RubyGems - roda-http-auth - Versions diffs - 0.1.2 → 0.2.0 - Mend

roda-http-auth 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +45 -39
data/lib/roda/plugins/http_auth.rb +32 -38
data/lib/roda/plugins/http_auth/version.rb +1 -1
data/roda-http-auth.gemspec +1 -0
metadata +16 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0219bd5bc76baaeaf48e1e31d6a951dca87af4fa906af38c00099b5b8150871c'
-  data.tar.gz: '0748fa0ac12041e995e2ee96baa02ef433d981c29be9f732eb3b0eb7222a879f'
+  metadata.gz: 1ff92568175fbe77129586e375501c1ef08a420b766a6f841d51f46c86c70db6
+  data.tar.gz: 893b85397675601e3521ab339a9fd047c76c0d8ebdcaee7e8290bffc6ec62618
 SHA512:
-  metadata.gz: c365f2fbbf94606c0995f7b1138f4a566f44e2340d304998132671cbde59974e50fac5fb9ecc4ec54c4e1a53320902c3207f1066c09443bf794eb52311d896f7
-  data.tar.gz: be1d27037cc49e10b867acdba4ee8d7307cceb7447748fc2625afdec779a1c36a44ef877bac9ab86e6835f15f5c66202f98bba5475e5f660c6c78a2381117c1e
+  metadata.gz: 1271d1c2d504363e7db7e067e2510eb4b61a2c544126b15ae5047a5135463e43b7aa35aa29db4377622aefdeea7f7b01ec8be32c1ec198500bbc937d9d98cc9c
+  data.tar.gz: cdc56c9d35aca78604ee22731443c5abd375401e324cec44a0d036cad3f576cfeb09ce20ac927771d8cd61dc5bdf4c2d9a96b16282d9949994db0730c688781f

