restful_api_authentication 0.1.1 → 0.1.2

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Change History / Release Notes
 
+## Version 0.1.2
+
+* Resolved Issue #2: UUID gem is not required and therefore throws an error when this gem is used.
+* Added some documentation on how to use the master authentication.
+* Updated change history / release notes.
+
+## Version 0.1.1
+
+* Resolved Issue #1: Using authenticated_master? in before filter results in an error
+
 ## Version 0.1.0
 
-Initial release. See README.md for details.
+* Initial release. See README.md for details.

data/README.md

@@ -112,6 +112,17 @@ If you want to protect your entire web service, add those same lines to your App
 
 If the headers are not provided or the application fails to authenticate, your web service will deliver a 401 Unauthorized response.
 
+### Master Authentication
+
+Some web services might require an extra bit of security (creating new RestClients or managing User records). In these cases, you can require "master" authorization. Then, any RestClient with the is_master attribute set to true can use the resources but the others cannot.
+
+Assuming you have authentication setup in your application controller, in the controller that requires master authentication:
+
+```ruby
+skip_before_filter :authenticated?
+before_filter :authenticated_master?
+```
+
 ## Contributing
 
 1. Fork it

data/lib/restful_api_authentication/checker.rb

@@ -23,6 +23,7 @@
 
 module RestfulApiAuthentication
   class Checker
+    # Class attributes which are set when the Rails application is initialized: locally cached version of configuration settings stored in YML file.
     cattr_accessor :header_timestamp, :header_signature, :header_api_key, :time_window
     attr_accessor :http_headers, :request_uri
     

data/lib/restful_api_authentication/version.rb

@@ -22,5 +22,5 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 module RestfulApiAuthentication
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/restful_api_authentication.rb

@@ -24,14 +24,16 @@
 require 'digest'
 require 'chronic'
 require 'rails'
+require 'uuid'
 require File.expand_path('../restful_api_authentication/version.rb', __FILE__)
 require File.expand_path('../restful_api_authentication/checker.rb', __FILE__)
 require File.expand_path('../restful_api_authentication/railtie.rb', __FILE__)
 
 module RestfulApiAuthentication
 
-  # before filter to ensure the request has valid client authentication headers
-  # returns a 401 not authorized if the authentication headers are missing or invalid
+  # This method should be used as a Rails before_filter in any controller in which one wants to ensure requests have valid client authentication headers.
+  #
+  # If the request is not authenticated, it will use the rails respond_with method to send a 401 Unauthorized response.
   def authenticated?
     checker = RestfulApiAuthentication::Checker.new(request.headers, request.fullpath)
     if checker.authorized?
@@ -41,9 +43,11 @@ module RestfulApiAuthentication
     end
   end
 
-  # before filter to ensure the request has valid client authentication headers
-  # client must have is_master flag set to true to pass authentication
-  # returns a 401 not authorized if the authentication headers are missing or invalid
+  # This method should be used as a Rails before_filter in any controller in which one wants to ensure requests have valid client authentication headers and are considered master applications.
+  #
+  # In order to be authenticated, not only do the headers need to be valid but the is_master flag must be true in the associated RestClient model.
+  #
+  # Master accounts can be used for anything you like but are typically reserved for admin specific requests that should only be performed by a limited number of clients.
   def authenticated_master?
     checker = RestfulApiAuthentication::Checker.new(request.headers, request.fullpath)
     if checker.authorized?({:require_master => true})

data/restful_api_authentication.gemspec

@@ -7,7 +7,7 @@ Gem::Specification.new do |gem|
   gem.email         = ["davejkiger@gmail.com"]
   gem.description   = %q{A gem which implements a standard api_key / secret authentication system for your Ruby on Rails RESTful web services.}
   gem.summary       = %q{With most RESTful Web API's, it is important to know which app is using your resources and that only the apps you allow access those resources. This gem allows you to easily add this layer of authentication to any Rails RESTful resource you want, and it even includes protection against various forms of attack.}
-  gem.homepage      = "https://github.com/davejkiger/restful_api_authentication"
+  gem.homepage      = "http://davejkiger.github.com/restful_api_authentication/"
 
   #gem.files         = `git ls-files`.split($\)
   gem.files         = Dir.glob("{bin,lib}/**/*") + %w(CHANGELOG.md Gemfile LICENSE Rakefile README.md restful_api_authentication.gemspec)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: restful_api_authentication
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-23 00:00:00.000000000 Z
+date: 2012-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70109662316800 !ruby/object:Gem::Requirement
+  requirement: &70195976870460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 3.2.0
   type: :runtime
   prerelease: false
-  version_requirements: *70109662316800
+  version_requirements: *70195976870460
 - !ruby/object:Gem::Dependency
   name: uuid
-  requirement: &70109662316020 !ruby/object:Gem::Requirement
+  requirement: &70195976869960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: 2.3.5
   type: :runtime
   prerelease: false
-  version_requirements: *70109662316020
+  version_requirements: *70195976869960
 - !ruby/object:Gem::Dependency
   name: chronic
-  requirement: &70109662315220 !ruby/object:Gem::Requirement
+  requirement: &70195976869480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
         version: 0.6.7
   type: :runtime
   prerelease: false
-  version_requirements: *70109662315220
+  version_requirements: *70195976869480
 description: A gem which implements a standard api_key / secret authentication system
   for your Ruby on Rails RESTful web services.
 email:
@@ -66,7 +66,7 @@ files:
 - Rakefile
 - README.md
 - restful_api_authentication.gemspec
-homepage: https://github.com/davejkiger/restful_api_authentication
+homepage: http://davejkiger.github.com/restful_api_authentication/
 licenses: []
 post_install_message: 
 rdoc_options: []
@@ -94,3 +94,4 @@ summary: With most RESTful Web API's, it is important to know which app is using
   you to easily add this layer of authentication to any Rails RESTful resource you
   want, and it even includes protection against various forms of attack.
 test_files: []
+has_rdoc: