wine_bouncer 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d9ca00d6af297ea83a1b780674f0138125560ba6
-  data.tar.gz: 87685246db6c845a980a28b7e2de53e2aed44bf8
+  metadata.gz: c16d471f3bf4c00fc8aabb999f0225071ba3e199
+  data.tar.gz: 2e6c872a709af181da9c42d19394da0e01a0db29
 SHA512:
-  metadata.gz: 3c10d58093da1170c43819866b4484b157773325309811277853629d60af8da127b75b8837cdd72840f760f5ba3d9cdd468fd502790ebd6b3328b6e4324ac3f2
-  data.tar.gz: 99caeb2b029573f56f7705e3bf5078941f4b2fec45b5deebf570aad449cc00c3d6dd7386d7d565354c8b7d1bb1b3e5cdd49e67dbd57b795c3a241738389e559a
+  metadata.gz: aeee07c8f60e126290e75e311abc94ed2086640dd39a0f2e128775e83b6168d31d5e064e0f826f992409071cb5bb2f60624509d1ba14fb7f04b68e8947d041f8
+  data.tar.gz: 47c5faa48f155eac4747f3f26caee1ef877157913f897e98821032311f14231b0d7634ceaa23a47da2402eaec02d9c8cae3b6ee82ae5f2437e9c2fd7ec656899

data/.travis.yml

@@ -6,6 +6,7 @@ rvm:
   - 1.9.3
   - 2.0
   - 2.1
+  - 2.2
 env:
   - rails=3.2.18 grape=0.8.0
   - rails=4.1.1 grape=0.8.0
@@ -13,6 +14,11 @@ env:
   - rails=3.2.18 grape=0.9.0
   - rails=4.1.1 grape=0.9.0 doorkeeper=1.4.1
   - rails=4.1.1 grape=0.9.0
+matrix:
+  allow_failures:
+    - env: rails=3.2.18 grape=0.8.0
+    - env: rails=3.2.18 grape=0.9.0 doorkeeper=1.4.1
+    - env: rails=3.2.18 grape=0.9.0
 addons:
   code_climate:
     repo_token: ab1b6ce5f973da033f80ae2e99fadbb32b2f9c37892703956d8ef954c8e8134e

data/CHANGELOG.md

@@ -1,5 +1,7 @@
 Changelog
 =========
+## 0.2.2
+*[#17](https://github.com/antek-drzewiecki/wine_bouncer/pull/17): Added a new protected strategy. Thanks @whatasunnyday .
 
 ## 0.2.1
 *[#12](https://github.com/antek-drzewiecki/wine_bouncer/pull/12): Added a rails generator to generate the WineBouncer configuration file. Thanks @whatasunnyday.

data/README.md

@@ -16,6 +16,7 @@ Table of Contents
     * [Authentication strategies](#authentication-strategies)
       * [Default](#default)
       * [Swagger](#swagger)
+      * [Protected](#protected)
     * [Token information](#token-information)
   * [Exceptions and Exception handling](#exceptions-and-exception-handling)
   * [Development](#development)
@@ -196,6 +197,48 @@ It defaults assumes when no description is given that no authorization should be
 When the authentication syntax is mentioned in the method description, the method will be protected.
 You can use the default scopes of Doorkeeper by just adding `authorizations: { oauth2: [] }` or state your own scopes with `authorizations: { oauth2: [ { scope: 'scope1' }, { scope: 'scope2' }, ... ] }`.
 
+#### Protected
+
+The protected strategy is very similiar to the default strategy except any public end point must explicitly set. To make an end point public, use `auth: false`. 
+If the authorization is not set, the end point is assumed to be protected and Doorkeeper's default scopes are used.
+
+Example:
+
+``` ruby
+ class MyAwesomeAPI < Grape::API
+    desc 'protected method with required public scope', 
+    auth: { scopes: ['public'] }
+    get '/protected' do
+       { hello: 'world' }
+    end
+    
+    desc 'Unprotected method'
+    get '/unprotected', auth: false do
+      { hello: 'unprotected world' }
+    end
+    
+    desc 'This method needs the public or private scope.',
+    auth: [:public, :private]
+    # Doorkeeper's default scopes are [:public, :private] so auth can be omitted. See next example.
+    get '/method' do
+      { hello: 'public or private user.' }
+    end
+    
+    desc 'This method uses Doorkeepers default scopes.'
+    get '/protected_with_default_scope' do
+       { hello: 'protected unscoped world' }
+    end
+ end
+ 
+ class Api < Grape::API
+    default_format :json
+    format :json
+    use ::WineBouncer::OAuth2
+    mount MyAwesomeAPI
+    add_swagger_documentation
+ end
+```
+
 ### Token information
 
 WineBouncer comes with free extras! Methods for `resource_owner` and `doorkeeper_access_token` get included in your endpoints. You can use them to get the current resource owner, and the access_token object of doorkeeper.

data/lib/wine_bouncer/auth_strategies/protected.rb

@@ -0,0 +1,35 @@
+module WineBouncer
+  module AuthStrategies
+    class Protected
+
+      def endpoint_protected?(context)
+        has_authorizations?(context)
+      end
+
+      def has_auth_scopes?(context)
+        endpoint_authorizations(context) && 
+          endpoint_authorizations(context).has_key?(:scopes) && 
+          endpoint_authorizations(context)[:scopes].any?
+      end
+
+      def auth_scopes(context)
+        endpoint_authorizations(context)[:scopes].map(&:to_sym)
+      end
+
+      private
+
+      def nil_authorizations?(context)
+        endpoint_authorizations(context).nil?
+      end
+
+
+      def has_authorizations?(context)
+        nil_authorizations?(context) || endpoint_authorizations(context)
+      end
+
+      def endpoint_authorizations(context)
+         context[:auth]
+      end
+    end
+  end
+end

data/lib/wine_bouncer/version.rb

@@ -1,3 +1,3 @@
 module WineBouncer
-  VERSION = '0.2.1'
+  VERSION = '0.2.2'
 end

data/spec/dummy/app/api/protected_api.rb

@@ -0,0 +1,39 @@
+module Api
+
+  ###
+  # Api under test, default doorkeeper scope is 'account'
+  ##
+  class MountedProtectedApiUnderTest < Grape::API
+    desc 'Protected method with public', auth: { scopes: ['public'] }
+    get '/protected' do
+      { hello: 'world' }
+    end
+
+    desc 'Protected method with private', auth: { scopes: ['private'] }
+    get '/protected_with_private_scope' do
+      { hello: 'scoped world' }
+    end
+
+    desc 'Unprotected method'
+    get '/unprotected', auth: false do
+      { hello: 'unprotected world' }
+    end
+
+    desc 'Protected method with public that returns the user name', auth: { scopes: ['public'] }
+    get '/protected_user' do
+      { hello: resource_owner.name }
+    end
+
+    desc 'This method uses Doorkeepers default scopes'
+    get '/protected_without_scope' do
+      { hello: 'protected unscoped world' }
+    end
+  end
+
+  class ProtectedApiUnderTest < Grape::API
+    default_format :json
+    format :json
+    use ::WineBouncer::OAuth2
+    mount MountedProtectedApiUnderTest
+  end
+end

data/spec/dummy/config/routes.rb

@@ -2,4 +2,5 @@ Rails.application.routes.draw do
   use_doorkeeper
   mount Api::DefaultApiUnderTest => '/default_api'
   mount Api::SwaggerApiUnderTest => '/swagger_api'
+  mount Api::ProtectedApiUnderTest => '/protected_api'
 end

data/spec/intergration/oauth2_protected_strategy_spec.rb

@@ -0,0 +1,97 @@
+require 'rails_helper'
+require 'json'
+
+describe Api::MountedProtectedApiUnderTest, type: :api do
+
+  let(:user) { FactoryGirl.create :user }
+  let(:token) { FactoryGirl.create :clientless_access_token, resource_owner_id: user.id, scopes: "public" }
+  let(:unscoped_token) { FactoryGirl.create :clientless_access_token, resource_owner_id: user.id, scopes: "" }
+
+  before (:example) do
+    WineBouncer.configure do |c|
+      c.auth_strategy = :protected
+
+      c.define_resource_owner do
+        User.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token
+      end
+    end
+  end
+
+  context 'tokens and scopes' do
+    it 'gives access when the token and scope are correct' do
+      get '/protected_api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+      expect(json).to have_key('hello')
+    end
+
+    it 'raises an authentication error when the token is invalid' do
+      expect { get '/protected_api/protected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}-invalid" }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'raises an oauth authentication error when no token is given' do
+      expect { get '/protected_api/protected' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'raises an auth forbidden authentication error when the user scope is not correct' do
+      expect { get '/protected_api/protected_with_private_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
+    end
+  end
+
+  context 'unprotected endpoint' do
+    it 'allows to call an unprotected endpoint without token' do
+      get '/protected_api/unprotected'
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq('unprotected world')
+    end
+
+    it 'allows to call an unprotected endpoint with token' do
+      get '/protected_api/unprotected', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq('unprotected world')
+    end
+  end
+
+  context 'protected_without_scopes' do
+    it 'does not allow an unauthenticated user to call a protected endpoint' do
+      expect { get '/protected_api/protected_without_scope' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'allows to call an protected endpoint without scopes' do
+      get '/protected_api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq('protected unscoped world')
+    end
+
+    it 'raises an error when an protected endpoint without scopes is called without token ' do
+      expect { get '/protected_api/protected_without_scope' }.to raise_exception(WineBouncer::Errors::OAuthUnauthorizedError)
+    end
+
+    it 'raises an error because the user does not have the default scope' do
+      expect { get '/protected_api/protected_without_scope', nil, 'HTTP_AUTHORIZATION' => "Bearer #{unscoped_token.token}" }.to raise_exception(WineBouncer::Errors::OAuthForbiddenError)
+    end
+  end
+
+  context 'resource_owner' do
+    it 'is available in the endpoint' do
+      get '/protected_api/protected_user', nil, 'HTTP_AUTHORIZATION' => "Bearer #{token.token}"
+
+      expect(last_response.status).to eq(200)
+      json = JSON.parse(last_response.body)
+
+      expect(json).to have_key('hello')
+      expect(json['hello']).to eq(user.name)
+    end
+  end
+end

data/wine_bouncer.gemspec

@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "railties"
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec-rails", "~> 3.1.0"
+  spec.add_development_dependency "rspec-rails", '~> 3.2.0'
   spec.add_development_dependency 'factory_girl', '~> 4.4.0'
   spec.add_development_dependency "generator_spec", "~> 0.9.0"
   spec.add_development_dependency "sqlite3"

metadata

@@ -1,159 +1,159 @@
 --- !ruby/object:Gem::Specification
 name: wine_bouncer
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Antek Drzewiecki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-15 00:00:00.000000000 Z
+date: 2015-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
 - !ruby/object:Gem::Dependency
   name: doorkeeper
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
-    - - <=
+    - - "<="
       - !ruby/object:Gem::Version
         version: 2.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
-    - - <=
+    - - "<="
       - !ruby/object:Gem::Version
         version: 2.0.1
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: factory_girl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 4.4.0
 - !ruby/object:Gem::Dependency
   name: generator_spec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
 description: 
@@ -163,9 +163,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
@@ -178,6 +178,7 @@ files:
 - lib/wine_bouncer.rb
 - lib/wine_bouncer/auth_methods/auth_methods.rb
 - lib/wine_bouncer/auth_strategies/default.rb
+- lib/wine_bouncer/auth_strategies/protected.rb
 - lib/wine_bouncer/auth_strategies/swagger.rb
 - lib/wine_bouncer/configuration.rb
 - lib/wine_bouncer/errors.rb
@@ -186,6 +187,7 @@ files:
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/api/default_api.rb
+- spec/dummy/app/api/protected_api.rb
 - spec/dummy/app/api/swagger_api.rb
 - spec/dummy/app/assets/images/.keep
 - spec/dummy/app/assets/javascripts/application.js
@@ -236,6 +238,7 @@ files:
 - spec/factories/application.rb
 - spec/factories/user.rb
 - spec/intergration/oauth2_default_strategy_spec.rb
+- spec/intergration/oauth2_protected_strategy_spec.rb
 - spec/intergration/oauth2_swagger_strategy_spec.rb
 - spec/lib/generators/wine_bouncer/initializer_generator_spec.rb
 - spec/lib/wine_bouncer/auth_methods/auth_methods_spec.rb
@@ -254,17 +257,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: A Ruby gem that allows Oauth2 protection with Doorkeeper for Grape Api's
@@ -272,6 +275,7 @@ test_files:
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/api/default_api.rb
+- spec/dummy/app/api/protected_api.rb
 - spec/dummy/app/api/swagger_api.rb
 - spec/dummy/app/assets/images/.keep
 - spec/dummy/app/assets/javascripts/application.js
@@ -322,6 +326,7 @@ test_files:
 - spec/factories/application.rb
 - spec/factories/user.rb
 - spec/intergration/oauth2_default_strategy_spec.rb
+- spec/intergration/oauth2_protected_strategy_spec.rb
 - spec/intergration/oauth2_swagger_strategy_spec.rb
 - spec/lib/generators/wine_bouncer/initializer_generator_spec.rb
 - spec/lib/wine_bouncer/auth_methods/auth_methods_spec.rb