vault-tools 0.5.12 → 0.5.13

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    vault-tools (0.5.12)
+    vault-tools (0.5.13)
       aws-sdk
       fernet (= 2.0.rc2)
       heroku-api

data/lib/vault-tools/version.rb

@@ -1,5 +1,5 @@
 module Vault
   module Tools
-    VERSION = '0.5.12'
+    VERSION = '0.5.13'
   end
 end

data/lib/vault-tools/web.rb

@@ -3,10 +3,25 @@ require 'vault-tools/log'
 module Vault
   # Base class for HTTP API services.
   class Web < Sinatra::Base
-    # Store the action for logging purposes.
-    def self.route(verb, action, *)
-      condition { @action = action }
-      super
+    # List of paths that are not protected thus overriding protected!
+    set :unprotected_paths, []
+
+    class << self
+      # Store the action for logging purposes.
+      def route(verb, action, *)
+        condition { @action = action }
+        super
+      end
+
+      # Create :method:_unprotected methods for instances where default
+      # protect! is used
+      %w{get put post delete head options path link unlink}.each do |meth|
+        define_method "#{meth}_unprotected".to_sym do |path, opts = {}, &block|
+          pattern = compile!(meth.upcase, path, block, opts).first
+          set :unprotected_paths, settings.unprotected_paths + [pattern]
+          route meth.upcase, path, opts, &block
+        end
+      end
     end
 
     # HTTP Basic Auth Support
@@ -14,12 +29,17 @@ module Vault
       # Protects an http method.  Returns 401 Not Authorized response
       # when authorized? returns false
       def protected!(*passwords)
-        unless authorized?(passwords)
+        unless unprotected? || authorized?(passwords)
           response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
           throw(:halt, [401, "Not authorized\n"])
         end
       end
 
+      # Check the list of unprotected_paths and see if any of them match
+      def unprotected?
+        settings.unprotected_paths.any? { |path| path.match(request.path) }
+      end
+
       # Check request for HTTP Basic creds and
       # password matches settings.basic_password
       def authorized?(passwords)

data/test/web_test.rb

@@ -84,6 +84,34 @@ class WebTest < Vault::TestCase
     assert_equal 'You may pass', last_response.body
   end
 
+  def test_http_basic_auth_with_default_protected
+    app.set :basic_password, 'password'
+    app.before { protected! }
+    app.get '/protected' do
+      'You may pass'
+    end
+    app.get_unprotected '/unprotected/:name' do |name|
+      "You may pass #{name}"
+    end
+
+    get '/protected'
+    assert_equal 401, last_response.status
+
+    get '/unprotected/Bob'
+    assert_equal 200, last_response.status
+    assert_equal 'You may pass Bob', last_response.body
+
+    authorize('','password')
+    get '/protected'
+    assert_equal 200, last_response.status
+    assert_equal 'You may pass', last_response.body
+
+    authorize('','password')
+    get '/unprotected/Jill'
+    assert_equal 200, last_response.status
+    assert_equal 'You may pass Jill', last_response.body
+  end
+
   # An `http_200` and an `http_2xx` log metric is written for successful
   # requests.
   def test_head_status_check

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vault-tools
 version: !ruby/object:Gem::Version
-  version: 0.5.12
+  version: 0.5.13
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-11 00:00:00.000000000 Z
+date: 2014-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: scrolls