roda-http-auth 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 707c6d18c0d223fe251b662ed34a1abefa2f72a87444f24f0cb1073c69cf773e
4
+ data.tar.gz: 3c4e9712114e4f34cc6bea9c8578b865d026880c18aa75535dfd768e20e53d1a
5
+ SHA512:
6
+ metadata.gz: 006fb23b60c0bb36e7bd776754f5c46d7c7d0c84ca06b71f6be0b2cb6ded0474b48d793617a39953a51ebfe09ebf4477f3b00321877b8933ec0ef98eff56305d
7
+ data.tar.gz: d9773effd46aaca4d654475e4db4444b694534473ea41df0cf8272603117d9c78b10703aa37514df877393b1df1e023cd03c4d691085577a402f71a6d918d506
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.travis.yml ADDED
@@ -0,0 +1,6 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.3.1
4
+ - 2.4.2
5
+ - 2.5.1
6
+ script: rake test TESTOPTS="-v"
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in roda-basic-auth.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2016 Amadeus Folego
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,129 @@
1
+ # Roda Http Authorization
2
+
3
+ [![Build Status](https://travis-ci.org/badosu/roda-basic-auth.png)](https://travis-ci.org/badosu/roda-basic-auth)
4
+
5
+ Add http authorization methods to Roda.
6
+
7
+ ## Configuration
8
+
9
+ Configure your Roda application to use this plugin:
10
+
11
+ ```ruby
12
+ plugin :http_auth
13
+ ```
14
+
15
+ You can pass global options, in this context they'll be shared between all
16
+ `r.http_auth` calls.
17
+
18
+ ```ruby
19
+ plugin :http_auth, authenticator: proc {|user, pass| [user, pass] == %w[foo bar]},
20
+ realm: 'Restricted Area', # default
21
+ schemes: %w[basic] # default
22
+ ```
23
+
24
+ ### Additional Configuration
25
+
26
+ The header sent when the user is unauthorized can be configured via
27
+ `unauthorized_headers` option, globally or locally:
28
+
29
+ ```ruby
30
+ unauthorized_headers: proc do |opts|
31
+ {'Content-Type' => 'text/plain',
32
+ 'Content-Length' => '0',
33
+ 'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm])}
34
+ end, # default
35
+ ```
36
+
37
+ The `unauthorized` option can receive a block to be invoked whenever the user
38
+ is unathorized:
39
+
40
+ ```ruby
41
+ plugin :http_auth, unauthorized: proc do |r|
42
+ logger.warn("Unathorized attempt to access #{r.path}!!")
43
+ end
44
+ ```
45
+
46
+ ## Usage
47
+
48
+ Call `r.http_auth` inside the routes you want to authenticate the user, it will halt
49
+ the request with 401 response code if the authenticator is false.
50
+
51
+ An additional `WWW-Authenticate` header is sent as specified on [rfc7235](https://tools.ietf.org/html/rfc7235#section-4.1) and it's realm can be configured.
