simple_token_authentication 1.5.1 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +23 -24
- data/Rakefile +31 -11
- data/doc/README.md +18 -0
- data/lib/simple_token_authentication.rb +39 -0
- data/lib/simple_token_authentication/acts_as_token_authenticatable.rb +18 -7
- data/lib/simple_token_authentication/acts_as_token_authentication_handler.rb +12 -123
- data/lib/simple_token_authentication/adapter.rb +7 -0
- data/lib/simple_token_authentication/adapters/active_record_adapter.rb +14 -0
- data/lib/simple_token_authentication/adapters/rails_adapter.rb +14 -0
- data/lib/simple_token_authentication/configuration.rb +25 -0
- data/lib/simple_token_authentication/entities_manager.rb +10 -0
- data/lib/simple_token_authentication/entity.rb +64 -0
- data/lib/simple_token_authentication/fallback_authentication_handler.rb +11 -0
- data/lib/simple_token_authentication/sign_in_handler.rb +19 -0
- data/lib/simple_token_authentication/token_authentication_handler.rb +138 -0
- data/lib/simple_token_authentication/token_comparator.rb +13 -0
- data/lib/simple_token_authentication/token_generator.rb +9 -0
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/configuration/action_controller_callbacks_options_spec.rb +53 -0
- data/spec/configuration/fallback_to_devise_option_spec.rb +128 -0
- data/spec/configuration/header_names_option_spec.rb +454 -0
- data/spec/configuration/sign_in_token_option_spec.rb +92 -0
- data/spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb +108 -0
- data/spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb +127 -0
- data/spec/lib/simple_token_authentication/adapter_spec.rb +21 -0
- data/spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb +21 -0
- data/spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb +21 -0
- data/spec/lib/simple_token_authentication/configuration_spec.rb +121 -0
- data/spec/lib/simple_token_authentication/entities_manager_spec.rb +67 -0
- data/spec/lib/simple_token_authentication/entity_spec.rb +190 -0
- data/spec/lib/simple_token_authentication/fallback_authentication_handler_spec.rb +24 -0
- data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb +43 -0
- data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb +250 -0
- data/spec/lib/simple_token_authentication/token_comparator_spec.rb +19 -0
- data/spec/lib/simple_token_authentication/token_generator_spec.rb +19 -0
- data/spec/lib/simple_token_authentication_spec.rb +86 -0
- data/spec/spec_helper.rb +13 -0
- data/spec/support/dummy_classes_helper.rb +80 -0
- data/spec/support/spec_for_adapter.rb +6 -0
- data/spec/support/spec_for_authentication_handler_interface.rb +8 -0
- data/spec/support/spec_for_configuration_option_interface.rb +28 -0
- data/spec/support/spec_for_entities_manager_interface.rb +8 -0
- data/spec/support/spec_for_sign_in_handler_interface.rb +8 -0
- data/spec/support/spec_for_token_comparator_interface.rb +8 -0
- data/spec/support/spec_for_token_generator_interface.rb +8 -0
- data/spec/support/specs_for_token_authentication_handler_interface.rb +8 -0
- metadata +80 -132
- data/lib/tasks/cucumber.rake +0 -65
- data/spec/dummy/README.rdoc +0 -28
- data/spec/dummy/Rakefile +0 -6
- data/spec/dummy/app/assets/javascripts/application.js +0 -13
- data/spec/dummy/app/assets/stylesheets/application.css +0 -13
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/helpers/application_helper.rb +0 -2
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/bin/bundle +0 -3
- data/spec/dummy/bin/rails +0 -4
- data/spec/dummy/bin/rake +0 -4
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/config/application.rb +0 -24
- data/spec/dummy/config/boot.rb +0 -5
- data/spec/dummy/config/database.yml +0 -25
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -80
- data/spec/dummy/config/environments/test.rb +0 -36
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +0 -4
- data/spec/dummy/config/initializers/inflections.rb +0 -16
- data/spec/dummy/config/initializers/mime_types.rb +0 -5
- data/spec/dummy/config/initializers/secret_token.rb +0 -12
- data/spec/dummy/config/initializers/session_store.rb +0 -3
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/en.yml +0 -23
- data/spec/dummy/config/routes.rb +0 -56
- data/spec/dummy/public/404.html +0 -58
- data/spec/dummy/public/422.html +0 -58
- data/spec/dummy/public/500.html +0 -57
- data/spec/dummy/public/favicon.ico +0 -0