data/README.md CHANGED

@@ -1,6 +1,6 @@
 # Roda Http Authorization
-[![Build Status](https://travis-ci.org/badosu/roda-basic-auth.png)](https://travis-ci.org/badosu/roda-basic-auth)
+[![Build Status](https://travis-ci.org/badosu/roda-http-auth.png)](https://travis-ci.org/badosu/roda-http-auth)
 Add http authorization methods to Roda.
@@ -13,49 +13,42 @@ plugin :http_auth
 ```
 You can pass global options, in this context they'll be shared between all
-`r.http_auth` calls.
+`http_auth` calls.
 ```ruby
-plugin :http_auth, authenticator: proc {|user, pass| [user, pass] == %w[foo bar]},
+plugin :http_auth, authenticator: ->(user, pass) { [user, pass] == %w[foo bar] },
                    realm: 'Restricted Area', # default
                    schemes: %w[basic] # default
 ```
-### Additional Configuration
+## Usage
-The header sent when the user is unauthorized can be configured via
-`unauthorized_headers` option, globally or locally:
+Call `http_auth` inside the routes you want to authenticate the user, it will halt
+the request with an empty response with status 401 if the authenticator is false.
-```ruby
-unauthorized_headers: proc do |opts|
-  {'Content-Type' => 'text/plain',
-   'Content-Length' => '0',
-   'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm])}
-end, # default
-```
-The `unauthorized` option can receive a block to be invoked whenever the user
-is unathorized:
+You can provide an `unauthorized` block to be invoked whenever the user is
+unathorized, it's executed in the context of the instance:
 ```ruby
-plugin :http_auth, unauthorized: proc do |r|
-  logger.warn("Unathorized attempt to access #{r.path}!!")
-end
-```
+plugin :http_auth, unauthorized: -> { view('401.html') }
-## Usage
+# ...
-Call `r.http_auth` inside the routes you want to authenticate the user, it will halt
-the request with 401 response code if the authenticator is false.
+r.root do
+  http_auth {|u, p| [u, p] == %w[foo bar] }
-An additional `WWW-Authenticate` header is sent as specified on [rfc7235](https://tools.ietf.org/html/rfc7235#section-4.1) and it's realm can be configured.
+  "If you can see this you were authorized! \
+   Otherwise you'll be served with the 401.html.erb template"
+end
+```
 ### Basic Auth
 Basic authorization is the default method:
 ```ruby
-r.http_auth { |user, pass| [user, pass] == %w[foo bar] }
+# Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+http_auth { |user, pass| [user, pass] == ['Aladdin', 'open sesame'] }
 ```
 ### Schemes
@@ -70,19 +63,20 @@ plugin :http_auth, schemes: %w[bearer]
 You can also whitelist schemes for a specific route:
 ```ruby
-r.http_auth(schemes: %w[bearer]) { |token| token == '4t0k3n' }
+http_auth(schemes: %w[bearer]) { |token| token == '4t0k3n' }
 ```
 ### Scheme: Bearer
-When the `Bearer` authorization is scheme is passed, if whitelisted, the token
-is passed to the authenticator:
+When the `Bearer` scheme is passed, if whitelisted, the token is passed to
+the authenticator:
 ```ruby
-r.http_auth { |token| token == '4t0k3n' }
+# Authorization: Bearer 4t0k3n
+http_auth { |token| token == '4t0k3n' }
 ```
-### Formatted parameters schemes
+### Schemes with formatted parameters
 For schemes that require formatted params authorization header, like `Digest`,
 the scheme and the parsed params are passed to the authenticator:
@@ -102,13 +96,7 @@ Authorization: Digest username="Mufasa",
 ```
 ```ruby
-r.http_auth { |s, p| [s, p['username']] == ['digest', 'Mufasa'] }
-```
-## Test
-```sh
-bundle exec ruby test/*.rb
+http_auth { |s, p| [s, p['username']] == ['digest', 'Mufasa'] }
 ```
 ## Warden
@@ -117,12 +105,30 @@ To avoid having your 401 responses intercepted by warden, you need to configure
 the unauthenticated callback that is called just before the request is halted:
 ```ruby
-plugin :http_auth, unauthorized: proc {|r| r.env['warden'].custom_failure! }
+plugin :http_auth, unauthorized: -> { env['warden'].custom_failure! }
+```
+## Additional Configuration
+The header sent when the user is unauthorized can be configured via
+`unauthorized_headers` and `realm` options, globally or locally:
+```ruby
+unauthorized_headers: ->(opts) do
+  { 'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm]) }
+end, # default
+realm: "Restricted Area", # default
+```
+## Test
+```sh
+bundle exec ruby spec/*_spec.rb
 ```
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/badosu/roda-basic-auth.
+Bug reports and pull requests are welcome on GitHub at https://github.com/badosu/roda-http-auth.
 ## License

data/lib/roda/plugins/http_auth.rb CHANGED

@@ -5,14 +5,10 @@ module Roda::RodaPlugins
   module HttpAuth
     DEFAULTS = {
       realm: "Restricted Area",
-      unauthorized_headers: proc do |opts|
-        {'Content-Type' => 'text/plain',
-         'Content-Length' => '0',
-         'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm])}
-      end,
-      bad_request_headers: proc do |opts|
-        {'Content-Type' => 'text/plain', 'Content-Length' => '0'}
+      unauthorized_headers: ->(opts) do
+        { 'WWW-Authenticate' => ('Basic realm="%s"' % opts[:realm]) }
       end,
+      unauthorized: ->(r) {},
       schemes: %w[basic]
     }
@@ -22,50 +18,48 @@ module Roda::RodaPlugins
       app.opts[:http_auth].freeze
     end
-    module RequestMethods
+    module InstanceMethods
       def http_auth(opts={}, &authenticator)
-        auth_opts = roda_class.opts[:http_auth].merge(opts)
+        auth_opts = request.roda_class.opts[:http_auth].merge(opts)
         authenticator ||= auth_opts[:authenticator]
         raise "Must provide an authenticator block" if authenticator.nil?
-        begin
-          auth = Rack::Auth::Basic::Request.new(env)
+        auth = Rack::Auth::Basic::Request.new(env)
+        unless auth.provided? && auth_opts[:schemes].include?(auth.scheme)
+          unauthorized(auth_opts)
+        end
-          unless auth.provided? && auth_opts[:schemes].include?(auth.scheme)
-            auth_opts[:unauthorized].call(self) if auth_opts[:unauthorized]
-            halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
-          end
+        credentials = if auth.basic?
+                        auth.credentials
+                      elsif auth.scheme == 'bearer'
+                        [env['HTTP_AUTHORIZATION'].split(' ', 2).last]
+                      else
+                        http_auth = env['HTTP_AUTHORIZATION'].split(' ', 2)
+                                                             .last
-          credentials = if auth.basic?
-                          auth.credentials
-                        elsif auth.scheme == 'bearer'
-                          [env['HTTP_AUTHORIZATION'].strip.split(' ').last]
-                        else
-                          [auth.scheme, _extract_credentials]
-                        end
+                        creds = !http_auth.include?('=') ? http_auth :
+                                  Rack::Auth::Digest::Params.parse(http_auth)
-          if authenticator.call(*credentials)
-            env['REMOTE_USER'] = auth.username
-          else
-            opts[:unauthorized].call(self) if auth_opts[:unauthorized]
-            halt [401, auth_opts[:unauthorized_headers].call(auth_opts), []]
-          end
-        rescue StandardError
-          halt [400, auth_opts[:bad_request_headers].call(auth_opts), []]
+                        [auth.scheme, creds]
+                      end
+        if authenticator.call(*credentials)
+          env['REMOTE_USER'] = auth.username
+        else
+          unauthorized(auth_opts)
         end
       end
-      def _extract_credentials
-        authorization = env['HTTP_AUTHORIZATION'].split(' ', 2).last
-        parts = authorization.split(',')
-        return parts.first if parts.one? && !parts.first.include?('=')
+      private
-        key_values = parts.map {|p| p.strip.split(/\=\"?/) }
-                          .map {|k, v| [k, v.chomp('"').gsub(/\\\"/, '"')] }
+      def unauthorized(opts)
+        response.status = 401
+        response.headers.merge!(opts[:unauthorized_headers].call(opts))
-        Hash[key_values]
+        request.block_result(instance_exec(request, &opts[:unauthorized]))
+        request.halt response.finish
       end
     end
   end

data/lib/roda/plugins/http_auth/version.rb CHANGED

@@ -1,7 +1,7 @@
 class Roda
   module RodaPlugins
     module HttpAuth
-      VERSION = "0.1.2"
+      VERSION = "0.2.0"
     end
   end
 end

data/roda-http-auth.gemspec CHANGED

@@ -24,4 +24,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "rack-test"
+  spec.add_development_dependency "tilt"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda-http-auth
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: ruby
 authors:
 - Amadeus Folego
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-10-02 00:00:00.000000000 Z
+date: 2018-10-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: roda
@@ -100,6 +100,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: tilt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Add http authorization methods to Roda
 email:
 - amadeusfolego@gmail.com