RubyGems - sinatra-authorize - Versions diffs - 0.0.1 - Mend

sinatra-authorize 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

data/.gitignore +2 -0
data/.rspec +2 -0
data/Gemfile +4 -0
data/Gemfile.lock +37 -0
data/Rakefile +7 -0
data/lib/sinatra/authorize.rb +77 -0
data/lib/sinatra-authorize/version.rb +5 -0
data/readme.md +108 -0
data/sinatra-authorize.gemspec +29 -0
data/spec/sinatra/authorize_spec.rb +148 -0
data/spec/spec_helper.rb +19 -0
metadata +150 -0

data/.gitignore ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ pkg/*
2	+ *.gem

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --color
2	+ --format=nested

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source :gemcutter
+# Specify your gem's dependencies in sinatra-authorize.gemspec
+gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,37 @@
+PATH
+  remote: .
+  specs:
+    sinatra-authorize (0.0.0)
+      sinatra (>= 1.2)
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.2)
+    rack (1.2.2)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rake (0.8.7)
+    rspec (2.5.0)
+      rspec-core (~> 2.5.0)
+      rspec-expectations (~> 2.5.0)
+      rspec-mocks (~> 2.5.0)
+    rspec-core (2.5.1)
+    rspec-expectations (2.5.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.5.0)
+    sinatra (1.2.2)
+      rack (~> 1.1)
+      tilt (>= 1.2.2, < 2.0)
+    tilt (1.2.2)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (>= 1.0.0.rc.5)
+  rack-test (>= 0.5.7)
+  rake (>= 0.8)
+  rspec (>= 2.4)
+  sinatra (>= 1.2)
+  sinatra-authorize!

data/Rakefile ADDED Viewed

@@ -0,0 +1,7 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/lib/sinatra/authorize.rb ADDED Viewed

@@ -0,0 +1,77 @@
+require 'sinatra/base'
+module Sinatra
+  module Authorize
+    class Condition < Proc; end
+    def authorize(opts = {}, &block)
+      opts = {opts => []} if opts.is_a?(Symbol)
+      if opts[:deny]
+        args = *(opts[:deny])
+        set(:authorize_default, Proc.new {
+          authorize_condition(:deny, args)
+        })
+      else
+        args = *(opts[:allow] || [])
+        set(:authorize_default, Proc.new {
+          authorize_condition(:allow, args)
+        })
+      end
+      if block_given?
+        define_method(:authorize_do_block, block)
+        authorize_do = instance_method(:authorize_do_block)
+        remove_method(:authorize_do_block)
+        set :authorize_do, Proc.new { authorize_do }
+      end
+    end
+    def allow(*args)
+      condition &(authorize_condition(:allow, args))
+    end
+    def deny(*args)
+      condition &(authorize_condition(:deny, args))
+    end
+    def authorize_condition(rule, args)
+      Condition.new { settings.authorize_do.bind(self).call(rule, args) }
+    end
+    class << self
+      def registered(app)
+        app.authorize do |rule, args|
+          raise "No authorize block is specified."
+        end
+        app.class_eval do
+          alias :old_process_route :process_route
+          def process_route(pattern, keys, conditions, &block)
+            authorize_conditions = conditions.select do |cond|
+              cond.is_a?(Authorize::Condition)
+            end
+            regular_conditions = conditions - authorize_conditions
+            old_process_route(pattern, keys, regular_conditions) do
+              throw :halt, 403 if authorize_route(authorize_conditions) == false
+              yield
+            end
+          end
+          def authorize_route(conditions)
+            conditions = conditions.dup
+            conditions.unshift(settings.authorize_default)
+            conditions = conditions.collect { |cond| instance_eval(&cond) }
+            conditions.select { |allow| allow == true || allow == false }.last
+          end
+        end
+      end
+    end
+  end
+  register Authorize
+end

data/lib/sinatra-authorize/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Sinatra
+  module Authorize
+    VERSION = "0.0.1"
+  end
+end

