seraph-grape 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d55a4857daeb4971ba60fc79425fb416c3266160
-  data.tar.gz: 277ca87e4207dfe43077c25b1067e14b13c949b0
+  metadata.gz: 03a4b653da5a18ec6b73dbf456a85a02c28b686d
+  data.tar.gz: 68b5a3a130382c8cefb255661d557100a4583f1c
 SHA512:
-  metadata.gz: 79892107698a485403c3d1b905ebcb6fcc33e9f09c8f9a22d335e4267522b0c6952b18a2e88f260d0f1cbf426f7198d2ffb0cc79e47663459b663b0054748dd3
-  data.tar.gz: 0b1ad221976c4cd0d00edb52095449728a797da6583456b098cbdc2d22fe44473ee99e62edd59d5ecf9e03a275df16084c5de872900e57374b11e7afaa48590f
+  metadata.gz: 4e50ec8975c0ad5511945c00027bcb881f7a5974c6df9a03c7aa486ecf127aa52bb18410d112c4b8c082935d2d6b17f3f9de3af09226a516d8a4fd3ff3c62b04
+  data.tar.gz: 17871012d507a09b41ecdad49061f3aa21e7a1b7b1daa539ee0dabbe5222b7488a2229341fdca406aef3ea2881dafd92de6b15500768b86b34a39fe943ad4001

data/.travis.yml

@@ -6,6 +6,6 @@ rvm:
   - 2.1.9
   - 2.2.5
   - 2.3.1
-# addons:
-#   code_climate:
-#     repo_token: 6194b4057a3a760a2b37afe44119bb0ecb7d34f34087c076a8cc84c38e48826a
+addons:
+  code_climate:
+    repo_token: ce8cd9bca51ed24656d96784bfaf46e8dd0f9a9b18ae0bacc9fa2b0411ced09b

data/README.md

@@ -1,7 +1,15 @@
 # Seraph Grape integration
 [![Build Status](https://secure.travis-ci.org/Szeliga/seraph-grape.svg?branch=master)](https://travis-ci.org/Szeliga/seraph-grape)
+[![Code Climate](https://codeclimate.com/github/Szeliga/seraph-grape/badges/gpa.svg)](https://codeclimate.com/github/Szeliga/seraph-grape)
+[![Test Coverage](https://codeclimate.com/github/Szeliga/seraph-grape/badges/coverage.svg)](https://codeclimate.com/github/Szeliga/seraph-grape/coverage)
 
-[Seraph](https://github.com/Szeliga/seraph) helpers for Grape.
+[Seraph](https://github.com/Szeliga/seraph) helpers for Grape. Provides several simple helpers for implementing a JWT token authentication.
+
+A sample usage in Grape can be found in [DummyApi Grape Endpoint](spec/support/dummy_api.rb).
+
+Just like Seraph, this integration doesn't make any assumptions about your stuck. It does however make a small assumption about the authenticated User resource. It requires that this resource responds to two messages - `id` and `encrypted_password`. This is required for authentications and generating of JWT tokens. This resource can be anything from a `Struct`, `OpenStruct` to an `ActiveRecord` model.
+
+For more information on what Seraph offers, visit the [projects repo](https://github.com/Szeliga/seraph).
 
