Merge 58cc497 into 9b91941

Gemfile

@@ -2,3 +2,6 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in rack-prx_auth.gemspec
 gemspec
+
+gem 'guard', '~> 2.6.1'
+gem 'guard-minitest', '~> 2.3.2'

Guardfile

@@ -1,7 +1,7 @@
 guard :minitest, all_after_pass: true do
   watch(%r{^test/(.*)\/?test_(.*)\.rb})
-  watch(%r{^lib/rack/(.*/)?([^/]+)\.rb})                      { |m| "test/#{m[1]}test_#{m[2]}.rb" }
-  watch(%r{^lib/rack/(.+)\.rb})                               { |m| "test/#{m[1]}_test.rb" }
+  watch(%r{^lib/(.*/)?([^/]+)\.rb})                      { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  watch(%r{^lib/(.+)\.rb})                               { |m| "test/#{m[1]}_test.rb" }
   watch(%r{^lib/(.+)\.rb})                                    { |m| "test/#{m[1]}_test.rb" }
   watch(%r{^test/.+_test\.rb})
   watch(%r{^test/test_helper\.rb})                            { 'test' }

Rakefile

@@ -3,7 +3,8 @@ require 'rake'
 require 'rake/testtask'
 
 Rake::TestTask.new do |t|
-  t.pattern = 'test/*test.rb'
+  t.libs << 'test'
+  t.pattern = 'test/**/*test.rb'
 end
 
 task default: :test

lib/rack/prx_auth.rb

@@ -2,8 +2,6 @@
 require 'rack/prx_auth/version'
 require 'rack/prx_auth/certificate'
 require 'rack/prx_auth/token_data'
-require 'rack/prx_auth/controller_methods'
-require 'rack/prx_auth/railtie' if defined?(Rails)
 
 module Rack
   class PrxAuth

lib/rack/prx_auth/certificate.rb

@@ -48,7 +48,7 @@ def needs_refresh?
       end
 
       def expired?
-        certificate.not_after < Time.now
+        @certificate.not_after < Time.now
       end
     end
   end

lib/rack/prx_auth/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class PrxAuth
-    VERSION = "0.0.5"
+    VERSION = "0.0.6"
   end
 end

rack-prx_auth.gemspec

@@ -6,23 +6,20 @@ require 'rack/prx_auth/version'
 Gem::Specification.new do |spec|
   spec.name          = "rack-prx_auth"
   spec.version       = Rack::PrxAuth::VERSION
-  spec.authors       = ["Eve Asher"]
-  spec.email         = ["eve@prx.org"]
+  spec.authors       = ["Eve Asher", "Chris Rhoden"]
+  spec.email         = ["eve@prx.org", "carhoden@gmail.com"]
   spec.summary       = %q{Rack middleware that verifies and decodes a JWT token and attaches the token's claims to env.}
   spec.description   = %q{Specific to PRX. Will ignore tokens that were not issued by PRX.}
-  spec.homepage      = ""
+  spec.homepage      = "https://github.com/PRX/rack-prx_auth"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.test_files    = spec.files.grep(%r{^test/})
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'guard', '~> 2.6', '>= 2.6.1'
-  spec.add_development_dependency 'guard-minitest', '~> 2.3', '>= 2.3.2'
-  spec.add_development_dependency 'minitest-stub_any_instance'
   spec.add_development_dependency 'coveralls', '~> 0'
 
   spec.add_dependency 'rack', '~> 1.5', '>= 1.5.2'

test/rack/prx_auth/certificate_test.rb

@@ -0,0 +1,130 @@
+require 'test_helper'
+
+describe Rack::PrxAuth::Certificate do
+  let(:subject) { Rack::PrxAuth::Certificate.new }
+  let(:certificate) { subject }
+
+  describe '#initialize' do
+    it 'allows setting the location of the certificates' do
+      cert = Rack::PrxAuth::Certificate.new('http://example.com')
+      cert.cert_location.must_equal URI('http://example.com')
+    end
+
+    it 'defaults to DEFAULT_CERT_LOC' do
+      certificate.cert_location.must_equal Rack::PrxAuth::Certificate::DEFAULT_CERT_LOC
+    end
+  end
+
+  describe '#valid?' do
+    it 'validates the token with the public key' do
+      token, key = nil, nil
+      certificate.stub(:public_key, :public_key) do
+        JSON::JWT.stub(:decode, Proc.new {|t, k| token, key = t, k }) do
+          certificate.valid?(:token)
+        end
+      end
+
+      token.must_equal :token
+      key.must_equal :public_key
+    end
+
+    it 'returns false if verification fails' do
+      JSON::JWT.stub(:decode, Proc.new do |t, k|
+        raise JSON::JWT::VerificationFailed
+      end) do
+        certificate.stub(:public_key, :foo) do
+          certificate.wont_be :valid?, :token
+        end
+      end
+    end
+
+    it 'returns true if verification passes' do
+      JSON::JWT.stub(:decode, {}) do
+        certificate.stub(:public_key, :foo) do
+          certificate.must_be :valid?, :token
+        end
+      end
+    end
+  end
+
+  describe '#certificate' do
+    it 'calls fetch if unprimed' do
+      def certificate.fetch
+        :sigil
+      end
+
+      certificate.send(:certificate).must_equal :sigil
+    end
+  end
+
+  describe '#public_key' do
+    it 'pulls from the certificate' do
+      certificate.stub(:certificate, Struct.new(:public_key).new(:key)) do
+        certificate.send(:public_key).must_equal :key
+      end
+    end
+  end
+
+  describe '#fetch' do
+    it 'pulls from `#cert_location`' do
+      Net::HTTP.stub(:get, ->(x) { "{\"certificates\":{\"asdf\":\"#{x}\"}}" }) do
+        OpenSSL::X509::Certificate.stub(:new, ->(x) { x }) do
+          certificate.stub(:cert_location, "a://fake.url/here") do
+            certificate.send(:fetch).must_equal "a://fake.url/here"
+          end
+        end
+      end
+    end
+
+    it 'sets the expiration value' do
+      Net::HTTP.stub(:get, ->(x) { "{\"certificates\":{\"asdf\":\"#{x}\"}}" }) do
+        OpenSSL::X509::Certificate.stub(:new, ->(_) { Struct.new(:not_after).new(Time.now + 10000) }) do
+          certificate.send :certificate
+          certificate.wont_be :needs_refresh?
+        end
+      end
+    end
+  end
+
+  describe '#expired?' do
+    let(:stub_cert) { Struct.new(:not_after).new(Time.now + 10000) }
+    before(:each) do
+      certificate.instance_variable_set :'@certificate', stub_cert
+    end
+
+    it 'is false when the certificate is not expired' do
+      certificate.wont_be :expired?
+    end
+
+    it 'is true when the certificate is expired' do
+      stub_cert.not_after = Time.now - 500
+      certificate.must_be :expired?
+    end
+  end
+
+  describe '#needs_refresh?' do
+    def refresh_at=(time)
+      certificate.instance_variable_set :'@refresh_at', time
+    end
+
+    it 'is true if certificate is expired' do
+      certificate.stub(:expired?, true) do
+        certificate.must_be :needs_refresh?
+      end
+    end
+
+    it 'is true if we are past refresh value' do
+      self.refresh_at = Time.now.to_i - 1000
+      certificate.stub(:expired?, false) do
+        certificate.must_be :needs_refresh?
+      end
+    end
+
+    it 'is false if certificate is not expired and refresh is in the future' do
+      self.refresh_at = Time.now.to_i + 10000
+      certificate.stub(:expired?, false) do
+        certificate.wont_be :needs_refresh?
+      end
+    end
+  end
+end

test/rack-prx_auth_test.rb → test/rack/prx_auth_test.rb

@@ -1,4 +1,4 @@
-require_relative 'minitest_helper'
+require 'test_helper'
 
 describe Rack::PrxAuth do
   let(:app) { Proc.new {|env| env } }
@@ -43,11 +43,13 @@
     end
 
     it 'attaches claims to request params if verification passes' do
-      JSON::JWT.stub(:decode, claims) do
-        prxauth.call(env)['prx.auth'].tap do |token|
-          token.must_be_instance_of Rack::PrxAuth::TokenData
-          token.attributes.must_equal claims
-          token.user_id.must_equal claims['sub']
+      prxauth.stub(:decode_token, claims) do
+        prxauth.stub(:valid?, true) do
+          prxauth.call(env)['prx.auth'].tap do |token|
+            token.must_be_instance_of Rack::PrxAuth::TokenData
+            token.attributes.must_equal claims
+            token.user_id.must_equal claims['sub']
+          end
         end
       end
     end
@@ -74,58 +76,4 @@
       end
     end
   end
-
-  describe Rack::PrxAuth::Certificate do
-    let(:subject) { Rack::PrxAuth::Certificate.new }
-    let(:certificate) { subject }
-
-    describe '#initialize' do
-      it 'allows setting the location of the certificates' do
-        cert = Rack::PrxAuth::Certificate.new('http://example.com')
-        cert.cert_location.must_equal URI('http://example.com')
-      end
-
-      it 'defaults to DEFAULT_CERT_LOC' do
-        cert = Rack::PrxAuth::Certificate.new
-        cert.cert_location.must_equal Rack::PrxAuth::Certificate::DEFAULT_CERT_LOC
-      end
-    end
-
-    describe '#valid?' do
-      it 'validates the token with the public key' do
-        token, key = nil, nil
-        certificate.stub(:public_key, :public_key) do
-          JSON::JWT.stub(:decode, Proc.new {|t, k| token, key = t, k }) do
-            certificate.valid?(:token)
-          end
-        end
-
-        token.must_equal :token
-        key.must_equal :public_key
-      end
-
-      it 'returns false if verification fails' do
-        JSON::JWT.stub(:decode, Proc.new {|t, k|
-          raise JSON::JWT::VerificationFailed }) do
-          certificate.wont_be :valid?, :token
-        end
-      end
-
-      it 'returns true if verification passes' do
-        JSON::JWT.stub(:decode, {}) do
-          certificate.must_be :valid?, :token
-        end
-      end
-    end
-
-    describe '#certificate' do
-      it 'calls fetch if unprimed' do
-        def certificate.fetch
-          :sigil
-        end
-
-        certificate.send(:certificate).must_equal :sigil
-      end
-    end
-  end
 end

test/minitest_helper.rb → test/test_helper.rb

@@ -7,5 +7,3 @@
 require 'minitest/autorun'
 require 'minitest/spec'
 require 'minitest/pride'
-require 'minitest/stub_any_instance'
-require 'lumberjack' rescue nil