rspec-check-auth 0.5.0

data/.gitignore

@@ -0,0 +1,5 @@
+*.sw?
+.DS_Store
+coverage
+rdoc
+pkg

data/CHANGELOG

@@ -0,0 +1 @@
+v0.5 - Public Release

data/LICENSE

@@ -0,0 +1,9 @@
+Copyright (c) 2009 Brightbox Systems Ltd 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+See http://www.brightbox.co.uk/ for contact details.  

data/README.md

@@ -0,0 +1,74 @@
+# RSpec Check-Auth
+
+Check-Auth makes it easier to test your controller actions require authentication.
+
+## Installation
+
+	gem install rspec-check-auth
+
+To use check-auth you need to give it a block. This block returns the right bit of code (as a string to be eval'd) for that format. For instance, to check a HTML request it needs to be redirected, but for an XML request it should just be a 403 response.
+
+Here's an example block that expects HTML to be redirected to login_url and XML/JSON requests to be given a 403 response:
+
+	CheckAuth.checking_block do |format|
+	  case format
+	  when :html
+	    a = <<-EOF
+	      response.should be_redirect
+	      response.location.should == login_url
+	    EOF
+	  when :xml
+	    "response.should be_unauthorised"
+	  when :json
+	    "response.should be_unauthorised"
+	  else
+	    %Q{raise "#{format} not defined in checking_block"}
+	  end
+	end
+
+## Usage
+
+CheckAuth knows about different HTTP methods, and can figure out the usual crowd (POST create, DELETE destroy, etc.) You can override the method by passing a `:method` argument.
+
+	check_auth_for do |c|
+		c.index
+		c.index :method => :post
+	end
+
+You can test your resourceful controller in one fell swoop too.
+
+	check_auth_for {|c| c.resource_actions }
+
+Feel free to add any additional params for the resources, or any normal action.
+
+	check_auth_for do |c|
+		c.resource_actions :parent_id => "some_id"
+		c.parent_info :parent_id => "some_id"
+	end
+
+By default it tests via HTMl and XML, but adding more or less formats is no issue. Just pass the `:format` arg.
+
+	check_auth_for do |c|
+		c.resource_actions :format => :html
+		c.parent_info :format => [:html, :json]
+	end
+
+Only want some of the usual crowd? No problem, just pass the `:except` param and `resource_actions` will shun those specified.
+
+	check_auth_for {|c| c.resource_actions :except => [:new, :create, :edit, :update] }
+
+And finally here's a proper example from a Brightbox controller spec.
+
+	check_auth_for do |c|
+		c.resource_actions
+		c.index :format => :json # above line does html/xml
+		c.find_available_items :parent_id => 0, :size => 0, :format => :xml
+		c.mailer :id => "some_id"
+		c.mailer :method => :post, :id => "some_id"
+	end
+
+![](http://caius.name/images/qs/ThingyControllerSpec.png)
+
+## Licence
+
+See LICENCE

data/Rakefile

@@ -0,0 +1,50 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "rspec-check-auth"
+    gem.description = %Q{Quickly check your rails controller actions require authentication}
+    gem.summary = %Q{Quickly check your rails controller actions require authentication}
+    gem.email = "hello@brightbox.co.uk"
+    gem.homepage = "http://github.com/brightbox/rspec-check-auth"
+    gem.authors = ["Caius Durling"]
+    gem.add_development_dependency "rspec"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+task :build => :gemspec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  if File.exist?('VERSION')
+    version = File.read('VERSION')
+  else
+    version = ""
+  end
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "rspec-check-auth #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.5.0

data/lib/rspec_check_auth/check_auth/output.rb

@@ -0,0 +1,22 @@
+class CheckAuth
+  # Handles generating the code to eval from all the request objects
+  class Output
+
+    def self.generate_steps_for format, objects
+      # Wrap each format in a new describe block
+      o = [%Q{describe "as #{format.to_s.upcase}" do}]
+        # Run through each step
+        objects.each do |request|
+          o << <<-EOF
+  it "should return 401 for #{request.method.to_s.upcase} #{request.action}" do
+    #{request.method}(#{request.action.inspect}#{", " + request.params.inspect})
+
+    #{CheckAuth.checking_block(format)}
+  end
+          EOF
+        end
+      o << "end"
+      o.join("\n")
+    end
+  end
+end

data/lib/rspec_check_auth/check_auth/request.rb

@@ -0,0 +1,37 @@
+class CheckAuth
+  # Represents a single request spec
+  # 
+  # Format and Method should be a single symbol
+  class Request
+    attr_reader :action, :method, :params, :format
+
+    def initialize action, format, params
+      @action = action
+      @format = format
+      @method = params[:method] || default_method
+      @params = params.except(:method)
+    end
+
+    # Adds the format into the params
+    # unless it's HTML
+    def params
+      return @params.merge(:format => @format.to_s) unless @format == :html
+      @params
+    end
+
+    # Works out the default method
+    # for certain controller actions
+    def default_method
+      case @action.to_s
+      when /create/
+        :post
+      when /update/
+        :put
+      when /destroy/
+        :delete
+      else# and when /(index|show|new|edit)/
+        :get
+      end
+    end
+  end
+end

data/lib/rspec_check_auth/check_auth.rb

@@ -0,0 +1,64 @@
+class CheckAuth
+
+  def initialize
+    @store = {}
+  end
+
+  # The main method
+  def self.for &block
+    instance = self.new
+    block.call(instance)
+    instance.output
+  end
+
+  # Handles checking 
+  @@block = nil
+  def self.checking_block format=nil, &block
+    if block
+      @@block = block
+    else
+      raise "CheckAuth#checking_block needs defining" unless @@block
+      @@block.call(format)
+    end
+  end
+
+  def add action, params={}
+    params[:format] = [:html, :xml] unless params.has_key?(:format)
+    params[:format].arrayize.each do |format|
+      @store[format] ||= []
+      r = Request.new(action, format, params.except(:format))
+      @store[format] << r
+    end
+  end
+
+  # 
+  # Tests all the standard methods a resources route has.
+  # Any params given (other than :except) are passed to each action as params,
+  # and actions that require an id (edit, show, update) get passed "some_id"
+  # 
+  # Accepts :except => [:action, :names] for actions to be skipped in testing
+  # 
+  def resource_actions params={}
+    skip = params.delete(:except).arrayize || {}
+    params[:format] = params.has_key?(:format) ? params[:format].arrayize : [:html,:xml]
+    # Add each action, unless they should be skipped
+    add :index, params  unless skip.include?(:index)
+    add :new, params    unless skip.include?(:new)
+    add :create, params unless skip.include?(:create)
+    add :edit, {:id => "some_id"}.merge(params)   unless skip.include?(:edit)
+    add :show, {:id => "some_id"}.merge(params)   unless skip.include?(:show)
+    add :update, {:id => "some_id"}.merge(params) unless skip.include?(:update)
+    add :destroy, {:id => "some_id"}.merge(params) unless skip.include?(:destroy)
+  end
+
+  def output
+    @store.map do |format, requests|
+      Output.generate_steps_for format, requests
+    end.join("\n\n")
+  end
+
+  def method_missing method, *args
+    add(method, *args)
+  end
+
+end

data/lib/rspec_check_auth/extend_hash.rb

@@ -0,0 +1,9 @@
+unless Hash.respond_to?(:except)
+  # Returns self minus any keys specified
+  module HashExcept
+    def except(*blacklist)
+      self.reject {|key, value| blacklist.include?(key) }
+    end
+  end
+  Hash.send(:include, HashExcept)
+end

data/lib/rspec_check_auth/extend_object.rb

@@ -0,0 +1,11 @@
+unless Object.respond_to?(:arrayize)
+  module Arrayize
+    # Returns an object containing self,
+    # unless self is an Array already.
+    def arrayize
+      return [self] unless self.is_a?(Array)
+      self
+    end
+  end
+  Object.send(:include, Arrayize)
+end

data/lib/rspec_check_auth.rb

@@ -0,0 +1,10 @@
+require "rspec_check_auth/extend_hash"
+require "rspec_check_auth/extend_object"
+require "rspec_check_auth/check_auth"
+require "rspec_check_auth/check_auth/request"
+require "rspec_check_auth/check_auth/output"
+
+def check_auth_for &block
+  return unless block
+  eval(CheckAuth.for &block)
+end

data/rspec-check-auth.gemspec

@@ -0,0 +1,59 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rspec-check-auth}
+  s.version = "0.5.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Caius Durling"]
+  s.date = %q{2009-12-03}
+  s.description = %q{Quickly check your rails controller actions require authentication}
+  s.email = %q{hello@brightbox.co.uk}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.md"
+  ]
+  s.files = [
+    ".gitignore",
+     "CHANGELOG",
+     "LICENSE",
+     "README.md",
+     "Rakefile",
+     "VERSION",
+     "lib/rspec_check_auth.rb",
+     "lib/rspec_check_auth/check_auth.rb",
+     "lib/rspec_check_auth/check_auth/output.rb",
+     "lib/rspec_check_auth/check_auth/request.rb",
+     "lib/rspec_check_auth/extend_hash.rb",
+     "lib/rspec_check_auth/extend_object.rb",
+     "rspec-check-auth.gemspec",
+     "spec/rspec_check_auth_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/brightbox/rspec-check-auth}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Quickly check your rails controller actions require authentication}
+  s.test_files = [
+    "spec/rspec_check_auth_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 0"])
+  end
+end
+

data/spec/rspec_check_auth_spec.rb

@@ -0,0 +1,150 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "RspecCheckAuth" do
+
+  it "should require a checking block" do
+    lambda { CheckAuth.checking_block }.should raise_error("CheckAuth#checking_block needs defining")
+  end
+
+  it "should call the checking block when one is set" do
+    CheckAuth.checking_block do
+      raise "I'm in the block!"
+    end
+
+    lambda { CheckAuth.checking_block }.should raise_error("I'm in the block!")
+  end
+
+  it "should add an action with default formats" do
+    expect_request_for(:route, :html)
+    expect_request_for(:route, :xml)
+
+    expect_output_for(:html, [:"route_html"])
+    expect_output_for(:xml, [:"route_xml"])
+
+    CheckAuth.for do |c|
+      c.add :route
+    end
+  end
+
+  it "should add an action with custom params" do
+    expect_request_for :route, :html, :some => :fields
+    expect_request_for :route, :xml, :some => :fields
+    
+    expect_output_for :html, [:route_html]
+    expect_output_for :xml, [:route_xml]
+
+    CheckAuth.for do |c|
+      c.add :route, :some => :fields
+    end
+  end
+  
+  it "should add an action with custom formats" do
+    expect_request_for :route, :html
+    expect_request_for :route, :json
+    expect_request_for :route, :fart
+    
+    expect_output_for :html, [:route_html]
+    expect_output_for :json, [:route_json]
+    expect_output_for :fart, [:route_fart]
+    
+    CheckAuth.for do |c|
+      c.add :route, :format => [:html, :json, :fart]
+    end
+  end
+
+  it "should add an action with custom params and custom formats" do
+    expect_request_for :route, :html, :some => :fields
+    expect_request_for :route, :json, :some => :fields
+    expect_request_for :route, :fart, :some => :fields
+    
+    expect_output_for :html, [:route_html]
+    expect_output_for :json, [:route_json]
+    expect_output_for :fart, [:route_fart]
+    
+    CheckAuth.for do |c|
+      c.add :route, :format => [:html, :json, :fart], :some => :fields
+    end
+  end
+
+  it "should add standard resource routes in one line" do
+    expect_requests_for_resource_actions
+
+    expect_output_for(:html, [:index_html, :new_html, :create_html, :edit_html, :show_html, :update_html, :destroy_html])
+    expect_output_for(:xml, [:index_xml, :new_xml, :create_xml, :edit_xml, :show_xml, :update_xml, :destroy_xml])
+
+    CheckAuth.for do |c|
+      c.resource_actions
+    end
+  end
+
+  it "should ignore resources it's been told to" do
+    expect_request_for :index, :html
+    expect_request_for :index, :xml
+
+    expect_output_for(:html, [:index_html])
+    expect_output_for(:xml, [:index_xml])
+
+    CheckAuth.for do |c|
+      c.resource_actions :except => [:new, :show, :edit, :update, :create, :destroy]
+    end
+  end
+
+  it "should add standard resource routes with extra params" do
+    expect_requests_for_resource_actions :some => :fields
+
+    expect_output_for(:html, [:index_html, :new_html, :create_html, :edit_html, :show_html, :update_html, :destroy_html])
+    expect_output_for(:xml, [:index_xml, :new_xml, :create_xml, :edit_xml, :show_xml, :update_xml, :destroy_xml])
+
+    CheckAuth.for do |c|
+      c.resource_actions :some => :fields
+    end
+  end
+
+  it "should add standard resource routes with extra formats" do
+    expect_requests_for_resource_actions({}, [:html, :json, :fart])
+
+    expect_output_for(:html, [:index_html, :new_html, :create_html, :edit_html, :show_html, :update_html, :destroy_html])
+    expect_output_for(:json, [:index_json, :new_json, :create_json, :edit_json, :show_json, :update_json, :destroy_json])
+    expect_output_for(:fart, [:index_fart, :new_fart, :create_fart, :edit_fart, :show_fart, :update_fart, :destroy_fart])
+
+    CheckAuth.for do |c|
+      c.resource_actions :format => [:html, :json, :fart]
+    end
+  end
+
+  it "should add standard resource routes with extra params and extra formats" do
+    expect_requests_for_resource_actions({:some => :fields}, [:html, :json, :fart])
+
+    expect_output_for(:html, [:index_html, :new_html, :create_html, :edit_html, :show_html, :update_html, :destroy_html])
+    expect_output_for(:json, [:index_json, :new_json, :create_json, :edit_json, :show_json, :update_json, :destroy_json])
+    expect_output_for(:fart, [:index_fart, :new_fart, :create_fart, :edit_fart, :show_fart, :update_fart, :destroy_fart])
+
+    CheckAuth.for do |c|
+      c.resource_actions :format => [:html, :json, :fart], :some => :fields
+    end
+  end
+
+
+
+  private
+
+  def expect_requests_for_resource_actions options={}, formats=[:html, :xml]
+    formats.each do |f|
+      expect_request_for(:index, f, options)
+      expect_request_for(:new, f, options)
+      expect_request_for(:create, f, options)
+      expect_request_for(:edit, f, options.merge(:id => "some_id"))
+      expect_request_for(:show, f, options.merge(:id => "some_id"))
+      expect_request_for(:update, f, options.merge(:id => "some_id"))
+      expect_request_for(:destroy, f, options.merge(:id => "some_id"))
+    end
+  end
+
+  def expect_request_for action, format, options={}
+    CheckAuth::Request.should_receive(:new).with(action, format, options).and_return(:"#{action}_#{format}")
+  end
+
+  def expect_output_for format, actions=[]
+    CheckAuth::Output.should_receive(:generate_steps_for).with(format, actions)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rspec_check_auth'
+require 'spec'
+require 'spec/autorun'
+
+Spec::Runner.configure do |config|
+  
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification 
+name: rspec-check-auth
+version: !ruby/object:Gem::Version 
+  version: 0.5.0
+platform: ruby
+authors: 
+- Caius Durling
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-12-03 00:00:00 +00:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Quickly check your rails controller actions require authentication
+email: hello@brightbox.co.uk
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.md
+files: 
+- .gitignore
+- CHANGELOG
+- LICENSE
+- README.md
+- Rakefile
+- VERSION
+- lib/rspec_check_auth.rb
+- lib/rspec_check_auth/check_auth.rb
+- lib/rspec_check_auth/check_auth/output.rb
+- lib/rspec_check_auth/check_auth/request.rb
+- lib/rspec_check_auth/extend_hash.rb
+- lib/rspec_check_auth/extend_object.rb
+- rspec-check-auth.gemspec
+- spec/rspec_check_auth_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/brightbox/rspec-check-auth
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Quickly check your rails controller actions require authentication
+test_files: 
+- spec/rspec_check_auth_spec.rb
+- spec/spec_helper.rb