52
+
53
+ ### Basic Auth
54
+
55
+ Basic authorization is the default method:
56
+
57
+ ```ruby
58
+ r.http_auth { |user, pass| [user, pass] == %w[foo bar] }
59
+ ```
60
+
61
+ ### Schemes
62
+
63
+ By default authorization schemes are whitelisted, so if you want to use one
64
+ that is not basic auth you must configure it:
65
+
66
+ ```ruby
67
+ plugin :http_auth, schemes: %w[bearer]
68
+ ```
69
+
70
+ You can also whitelist schemes for a specific route:
71
+
72
+ ```ruby
73
+ r.http_auth(schemes: %w[bearer]) { |token| token == '4t0k3n' }
74
+ ```
75
+
76
+ ### Scheme: Bearer
77
+
78
+ When the `Bearer` authorization is scheme is passed, if whitelisted, the token
79
+ is passed to the authenticator:
80
+
81
+ ```ruby
82
+ r.http_auth { |token| token == '4t0k3n' }
83
+ ```
84
+
85
+ ### Formatted parameters schemes
86
+
87
+ For schemes that require formatted params authorization header, like `Digest`,
88
+ the scheme and the parsed params are passed to the authenticator:
89
+
90
+ ```
91
+ # Request
92
+ Authorization: Digest username="Mufasa",
93
+ realm="http-auth@example.org",
94
+ uri="/dir/index.html",
95
+ algorithm=MD5,
96
+ nonce="7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v",
97
+ nc=00000001,
98
+ cnonce="f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ",
99
+ qop=auth,
100
+ response="8ca523f5e9506fed4657c9700eebdbec",
101
+ opaque="FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS"
102
+ ```
103
+
104
+ ```ruby
105
+ r.http_auth { |s, p| [s, p['username']] == ['digest', 'Mufasa'] }
106
+ ```
107
+
108
+ ## Test
109
+
110
+ ```sh
111
+ bundle exec ruby test/*.rb
112
+ ```
113
+
114
+ ## Warden
115
+
116
+ To avoid having your 401 responses intercepted by warden, you need to configure
117
+ the unauthenticated callback that is called just before the request is halted:
118
+
119
+ ```ruby
120
+ plugin :http_auth, unauthorized: proc {|r| r.env['warden'].custom_failure! }
121
+ ```
122
+
123
+ ## Contributing
124
+
125
+ Bug reports and pull requests are welcome on GitHub at https://github.com/badosu/roda-basic-auth.
126
+
127
+ ## License
128
+
129
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,9 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.test_files = FileList['spec/**/*_spec.rb']
6
+ end
7
+ desc "Run tests"
8
+
9
+ task default: :test
@@ -0,0 +1,74 @@
1
+ require "roda"
2
+ require "roda/plugins/http_auth/version"
3
+
4
+ module Roda::RodaPlugins
5
+ module HttpAuth
6
+ DEFAULTS = {
7
+ realm: "Restricted Area",
8
+ unauthorized_headers: proc do |opts|
9
+ {'Content-Type' => 'text/plain',
10
+ 'Content-Length' => '0',
11
+ 'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm])}
12
+ end,
13
+ bad_request_headers: proc do |opts|
14
+ {'Content-Type' => 'text/plain', 'Content-Length' => '0'}
15
+ end,
16
+ schemes: %w[basic]
17
+ }
18
+
19
+ def self.configure(app, opts={})
20
+ plugin_opts = (app.opts[:http_auth] ||= DEFAULTS)
21
+ app.opts[:http_auth] = plugin_opts.merge(opts)
22
+ app.opts[:http_auth].freeze
23
+ end
24
+
25
+ module RequestMethods
26
+ def http_auth(opts={}, &authenticator)
27
+ auth_opts = roda_class.opts[:http_auth].merge(opts)
28
+ authenticator ||= auth_opts[:authenticator]
29
+
30
+ raise "Must provide an authenticator block" if authenticator.nil?
31
+
32
+ begin
33
+ auth = Rack::Auth::Basic::Request.new(env)
34
+
35
+ unless auth.provided? && auth_opts[:schemes].include?(auth.scheme)
36
+ auth_opts[:unauthorized].call(self) if auth_opts[:unauthorized]
37
+ halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
38
+ end
39
+
40
+ credentials = if auth.basic?
