sinatra-authorization 1.0.0

data/README.rdoc

@@ -0,0 +1,25 @@
+= Sinatra Authorization
+
+HTTP Authorization helpers for Sinatra.
+
+== Example
+
+require "sinatra/authorization"
+
+set :authorization_realm, "Protected zone"
+
+helpers do
+  def authorize(login, password)
+    login == "admin" && password == "secret"
+  end
+end
+
+get "/" do
+  "Hello"
+end
+
+get "/admin" do
+  login_required
+
+  "Welcome in protected zone"
+end

data/Rakefile

@@ -0,0 +1,12 @@
+task :default => :test
+
+desc "Run tests"
+task :test do
+  ruby "test/authorization_test.rb"
+end
+
+begin
+  require "mg"
+  MG.new("sinatra-authorization.gemspec")
+rescue LoadError
+end

data/lib/sinatra/authorization.rb

@@ -0,0 +1,64 @@
+require "sinatra/base"
+
+module Sinatra
+  # HTTP Authorization helpers for Sinatra.
+  #
+  # In your helpers module, include Sinatra::Authorization and then define
+  # an #authorize(user, password) method to handle user provided
+  # credentials.
+  #
+  # Inside your events, call #login_required to trigger the HTTP
+  # Authorization window to pop up in the browser.
+  #
+  # Code adapted from {Ryan Tomayko}[http://tomayko.com/about] and
+  # {Christopher Schneid}[http://gittr.com], shared under an MIT License
+  module Authorization
+    # Redefine this method on your helpers block to actually contain
+    # your authorization logic.
+    def authorize(username, password)
+      false
+    end
+
+    # From you app, call set :authorization_realm, "my app" to set this
+    # or define a #authorization_realm method in your helpers block.
+    def authorization_realm
+      Sinatra::Default.authorization_realm
+    end
+
+    # Call in any event that requires authentication
+    def login_required
+      return if authorized?
+      unauthorized! unless auth.provided?
+      bad_request!  unless auth.basic?
+      unauthorized! unless authorize(*auth.credentials)
+      request.env['REMOTE_USER'] = auth.username
+    end
+
+    # Convenience method to determine if a user is logged in
+    def authorized?
+      !!request.env['REMOTE_USER']
+    end
+    alias :logged_in? :authorized?
+
+    # Name provided by the current user to log in
+    def current_user
+      request.env['REMOTE_USER']
+    end
+
+    private
+      def auth
+        @auth ||= Rack::Auth::Basic::Request.new(request.env)
+      end
+
+      def unauthorized!(realm=authorization_realm)
+        response["WWW-Authenticate"] = %(Basic realm="#{realm}")
+        throw :halt, [ 401, 'Authorization Required' ]
+      end
+
+      def bad_request!
+        throw :halt, [ 400, 'Bad Request' ]
+      end
+  end
+
+  helpers Authorization
+end

data/sinatra-authorization.gemspec

@@ -0,0 +1,20 @@
+Gem::Specification.new do |s|
+  s.name     = "sinatra-authorization"
+  s.rubyforge_project = "integrity"
+  s.version  = "1.0.0"
+  s.date     = "2009-04-19"
+  s.summary  = "HTTP Authorization helpers for Sinatra."
+  s.description  = "HTTP Authorization helpers for Sinatra."
+  s.homepage = "http://github.com/integrity/sinatra-authorization"
+  s.email    = "info@integrityapp.com"
+  s.authors  = ["Nicolás Sanguinetti", "Simon Rozet"]
+  s.has_rdoc = false
+  s.files    = %w[
+README.rdoc
+Rakefile
+sinatra-authorization.gemspec
+lib/sinatra/authorization.rb
+test/authorization_test.rb
+]
+  s.add_dependency("sinatra", [">= 0.9.1.1"])
+end

data/test/authorization_test.rb

@@ -0,0 +1,66 @@
+require "test/unit"
+require "rack/test"
+require "context"
+require "pending"
+
+require File.dirname(__FILE__) + "/../lib/sinatra/authorization"
+
+class AuthorizationApp < Sinatra::Default
+  set :environment, :test
+
+  get "/" do
+    login_required
+
+    "Welcome in protected zone"
+  end
+
+  def authorize(username, password)
+    username == "user" && password = "test"
+  end
+
+  def authorization_realm
+    "Move on"
+  end
+end
+
+class SinatraAuthorizationTest < Test::Unit::TestCase
+  before do
+    @session = Rack::Test::Session.new(AuthorizationApp)
+  end
+
+  def basic_auth(user="user", password="test")
+    credentials = ["#{user}:#{password}"].pack("m*")
+
+    { "HTTP_AUTHORIZATION" => "Basic #{credentials}" }
+  end
+
+  it "is authorized with correct credentials" do
+    @session.get "/", {}, basic_auth
+    assert_equal 200, @session.last_response.status
+    assert_equal ["Welcome in protected zone"], @session.last_response.body
+  end
+
+  it "sets REMOTE_USER" do
+    pending "TODO"
+  end
+
+  it "is unauthorized without credentials" do
+    @session.get "/"
+    assert_equal 401, @session.last_response.status
+  end
+
+  it "is unauthorized with incorrect credentials" do
+    @session.get "/", {}, basic_auth("evil", "wrong")
+    assert_equal 401, @session.last_response.status
+  end
+
+  it "returns specified realm" do
+    @session.get "/"
+    assert_equal %Q(Basic realm="Move on"), @session.last_response["WWW-Authenticate"]
+  end
+
+  it "returns a 400, Bad Request if not basic auth" do
+    @session.get "/", {}, { "HTTP_AUTHORIZATION" => "Foo bar" }
+    assert_equal 400, @session.last_response.status
+  end
+end

metadata

@@ -0,0 +1,67 @@
+--- !ruby/object:Gem::Specification 
+name: sinatra-authorization
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+platform: ruby
+authors: 
+- "Nicol\xC3\xA1s Sanguinetti"
+- Simon Rozet
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-04-19 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.9.1.1
+    version: 
+description: HTTP Authorization helpers for Sinatra.
+email: info@integrityapp.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README.rdoc
+- Rakefile
+- sinatra-authorization.gemspec
+- lib/sinatra/authorization.rb
+- test/authorization_test.rb
+has_rdoc: false
+homepage: http://github.com/integrity/sinatra-authorization
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: integrity
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: HTTP Authorization helpers for Sinatra.
+test_files: []
+