data/readme.md ADDED Viewed

@@ -0,0 +1,108 @@
+# sinatra-authorize
+### Authentication-agnostic rule-based authorization extension for Sinatra
+Provides a flexible rule-based authorization framework:
+* Define `authorize` block for evaluating rules
+* Set default rule for all routes
+* Override default rule per route
+Choice of authentication approach is entirely up to the application.
+### Installation
+    gem install sinatra-authorize
+### Usage
+Define `authorize` block for evaluating rules, and optionally set the default rule:
+    authorize :deny => :all do |rule, args|
+      # evaluate rule
+    end
+Omitting a default rule when defining the `authorize` block makes
+`:allow => []` the default rule.
+Override default rule per route:
+    get '/', :allow => :all do
+      # :allow => :all rule overrides default :deny => :all rule
+    end
+Authorization is performed just before the route is evaluated, after the
+pattern has been matched and any other conditions have been evaluated.
+#### Usage scenario
+Simple scenario with default `:allow` rule, which is overriden for protected
+routes:
+    require 'sinatra'
+    require 'sinatra/authorize'
+    enable :sessions
+    authorize do |rule, args|
+      if args == [:user]
+        session[:user] != nil
+      elsif args == [:admin]
+        session[:admin] != nil
+      end
+    end
+    # Availabe to all, as default rule is :allow => []
+    get '/' do
+    end
+    # Availabe to all, as default rule is :allow => []
+    post '/authenticate' do
+      if params[:username] == 'username' && params[:password] == 'password'
+        session[:user] = params[:username]
+        if session[:user] == 'admin'
+          session[:admin] = true
+        end
+      end
+    end
+    # Only run for authorized user requests, because of override rule
+    get '/content/:id' :allow => :user do
+    end
+    # Only run for authorized admin requests, because of override rule
+    get '/admin/content/:id', :allow => :admin do
+    end
+The `authorize` block only needs to handle the `:allow` rules present in the
+scenario. Also, only the rule arguments used, `:user` and `:admin`, are
+accounted for. No default rule is set when defining the `authorize` block,
+thus making `:allow => []` the default rule. The routes `/` and `/authenticate`
+is evaluated using the default `:allow` rule, whereas the `/content/:id` and
+`/admin/content:id` routes override the default rule.
+### License
+(The MIT License)
+Copyright (c) 2011 Ole Petter Bang &lt;olepbang@gmail.com&gt;
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/sinatra-authorize.gemspec ADDED Viewed

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'sinatra-authorize/version'
+Gem::Specification.new do |s|
+  s.name        = "sinatra-authorize"
+  s.version     = Sinatra::Authorize::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Ole Petter Bang"]
+  s.email       = ["olepbang@gmail.com"]
+  s.homepage    = "https://github.com/gnab/sinatra-authorize"
+  s.summary     = "Smooth authentication-agnostic rule-based authorization " +
+                  "extension for Sinatra"
+  s.description = s.summary
+  s.required_rubygems_version = ">= 1.3.6"
+  s.rubyforge_project         = "sinatra-authorize"
+  s.add_development_dependency "bundler", ">= 1.0.0.rc.5"
+  s.add_development_dependency "rake", ">= 0.8"
+  s.add_development_dependency "rack-test", ">= 0.5.7"
+  s.add_development_dependency "rspec", ">= 2.4"
+  s.add_runtime_dependency "sinatra", ">= 1.2"
+  s.files        = `git ls-files`.split("\n")
+  s.executables  = `git ls-files`.split("\n").select{|f| f =~ /^bin/}
+  s.require_path = 'lib'
+end

