wine_bouncer 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 33c8d82f673d5c4f4354784ebcab2081d5562b25
-  data.tar.gz: 271ef498942ca797c4102849fdb9f9b2ed6885f4
+  metadata.gz: 7c429b9513442e2e74645fa55616dadaebcd810b
+  data.tar.gz: 50f3d5987a0ba20848dd943cfdeb9727b450ce4c
 SHA512:
-  metadata.gz: 24fff99dcf71fcc75aea4765bb7f7f2b8c3b63d14cde019cca8161792dbfd0bbcafe1a4a7f92dda4e9d0475cbee74f82a27f4b983d8524aeb95b384f39f7f41d
-  data.tar.gz: 2470e61c6cb6f4321808105b006a6138c88f3860637327588de6c6cff0082d547ff0d6d41acece1af02904766fb80951a7b5cb112747752de910fad8322122d5
+  metadata.gz: 0827d2f70a783e44db8fbd94c7a91ccca07b2c84b616dc669e072f438688b0501ec63bc25e5f3ba26911b7b2e1ddeaacbdb648cd6da5230552cefbc42321738a
+  data.tar.gz: 9f9cf89baafbb298e2f317f7801ea916c2e11722ece9b9975f2ddc447199d659934ce553b3bf30074a2c53d602a53d883bd6ea5e18f23c5639cd0d26029c5bfc

data/.travis.yml

@@ -10,4 +10,7 @@ env:
   - rails=3.1.12
   - rails=3.2.18
   - rails=4.0.5
-  - rails=4.1.1
+  - rails=4.1.1
+addons:
+  code_climate:
+    repo_token: f010f83a5eb6671c85aaa0aec44c1fd43404537a4f4898d1b9ab248ac8a1487d

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+Changelog
+=========

data/CONTRIBUTING.md

@@ -0,0 +1,58 @@
+Changelog
+=========
+
+
+
+## Fork the project
+
+Fork the project on the [project page]( https://github.com/Antek-drzewiecki/wine_bouncer/fork )
+
+Checkout the project from your own repository.
+
+```
+git clone https://github.com/[your github username]/wine_bouncer.git
+cd wine_bouncer
+git remote add upstream https://github.com/Antek-drzewiecki/wine_bouncer.git
+```
+
+## Create your feature branch
+
+Make sure your fork is [up to date](https://help.github.com/articles/syncing-a-fork) and make a feature from the master branch.
+
+`git checkout -b my-new-feature`
+
+## Prepare your development environment
+
+See [README](README.md#development)
+
+Run your specs to make sure nothing is broken ;)
+
+## Write Tests and/or Code
+
+We appreciate pull requests. Even specs only to identify an problem! 
+
+Because we want to ensure the quality of our gem. We cannot accept functional changes without tests.
+
+## Write documentation
+
+Documentation is appreciated. Its nice to know people know how to use features.
+Also feel free to update the changelog with the changes.
+
+## Commit your changes
+
+Commit your changes. 
+`git add ...`
+`git commit -m 'Add some feature'`
+
+## Push your changes
+
+Push to the branch. 
+
+`git push origin my-new-feature`
+
+## Create a pull request
+
+Check your feature branch, once its passes Travis-CI, create a pull request
+
+
+Thanks you for participating!

data/Gemfile

@@ -5,6 +5,7 @@ gem 'rails', ENV['rails']
 
 gem 'activerecord'
 
+gem "codeclimate-test-reporter", group: :test, require: nil
 
 # Specify your gem's dependencies in wine_bouncer.gemspec
 gemspec

data/README.md

@@ -1,9 +1,31 @@
 # WineBouncer
 
 [![Build Status](https://travis-ci.org/Antek-drzewiecki/wine_bouncer.svg?branch=master)](https://travis-ci.org/Antek-drzewiecki/wine_bouncer)
+[![Code Climate](https://codeclimate.com/github/Antek-drzewiecki/wine_bouncer/badges/gpa.svg)](https://codeclimate.com/github/Antek-drzewiecki/wine_bouncer)
+[![Gem Version](https://badge.fury.io/rb/wine_bouncer.svg)](http://badge.fury.io/rb/wine_bouncer)
 
+Protect your precious Grape API with Doorkeeper. 
+WineBouncer uses minimal modification, to make the magic happen.
 
-TODO: Write a gem description
+Table of Contents
+=================
+  * [Requirements](#requirements)
+  * [Installation](#installation)
+  * [Upgrading](#upgrading)
+  * [Usage](#usage)
+    * [Authentication strategies](#authentication-strategies)
+      * [Default](#default)
+      * [Swagger](#swagger)
+    * [Token information](#token-information)
+  * [Exceptions and Exception handling](#exceptions-and-exception-handling)
+  * [Development](#development)
+  * [Contributing](#contributing)
+
+
+## Requirements
+- Ruby >1.9.3
+- Doorkeeper > 1.4.0
+- Grape > 0.8.0
 
 ## Installation
 
@@ -15,20 +37,179 @@ gem 'wine_bouncer'
 
 And then execute:
 
-    $ bundle
-
-Or install it yourself as:
+```ruby
+bundle
+```
 
-    $ gem install wine_bouncer
+## Upgrading
+When upgrading from a previous version, see [UPGRADING](UPGRADING.md). You might also be interested at the [CHANGELOG](CHANGELOG.md).
 
 ## Usage
+WineBouncer is a custom Grape Middleware used for Authentication and Authorization. We assume you have a Grape API mounted in your Rails application together with Doorkeeper.  
+
+To get started with WineBouncer, create a rails initializer in your Rails app at `config/initializer/wine_bouncer.rb` with the following configuration.
+
+``` ruby
+WineBouncer.configure do |config|
+    config.auth_strategy = :default
+end
+```
+
+Then register WineBouncer as Grape middleware in your Grape API.
+
+``` ruby
+class Api < Grape::API
+   default_format :json
+   format :json
+   use ::WineBouncer::OAuth2
+   mount YourAwesomeApi
+end
+```
+
+WineBouncer relies on Grape's endpoint method description to define if an endpoint method should be protected. 
+It comes with authorization strategies that allow a custom format for your authorization definition. Pick an authentication strategy to get started.
+Currently the following strategies are included:
+
+### Authentication strategies
+
+#### Default
+The default strategy uses the `auth:` key in the description options hash to define API method authentication. It accepts an hash with options. Currently the only option is for scopes which is an array of scopes for authorization.
+WineBouncer uses the default Doorkeeper behaviour for scopes.
+
+Example:
+
+``` ruby
+ class MyAwesomeAPI < Grape::API
+    desc 'protected method with required public scope', 
+    auth: { scopes: ['public'] }
+    get '/protected' do
+       { hello: 'world' }
+    end
+    
+    desc 'Unprotected method'
+    get '/unprotected' do
+      { hello: 'unprotected world' }
+    end
+    
+    desc 'This method needs the public or private scope.',
+    auth: { scopes: [ 'public', 'private' ] }
+    get '/method' do
+      { hello: 'public or private user.' }
+    end
+    
+    desc 'This method uses Doorkeepers default scopes.', 
+    auth: { scopes: [] } 
+    get '/protected_with_default_scope' do
+       { hello: 'protected unscoped world' }
+    end
+ end
+ 
+ class Api < Grape::API
+    default_format :json
+    format :json
+    use ::WineBouncer::OAuth2
+    mount MyAwesomeAPI
+    add_swagger_documentation
+ end
+```
+
+
+#### Swagger
+
+WineBouncer comes with a strategy that can be perfectly used with [grape-swagger](https://github.com/tim-vandecasteele/grape-swagger) with a syntax compliant with the [swagger spec](https://github.com/wordnik/swagger-spec/).
+This might be one of the simplest methods to protect your API and serve it with documentation. You can use [swagger-ui](https://github.com/wordnik/swagger-ui) to view your documentation.
+ 
+To get started ensure you also have included the `grape-swagger` gem in your gemfile.
+
+Run `bundle` to install the missing gems.
+
+Create a rails initializer in your Rails app at `config/initializer/wine_bouncer.rb` with the following configuration.
+
+``` ruby
+    WineBouncer.configure do |config|
+        config.auth_strategy = :swagger
+    end
+```
+
+Then you can start documenting and protecting your API like the example below.
+
+``` ruby
+
+ class MyAwesomeAPI < Grape::API
+    desc 'protected method with required public scope', 
+    authorizations: { oauth2: [{ scope: 'public' }] }
+    get '/protected' do
+       { hello: 'world' }
+    end
+    
+    desc 'Unprotected method'
+    get '/unprotected' do
+      { hello: 'unprotected world' }
+    end
+    
+    desc 'This method uses Doorkeepers default scopes.', 
+    authorizations: { oauth2: [] }
+    get '/protected_with_default_scope' do
+       { hello: 'protected unscoped world' }
+    end
+    
+    desc 'It even works with other options!', 
+    authorizations: { oauth2: [] },
+    :entity => Api::Entities::Response,
+    http_codes: [  
+        [200, 'OK', Api::Entities::Response],
+        [401, 'Unauthorized', Api::Entities::Error],
+        [403, 'Forbidden', Api::Entities::Error]
+    ],     
+    :notes => <<-NOTE
+    
+    Marked down notes!
+    
+    NOTE
+    get '/extended_api' do
+       { hello: 'Awesome world' }
+    end
+ end
+ 
+ class Api < Grape::API
+    default_format :json
+    format :json
+    use ::WineBouncer::OAuth2
+    mount MyAwesomeAPI
+    add_swagger_documentation
+ end
+```
+
+The Swagger strategy uses the `authorizations: { oauth2: [] }` in the method description syntax to define API method authentication and authorization.
+It defaults assumes when no description is given that no authorization should be used like the `/unprotected` method.
+When the authentication syntax is mentioned in the method description, the method will be protected.
+You can use the default scopes of Doorkeeper by just adding `authorizations: { oauth2: [] }` or state your own scopes with `authorizations: { oauth2: [ { scope: 'scope1' }, { scope: 'scope2' }, ... ] }`.
+
+### Token information
+
+WineBouncer comes with free extras! Methods for `resource_owner` and `doorkeeper_access_token` get included in your endpoints. You can use them to get the current resource owner, and the access_token object of doorkeeper. 
+
+## Exceptions and Exception handling
+
+This gem raises the following exceptions which can be handled in your Grape API, see [Grape documentation](https://github.com/intridea/grape#exception-handling).
+
+* `WineBouncer::Errors::OAuthUnauthorizedError`
+   when the request is unauthorized.
+* `WineBouncer::Errors::OAuthForbiddenError` 
+   when the token is found but scopes do not match.
+
+## Development
+
+Since we want the gem tested against several rails versions we use the same way to prepare our development environment as Doorkeeper. 
+
+To install the development environment for rails 3.2.18, you can also specify a different rails version to test against.
+
+`rails=3.2.18 bundle install`
+
+To run the specs.
 
