strelka 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2b80a99f214a313af79edba1b5f7805e9c0608bb
-  data.tar.gz: 29357b83d58fea5ed8643ae8cd3beebbb2f4a0fe
+  metadata.gz: 23f3a2bf90987379d646fd64f813d403057ba894
+  data.tar.gz: 7df48c8764cf88fc8e357fd6d4e70ab84bc7af9d
 SHA512:
-  metadata.gz: 18eeb9cecb966a98ef3b17d6bd42c9205a7fabb6c874d5e0680d96710898e20a87b265da19b03bb1d1d3e16431d992765a459cf7423a65b17c17cf8b176bb013
-  data.tar.gz: 5dd20c7375c9450fc84b96ec5a3167b8468620f4d1fd107b6b91df724950de16c70b42752b1cd66def6ba41f2ddb7e0d1c0687a677da402d0122ccbd6b2c6c3d
+  metadata.gz: f0d5356fbb5c03eccdb77d055796a6b120aabfd8702a590725b16b8b9446a42ad157fdd05841e96ab761ce91e74bdb8ade89893c4365d4cb5b7f34bc698f2ac1
+  data.tar.gz: 6993272bb47fd7874689853b7439b70581b27788ab3b1195125180eedca958bdc9a4e25bef06bf7d3587ea331dd70fd09d2d5a565fca256e2ec92b546679160b

data/ChangeLog

@@ -1,8 +1,40 @@
+2015-12-29  Mahlon E. Smith  <mahlon@martini.nu>
+
+	* lib/strelka/app/auth.rb, lib/strelka/authprovider.rb,
+	spec/strelka/app/auth_spec.rb:
+	If authentication fails, throw from the request processing path
+	instead of the authprovider API.
+	[4ec61e15b3b3] [tip]
+
+2015-11-18  Michael Granger  <ged@FaerieMUD.org>
+
+	* lib/strelka/app/auth.rb, lib/strelka/httprequest/auth.rb,
+	lib/strelka/mixins.rb, lib/strelka/testing.rb,
+	spec/strelka/app/auth_spec.rb,
+	spec/strelka/httprequest/auth_spec.rb:
+	Add a mechanism for deferring authentication to request handlers
+	[92cfae454ef1] [github/master]
+
+	* lib/strelka/app/auth.rb, spec/strelka/app/auth_spec.rb:
+	Back out the auth hook before adding deferred auth
+	[62beb1c355cb]
+
+2015-11-16  Michael Granger  <ged@FaerieMUD.org>
+
+	* lib/strelka/session/db.rb:
+	Fix Sqlite session table schema
+	[ee4051a888a1]
+
+	* spec/strelka/httprequest/acceptparams_spec.rb,
+	spec/strelka/router_spec.rb:
+	Fix empty raise_error()s
+	[142dd3a71307]
+
 2015-10-01  Mahlon E. Smith  <mahlon@laika.com>
 
 	* .hgsigs:
 	Added signature for changeset 2e4e4c78a588
-	[50bc1d12bad4] [tip]
+	[50bc1d12bad4]
 
 	* .hgtags:
 	Added tag v0.10.0 for changeset 2aae0e98c859
@@ -135,7 +167,7 @@
 
 	* strelka.gemspec:
 	Update the gemspec
-	[92c894486289] [github/master]
+	[92c894486289]
 
 	* Rakefile:
 	Fix the fivefish version
@@ -757,7 +789,7 @@
 	spec/strelka/app/parameters_spec.rb,
 	spec/strelka/paramvalidator_spec.rb:
 	Add a paramvalidator constraint for JSON fields
-	[ac11b12f9366]
+	[ac11b12f9366] [github/no-notes-auto-vivify]
 
 2013-01-25  Michael Granger  <ged@FaerieMUD.org>
 

data/History.rdoc

@@ -1,3 +1,16 @@
+== v0.11.0 [2016-01-20] Mahlon E. Smith <mahlon@martini.nu>
+
+Enhancements:
+
+- Add a mechanism for deferring authentication to request handlers
+- If authentication fails, throw from the request processing path
+  instead of the authprovider API.
+
+Bugfixes:
+
+- Fix Sqlite session table schema
+
+
 == v0.10.0 [2015-10-01] Mahlon E. Smith <mahlon@martini.nu>
 