|
@@ -0,0 +1,454 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe 'Simple Token Authentication' do
|
|
4
|
+
|
|
5
|
+
describe ':header_names option', header_names_option: true do
|
|
6
|
+
|
|
7
|
+
describe 'determines which header fields are looked at for authentication credentials' do
|
|
8
|
+
|
|
9
|
+
before(:each) do
|
|
10
|
+
user = double()
|
|
11
|
+
stub_const('User', user)
|
|
12
|
+
allow(user).to receive(:name).and_return('User')
|
|
13
|
+
|
|
14
|
+
admin = double()
|
|
15
|
+
stub_const('Admin', admin)
|
|
16
|
+
allow(admin).to receive(:name).and_return('Admin')
|
|
17
|
+
|
|
18
|
+
# given one *c*orrect record (which is supposed to get signed in)
|
|
19
|
+
@charles_record = double()
|
|
20
|
+
[user, admin].each do |model|
|
|
21
|
+
allow(model).to receive(:find_by).with(email: 'charles@example.com').and_return(@charles_record)
|
|
22
|
+
end
|
|
23
|
+
allow(@charles_record).to receive(:authentication_token).and_return('ch4rlEs_toKeN')
|
|
24
|
+
|
|
25
|
+
# and one *w*rong record (which should not be signed in)
|
|
26
|
+
@waldo_record = double()
|
|
27
|
+
[user, admin].each do |model|
|
|
28
|
+
allow(model).to receive(:find_by).with(email: 'waldo@example.com').and_return(@waldo_record)
|
|
29
|
+
end
|
|
30
|
+
allow(@waldo_record).to receive(:authentication_token).and_return('w4LdO_toKeN')
|
|
31
|
+
|
|
32
|
+
# given a controller class which acts as token authentication handler
|
|
33
|
+
@controller_class = Class.new
|
|
34
|
+
allow(@controller_class).to receive(:before_filter)
|
|
35
|
+
@controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
|
|
36
|
+
|
|
37
|
+
@controller = @controller_class.new
|
|
38
|
+
allow(@controller).to receive(:sign_in_handler).and_return(:sign_in_handler)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
context 'provided the controller handles authentication for User' do
|
|
43
|
+
|
|
44
|
+
before(:each) do
|
|
45
|
+
# and handles authentication for a given model
|
|
46
|
+
@controller_class.acts_as_token_authentication_handler_for User
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
context 'and params contains no authentication credentials' do
|
|
50
|
+
|
|
51
|
+
before(:each) do
|
|
52
|
+
# and there are no credentials in params
|
|
53
|
+
allow(@controller).to receive(:params).and_return({})
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
context 'and request headers contain credentials in the custom and default fields' do
|
|
57
|
+
|
|
58
|
+
before(:each) do
|
|
59
|
+
# request headers are set in the nested contexts, these are minor settings
|
|
60
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
61
|
+
allow(@controller).to receive(:sign_in_handler).and_return(:sign_in_handler)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
context 'when {}' do
|
|
65
|
+
|
|
66
|
+
before(:each) do
|
|
67
|
+
# and credentials in the default header fields lead to the wrong record
|
|
68
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
69
|
+
.and_return('waldo@example.com')
|
|
70
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
71
|
+
.and_return('waldo@example.com')
|
|
72
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
73
|
+
.and_return('w4LdO_toKeN')
|
|
74
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Token')
|
|
75
|
+
.and_return('w4LdO_toKeN')
|
|
76
|
+
# while credential in the custom header fields lead to the correct record
|
|
77
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
78
|
+
.and_return('charles@example.com')
|
|
79
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
80
|
+
.and_return('ch4rlEs_toKeN')
|
|
81
|
+
|
|
82
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
83
|
+
.and_return({})
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
it 'does look for credentials in the default header fields (\'X-User-Email\' and \'X-User-Token\')', public: true do
|
|
87
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
88
|
+
@controller.authenticate_user_from_token
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it 'ignores credentials in any other fields', public: true do
|
|
92
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
93
|
+
@controller.authenticate_user_from_token
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
context 'when { user: {} }' do
|
|
98
|
+
|
|
99
|
+
before(:each) do
|
|
100
|
+
# and credentials in the default header fields lead to the wrong record
|
|
101
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
102
|
+
.and_return('waldo@example.com')
|
|
103
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
104
|
+
.and_return('waldo@example.com')
|
|
105
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
106
|
+
.and_return('w4LdO_toKeN')
|
|
107
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Token')
|
|
108
|
+
.and_return('w4LdO_toKeN')
|
|
109
|
+
# while credential in the custom header fields lead to the correct record
|
|
110
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
111
|
+
.and_return('charles@example.com')
|
|
112
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
113
|
+
.and_return('ch4rlEs_toKeN')
|
|
114
|
+
|
|
115
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
116
|
+
.and_return({ user: {} })
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
it 'does look for credentials in the default header fields (\'X-User-Email\' and \'X-User-Token\')', protected: true do
|
|
120
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
121
|
+
@controller.authenticate_user_from_token
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
it 'ignores credentials in any other fields', protected: true do
|
|
125
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
126
|
+
@controller.authenticate_user_from_token
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
context 'when { user: { email: \'X-CustomEmail\', authentication_token: \'X-Custom_Token\' } }' do
|
|
131
|
+
|
|
132
|
+
before(:each) do
|
|
133
|
+
# and credentials in the default header fields lead to the wrong record
|
|
134
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
135
|
+
.and_return('waldo@example.com')
|
|
136
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
137
|
+
.and_return('w4LdO_toKeN')
|
|
138
|
+
# while credential in the custom header fields lead to the correct record
|
|
139
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
140
|
+
.and_return('charles@example.com')
|
|
141
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
142
|
+
.and_return('ch4rlEs_toKeN')
|
|
143
|
+
|
|
144
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
145
|
+
.and_return({ user: { email: 'X-CustomEmail',
|
|
146
|
+
authentication_token: 'X-Custom_Token' } })
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
it 'does look for credentials in the custom headers fields', public: true do
|
|
150
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
151
|
+
@controller.authenticate_user_from_token
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
it 'ignores credentials in any other fields (including default ones)', public: true do
|
|
155
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
156
|
+
@controller.authenticate_user_from_token
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
context 'when { admin: { email: \'X-CustomEmail\', authentication_token: \'X-Custom_Token\' } }' do
|
|
161
|
+
|
|
162
|
+
before(:each) do
|
|
163
|
+
# and credentials in the default header fields lead to the wrong record
|
|
164
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
165
|
+
.and_return('waldo@example.com')
|
|
166
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
167
|
+
.and_return('w4LdO_toKeN')
|
|
168
|
+
# while credential in the custom header fields lead to the correct record
|
|
169
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
170
|
+
.and_return('charles@example.com')
|
|
171
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
172
|
+
.and_return('ch4rlEs_toKeN')
|
|
173
|
+
|
|
174
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
175
|
+
.and_return({ admin: { email: 'X-CustomEmail',
|
|
176
|
+
authentication_token: 'X-Custom_Token' } })
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
it 'does look for credentials in the default header fields for :user', public: true do
|
|
180
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
181
|
+
@controller.authenticate_user_from_token
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
it 'ignores credentials in the custom :admin header fields', public: true do
|
|
185
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
186
|
+
@controller.authenticate_user_from_token
|
|
187
|
+
end
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