 ## Installation
 
@@ -15,6 +23,48 @@ gem 'seraph-grape'
 ```
 inside your `Gemfile`
 
+## Configuration
+
+In addition to the configuration fields that [Seraph](https://github.com/Szeliga/seraph#configuration) provides, the Seraph Grape integration gem adds another option called `api_secret`. This option is used by the JWT library as a secret passed to the hashing algorithm (HS256) to encode the token. **It is strongly recommended that this is set!**
+
+``` ruby
+Seraph.configure do |config|
+  config.api_secret = 'GENERATED-SECRET'
+end
+```
+
+The secret can be generated in the same manner, the pepper is generated in [Seraph](https://github.com/Szeliga/seraph#configuration).
+
+## What do you get?
+
+The library provides several things.
+
+### Grape helpers
+
+1. `authenticate!` - checks the `Authorization` header of the incoming request for a JWT token, if it finds a non-emtpy string in the header, it attempts to decode the token. If the decoding fails, a 401 error is returned instead.
+2. `auth_info` - contains the `user_id` to whom the token was issued. Returns a Hash of the form `{ user_id: 1 }`.
+3. `sign_in(user, password)` - takes a user resource (previously found by the e-mail, or other login information, posted to the sign in endpoint), and a plaintext password (also provided in the information posted to the sign in endpoint). Checks if the plaintext password matches the encrypted one in the `user` resource, using [Seraph's Password Comparator class](https://github.com/Szeliga/seraph#comparing-a-provided-password-with-the-encrypted-one). If the passwords match, it returns a JWT token for that `user` (using it's `id` method). If they do not, it raises a 401 error.
+
+### Authenticator
+
+The integration offers also `Seraph::Grape::Authenticator`. The `sign_in` Grape helper delegates to this class in order to do the authentication, as described above. You can invoke the class like this:
+
+``` ruby
+Seraph::Grape::Authenticator.call(user, password)
+```
+
+As stated above, if the passwords match, it returns a JWT token for the passed in `user`. If they do not, false is returned instead.
+
+**Note** - this class will be probably moved to Seraph core in the near future, as it isn't grape-specific and could be used in other setups (`rails-api` for example).
+
+## Roadmap
+
+### Version 1.0.0
+* move out `Seraph::Grape::Authenticator` to the core gem
+* expose basic JWT options via configuration - algorithm, etc.
+* implement JWT token [Expiration Time Claim](https://github.com/jwt/ruby-jwt#expiration-time-claim)
+* implement JWT [Subject Claim](https://github.com/jwt/ruby-jwt#subject-claim) alongside subject verification option for decoding
+
 ## Copyright
 
 Copyright (c) 2016 Szymon Szeliga

data/lib/seraph-grape.rb

@@ -1 +1,2 @@
+require 'seraph'
 require 'seraph/grape'

data/lib/seraph/grape.rb

@@ -1,2 +1,5 @@
 require 'seraph/grape/version'
 require 'seraph/grape/configuration'
+require 'seraph/grape/helpers'
+require 'seraph/grape/jwt'
+require 'seraph/grape/authenticator'

data/lib/seraph/grape/authenticator.rb

@@ -0,0 +1,33 @@
+module Seraph
+  module Grape
+    class Authenticator
+      private_class_method :new
+
+      def self.call(user, password)
+        new(user, password).call
+      end
+
+      def initialize(user, password)
+        @user = user
+        @password = password
+      end
+
+      def call
+        return jwt_token if password_valid?
+        false
+      end
+
+      private
+
+      attr_reader :user, :password
+
+      def jwt_token
+        Seraph::Grape::JWT.encode(user_id: user.id)
+      end
+
+      def password_valid?
+        Seraph::PasswordComparator.call(user.encrypted_password, password)
+      end
+    end
+  end
+end

data/lib/seraph/grape/configuration.rb

@@ -1,7 +1,10 @@
-require 'seraph/configuration'
-
 module Seraph
   class Configuration
-    attr_accessor :authenticator
+    attr_accessor :api_secret
+
+    def reset
+      @api_secret = nil
+      @pepper = nil
+    end
   end
 end

data/lib/seraph/grape/helpers.rb

@@ -0,0 +1,23 @@
+module Seraph
+  module Grape
+    module Helpers
+      def authenticate!
+        unauthorized! if auth_info.nil?
+      end
+
+      def auth_info
+        @auth_info ||= Seraph::Grape::JWT.decode(headers['Authorization'])
+      end
+
+      def sign_in(user, password)
+        result = Seraph::Grape::Authenticator.call(user, password)
+        unauthorized! unless result
+        result
+      end
+
+      def unauthorized!
+        error!('Unauthorized', 401)
+      end
+    end
+  end
+end

data/lib/seraph/grape/jwt.rb

@@ -0,0 +1,26 @@
+require 'jwt'
+
+module Seraph
+  module Grape
+    module JWT
+      def encode(payload)
+        ::JWT.encode(payload, secret)
+      end
+      module_function :encode
+
+      def decode(token)
+        ::JWT.decode(token, secret).first
+      rescue
+        nil
+      end
+      module_function :decode
+
+      private
+
+      def secret
+        String(Seraph.configuration.api_secret)
+      end
+      module_function :secret
+    end
+  end
+end

data/lib/seraph/grape/version.rb

@@ -1,5 +1,5 @@
 module Seraph
   module Grape
-    VERSION = '0.0.2'.freeze
+    VERSION = '0.1.0'.freeze
   end
 end

data/seraph-grape.gemspec

@@ -8,8 +8,8 @@ require 'English'
 Gem::Specification.new do |gem|
   gem.name          = 'seraph-grape'
   gem.version       = Seraph::Grape::VERSION
-  gem.summary       = ''
-  gem.description   = ''
+  gem.summary       = 'Seraph helpers for Grape'
+  gem.description   = 'Integrate Seraph with your Grape API'
   gem.license       = 'MIT'
   gem.authors       = ['Szymon Szeliga']
   gem.email         = 'szeliga.szymon@gmail.com'
@@ -32,7 +32,9 @@ Gem::Specification.new do |gem|
 
   gem.add_runtime_dependency 'grape', '~> 0.16'
   gem.add_runtime_dependency 'seraph', '~> 0.0'
-  gem.add_development_dependency 'rake', '~> 10.0'
+  gem.add_runtime_dependency 'jwt', '~> 1.5'
+  gem.add_development_dependency 'rake', '~> 11.2'
+  gem.add_development_dependency 'rack-test', '~> 0.6'
   gem.add_development_dependency 'rspec', '~> 3.0'
   gem.add_development_dependency 'rubygems-tasks', '~> 0.2'
   gem.add_development_dependency 'fuubar', '~> 2.0'

data/spec/seraph/grape/authenticator_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+RSpec.describe Seraph::Grape::Authenticator do
+  describe '#call' do
+    subject(:authenticator) { described_class.call(user, password) }
+    let(:user) do
+      DummyUser.new(1, Seraph::PasswordEncryptor.call('foobar12'))
+    end
+
+    context 'when password is valid' do
+      let(:password) { 'foobar12' }
+
+      it 'returns a JWT token with the user id in the payload' do
+        expect(authenticator).to eq Seraph::Grape::JWT.encode(user_id: user.id)
+      end
+    end
+
+    context 'when password is invalid' do
+      let(:password) { 'invalid_password' }
+
+      it { is_expected.to be_falsey }
+    end
+  end
+end

data/spec/seraph/grape/helpers_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+RSpec.describe Seraph::Grape::Helpers do
+  include Rack::Test::Methods
+
+  def app
+    DummyApi.new
+  end
+
+  describe '#authenticate!' do
+    before do
+      Seraph.configure do |config|
+        config.api_secret = 'secret'
+      end
+      header('Authorization', jwt)
+    end
+    let(:user) { DummyUser.new(1, '123') }
+
+    context 'when authentication is successful' do
+      let(:jwt) { Seraph::Grape::JWT.encode(user_id: user.id) }
+
+      it 'returns a 200 response' do
+        get '/dummy_api/private'
+        expect(last_response.status).to eq(200)
+        expect(JSON.parse(last_response.body)).to eq 'status' => 'authenticated'
+      end
+
+      it 'assigns the payload decoded from the Authorization header' do
+        get '/dummy_api/private_info'
+        expect(last_response.status).to eq(200)
+        expect(JSON.parse(last_response.body)).to eq 'user_id' => user.id
+      end
+    end
+
+    context 'when authentication is unsuccessful' do
+      let(:jwt) { '' }
+
+      it 'returns a 401 response' do
+        get '/dummy_api/private'
+        expect(last_response.status).to eq(401)
+      end
+    end
+  end
+
+  describe '#sign_in' do
+    let(:user) { DummyUser.new(1, Seraph::PasswordEncryptor.call('foobar12')) }
+
+    context 'when valid credentials are passed' do
+      it 'returns the JWT token' do
+        post '/dummy_api/sign_in', email: 'dummyuser@gmail.com', password: 'foobar12'
+
+        expect(last_response.status).to eq(200)
+        expect(JSON.parse(last_response.body)).to eq(
+          'jwt' => Seraph::Grape::JWT.encode(user_id: user.id)
+        )
+      end
+    end
+
+    context 'when invalid credentials are passed' do
