roda-http-auth 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 707c6d18c0d223fe251b662ed34a1abefa2f72a87444f24f0cb1073c69cf773e
+  data.tar.gz: 3c4e9712114e4f34cc6bea9c8578b865d026880c18aa75535dfd768e20e53d1a
+SHA512:
+  metadata.gz: 006fb23b60c0bb36e7bd776754f5c46d7c7d0c84ca06b71f6be0b2cb6ded0474b48d793617a39953a51ebfe09ebf4477f3b00321877b8933ec0ef98eff56305d
+  data.tar.gz: d9773effd46aaca4d654475e4db4444b694534473ea41df0cf8272603117d9c78b10703aa37514df877393b1df1e023cd03c4d691085577a402f71a6d918d506

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 2.3.1
+  - 2.4.2
+  - 2.5.1
+script: rake test TESTOPTS="-v"

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in roda-basic-auth.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Amadeus Folego
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,129 @@
+# Roda Http Authorization
+
+[![Build Status](https://travis-ci.org/badosu/roda-basic-auth.png)](https://travis-ci.org/badosu/roda-basic-auth)
+
+Add http authorization methods to Roda.
+
+## Configuration
+
+Configure your Roda application to use this plugin:
+
+```ruby
+plugin :http_auth
+```
+
+You can pass global options, in this context they'll be shared between all
+`r.http_auth` calls.
+
+```ruby
+plugin :http_auth, authenticator: proc {|user, pass| [user, pass] == %w[foo bar]},
+                   realm: 'Restricted Area', # default
+                   schemes: %w[basic] # default
+```
+
+### Additional Configuration
+
+The header sent when the user is unauthorized can be configured via
+`unauthorized_headers` option, globally or locally:
+
+```ruby
+unauthorized_headers: proc do |opts|
+  {'Content-Type' => 'text/plain',
+   'Content-Length' => '0',
+   'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm])}
+end, # default
+```
+
+The `unauthorized` option can receive a block to be invoked whenever the user
+is unathorized:
+
+```ruby
+plugin :http_auth, unauthorized: proc do |r|
+  logger.warn("Unathorized attempt to access #{r.path}!!")
+end
+```
+
+## Usage
+
+Call `r.http_auth` inside the routes you want to authenticate the user, it will halt
+the request with 401 response code if the authenticator is false.
+
+An additional `WWW-Authenticate` header is sent as specified on [rfc7235](https://tools.ietf.org/html/rfc7235#section-4.1) and it's realm can be configured.
+
+### Basic Auth
+
+Basic authorization is the default method:
+
+```ruby
+r.http_auth { |user, pass| [user, pass] == %w[foo bar] }
+```
+
+### Schemes
+
+By default authorization schemes are whitelisted, so if you want to use one
+that is not basic auth you must configure it:
+
+```ruby
+plugin :http_auth, schemes: %w[bearer]
+```
+
+You can also whitelist schemes for a specific route:
+
+```ruby
+r.http_auth(schemes: %w[bearer]) { |token| token == '4t0k3n' }
+```
+
+### Scheme: Bearer
+
+When the `Bearer` authorization is scheme is passed, if whitelisted, the token
+is passed to the authenticator:
+
+```ruby
+r.http_auth { |token| token == '4t0k3n' }
+```
+
+### Formatted parameters schemes
+
+For schemes that require formatted params authorization header, like `Digest`,
+the scheme and the parsed params are passed to the authenticator:
+
+```
+# Request
+Authorization: Digest username="Mufasa",
+                      realm="http-auth@example.org",
+                      uri="/dir/index.html",
+                      algorithm=MD5,
+                      nonce="7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v",
+                      nc=00000001,
+                      cnonce="f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ",
+                      qop=auth,
+                      response="8ca523f5e9506fed4657c9700eebdbec",
+                      opaque="FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS"
+```
+
+```ruby
+r.http_auth { |s, p| [s, p['username']] == ['digest', 'Mufasa'] }
+```
+
+## Test
+
+```sh
+bundle exec ruby test/*.rb
+```
+
+## Warden
+
+To avoid having your 401 responses intercepted by warden, you need to configure
+the unauthenticated callback that is called just before the request is halted:
+
+```ruby
+plugin :http_auth, unauthorized: proc {|r| r.env['warden'].custom_failure! }
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/badosu/roda-basic-auth.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |t|
+  t.test_files = FileList['spec/**/*_spec.rb']
+end
+desc "Run tests"
+
+task default: :test