 - Allow authentication to be optional for a route.

data/lib/strelka.rb

@@ -24,10 +24,10 @@ module Strelka
 	log_as :strelka
 
 	# Library version constant
-	VERSION = '0.10.0'
+	VERSION = '0.11.0'
 
 	# Version-control revision constant
-	REVISION = %q$Revision: 2aae0e98c859 $
+	REVISION = %q$Revision: d794173d505f $
 
 	require 'strelka/mixins'
 	require 'strelka/constants'

data/lib/strelka/app/auth.rb

@@ -473,6 +473,7 @@ module Strelka::App::Auth
 	def handle_request( request, &block )
 		self.log.debug "[:auth] Wrapping request in auth with a %p" % [ self.auth_provider ]
 
+		request.auth_provider = self.auth_provider
 		self.authenticate_and_authorize( request )
 
 		super
@@ -495,7 +496,8 @@ module Strelka::App::Auth
 	def provide_authentication( request )
 		provider = self.auth_provider
 		self.log.info "Authenticating request using provider: %p" % [ provider ]
-		return provider.authenticate( request )
+		credentials = provider.authenticate( request ) or finish_with( HTTP::AUTH_REQUIRED, "Authentication required." )
+		return credentials
 	end
 
 
@@ -570,25 +572,6 @@ module Strelka::App::Auth
 	alias_method :required_perms_for, :perms_required_for
 
 
-	### Normally, the authentication plugin manages authing a user
-	### automatically.  There are cases where we want to perform this
-	### manually, such as a route that provides alternate data for an
-	### authenticated user, but still allows non-authed access.
-	###
-	### Returns the authenticated user object, or nil if unsuccessful.
-	###
-	### This essentially makes authentication optional for a route, instead
-	### of simply "on" or "off".
-	def authenticate( request )
-		acct = nil
-		catch( :finish ) do
-			acct = self.auth_provider.authenticate( request )
-			request.authenticated_user = acct
-		end
-		return acct
-	end
-
-
 	#########
 	protected
 	#########

data/lib/strelka/authprovider.rb

@@ -63,8 +63,7 @@ class Strelka::AuthProvider
 
 
 	### You should override this method if you want to authenticate the +request+. It should
-	### return a credentials object if authentication is successful, or throw an auth_required
-	### response if it fails.
+	### return a credentials object if authentication is successful, or a false value if it fails.
 	def authenticate( request )
 		self.log.debug "No authentication provided, returning anonymous credentials."
 		return 'anonymous'

data/lib/strelka/httprequest/auth.rb

@@ -13,6 +13,7 @@ module Strelka::HTTPRequest::Auth
 	### Extension callback -- add instance variables to extended objects.
 	def initialize( * )
 		super
+		@auth_provider = nil
 		@authenticated_user = nil
 	end
 
@@ -25,6 +26,47 @@ module Strelka::HTTPRequest::Auth
 	attr_accessor :authenticated_user
 	alias_method :authenticated?, :authenticated_user
 
+	# The Strelka::AuthProvider the app uses for authentication (if any)
+	attr_accessor :auth_provider
+
+
+	### Try to authenticate the request using the specified +block+. If a +block+ is not provided,
+	### the #authenticate method of the app's AuthProvider is used instead.
+	###
+	### Valid +options+ are:
+	###
+	### [+:optional+]  if this is set to a true value, don't throw a 401 Requires Authentication
+	###                if the authentication fails.
+	###
+	def authenticate( options={}, &block )
+		block ||= self.auth_provider.method( :authenticate )
+		result = block.call( self )
+
+		finish_with( HTTP::UNAUTHORIZED, "Authorization failed" ) unless result || options[:optional]
+		self.authenticated_user = result
+
+		return result
+	end
+
+
+	### Try to check authorization using the specified +block+.  If a +block+ is not
+	### provided, the #authorize method of the app's AuthProvider is used instead.
+	### If the request doesn't already have an +authenticated_user+ set,
+	### #authenticate will be called with no arguments to try to provide one.
+	### The provided +perms+ are passed either to the block or the AuthProvider if
+	### no block is given. If successful, the authenticated user that was used is returned.
+	def authorize( *perms, &block )
+		if block
+			results = block.call or
+				finish_with( HTTP::FORBIDDEN, "You are not authorized to access this resource." )
+			return results
+		else
+			self.log.debug "Deferred authorization via %p" % [ self.auth_provider ]
+			credentials = self.authenticated_user || self.authenticate
+			self.auth_provider.authorize( credentials, self, perms )
+			return credentials
+		end
+	end
 