data/spec/sinatra/authorize_spec.rb ADDED Viewed

@@ -0,0 +1,148 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+shared_examples_for "when no default authorization is set" do
+  it 'should allow route with allow all rule' do
+    app.get('/', :allow => :all) {}
+    get '/'
+    last_response.status.should == 200
+  end
+  it 'should allow route with deny none rule' do
+    app.get('/', :deny => :none) {}
+    get '/'
+    last_response.status.should == 200
+  end
+  it 'should deny route with deny all rule' do
+    app.get('/', :deny => :all) {}
+    get '/'
+    last_response.status.should == 403
+  end
+  it 'should deny route with allow none rule' do
+    app.get('/', :allow => :none) {}
+    get '/'
+    last_response.status.should == 403
+  end
+end
+describe Sinatra::Authorize do
+  before :all do
+    app.authorize  do |rule, args|
+      allow_default = lambda do |args|
+        if args == [] || args == [:all]
+          true
+        elsif args == [:none]
+          false
+        else
+          raise "Unknown authorization rule argument: #{args}."
+        end
+      end
+      if rule == :allow
+        allow_default.call(args)
+      elsif rule == :deny
+        !allow_default.call(args)
+      else
+        raise "Unknown authorization rule: #{rule}."
+      end
+    end
+  end
+  before do
+    app.reset!
+  end
+  it 'should allow routes by default' do
+    app.get('/') {}
+    get '/'
+    last_response.status.should == 200
+  end
+  it_behaves_like "when no default authorization is set"
+  context "#authorize :allow" do
+    before do
+      app.authorize :allow
+    end
+    it 'should allow routes by default' do
+      app.get('/') {}
+      get '/'
+      last_response.status.should == 200
+    end
+    it_behaves_like "when no default authorization is set"
+    context ' => :all' do
+      before do
+        app.authorize :allow => :all
+      end
+      it 'should allow routes by default' do
+        app.get('/') {}
+        get '/'
+        last_response.status.should == 200
+      end
+      it_behaves_like "when no default authorization is set"
+    end
+    context ' => :none' do
+      before do
+        app.authorize :allow => :none
+      end
+      it 'should deny routes by default' do
+        app.get('/') {}
+        get '/'
+        last_response.status.should == 403
+      end
+      it_behaves_like "when no default authorization is set"
+    end
+  end
+  context '#authorize :deny' do
+    before do
+      app.authorize :deny
+    end
+    it 'should deny routes by default' do
+      app.get('/') {}
+      get '/'
+      last_response.status.should == 403
+    end
+    it_behaves_like "when no default authorization is set"
+    context ' => :all' do
+      before do
+        app.authorize :deny => :all
+      end
+      it 'should deny routes by default' do
+        app.get('/') {}
+        get '/'
+        last_response.status.should == 403
+      end
+      it_behaves_like "when no default authorization is set"
+    end
+    context ' => :none' do
+      before do
+        app.authorize :deny => :none
+      end
+      it 'should allow routes by default' do
+        app.get('/') {}
+        get '/'
+        last_response.status.should == 200
+      end
+      it_behaves_like "when no default authorization is set"
+    end
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,19 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+ENV['RACK_ENV'] = 'test'
+require 'rspec'
+require 'rack/test'
+require 'sinatra/base'
+require 'sinatra/authorize'
+module SpecHelper
+  def app
+    @app ||= Sinatra::Application
+  end
+end
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.include SpecHelper
+end

metadata ADDED Viewed

@@ -0,0 +1,150 @@
+--- !ruby/object:Gem::Specification
+name: sinatra-authorize
+version: !ruby/object:Gem::Version
+  prerelease: false
+  segments:
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors:
+- Ole Petter Bang
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2011-04-16 00:00:00 +02:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 1
+        - 0
+        - 0
+        - rc
+        - 5
+        version: 1.0.0.rc.5
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: rake
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 0
+        - 8
+        version: "0.8"
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 0
+        - 5
+        - 7
+        version: 0.5.7
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: rspec
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 2
+        - 4
+        version: "2.4"
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 1
+        - 2
+        version: "1.2"
+  type: :runtime
+  version_requirements: *id005
+description: Smooth authentication-agnostic rule-based authorization extension for Sinatra
+email:
+- olepbang@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Gemfile.lock
+- Rakefile
+- lib/sinatra-authorize/version.rb
+- lib/sinatra/authorize.rb
+- readme.md
+- sinatra-authorize.gemspec
+- spec/sinatra/authorize_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: https://github.com/gnab/sinatra-authorize
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      segments:
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      segments:
+      - 1
+      - 3
+      - 6
+      version: 1.3.6
+requirements: []
+rubyforge_project: sinatra-authorize
+rubygems_version: 1.3.7
+signing_key:
+specification_version: 3
+summary: Smooth authentication-agnostic rule-based authorization extension for Sinatra
+test_files: []