
context "
|
8
|
-
|
9
|
-
|
7
|
+
context "unspecified content type" do
|
8
|
+
describe "access granted" do
|
9
|
+
let(:code) { 200 }
|
10
|
+
let(:app) { ->(env) { [code, env, "Hello, world!"] } }
|
10
11
|
|
11
|
-
|
12
|
-
|
13
|
-
|
12
|
+
it "renders the expected response" do
|
13
|
+
response = middleware.call(request)
|
14
|
+
expect(response.first).to eq code
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
describe "access denied" do
|
19
|
+
let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
|
20
|
+
|
21
|
+
it "renders the error page" do
|
22
|
+
code, _env, body = middleware.call(request)
|
23
|
+
expect(code).to eq 403
|
24
|
+
expect(body).to eq [error_page]
|
25
|
+
end
|
14
26
|
end
|
15
27
|
end
|
16
28
|
|
17
|
-
context "
|
18
|
-
let(:app)
|
29
|
+
context "JSON content type" do
|
30
|
+
let(:app) { ->(_env) { raise(Rails::Auth::NotAuthorizedError, "not authorized!") } }
|
31
|
+
let(:message) { { message: "Access denied" }.to_json }
|
32
|
+
|
33
|
+
context "via request path" do
|
34
|
+
let(:request) { Rack::MockRequest.env_for("https://www.example.com/foobar.json?x=1&y=2") }
|
35
|
+
|
36
|
+
it "renders a JSON response" do
|
37
|
+
code, env, body = middleware.call(request)
|
38
|
+
expect(code).to eq 403
|
39
|
+
expect(env["Content-Type"]).to eq "application/json"
|
40
|
+
expect(body).to eq [message]
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
context "via Accept header" do
|
45
|
+
it "renders a JSON response" do
|
46
|
+
request["HTTP_ACCEPT"] = "application/json"
|
19
47
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
48
|
+
code, env, body = middleware.call(request)
|
49
|
+
expect(code).to eq 403
|
50
|
+
expect(env["Content-Type"]).to eq "application/json"
|
51
|
+
expect(body).to eq [message]
|
52
|
+
end
|
24
53
|
end
|
25
54
|
end
|
26
55
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tony Arcieri
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-07-
|
11
|
+
date: 2016-07-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|