41
+ auth.credentials
42
+ elsif auth.scheme == 'bearer'
43
+ [env['HTTP_AUTHORIZATION'].strip.split(' ').last]
44
+ else
45
+ [auth.scheme, _extract_credentials]
46
+ end
47
+
48
+ if authenticator.call(*credentials)
49
+ env['REMOTE_USER'] = auth.username
50
+ else
51
+ opts[:unauthorized].call(self) if auth_opts[:unauthorized]
52
+ halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
53
+ end
54
+ rescue StandardError
55
+ halt [400, auth_opts[:bad_request_headers].call(auth_opts), []]
56
+ end
57
+ end
58
+
59
+ def _extract_credentials
60
+ authorization = env['HTTP_AUTHORIZATION'].split(' ', 2).last
61
+ parts = authorization.split(',')
62
+
63
+ return parts.first if parts.one? && !parts.first.include?('=')
64
+
65
+ key_values = parts.map {|p| p.strip.split(/\=\"?/) }
66
+ .map {|k, v| [k, v.chomp('"').gsub(/\\\"/, '"')] }
67
+
68
+ Hash[key_values]
69
+ end
70
+ end
71
+ end
72
+
73
+ register_plugin(:http_auth, HttpAuth)
74
+ end
@@ -0,0 +1,7 @@
1
+ class Roda
2
+ module RodaPlugins
3
+ module HttpAuth
4
+ VERSION = "0.1.1"
5
+ end
6
+ end
7
+ end
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'roda/plugins/http_auth/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "roda-http-auth"
8
+ spec.version = Roda::RodaPlugins::HttpAuth::VERSION
9
+ spec.authors = ["Amadeus Folego"]
10
+ spec.email = ["amadeusfolego@gmail.com"]
11
+
12
+ spec.summary = %q{Add http authorization methods to Roda}
13
+ spec.description = %q{Add http authorization methods to Roda}
14
+ spec.homepage = "https://github.com/badosu/roda-http-auth"
15
+
16
+ spec.license = "MIT"
17
+
18
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_dependency "roda", ">= 2.0", "< 4.0"
22
+ spec.add_development_dependency "pry"
23
+ spec.add_development_dependency "bundler", "~> 1.11"
24
+ spec.add_development_dependency "rake", "~> 12.3"
25
+ spec.add_development_dependency "minitest"
26
+ spec.add_development_dependency "rack-test"
27
+ end
metadata ADDED
@@ -0,0 +1,143 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: roda-http-auth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
+ platform: ruby
6
+ authors:
7
+ - Amadeus Folego
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-10-02 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: roda
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '4.0'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '2.0'
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '4.0'
33
+ - !ruby/object:Gem::Dependency
34
+ name: pry
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ type: :development
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ name: bundler
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '1.11'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '1.11'
61
+ - !ruby/object:Gem::Dependency
62
+ name: rake
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '12.3'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: '12.3'
75
+ - !ruby/object:Gem::Dependency
76
+ name: minitest
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - ">="
80
+ - !ruby/object:Gem::Version
81
+ version: '0'
82
+ type: :development
83
+ prerelease: false
84
+ version_requirements: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
89
+ - !ruby/object:Gem::Dependency
90
+ name: rack-test
91
+ requirement: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ type: :development
97
+ prerelease: false
98
+ version_requirements: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
103
+ description: Add http authorization methods to Roda
104
+ email:
105
+ - amadeusfolego@gmail.com
106
+ executables: []
107
+ extensions: []
108
+ extra_rdoc_files: []
109
+ files:
110
+ - ".gitignore"
111
+ - ".travis.yml"
112
+ - Gemfile
113
+ - LICENSE.txt
114
+ - README.md
115
+ - Rakefile
116
+ - lib/roda/plugins/http_auth.rb
117
+ - lib/roda/plugins/http_auth/version.rb
118
+ - roda-http-auth.gemspec
119
+ homepage: https://github.com/badosu/roda-http-auth
120
+ licenses:
121
+ - MIT
122
+ metadata: {}
123
+ post_install_message:
124
+ rdoc_options: []
125
+ require_paths:
126
+ - lib
127
+ required_ruby_version: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ required_rubygems_version: !ruby/object:Gem::Requirement
133
+ requirements:
134
+ - - ">="
135
+ - !ruby/object:Gem::Version
136
+ version: '0'
137
+ requirements: []
138
+ rubyforge_project:
139
+ rubygems_version: 2.7.3
140
+ signing_key:
141
+ specification_version: 4
142
+ summary: Add http authorization methods to Roda
143
+ test_files: []