context 'when { user: { email: \'X-CustomEmail\' }, admin: { authentication_token: \'X-Custom_Token\' } }' do
|
|
191
|
+
|
|
192
|
+
before(:each) do
|
|
193
|
+
# and credentials in the default header fields lead to the wrong record
|
|
194
|
+
allow(@controller.request.headers).to receive(:[]).with(nil)
|
|
195
|
+
.and_return(nil)
|
|
196
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
197
|
+
.and_return('waldo@example.com')
|
|
198
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
199
|
+
.and_return('w4LdO_toKeN')
|
|
200
|
+
# while credential in the custom header fields lead to the correct record
|
|
201
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
202
|
+
.and_return('charles@example.com')
|
|
203
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
204
|
+
.and_return('ch4rlEs_toKeN')
|
|
205
|
+
|
|
206
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
207
|
+
.and_return({ user: { email: 'X-CustomEmail' },
|
|
208
|
+
admin: { authentication_token: 'X-Custom_Token' } })
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
it 'does look for credentials in \'X-CustomEmail\' and \'X-User-Token\'', public: true do
|
|
212
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
213
|
+
@controller.authenticate_user_from_token
|
|
214
|
+
end
|
|
215
|
+
|
|
216
|
+
it 'ignores credentials in \'X-User-Email\' and the :admin header fields', public: true do
|
|
217
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
218
|
+
@controller.authenticate_user_from_token
|
|
219
|
+
end
|
|
220
|
+
end
|
|
221
|
+
|
|
222
|
+
context 'when { admin: { email: \'X-CustomEmail\' }, user: { authentication_token: \'X-Custom_Token\' } }' do
|
|
223
|
+
|
|
224
|
+
before(:each) do
|
|
225
|
+
# and credentials in the default header fields lead to the wrong record
|
|
226
|
+
allow(@controller.request.headers).to receive(:[]).with(nil)
|
|
227
|
+
.and_return(nil)
|
|
228
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
229
|
+
.and_return('waldo@example.com')
|
|
230
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
231
|
+
.and_return('waldo@example.com')
|
|
232
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
233
|
+
.and_return('w4LdO_toKeN')
|
|
234
|
+
# while credential in the custom header fields lead to the correct record
|
|
235
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
236
|
+
.and_return('charles@example.com')
|
|
237
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
238
|
+
.and_return('ch4rlEs_toKeN')
|
|
239
|
+
|
|
240
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
241
|
+
.and_return({ admin: { email: 'X-CustomEmail' },
|
|
242
|
+
user: { authentication_token: 'X-Custom_Token' } })
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
it 'does look for credentials in \'X-User-Email\' and \'X-Custom_Token\'', public: true do
|
|
246
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
247
|
+
@controller.authenticate_user_from_token
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
it 'ignores credentials in \'X-User-Token\' and the :admin header fields', public: true do
|
|
251
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
252
|
+
@controller.authenticate_user_from_token
|
|
253
|
+
end
|
|
254
|
+
end
|
|
255
|
+
|
|
256
|
+
context 'when { user: { email: \'X-CustomEmail\' } }' do
|
|
257
|
+
|
|
258
|
+
before(:each) do
|
|
259
|
+
# and credentials in the default header fields lead to the wrong record
|
|
260
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
261
|
+
allow(@controller.request.headers).to receive(:[]).with(nil)
|
|
262
|
+
.and_return(nil)
|
|
263
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
264
|
+
.and_return('waldo@example.com')
|
|
265
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
266
|
+
.and_return('waldo@example.com')
|
|
267
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Token')
|
|
268
|
+
.and_return('w4LdO_toKeN')
|
|
269
|
+
# while credential in the custom header fields lead to the correct record
|
|
270
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
271
|
+
.and_return('charles@example.com')
|
|
272
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
273
|
+
.and_return('ch4rlEs_toKeN')
|
|
274
|
+
|
|
275
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
276
|
+
.and_return({ user: { email: 'X-CustomEmail' } })
|
|
277
|
+
end
|
|
278
|
+
|
|
279
|
+
