restful_api_authentication 0.2.3 → 0.3.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    YzhiYTFiNWY3ODVjMTAyMWU3YWMyZWFjZTI2MzI3MThkZDRjMTQxMQ==
+  data.tar.gz: !binary |-
+    YmZmZTM0NDhlMzZmZDgzMTFjMGQ1MTdlZDMyMTNjYTVlNjExNTA2OA==
+SHA512:
+  metadata.gz: !binary |-
+    MDZiNWUwNWMwNmU4ZDRkNzJjODlmYmJhNjhiZTc4MjdiNzBhZjBjYzBkZTU3
+    ZWIxYjAyOWFhOWZmZTNkNDEyYjY2YTdjYzVjOGIzYmI4Njg0ZWI2MDhjM2Ex
+    NGI3NmYzNjlkM2ZmOGZlZDc2YTE2ZmMxMGI2ODkyNjY3NzE2MjI=
+  data.tar.gz: !binary |-
+    ZjUzZDhkZWRkMmIyODU5ZDdhNTFlZWMwZmJhZmVlN2IyMzUwZGQxNTdkMTA1
+    YTVkODEzMTVjNjc0Y2NlNDIyODgyNThkYTkwOWQ1YjgwMDEyOWJlNmU0Nzdk
+    MmRkMGMyMTI0MTdjYzAwOWRmMTZhZWY3MjM2MDJiNDU3OTZhOGQ=

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Change History / Release Notes
 
+## Version 0.3.0
+* Added an is_disabled flag to the RestClient model. This allows clients to be disabled without deleting them from the database, so their credentials remain if you ever want to enable them in the future.
+
 ## Version 0.2.2
 * Closed Issue #5 - Improperly formatted timestamps result in an uncaught exception
 

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012 David Kiger
+Copyright (c) 2012-2013 David Kiger
 
 MIT License
 
@@ -19,4 +19,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/generators/restful_api_authentication/install/templates/create_rest_client.rb

@@ -6,6 +6,7 @@ class CreateRestClient < ActiveRecord::Migration
       t.string :api_key
       t.string :secret
       t.boolean :is_master
+      t.boolean :disabled
       t.timestamps
     end
   end

data/lib/generators/restful_api_authentication/install/templates/rest_client.rb

@@ -30,6 +30,7 @@ class RestClient < ActiveRecord::Base
       self.gen_api_key if self.api_key.nil? || self.api_key == ""
       self.gen_secret if self.secret.nil? || self.secret == ""
       self.is_master = false if self.is_master.nil?
+      self.is_disabled = false if self.is_disabled.nil?
       return true
     end
 

data/lib/generators/restful_api_authentication/install/templates/restful_api_authentication.yml

@@ -1,4 +1,5 @@
 defaults: &DEFAULTS
+  disabled_message: "This client is currently disabled and cannot make calls to this API."
   request_window: 10    # request window in minutes - between 5 and 10 is usually best; must be at least 2
   verbose_errors: false # if false, error response will always be "not authorized", otherwise it will be more descriptive of why authentication failed
   header_names:         # names of HTTP headers that must be sent on all requests requiring authentication

data/lib/restful_api_authentication/checker.rb

@@ -24,7 +24,7 @@
 module RestfulApiAuthentication
   class Checker
     # Class attributes which are set when the Rails application is initialized: locally cached version of configuration settings stored in YML file.
-    cattr_accessor :header_timestamp, :header_signature, :header_api_key, :time_window, :verbose_errors
+    cattr_accessor :header_timestamp, :header_signature, :header_api_key, :time_window, :verbose_errors, :disabled_message
     attr_accessor :http_headers, :request_uri, :errors
     
     def initialize(http_headers, request_uri)
@@ -35,11 +35,15 @@ module RestfulApiAuthentication
 
