restful_api_authentication 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,15 @@
|
|
1
1
|
# Change History / Release Notes
|
2
2
|
|
3
|
+
## Version 0.1.2
|
4
|
+
|
5
|
+
* Resolved Issue #2: UUID gem is not required and therefore throws an error when this gem is used.
|
6
|
+
* Added some documentation on how to use the master authentication.
|
7
|
+
* Updated change history / release notes.
|
8
|
+
|
9
|
+
## Version 0.1.1
|
10
|
+
|
11
|
+
* Resolved Issue #1: Using authenticated_master? in before filter results in an error
|
12
|
+
|
3
13
|
## Version 0.1.0
|
4
14
|
|
5
|
-
Initial release. See README.md for details.
|
15
|
+
* Initial release. See README.md for details.
|
data/README.md
CHANGED
@@ -112,6 +112,17 @@ If you want to protect your entire web service, add those same lines to your App
|
|
112
112
|
|
113
113
|
If the headers are not provided or the application fails to authenticate, your web service will deliver a 401 Unauthorized response.
|
114
114
|
|
115
|
+
### Master Authentication
|
116
|
+
|
117
|
+
Some web services might require an extra bit of security (creating new RestClients or managing User records). In these cases, you can require "master" authorization. Then, any RestClient with the is_master attribute set to true can use the resources but the others cannot.
|
118
|
+
|
119
|
+
Assuming you have authentication setup in your application controller, in the controller that requires master authentication:
|
120
|
+
|
121
|
+
```ruby
|
122
|
+
skip_before_filter :authenticated?
|
123
|
+
before_filter :authenticated_master?
|
124
|
+
```
|
125
|
+
|
115
126
|
## Contributing
|
116
127
|
|
117
128
|
1. Fork it
|
@@ -23,6 +23,7 @@
|
|
23
23
|
|
24
24
|
module RestfulApiAuthentication
|
25
25
|
class Checker
|
26
|
+
# Class attributes which are set when the Rails application is initialized: locally cached version of configuration settings stored in YML file.
|
26
27
|
cattr_accessor :header_timestamp, :header_signature, :header_api_key, :time_window
|
27
28
|
attr_accessor :http_headers, :request_uri
|
28
29
|
|
@@ -24,14 +24,16 @@
|
|
24
24
|
require 'digest'
|
25
25
|
require 'chronic'
|
26
26
|
require 'rails'
|
27
|
+
require 'uuid'
|
27
28
|
require File.expand_path('../restful_api_authentication/version.rb', __FILE__)
|
28
29
|
require File.expand_path('../restful_api_authentication/checker.rb', __FILE__)
|
29
30
|
require File.expand_path('../restful_api_authentication/railtie.rb', __FILE__)
|
30
31
|
|
31
32
|
module RestfulApiAuthentication
|
32
33
|
|
33
|
-
#
|
34
|
-
#
|
34
|
+
# This method should be used as a Rails before_filter in any controller in which one wants to ensure requests have valid client authentication headers.
|
35
|
+
#
|
36
|
+
# If the request is not authenticated, it will use the rails respond_with method to send a 401 Unauthorized response.
|
35
37
|
def authenticated?
|
36
38
|
checker = RestfulApiAuthentication::Checker.new(request.headers, request.fullpath)
|
37
39
|
if checker.authorized?
|
@@ -41,9 +43,11 @@ module RestfulApiAuthentication
|
|
41
43
|
end
|
42
44
|
end
|
43
45
|
|
44
|
-
#
|
45
|
-
#
|
46
|
-
#
|
46
|
+
# This method should be used as a Rails before_filter in any controller in which one wants to ensure requests have valid client authentication headers and are considered master applications.
|
47
|
+
#
|
48
|
+
# In order to be authenticated, not only do the headers need to be valid but the is_master flag must be true in the associated RestClient model.
|
49
|
+
#
|
50
|
+
# Master accounts can be used for anything you like but are typically reserved for admin specific requests that should only be performed by a limited number of clients.
|
47
51
|
def authenticated_master?
|
48
52
|
checker = RestfulApiAuthentication::Checker.new(request.headers, request.fullpath)
|
49
53
|
if checker.authorized?({:require_master => true})
|
@@ -7,7 +7,7 @@ Gem::Specification.new do |gem|
|
|
7
7
|
gem.email = ["davejkiger@gmail.com"]
|
8
8
|
gem.description = %q{A gem which implements a standard api_key / secret authentication system for your Ruby on Rails RESTful web services.}
|
9
9
|
gem.summary = %q{With most RESTful Web API's, it is important to know which app is using your resources and that only the apps you allow access those resources. This gem allows you to easily add this layer of authentication to any Rails RESTful resource you want, and it even includes protection against various forms of attack.}
|
10
|
-
gem.homepage = "
|
10
|
+
gem.homepage = "http://davejkiger.github.com/restful_api_authentication/"
|
11
11
|
|
12
12
|
#gem.files = `git ls-files`.split($\)
|
13
13
|
gem.files = Dir.glob("{bin,lib}/**/*") + %w(CHANGELOG.md Gemfile LICENSE Rakefile README.md restful_api_authentication.gemspec)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: restful_api_authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-04
|
12
|
+
date: 2012-05-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
16
|
-
requirement: &
|
16
|
+
requirement: &70195976870460 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 3.2.0
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70195976870460
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: uuid
|
27
|
-
requirement: &
|
27
|
+
requirement: &70195976869960 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 2.3.5
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70195976869960
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: chronic
|
38
|
-
requirement: &
|
38
|
+
requirement: &70195976869480 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
version: 0.6.7
|
44
44
|
type: :runtime
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *70195976869480
|
47
47
|
description: A gem which implements a standard api_key / secret authentication system
|
48
48
|
for your Ruby on Rails RESTful web services.
|
49
49
|
email:
|
@@ -66,7 +66,7 @@ files:
|
|
66
66
|
- Rakefile
|
67
67
|
- README.md
|
68
68
|
- restful_api_authentication.gemspec
|
69
|
-
homepage:
|
69
|
+
homepage: http://davejkiger.github.com/restful_api_authentication/
|
70
70
|
licenses: []
|
71
71
|
post_install_message:
|
72
72
|
rdoc_options: []
|
@@ -94,3 +94,4 @@ summary: With most RESTful Web API's, it is important to know which app is using
|
|
94
94
|
you to easily add this layer of authentication to any Rails RESTful resource you
|
95
95
|
want, and it even includes protection against various forms of attack.
|
96
96
|
test_files: []
|
97
|
+
has_rdoc:
|