it 'does look for credentials in \'X-CustomEmail\' and \'X-User-Token\'', public: true do
|
|
280
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
281
|
+
@controller.authenticate_user_from_token
|
|
282
|
+
end
|
|
283
|
+
|
|
284
|
+
it 'ignores credentials in \'X-User-Email\' and the :admin header fields', public: true do
|
|
285
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
286
|
+
@controller.authenticate_user_from_token
|
|
287
|
+
end
|
|
288
|
+
end
|
|
289
|
+
end
|
|
290
|
+
end
|
|
291
|
+
end
|
|
292
|
+
|
|
293
|
+
context 'provided the controller handles authentication for Admin' do
|
|
294
|
+
|
|
295
|
+
before(:each) do
|
|
296
|
+
# and handles authentication for a given model
|
|
297
|
+
@controller_class.acts_as_token_authentication_handler_for Admin
|
|
298
|
+
end
|
|
299
|
+
|
|
300
|
+
context 'and params contains no authentication credentials' do
|
|
301
|
+
|
|
302
|
+
before(:each) do
|
|
303
|
+
# and there are no credentials in params
|
|
304
|
+
allow(@controller).to receive(:params).and_return({})
|
|
305
|
+
end
|
|
306
|
+
|
|
307
|
+
context 'and request headers contain credentials in the custom and default fields' do
|
|
308
|
+
|
|
309
|
+
before(:each) do
|
|
310
|
+
# request headers are set in the nested contexts, these are minor settings
|
|
311
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
312
|
+
allow(@controller).to receive(:sign_in_handler).and_return(:sign_in_handler)
|
|
313
|
+
end
|
|
314
|
+
|
|
315
|
+
context 'when { admin: { email: \'X-CustomEmail\', authentication_token: \'X-Custom_Token\' } }' do
|
|
316
|
+
|
|
317
|
+
before(:each) do
|
|
318
|
+
# and credentials in the default header fields lead to the wrong record
|
|
319
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
320
|
+
allow(@controller.request.headers).to receive(:[]).with(nil)
|
|
321
|
+
.and_return(nil)
|
|
322
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
323
|
+
.and_return('waldo@example.com')
|
|
324
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
325
|
+
.and_return('waldo@example.com')
|
|
326
|
+
|
|
327
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Token')
|
|
328
|
+
.and_return('w4LdO_toKeN')
|
|
329
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
330
|
+
.and_return('w4LdO_toKeN')
|
|
331
|
+
# while credential in the custom header fields lead to the correct record
|
|
332
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
333
|
+
.and_return('charles@example.com')
|
|
334
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
335
|
+
.and_return('ch4rlEs_toKeN')
|
|
336
|
+
|
|
337
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
338
|
+
.and_return({ admin: { email: 'X-CustomEmail', authentication_token: 'X-Custom_Token' } })
|
|
339
|
+
end
|
|
340
|
+
|
|
341
|
+
it 'does look for credentials in \'X-CustomEmail\' and \'X-Custom_Token\'', public: true do
|
|
342
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
343
|
+
@controller.authenticate_admin_from_token
|
|
344
|
+
end
|
|
345
|
+
|
|
346
|
+
it 'ignores credentials in \'X-Admin-Email\', \'X-Admin-Token\' and the :user header fields', public: true do
|
|
347
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
348
|
+
@controller.authenticate_admin_from_token
|
|
349
|
+
end
|
|
350
|
+
end
|
|
351
|
+
|
|
352
|
+
context 'when { admin: { email: \'X-CustomEmail\' } }' do
|
|
353
|
+
|
|
354
|
+
before(:each) do
|
|
355
|
+
# and credentials in the default header fields lead to the wrong record
|
|
356
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
357
|
+
allow(@controller.request.headers).to receive(:[]).with(nil)
|
|
358
|
+
.and_return(nil)
|
|
359
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Email')
|
|
360
|
+
.and_return('waldo@example.com')
|
|
361
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
362
|
+
.and_return('waldo@example.com')
|
|
363
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Token')
|
|
364
|
+
.and_return('w4LdO_toKeN')
|
|
365
|
+
# while credential in the custom header fields lead to the correct record
|
|
366
|
+
allow(@controller.request.headers).to receive(:[]).with('X-CustomEmail')
|
|
367
|
+
.and_return('charles@example.com')
|
|
368
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Admin-Token')
|
|
369
|
+
.and_return('ch4rlEs_toKeN')
|
|
370
|
+
|
|
371
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