-TODO: Write usage instructions here
+`rails=3.2.18 bundle exec rake`
 
 ## Contributing
 
-1. Fork it ( https://github.com/[my-github-username]/wine_bouncer/fork )
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create a new Pull Request
+For contributing to the gem see [CONTRIBUTING](CONTRIBUTING.md).

data/UPGRADING.md

@@ -0,0 +1,4 @@
+Upgrading WineBouncer
+=====================
+
+From version 0.1.0 upgrade instructions are given.

data/lib/wine_bouncer/auth_methods/auth_methods.rb

@@ -2,10 +2,22 @@ module WineBouncer
   module AuthMethods
     attr_accessor :doorkeeper_access_token
 
-    def current_user
+    def protected_endpoint=(protected)
+      @protected_endpoint= protected
+    end
+
+    def protected_endpoint?
+      @protected_endpoint || false
+    end
+
+    def resource_owner
       User.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token
     end
 
+    def client_credential_token?
+      has_doorkeeper_token? && doorkeeper_access_token.resource_owner_id.nil?
+    end
+
     def doorkeeper_access_token
       @_doorkeeper_access_token
     end

data/lib/wine_bouncer/auth_strategies/default.rb

@@ -0,0 +1,28 @@
+module WineBouncer
+  module AuthStrategies
+    class Default
+
+      def endpoint_protected?(context)
+        has_authorizations?(context)
+      end
+
+      def has_auth_scopes?(context)
+        has_authorizations?(context) && endpoint_authorizations(context).has_key?(:scopes) && !endpoint_authorizations(context)[:scopes].empty?
+      end
+
+      def auth_scopes(context)
+        endpoint_authorizations(context)[:scopes].map(&:to_sym)
+      end
+
+      private
+
+      def has_authorizations?(context)
+        !!endpoint_authorizations(context)
+      end
+
+      def endpoint_authorizations(context)
+         context[:auth]
+      end
+    end
+  end
+end

data/lib/wine_bouncer/auth_strategies/swagger.rb

@@ -0,0 +1,33 @@
+module WineBouncer
+  module AuthStrategies
+    class Swagger
+
+      def endpoint_protected?(context)
+        has_authorizations?(context) && !!authorization_type_oauth2(context)
+      end
+
+      def has_auth_scopes?(context)
+        endpoint_protected?(context) && !authorization_type_oauth2(context).empty?
+      end
+
+      def auth_scopes(context)
+        authorization_type_oauth2(context).map{ |hash| hash[:scope].to_sym }
+      end
+
+      private
+
+      def has_authorizations?(context)
+        !!endpoint_authorizations(context)
+      end
+
+      def endpoint_authorizations(context)
+        context[:authorizations]
+      end
+
+      def authorization_type_oauth2(context)
+        endpoint_authorizations(context)[:oauth2]
+      end
+
+    end
+  end
+end

data/lib/wine_bouncer/configuration.rb

@@ -0,0 +1,51 @@
+module WineBouncer
+
+  class << self
+    attr_accessor :configuration
+  end
+
+  class Configuration
+
+    attr_accessor :auth_strategy
+
+    def auth_strategy=(strategy)
+      @auth_strategy= strategy
+    end
+
+    def auth_strategy
+      @auth_strategy || :default
+    end
+
+    def require_strategies
+      require "wine_bouncer/auth_strategies/#{auth_strategy}"
+    end
+  end
+
+   def self.configuration
+    @configuration || fail(Errors::UnconfiguredError.new)
+  end
+
+  def self.configuration=(config)
+    @configuration= config
+    @configuration.require_strategies
+  end
+
+  ###
+  # Configure block.
+  # Requires all strategy specific files.
+  ###
+  def self.configure
+    yield(config)
+    config.require_strategies
+    config
+  end
+
+  private
+
+  ###
+  # Returns a new configuration or existing one.
+  ###
+  def self.config
+    @configuration ||= Configuration.new
+  end
+end

data/lib/wine_bouncer/errors.rb

@@ -1,5 +1,6 @@
 module WineBouncer
   module Errors
+    class UnconfiguredError < StandardError; end
     class OAuthUnauthorizedError < StandardError; end
     class OAuthForbiddenError < StandardError; end
   end

data/lib/wine_bouncer/oauth2.rb

@@ -8,9 +8,9 @@ module WineBouncer
       env['api.endpoint']
     end
 
-    ###
+    ############
     # DoorKeeper stuff.
-    ###
+    ############
 
     ###
     # Sets and converts a rack request to a ActionDispatch request, which is required for DoorKeeper to function.
@@ -19,7 +19,6 @@ module WineBouncer
       @_doorkeeper_request = ActionDispatch::Request.new(env)
     end
 
-
     ###
     # Returns the request context.
     ###
@@ -41,31 +40,26 @@ module WineBouncer
       doorkeeper_token && doorkeeper_token.acceptable?(scopes)
     end
 
-    ###
+    ############
     # Authorization control.
-    ###
+    ############
 
     ###
     # Returns true if the Api endpoint, method is configured as an protected method, false otherwise.
     ###
-    def has_authorizations?
-      context && context.options && context.options[:route_options] && endpoint_authorizations
+    def valid_route_context?
+      context && context.options && context.options[:route_options]
     end
 
-    ###
-    # Returns the endpoint authorizations hash.
-    # This hash contains all authorization methods.
-    ###
-    def endpoint_authorizations
-      @_authorizations ||= context.options[:route_options][:authorizations]
+    def route_context
+      context.options[:route_options]
     end
 
     ###
     # returns true if the endpoint is protected, otherwise false
-    # Currently it only accepts oauth2.
     ###
     def endpoint_protected?
-      has_authorizations? && !!endpoint_authorizations[:oauth2]
+      auth_strategy.endpoint_protected?(route_context)
     end
 
     ###
@@ -73,8 +67,8 @@ module WineBouncer
     # [ nil ] if none, otherwise an array of [ :scopes ]
     ###
     def auth_scopes
-      return *nil if endpoint_authorizations[:oauth2].empty?
-      endpoint_authorizations[:oauth2].map{|hash| hash[:scope].to_sym}
+      return *nil unless auth_strategy.has_auth_scopes?(route_context)
+      auth_strategy.auth_scopes(route_context)
     end
 
     ###
@@ -96,20 +90,36 @@ module WineBouncer
       end
     end
 
-    ###
+    ############
     # Grape middleware methods
-    ###
+    ############
 
     ###
     # Before do.
     ###
     def before
-      return unless endpoint_protected?
+      set_auth_strategy(WineBouncer.configuration.auth_strategy)
+      #extend the context with auth methods.
+      context.extend(WineBouncer::AuthMethods)
+      context.protected_endpoint = endpoint_protected?
+      return unless context.protected_endpoint?
       self.doorkeeper_request= env # set request for later use.
       doorkeeper_authorize! *auth_scopes
-      env['api.endpoint'].extend(WineBouncer::AuthMethods)
-      env['api.endpoint'].doorkeeper_access_token = doorkeeper_token
+      context.doorkeeper_access_token = doorkeeper_token
+    end
+
+    ###
+    # Strategy
+    ###
+    def auth_strategy
+      @auth_strategy
+    end
+
+    private
+
+    def set_auth_strategy(strategy)
+      @auth_strategy = WineBouncer::AuthStrategies.const_get("#{strategy.to_s.capitalize}").new
     end
 
   end
-end
+end

data/lib/wine_bouncer/version.rb

@@ -1,3 +1,3 @@
 module WineBouncer
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

data/lib/wine_bouncer.rb

@@ -2,6 +2,7 @@ require 'grape'
 require 'doorkeeper'
 require 'wine_bouncer/version'
 require 'wine_bouncer/errors'
+require 'wine_bouncer/configuration'
 require 'wine_bouncer/oauth2'
 require 'wine_bouncer/auth_methods/auth_methods'
 

data/spec/dummy/app/api/{api.rb → default_api.rb}

@@ -3,33 +3,38 @@ module Api
   ###
   # Api under test, default doorkeeper scope is 'account'
   ##
-  class MountedApiUnderTest < Grape::API
-    desc 'Document root', authorizations: { oauth2: [{ scope: 'public', description: 'anything' }] }
+  class MountedDefaultApiUnderTest < Grape::API
+    desc 'Protected method with public', auth: { scopes: ['public'] }
     get '/protected' do
       { hello: 'world' }
     end
-    desc 'Document root', authorizations: { oauth2: [{ scope: 'private', description: 'anything' }] }
+
+    desc 'Protected method with private', auth: { scopes: ['private'] }
     get '/protected_with_private_scope' do
       { hello: 'scoped world' }
     end
+
+    desc 'Unprotected method'
     get '/unprotected' do
       { hello: 'unprotected world' }
     end
-    desc 'Document root', authorizations: { oauth2: [{ scope: 'public', description: 'anything' }] }
+
+    desc 'Protected method with public that returns the user name', auth: { scopes: ['public'] }
     get '/protected_user' do
-      { hello: current_user.name }
+      { hello: resource_owner.name }
     end
-    desc 'Document root', authorizations: { oauth2: [] }
+
+    desc 'This method uses Doorkeepers default scopes', auth: { }
     get '/protected_without_scope' do
       { hello: 'protected unscoped world' }
     end
   end
 
-  class ApiUnderTest < Grape::API
+  class DefaultApiUnderTest < Grape::API
     default_format :json
     format :json
     use ::WineBouncer::OAuth2
-    mount MountedApiUnderTest
+    mount MountedDefaultApiUnderTest
   end
 
 end

data/spec/dummy/app/api/swagger_api.rb

@@ -0,0 +1,39 @@
+module Api
+
+  ###
+  # Api under test, default doorkeeper scope is 'account'
+  ##
+  class MountedSwaggerApiUnderTest < Grape::API
+    desc 'Protected method with public', authorizations: { oauth2: [{ scope: 'public', description: 'anything' }] }
+    get '/protected' do
+      { hello: 'world' }
+    end
+
+    desc 'Protected method with private', authorizations: { oauth2: [{ scope: 'private', description: 'anything' }] }
+    get '/protected_with_private_scope' do
+      { hello: 'scoped world' }
+    end
+
+    desc 'Unprotected method'
+    get '/unprotected' do
+      { hello: 'unprotected world' }
+    end
+
+    desc 'Protected method with public that returns the user name', authorizations: { oauth2: [{ scope: 'public', description: 'anything' }] }
+    get '/protected_user' do
+      { hello: resource_owner.name }
+    end
+
+    desc 'This method uses Doorkeepers default scopes', authorizations: { oauth2: [] }
+    get '/protected_without_scope' do
+      { hello: 'protected unscoped world' }
+    end
+  end
+
+  class SwaggerApiUnderTest < Grape::API
+    default_format :json
+    format :json
+    use ::WineBouncer::OAuth2
+    mount MountedSwaggerApiUnderTest
+  end
+end

data/spec/dummy/config/application.rb

@@ -7,11 +7,11 @@ require "action_mailer/railtie"
 require "action_view/railtie"
 require "sprockets/railtie"
 
+require "wine_bouncer"
 # require "rails/test_unit/railtie"
 
 Bundler.require(*Rails.groups)
-require 'doorkeeper'
-require "wine_bouncer"
+
 
 module Dummy
   class Application < Rails::Application

data/spec/dummy/config/environments/test.rb

@@ -1,4 +1,4 @@
-Rails.application.configure do
+Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # The test environment is used exclusively to run your application's