data/lib/roda/plugins/http_auth.rb

@@ -0,0 +1,74 @@
+require "roda"
+require "roda/plugins/http_auth/version"
+
+module Roda::RodaPlugins
+  module HttpAuth
+    DEFAULTS = {
+      realm: "Restricted Area",
+      unauthorized_headers: proc do |opts|
+        {'Content-Type' => 'text/plain',
+         'Content-Length' => '0',
+         'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm])}
+      end,
+      bad_request_headers: proc do |opts|
+        {'Content-Type' => 'text/plain', 'Content-Length' => '0'}
+      end,
+      schemes: %w[basic]
+    }
+
+    def self.configure(app, opts={})
+      plugin_opts = (app.opts[:http_auth] ||= DEFAULTS)
+      app.opts[:http_auth] = plugin_opts.merge(opts)
+      app.opts[:http_auth].freeze
+    end
+
+    module RequestMethods
+      def http_auth(opts={}, &authenticator)
+        auth_opts = roda_class.opts[:http_auth].merge(opts)
+        authenticator ||= auth_opts[:authenticator]
+
+        raise "Must provide an authenticator block" if authenticator.nil?
+
+        begin
+          auth = Rack::Auth::Basic::Request.new(env)
+
+          unless auth.provided? && auth_opts[:schemes].include?(auth.scheme)
+            auth_opts[:unauthorized].call(self) if auth_opts[:unauthorized]
+            halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
+          end
+
+          credentials = if auth.basic?
+                          auth.credentials
+                        elsif auth.scheme == 'bearer'
+                          [env['HTTP_AUTHORIZATION'].strip.split(' ').last]
+                        else
+                          [auth.scheme, _extract_credentials]
+                        end
+
+          if authenticator.call(*credentials)
+            env['REMOTE_USER'] = auth.username
+          else
+            opts[:unauthorized].call(self) if auth_opts[:unauthorized]
+            halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
+          end
+        rescue StandardError
+          halt [400, auth_opts[:bad_request_headers].call(auth_opts), []]
+        end
+      end
+
+      def _extract_credentials
+        authorization = env['HTTP_AUTHORIZATION'].split(' ', 2).last
+        parts = authorization.split(',')
+
+        return parts.first if parts.one? && !parts.first.include?('=')
+
+        key_values = parts.map {|p| p.strip.split(/\=\"?/) }
+                          .map {|k, v| [k, v.chomp('"').gsub(/\\\"/, '"')] }
+
+        Hash[key_values]
+      end
+    end
+  end
+
+  register_plugin(:http_auth, HttpAuth)
+end

data/lib/roda/plugins/http_auth/version.rb

@@ -0,0 +1,7 @@
+class Roda
+  module RodaPlugins
+    module HttpAuth
+      VERSION = "0.1.1"
+    end
+  end
+end

data/roda-http-auth.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'roda/plugins/http_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "roda-http-auth"
+  spec.version       = Roda::RodaPlugins::HttpAuth::VERSION
+  spec.authors       = ["Amadeus Folego"]
+  spec.email         = ["amadeusfolego@gmail.com"]
+
+  spec.summary       = %q{Add http authorization methods to Roda}
+  spec.description   = %q{Add http authorization methods to Roda}
+  spec.homepage      = "https://github.com/badosu/roda-http-auth"
+
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "roda", ">= 2.0", "< 4.0"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "rack-test"
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: roda-http-auth
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Amadeus Folego
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-10-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: roda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Add http authorization methods to Roda
+email:
+- amadeusfolego@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/roda/plugins/http_auth.rb
+- lib/roda/plugins/http_auth/version.rb
+- roda-http-auth.gemspec
+homepage: https://github.com/badosu/roda-http-auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: Add http authorization methods to Roda
+test_files: []