372
|
+
.and_return({ admin: { email: 'X-CustomEmail' } })
|
|
373
|
+
end
|
|
374
|
+
|
|
375
|
+
it 'does look for credentials in \'X-CustomEmail\' and \'X-Admin-Token\'', public: true do
|
|
376
|
+
expect(@controller).to receive(:perform_sign_in!).with(@charles_record, :sign_in_handler)
|
|
377
|
+
@controller.authenticate_admin_from_token
|
|
378
|
+
end
|
|
379
|
+
|
|
380
|
+
it 'ignores credentials in \'X-Admin-Email\' and the :user header fields', public: true do
|
|
381
|
+
expect(@controller).not_to receive(:perform_sign_in!).with(@waldo_record, :sign_in_handler)
|
|
382
|
+
@controller.authenticate_admin_from_token
|
|
383
|
+
end
|
|
384
|
+
end
|
|
385
|
+
end
|
|
386
|
+
end
|
|
387
|
+
end
|
|
388
|
+
end
|
|
389
|
+
|
|
390
|
+
it 'can be modified from an initializer file', public: true do
|
|
391
|
+
user = double()
|
|
392
|
+
stub_const('User', user)
|
|
393
|
+
allow(user).to receive(:name).and_return('User')
|
|
394
|
+
|
|
395
|
+
# given one *c*orrect record (which is supposed to get signed in)
|
|
396
|
+
@charles_record = double()
|
|
397
|
+
allow(user).to receive(:find_by).with(email: 'charles@example.com').and_return(@charles_record)
|
|
398
|
+
allow(@charles_record).to receive(:authentication_token).and_return('ch4rlEs_toKeN')
|
|
399
|
+
|
|
400
|
+
# and one *w*rong record (which should not be signed in)
|
|
401
|
+
@waldo_record = double()
|
|
402
|
+
allow(user).to receive(:find_by).with(email: 'waldo@example.com').and_return(@waldo_record)
|
|
403
|
+
allow(@waldo_record).to receive(:authentication_token).and_return('w4LdO_toKeN')
|
|
404
|
+
|
|
405
|
+
# given a controller class which acts as token authentication handler
|
|
406
|
+
@controller_class = Class.new
|
|
407
|
+
allow(@controller_class).to receive(:before_filter)
|
|
408
|
+
@controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
|
|
409
|
+
|
|
410
|
+
# INITIALIZATION
|
|
411
|
+
# this step occurs when 'simple_token_authentication' is required
|
|
412
|
+
#
|
|
413
|
+
# and handles authentication for a given model
|
|
414
|
+
@controller_class.acts_as_token_authentication_handler_for User
|
|
415
|
+
|
|
416
|
+
# RUNTIME
|
|
417
|
+
@controller = @controller_class.new
|
|
418
|
+
# and there are no credentials in params
|
|
419
|
+
allow(@controller).to receive(:params).and_return({})
|
|
420
|
+
# (those are minor settings)
|
|
421
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
422
|
+
allow(@controller).to receive(:sign_in_handler).and_return(:sign_in_handler)
|
|
423
|
+
allow(@controller).to receive(:perform_sign_in!)
|
|
424
|
+
|
|
425
|
+
# and credentials in the header fields which match
|
|
426
|
+
# the initial `header_names` option value
|
|
427
|
+
allow(@controller).to receive_message_chain(:request, :headers).and_return(double())
|
|
428
|
+
allow(@controller.request.headers).to receive(:[]).with('X-User-Email')
|
|
429
|
+
.and_return('waldo@example.com')
|
|
430
|
+
allow(@controller.request.headers).to receive(:[]).with('X-Custom_Token')
|
|
431
|
+
.and_return('w4LdO_toKeN')
|
|
432
|
+
|
|
433
|
+
# end credential in the header fields which match
|
|
434
|
+
# the updated `header_names` option value
|
|
435
|
+
allow(@controller.request.headers).to receive(:[]).with('X-UpdatedName-User-Email')
|
|
436
|
+
.and_return('charles@example.com')
|
|
437
|
+
allow(@controller.request.headers).to receive(:[]).with('X-UpdatedName-User-Token')
|
|
438
|
+
.and_return('ch4rlEs_toKeN')
|
|
439
|
+
|
|
440
|
+
|
|
441
|
+
# even if modified *after* the class was loaded
|
|
442
|
+
allow(SimpleTokenAuthentication).to receive(:header_names)
|
|
443
|
+
.and_return({ user: { email: 'X-UpdatedName-User-Email', authentication_token: 'X-UpdatedName-User-Token' }})
|
|
444
|
+
|
|
445
|
+
# the option updated value is taken into account
|
|
446
|
+
# when token authentication is performed
|
|
447
|
+
expect(@controller.request.headers).to receive(:[]).with('X-UpdatedName-User-Email')
|
|
448
|
+
expect(@controller.request.headers).to receive(:[]).with('X-UpdatedName-User-Token')
|
|
449
|
+
expect(@controller.request.headers).not_to receive(:[]).with('X-User-Email')
|
|
450
|
+
expect(@controller.request.headers).not_to receive(:[]).with('X-User-Token')
|
|
451
|
+
@controller.authenticate_user_from_token
|
|
452
|
+
end
|
|
453
|
+
end
|
|
454
|
+
end
|