vault-tools 0.5.12 → 0.5.13

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- vault-tools (0.5.12)
4
+ vault-tools (0.5.13)
5
5
  aws-sdk
6
6
  fernet (= 2.0.rc2)
7
7
  heroku-api
@@ -1,5 +1,5 @@
1
1
  module Vault
2
2
  module Tools
3
- VERSION = '0.5.12'
3
+ VERSION = '0.5.13'
4
4
  end
5
5
  end
@@ -3,10 +3,25 @@ require 'vault-tools/log'
3
3
  module Vault
4
4
  # Base class for HTTP API services.
5
5
  class Web < Sinatra::Base
6
- # Store the action for logging purposes.
7
- def self.route(verb, action, *)
8
- condition { @action = action }
9
- super
6
+ # List of paths that are not protected thus overriding protected!
7
+ set :unprotected_paths, []
8
+
9
+ class << self
10
+ # Store the action for logging purposes.
11
+ def route(verb, action, *)
12
+ condition { @action = action }
13
+ super
14
+ end
15
+
16
+ # Create :method:_unprotected methods for instances where default
17
+ # protect! is used
18
+ %w{get put post delete head options path link unlink}.each do |meth|
19
+ define_method "#{meth}_unprotected".to_sym do |path, opts = {}, &block|
20
+ pattern = compile!(meth.upcase, path, block, opts).first
21
+ set :unprotected_paths, settings.unprotected_paths + [pattern]
22
+ route meth.upcase, path, opts, &block
23
+ end
24
+ end
10
25
  end
11
26
 
12
27
  # HTTP Basic Auth Support
@@ -14,12 +29,17 @@ module Vault
14
29
  # Protects an http method. Returns 401 Not Authorized response
15
30
  # when authorized? returns false
16
31
  def protected!(*passwords)
17
- unless authorized?(passwords)
32
+ unless unprotected? || authorized?(passwords)
18
33
  response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
19
34
  throw(:halt, [401, "Not authorized\n"])
20
35
  end
21
36
  end
22
37
 
38
+ # Check the list of unprotected_paths and see if any of them match
39
+ def unprotected?
40
+ settings.unprotected_paths.any? { |path| path.match(request.path) }
41
+ end
42
+
23
43
  # Check request for HTTP Basic creds and
24
44
  # password matches settings.basic_password
25
45
  def authorized?(passwords)
data/test/web_test.rb CHANGED
@@ -84,6 +84,34 @@ class WebTest < Vault::TestCase
84
84
  assert_equal 'You may pass', last_response.body
85
85
  end
86
86
 
87
+ def test_http_basic_auth_with_default_protected
88
+ app.set :basic_password, 'password'
89
+ app.before { protected! }
90
+ app.get '/protected' do
91
+ 'You may pass'
92
+ end
93
+ app.get_unprotected '/unprotected/:name' do |name|
94
+ "You may pass #{name}"
95
+ end
96
+
97
+ get '/protected'
98
+ assert_equal 401, last_response.status
99
+
100
+ get '/unprotected/Bob'
101
+ assert_equal 200, last_response.status
102
+ assert_equal 'You may pass Bob', last_response.body
103
+
104
+ authorize('','password')
105
+ get '/protected'
106
+ assert_equal 200, last_response.status
107
+ assert_equal 'You may pass', last_response.body
108
+
109
+ authorize('','password')
110
+ get '/unprotected/Jill'
111
+ assert_equal 200, last_response.status
112
+ assert_equal 'You may pass Jill', last_response.body
113
+ end
114
+
87
115
  # An `http_200` and an `http_2xx` log metric is written for successful
88
116
  # requests.
89
117
  def test_head_status_check
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vault-tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.12
4
+ version: 0.5.13
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-11-11 00:00:00.000000000 Z
13
+ date: 2014-11-12 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: scrolls