+      it 'returns status 401' do
+        post '/dummy_api/sign_in', email: 'dummyuser@gmail.com', password: 'invalid'
+        expect(last_response.status).to eq(401)
+      end
+    end
+  end
+end

data/spec/seraph/grape/jwt_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+RSpec.describe Seraph::Grape::JWT do
+  describe '#encode' do
+    let(:payload) { {} }
+    subject(:token) { described_class.encode(payload) }
+
+    context 'when api_secret configuration option is set' do
+      let(:api_secret) { 'secret' }
+      before do
+        Seraph.configure do |config|
+          config.api_secret = api_secret
+        end
+      end
+
+      it 'returns an encoded JWT token' do
+        expect(token).to eq JWT.encode(payload, api_secret)
+      end
+    end
+
+    context 'when api_secret configuration option is not set' do
+      let(:api_secret) { nil }
+
+      it 'returns an encoded JWT token' do
+        expect(token).to eq JWT.encode(payload, '')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,6 +1,8 @@
+require 'pry'
 require 'rspec'
-require 'seraph/grape/version'
 require 'codeclimate-test-reporter'
+require 'seraph'
+require 'seraph/grape'
 
 Dir['./spec/support/**/*.rb'].sort.each { |f| require f }
 
@@ -15,6 +17,10 @@ RSpec.configure do |config|
     mocks.verify_partial_doubles = true
   end
 
+  config.before(:each) do
+    Seraph.configuration.reset
+  end
+
   config.order = :random
   Kernel.srand config.seed
 end

data/spec/support/dummy_api.rb

@@ -0,0 +1,38 @@
+require 'rack/test'
+require 'grape'
+require 'seraph/grape/helpers'
+
+class DummyApi < Grape::API
+  helpers Seraph::Grape::Helpers
+  prefix :dummy_api
+  format :json
+
+  get :private do
+    authenticate!
+    { status: 'authenticated' }
+  end
+
+  get :private_info do
+    authenticate!
+    auth_info
+  end
+
+  params do
+    requires :email, type: String
+    requires :password, type: String
+  end
+  post :sign_in do
+    declared_params = declared(params)
+
+    # Perform logic to find user by posted e-mail
+    # - usually user = User.find_by_email(declared_params[:email])
+    #
+    # Here we just create a new instance of DummyUser
+    # the same way we created it in the test
+    user = DummyUser.new(1, Seraph::PasswordEncryptor.call('foobar12'))
+
+    token = sign_in(user, declared_params[:password])
+    status 200
+    { jwt: token }
+  end
+end

data/spec/support/dummy_user.rb

@@ -0,0 +1 @@
+DummyUser = Struct.new(:id, :encrypted_password)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: seraph-grape
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors:
 - Szymon Szeliga
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-17 00:00:00.000000000 Z
+date: 2016-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grape
@@ -38,20 +38,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '11.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.2'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0.6'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -122,7 +150,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
-description: ''
+description: Integrate Seraph with your Grape API
 email: szeliga.szymon@gmail.com
 executables: []
 extensions: []
@@ -134,18 +162,25 @@ files:
 - ".rubocop.yml"
 - ".ruby-version"
 - ".travis.yml"
-- ChangeLog.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/seraph-grape.rb
 - lib/seraph/grape.rb
+- lib/seraph/grape/authenticator.rb
 - lib/seraph/grape/configuration.rb
+- lib/seraph/grape/helpers.rb
+- lib/seraph/grape/jwt.rb
 - lib/seraph/grape/version.rb
 - seraph-grape.gemspec
+- spec/seraph/grape/authenticator_spec.rb
+- spec/seraph/grape/helpers_spec.rb
+- spec/seraph/grape/jwt_spec.rb
 - spec/seraph/grape_spec.rb
 - spec/spec_helper.rb
+- spec/support/dummy_api.rb
+- spec/support/dummy_user.rb
 homepage: https://rubygems.org/gems/seraph-grape
 licenses:
 - MIT
@@ -169,7 +204,12 @@ rubyforge_project:
 rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
-summary: ''
+summary: Seraph helpers for Grape
 test_files:
+- spec/seraph/grape/authenticator_spec.rb
+- spec/seraph/grape/helpers_spec.rb
+- spec/seraph/grape/jwt_spec.rb
 - spec/seraph/grape_spec.rb
 - spec/spec_helper.rb
+- spec/support/dummy_api.rb
+- spec/support/dummy_user.rb

data/ChangeLog.md

@@ -1,4 +0,0 @@
-### 0.1.0 / 2016-06-16
-
-* Initial release:
-