 end # module Strelka::HTTPRequest::Auth
 

data/lib/strelka/mixins.rb

@@ -329,8 +329,16 @@ module Strelka
 
 	# A collection of functions for generating responses.
 	module ResponseHelpers
+		extend Loggability
 		include Strelka::Constants
 
+		log_to :strelka
+
+
+		###############
+		module_function
+		###############
+
 		### Abort the current execution and return a response with the specified
 		### http_status code immediately. The specified +message+ will be logged,
 		### and will be included in any message that is returned as part of the

data/lib/strelka/session/db.rb

@@ -72,11 +72,9 @@ class Strelka::Session::Db < Strelka::Session::Default
 		else
 			self.log.debug "Creating new sessions table for %p" % [ db ]
 			self.db.create_table( self.table_name.to_sym ) do
-				text :session_id, :index => true
+				text :session_id, :primary_key => true
 				text :session
 				timestamp :created
-
-				primary_key :session_id
 			end
 		end
 

data/lib/strelka/testing.rb

@@ -87,6 +87,8 @@ module Strelka::Testing
 				nil
 			end
 
+			Loggability[ Strelka ].debug "Test proc called; status info is: %p" % [ status_info ]
+
 			return self.check_finish( status_info ) &&
 			       self.check_status_code( status_info ) &&
 			       self.check_message( status_info ) &&

data/spec/strelka/app/auth_spec.rb

@@ -27,6 +27,13 @@ describe Strelka::App::Auth do
 	it_should_behave_like( "A Strelka Plugin" )
 
 
+	RSpec::Matchers.define( :require_auth_for_request ) do |request|
+		match do |app|
+			app.request_should_auth?( request )
+		end
+	end
+
+
 	it "gives including apps a default authprovider" do
 		app = Class.new( Strelka::App ) do
 			plugins :auth
@@ -62,7 +69,6 @@ describe Strelka::App::Auth do
 				def handle_request( req )
 					super do
 						res = req.response
-						self.authenticate( req ) if req.uri.to_s =~ /\/optional$/
 						res.status = HTTP::OK
 						res.content_type = 'text/plain'
 						res.puts "Ran successfully."
@@ -125,14 +131,6 @@ describe Strelka::App::Auth do
 			expect( subclass.negative_perms_criteria ).to_not equal( @app.negative_perms_criteria )
 		end
 
-
-		RSpec::Matchers.define( :require_auth_for_request ) do |request|
-			match do |app|
-				app.request_should_auth?( request )
-			end
-		end
-
-
 		it "allows auth criteria to be declared with a string" do
 			@app.require_auth_for( '/string' )
 			app = @app.new
@@ -319,7 +317,6 @@ describe Strelka::App::Auth do
 
 		end
 
-
 		it "allows perms criteria to be declared with a string" do
 			@app.require_perms_for( '/string', :stringperm )
 			app = @app.new
@@ -574,7 +571,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/onlyauth' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to_not receive( :authorize )
 
 					app.handle( req )
@@ -584,7 +581,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/both' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to receive( :authorize )
 
 					app.handle( req )
@@ -623,7 +620,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/onlyauth' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to receive( :authorize )
 
 					app.handle( req )
@@ -633,7 +630,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/both' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to_not receive( :authorize )
 
 					app.handle( req )
@@ -659,20 +656,6 @@ describe Strelka::App::Auth do
 			before( :each ) do
 				@app.no_auth_for( '/onlyauth' )
 				@app.no_auth_for( '/both' )
-				@app.no_auth_for( '/optional' )
-			end
-
-			context "and optional auth for a route" do
-
-				it "checks auth without throwing HTTP::AUTH_REQUIRED" do
-					req = @request_factory.get( '/api/v1/optional' )
-
-					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
-					expect( app.auth_provider ).to receive( :authorize )
-
-					app.handle( req )
-				end
 			end
 
 			context "and positive perms criteria" do
@@ -686,7 +669,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/onlyperms' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to receive( :authorize )
 
 					app.handle( req )
@@ -716,7 +699,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/neither' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to_not receive( :authorize )
 
 					app.handle( req )
@@ -735,7 +718,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/onlyperms' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to_not receive( :authorize )
 
 					app.handle( req )
@@ -765,7 +748,7 @@ describe Strelka::App::Auth do
 					req = @request_factory.get( '/api/v1/neither' )
 
 					app = @app.new
-					expect( app.auth_provider ).to receive( :authenticate )
+					expect( app.auth_provider ).to receive( :authenticate ).and_return( true )
 					expect( app.auth_provider ).to receive( :authorize )
 
 					app.handle( req )
@@ -796,6 +779,7 @@ describe Strelka::App::Auth do
 
 		end
 
+
 	end
 
 end

data/spec/strelka/httprequest/acceptparams_spec.rb

@@ -87,7 +87,7 @@ describe Strelka::HTTPRequest, "accept params" do
 		it "rejects invalid Accept header values" do
 			expect {
 				Strelka::HTTPRequest::MediaType.parse( 'porksausage' )
-			}.to raise_error()
+			}.to raise_error( ArgumentError, /no media-range/i )
 		end
 
 

data/spec/strelka/httprequest/auth_spec.rb

@@ -6,6 +6,7 @@ require_relative '../../helpers'
 require 'rspec'
 
 require 'strelka'
+require 'strelka/authprovider'
 require 'strelka/httprequest/auth'
 
 
@@ -19,22 +20,139 @@ describe Strelka::HTTPRequest::Auth do
 		@request_factory = Mongrel2::RequestFactory.new( route: '/service/user' )
 	end
 
-	before( :each ) do
-		@req = @request_factory.get( '/service/user/estark' )
-		@req.extend( described_class )
+
+	let( :request ) do
+		request = @request_factory.get( '/service/user/astark' )
+		request.extend( described_class )
+		request
 	end
 
 
+
 	it "adds an authenticated? predicate" do
-		expect( @req ).to_not be_authenticated()
-		@req.authenticated_user = 'anonymous'
-		expect( @req ).to be_authenticated()
+		expect( request ).to_not be_authenticated()
+		request.authenticated_user = 'anonymous'
+		expect( request ).to be_authenticated()
 	end
 
 	it "adds an authenticated_user attribute" do
-		expect( @req.authenticated_user ).to be_nil()
-		@req.authenticated_user = 'someone'
-		expect( @req.authenticated_user ).to eq( 'someone' )
+		expect( request.authenticated_user ).to be_nil()
+		request.authenticated_user = 'someone'
+		expect( request.authenticated_user ).to eq( 'someone' )
+	end
+
+
+	context "authentication method" do
+
+		it "sets the authenticated user to the result of the authenticate block" do
+			request.authenticate do
+				:the_user
+			end
+
+			expect( request.authenticated_user ).to eq( :the_user )
+		end
+
+		it "calls #authenticate on the request's auth_provider if no block is given" do
+			request.auth_provider = instance_double( Strelka::AuthProvider )
+
+			expect( request.auth_provider ).to receive( :authenticate ).with( request ).
+				and_return( :the_user )
+
+			expect( request.authenticate ).to eq( :the_user )
+			expect( request.authenticated_user ).to eq( :the_user )
+		end
+
+		it "finishes with a 401 Auth Required if the provided block returns a false value" do
+			expect {
+				request.authenticate { false }
+			}.to finish_with( HTTP::UNAUTHORIZED )
+		end
+
+		it "doesn't 401 if provided block returns false when called with optional: true" do
+			expect {
+				request.authenticate( optional: true ) { false }
+			}.to_not finish_with( HTTP::UNAUTHORIZED )
+		end
+
+	end
+
+
+	context "authorization method" do
+
+		it "is a noop if the provided block returns true" do
+			expect {
+				request.authorize { :the_user }
+			}.to_not finish_with( HTTP::FORBIDDEN )
+		end
+
+
+		it "calls #authorize on the request's auth_provider if no block is given" do
+			request.authenticated_user = :the_user
+			request.auth_provider = instance_double( Strelka::AuthProvider )
+
+			expect( request.auth_provider ).to_not receive( :authenticate )
+			expect( request.auth_provider ).to receive( :authorize ).
+				with( :the_user, request, [] ).
+				and_return( true )
+
+			result = request.authorize
+
+			expect( result ).to eq( :the_user )
+			expect( request.authenticated_user ).to eq( :the_user )
+		end
+
+
+		it "trys to authenticate if called without a block and the request doesn't have an authorized_user" do
+			request.authenticated_user = nil
+			request.auth_provider = instance_double( Strelka::AuthProvider )
+
+			expect( request.auth_provider ).to receive( :authenticate ).with( request ).
+				and_return( :the_user )
+			expect( request.auth_provider ).to receive( :authorize ).
+				with( :the_user, request, [] ).
+				and_return( true )
+
+			result = request.authorize
+
+			expect( result ).to eq( :the_user )
+			expect( request.authenticated_user ).to eq( :the_user )
+		end
+
+
+		it "finishes with a 401 Auth Required if calling #authorize without a block and auth fails" do
+			request.auth_provider = instance_double( Strelka::AuthProvider )
+
+			expect( request.auth_provider ).to receive( :authenticate ) do |arg|
+				expect( arg ).to be( request )
+				Strelka::ResponseHelpers.finish_with( HTTP::UNAUTHORIZED )
+			end
+
+			expect { request.authorize }.to finish_with( HTTP::UNAUTHORIZED )
+		end
+
+
+		it "finishes with a 403 Forbidden if it returns a false value" do
+			expect {
+				request.authorize { false }
+			}.to finish_with( HTTP::FORBIDDEN )
+		end
+
+
+		it "passes permissions to the auth provider" do
+			request.authenticated_user = :the_user
+			request.auth_provider = instance_double( Strelka::AuthProvider )
+
+			expect( request.auth_provider ).to receive( :authorize ).
+				with( :the_user, request, [ :hand, :meat ] ).
+				and_return( true )
+
+			result = request.authorize( :hand, :meat )
+
+			expect( result ).to eq( :the_user )
+			expect( request.authenticated_user ).to eq( :the_user )
+		end
+
 	end
 
+
 end

data/spec/strelka/router_spec.rb

@@ -29,7 +29,7 @@ describe Strelka::Router do
 	it "is abstract" do
 		expect {
 			Strelka::Router.new
-		}.to raise_error()
+		}.to raise_error( NoMethodError, /private method `new'/i )
 	end
 
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: strelka
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Mahlon E. Smith
@@ -31,7 +31,7 @@ cert_chain:
   G8LHR7EjtPPmqCCunfyecJ6MmCNaiJCBxq2NYzyNmluPyHT8+0fuB5kccUVZm6CD
   xn3DzOkDE6NYbk8gC9rTsA==
   -----END CERTIFICATE-----
-date: 2015-10-01 00:00:00.000000000 Z
+date: 2016-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: configurability
@@ -297,14 +297,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.13'
+        version: '3.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.13'
+        version: '3.14'
 description: |-
   Strelka is a framework for creating and deploying
   Mongrel2[http://mongrel2.org/] web applications in Ruby.
@@ -485,7 +485,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.7
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Strelka is a framework for creating and deploying Mongrel2[http://mongrel2.org/]