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1 @@
+Dummy::Application.config.secret_token = 'c65fd1ffec8275651d1fd06ec3a4914ba644bbeb87729594a3b35fb4b7ad4cccd298d77baf63f7a6513d437e5b95eef9637f9c37a9691c3ed41143d8b5f9a5ef'

data/spec/dummy/config/routes.rb

@@ -1,4 +1,5 @@
 Rails.application.routes.draw do
   use_doorkeeper
-  mount Api::ApiUnderTest => '/api'
+  mount Api::DefaultApiUnderTest => '/default_api'
+  mount Api::SwaggerApiUnderTest => '/swagger_api'
 end

data/spec/intergration/{oauth2_spec.rb → oauth2_default_strategy_spec.rb}

@@ -1,16 +1,21 @@
 require 'rails_helper'
 require 'json'
 
-describe Api::MountedApiUnderTest, type: :api do
+describe Api::MountedDefaultApiUnderTest, type: :api do
 
   let(:user) { FactoryGirl.create :user }
   let(:token) { FactoryGirl.create :clientless_access_token, resource_owner_id: user.id, scopes: "public" }
   let(:unscoped_token) { FactoryGirl.create :clientless_access_token, resource_owner_id: user.id, scopes: "" }
 
+  before (:example) do
+    WineBouncer.configure do |c|
+      c.auth_strategy = :default
+    end
+  end
+
   context 'tokens and scopes' do
     it 'gives access when the token and scope are correct' do
-
-      get '/api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+      get '/default_api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
 
       expect(last_response.status).to eq(200)
       json = JSON.parse(last_response.body)
@@ -18,21 +23,21 @@ describe Api::MountedApiUnderTest, type: :api do
     end
 
     it 'raises an authentication error when the token is invalid' do
-      expect { get '/api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}-invalid" }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+      expect { get '/default_api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}-invalid" }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
     end
 
     it 'raises an oauth authentication error when no token is given' do
-      expect { get '/api/protected' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+      expect { get '/default_api/protected' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
     end
 
     it 'raises an auth forbidden authentication error when the user scope is not correct' do
-      expect { get '/api/protected_with_private_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
+      expect { get '/default_api/protected_with_private_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
     end
   end
 
   context 'unprotected endpoint' do
     it 'allows to call an unprotected endpoint without token' do
-      get '/api/unprotected'
+      get '/default_api/unprotected'
 
       expect(last_response.status).to eq(200)
       json = JSON.parse(last_response.body)
@@ -42,7 +47,7 @@ describe Api::MountedApiUnderTest, type: :api do
     end
 
     it 'allows to call an unprotected endpoint with token' do
-      get '/api/unprotected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+      get '/default_api/unprotected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
 
       expect(last_response.status).to eq(200)
       json = JSON.parse(last_response.body)
@@ -54,7 +59,7 @@ describe Api::MountedApiUnderTest, type: :api do
   context 'protected_without_scopes' do
 
     it 'allows to call an protected endpoint without scopes' do
-      get '/api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+      get '/default_api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
 
       expect(last_response.status).to eq(200)
       json = JSON.parse(last_response.body)
@@ -63,17 +68,17 @@ describe Api::MountedApiUnderTest, type: :api do
     end
 
     it 'raises an error when an protected endpoint without scopes is called without token ' do
-      expect { get '/api/protected_without_scope' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+      expect { get '/default_api/protected_without_scope' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
     end
 
     it 'raises an error because the user does not have the default scope' do
-      expect { get '/api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{unscoped_token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
+      expect { get '/default_api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{unscoped_token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
     end
   end
 
-  context 'current_user' do
+  context 'resource_owner' do
     it 'is available in the endpoint' do
-      get '/api/protected_user', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+      get '/default_api/protected_user', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
 
       expect(last_response.status).to eq(200)
       json = JSON.parse(last_response.body)

data/spec/intergration/oauth2_swagger_strategy_spec.rb

@@ -0,0 +1,93 @@
+require 'rails_helper'
+require 'json'
+
+describe Api::MountedSwaggerApiUnderTest, type: :api do
+
+  let(:user) { FactoryGirl.create :user }
+  let(:token) { FactoryGirl.create :clientless_access_token, resource_owner_id: user.id, scopes: "public" }
+  let(:unscoped_token) { FactoryGirl.create :clientless_access_token, resource_owner_id: user.id, scopes: "" }
+
+
+  before (:example) do
+    WineBouncer.configure do |c|
+      c.auth_strategy = :swagger
+    end
+  end
+
+  context 'tokens and scopes' do
+    it 'gives access when the token and scope are correct' do
+
+      get '/swagger_api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+      expect(json).to have_key('hello')
+    end
+
+    it 'raises an authentication error when the token is invalid' do
+      expect { get '/swagger_api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}-invalid" }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'raises an oauth authentication error when no token is given' do
+      expect { get '/swagger_api/protected' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'raises an auth forbidden authentication error when the user scope is not correct' do
+      expect { get '/swagger_api/protected_with_private_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
+    end
+  end
+
+  context 'unprotected endpoint' do
+    it 'allows to call an unprotected endpoint without token' do
+      get '/swagger_api/unprotected'
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq('unprotected world')
+    end
+
+    it 'allows to call an unprotected endpoint with token' do
+      get '/swagger_api/unprotected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq('unprotected world')
+    end
+  end
+
+  context 'protected_without_scopes' do
+
+    it 'allows to call an protected endpoint without scopes' do
+      get '/swagger_api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq('protected unscoped world')
+    end
+
+    it 'raises an error when an protected endpoint without scopes is called without token ' do
+      expect { get '/swagger_api/protected_without_scope' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'raises an error because the user does not have the default scope' do
+      expect { get '/swagger_api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{unscoped_token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
+    end
+  end
+
+  context 'resource_owner' do
+    it 'is available in the endpoint' do
+      get '/swagger_api/protected_user', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq(user.name)
+    end
+  end
+
+end

data/spec/lib/wine_bouncer/auth_methods/auth_methods_spec.rb

@@ -48,4 +48,40 @@ describe ::WineBouncer::AuthMethods do
       expect(tested_class.has_doorkeeper_token?).to be false
     end
   end
+
+  context 'client_credential_token?' do
+    it 'return true if the doorkeeper token is aquired through client_credential authentication' do
+      token.resource_owner_id = nil
+      tested_class.doorkeeper_access_token = token
+      expect(tested_class.client_credential_token?).to be true
+    end
+
+    it 'return false if no token is set' do
+      token.resource_owner_id = nil
+      tested_class.doorkeeper_access_token
+      expect(tested_class.client_credential_token?).to be false
+    end
+
+    it 'return false if the token has a resource_owner' do
+      token.resource_owner_id = 2
+      tested_class.doorkeeper_access_token= token
+      expect(tested_class.client_credential_token?).to be false
+    end
+  end
+
+  context 'protected_endpoint?' do
+    it 'when set true it returns true' do
+      tested_class.protected_endpoint= true
+      expect(tested_class.protected_endpoint?).to be true
+    end
+
+    it 'when set false it returns false' do
+      tested_class.protected_endpoint= false
+      expect(tested_class.protected_endpoint?).to be false
+    end
+
+    it 'defaults returns false if not set' do
+      expect(tested_class.protected_endpoint?).to be false
+    end
+  end
 end

data/spec/lib/wine_bouncer/auth_strategies/default_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+require 'wine_bouncer/auth_strategies/default'
+
+describe ::WineBouncer::AuthStrategies::Default do
+  subject(:klass) { ::WineBouncer::AuthStrategies::Default.new }
+
+  let(:scopes) { [ 'public', 'private' ] }
+  let(:scopes_hash) { { scopes: scopes } }
+  let(:auth_context) { { auth: scopes_hash } }
+
+
+  context 'endpoint_authorizations' do
+    it 'returns the auth key of the authentication hash.' do
+      expect(klass.send(:endpoint_authorizations, auth_context)).to eq(scopes_hash)
+    end
+
+    it 'returns nil when the authentication key has no hash key.' do
+      invalid_hash = { some: scopes_hash }
+      expect(klass.send(:endpoint_authorizations, invalid_hash ) ).to eq(nil)
+    end
+  end
+
+  context 'has_authorizations?' do
+    it 'returns true when the context has the auth key.' do
+      expect(klass.send(:has_authorizations?, auth_context)).to eq(true)
+    end
+
+    it 'returns false when the context has no auth key.' do
+      invalid_hash = { some: scopes_hash }
+      expect(klass.send(:has_authorizations?, invalid_hash ) ).to eq(false)
+    end
+  end
+
+  context 'endpoint_protected?' do
+    it 'returns true when the context has the auth key.' do
+      expect(klass.endpoint_protected?(auth_context)).to eq(true)
+    end
+
+    it 'returns false when the context has no auth key.' do
+      invalid_hash = { some: scopes }
+      expect(klass.endpoint_protected?( invalid_hash ) ).to eq(false)
+    end
+  end
+
+  context 'has_auth_scopes?' do
+    it 'returns true when the context has the auth key.' do
+      expect(klass.has_auth_scopes?(auth_context)).to eq(true)
+    end
+
+    it 'returns false when the context has no auth key.' do
+      invalid_hash = { some: scopes_hash }
+      expect(klass.has_auth_scopes?(invalid_hash) ).to eq(false)
+    end
+
+    it 'returns false when the auth scopes contain a blank scope array' do
+      blank_scopes = { auth: { scopes: [] } }
+      expect(klass.has_auth_scopes?(blank_scopes) ).to eq(false)
+    end
+  end
+
+  context 'auth_scopes' do
+    it 'returns an array of scopes' do
+      expect(klass.auth_scopes(auth_context)).to eq([:public, :private])
+    end
+  end
+end

data/spec/rails_helper.rb

@@ -7,6 +7,10 @@ require 'rspec/rails'
 require 'wine_bouncer'
 require 'factory_girl'
 require 'database_cleaner'
+require "codeclimate-test-reporter"
+
+CodeClimate::TestReporter.start
+
 # Add additional requires below this line. Rails is not loaded until this point!
 
 # Requires supporting ruby files with custom matchers and macros, etc, in
@@ -54,7 +58,7 @@ RSpec.configure do |config|
   config.include FactoryGirl::Syntax::Methods
   config.include ApiHelper, :type=>:api
 
-  config.use_transactional_fixtures = true
+  config.use_transactional_fixtures = false
 
 
   config.infer_spec_type_from_file_location!

data/wine_bouncer.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency 'grape', '~> 0.9.0'
+  spec.add_runtime_dependency 'grape', '~> 0.8.0'
   spec.add_runtime_dependency 'doorkeeper', '~> 1.4.0'
 
   spec.add_development_dependency "railties"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wine_bouncer
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Antek Drzewiecki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-16 00:00:00.000000000 Z
+date: 2014-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grape
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: doorkeeper
   requirement: !ruby/object:Gem::Requirement
@@ -146,18 +146,25 @@ files:
 - .gitignore
 - .rspec
 - .travis.yml
+- CHANGELOG.md
+- CONTRIBUTING.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- UPGRADING.md
 - lib/wine_bouncer.rb
 - lib/wine_bouncer/auth_methods/auth_methods.rb
+- lib/wine_bouncer/auth_strategies/default.rb
+- lib/wine_bouncer/auth_strategies/swagger.rb
+- lib/wine_bouncer/configuration.rb
 - lib/wine_bouncer/errors.rb
 - lib/wine_bouncer/oauth2.rb
 - lib/wine_bouncer/version.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
-- spec/dummy/app/api/api.rb
+- spec/dummy/app/api/default_api.rb
+- spec/dummy/app/api/swagger_api.rb
 - spec/dummy/app/assets/images/.keep
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
@@ -187,6 +194,7 @@ files:
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/doorkeeper.en.yml
@@ -205,8 +213,10 @@ files:
 - spec/factories/access_token.rb
 - spec/factories/application.rb
 - spec/factories/user.rb
-- spec/intergration/oauth2_spec.rb
+- spec/intergration/oauth2_default_strategy_spec.rb
+- spec/intergration/oauth2_swagger_strategy_spec.rb
 - spec/lib/wine_bouncer/auth_methods/auth_methods_spec.rb
+- spec/lib/wine_bouncer/auth_strategies/default_spec.rb
 - spec/rails_helper.rb
 - spec/shared/orm/active_record.rb
 - spec/spec_helper.rb
@@ -238,7 +248,8 @@ summary: A Ruby gem that allows Oauth2 protection with Doorkeeper for Grape Api'
 test_files:
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
-- spec/dummy/app/api/api.rb
+- spec/dummy/app/api/default_api.rb
+- spec/dummy/app/api/swagger_api.rb
 - spec/dummy/app/assets/images/.keep
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
@@ -268,6 +279,7 @@ test_files:
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/doorkeeper.en.yml
@@ -286,8 +298,10 @@ test_files:
 - spec/factories/access_token.rb
 - spec/factories/application.rb
 - spec/factories/user.rb
-- spec/intergration/oauth2_spec.rb
+- spec/intergration/oauth2_default_strategy_spec.rb
+- spec/intergration/oauth2_swagger_strategy_spec.rb
 - spec/lib/wine_bouncer/auth_methods/auth_methods_spec.rb
+- spec/lib/wine_bouncer/auth_strategies/default_spec.rb
 - spec/rails_helper.rb
 - spec/shared/orm/active_record.rb
 - spec/spec_helper.rb