     # Checks if the current request passes authorization
     def authorized?(options = {})
-      raise "Configuration values not found. Please run rails g restful_api_authentication:install to generate a config file." if @@header_timestamp.nil? || @@header_signature.nil? || @@header_api_key.nil? || @@time_window.nil?
+      raise "Configuration values not found. Please run rails g restful_api_authentication:install to generate a config file." if @@header_timestamp.nil? || @@header_signature.nil? || @@header_api_key.nil? || @@time_window.nil? || @@disabled_message.nil?
       return_val = false
       if headers_have_values?
         if in_time_window?
           if test_hash.downcase == @http_headers[@@header_signature].downcase
+            if is_disabled?
+              @errors << @@disabled_message
+              return false
+            end
             if options[:require_master] == true
               if is_master?
                 return_val = true
@@ -66,6 +70,14 @@ module RestfulApiAuthentication
 
     private
 
+      # determines if a RestClient is disabled or not
+      def is_disabled?
+        client = RestClient.where(:api_key => @http_headers[@@header_api_key]).first
+        return true if client.nil?
+        return false if client.is_disabled.nil?
+        client.is_disabled
+      end
+
       # determines if a RestClient has master privileges or not
       def is_master?
         client = RestClient.where(:api_key => @http_headers[@@header_api_key]).first

data/lib/restful_api_authentication/railtie.rb

@@ -29,9 +29,11 @@ module RestfulApiAuthentication
       RestfulApiAuthentication::Checker.header_signature = 'x-signature'
       RestfulApiAuthentication::Checker.header_api_key   = 'x-api-key'
       RestfulApiAuthentication::Checker.verbose_errors   = false
+      RestfulApiAuthentication::Checker.disabled_message = 'This client is disabled and cannot make calls to this API.'
       if File.exists? Rails.root.join('config', 'restful_api_authentication.yml')
         begin
           config_data = YAML::load_file(Rails.root.join('config', 'restful_api_authentication.yml'))[Rails.env]
+          RestfulApiAuthentication::Checker.disabled_message = config_data['disabled_message'] unless config_data['disabled_message'].nil?
           RestfulApiAuthentication::Checker.time_window      = config_data['request_window'].to_i unless config_data['request_window'].nil?
           RestfulApiAuthentication::Checker.header_timestamp = config_data['header_names']['timestamp'] unless config_data['header_names'].nil? or config_data['header_names']['timestamp'].nil?
           RestfulApiAuthentication::Checker.header_signature = config_data['header_names']['signature'] unless config_data['header_names'].nil? or config_data['header_names']['signature'].nil?

data/lib/restful_api_authentication/version.rb

@@ -22,5 +22,5 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 module RestfulApiAuthentication
-  VERSION = "0.2.3"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,49 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: restful_api_authentication
 version: !ruby/object:Gem::Version
-  version: 0.2.3
-  prerelease: 
+  version: 0.3.0
 platform: ruby
 authors:
 - Dave Kiger
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-13 00:00:00.000000000 Z
+date: 2013-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70257440207460 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.0
   type: :runtime
   prerelease: false
-  version_requirements: *70257440207460
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: uuid
-  requirement: &70257440206640 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 2.3.5
   type: :runtime
   prerelease: false
-  version_requirements: *70257440206640
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.3.5
 - !ruby/object:Gem::Dependency
   name: chronic
-  requirement: &70257440205960 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.6.7
   type: :runtime
   prerelease: false
-  version_requirements: *70257440205960
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.6.7
 description: A gem which implements a standard api_key / secret authentication system
   for your Ruby on Rails RESTful web services.
 email:
@@ -68,30 +76,28 @@ files:
 - restful_api_authentication.gemspec
 homepage: http://davejkiger.github.com/restful_api_authentication/
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.17
+rubygems_version: 2.1.10
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: With most RESTful Web API's, it is important to know which app is using your
   resources and that only the apps you allow access those resources. This gem allows
   you to easily add this layer of authentication to any Rails RESTful resource you
   want, and it even includes protection against various forms of attack.
 test_files: []
-has_rdoc: