-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
228 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
require 'prx_auth/scope_list' | ||
require 'prx_auth/resource_map' | ||
require 'rack/prx_auth/version' | ||
|
||
module PrxAuth | ||
VERSION = Rack::PrxAuth::VERSION | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
module PrxAuth | ||
class ResourceMap | ||
WILDCARD_KEY = '*' | ||
|
||
def initialize(mapped_values) | ||
@map = Hash[mapped_values.map do |(key, values)| | ||
[key, ScopeList.new(values)] | ||
end] | ||
end | ||
|
||
def contains?(resource, namespace=nil, scope=nil) | ||
mapped_resource = @map[resource.to_s] | ||
|
||
if mapped_resource == wildcard_resource | ||
raise ArgumentError if namespace.nil? | ||
|
||
mapped_resource.contains?(namespace, scope) | ||
elsif mapped_resource && !namespace.nil? | ||
mapped_resource.contains?(namespace, scope) || wildcard_resource.contains?(namespace, scope) | ||
elsif !namespace.nil? | ||
wildcard_resource.contains?(namespace, scope) | ||
else | ||
!!mapped_resource | ||
end | ||
end | ||
|
||
private | ||
|
||
def wildcard_resource | ||
@wildcard_resource ||= @map[WILDCARD_KEY] || ScopeList.new('') | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
module PrxAuth | ||
class ScopeList | ||
SCOPE_SEPARATOR = ' ' | ||
NAMESPACE_SEPARATOR = ':' | ||
NO_NAMESPACE = :_ | ||
|
||
def initialize(list) | ||
@string = list | ||
end | ||
|
||
def contains?(namespace, scope=nil) | ||
scope, namespace = namespace, NO_NAMESPACE if scope.nil? | ||
|
||
if namespace == NO_NAMESPACE | ||
map[namespace].include?(symbolize(scope)) | ||
else | ||
symbolized_scope = symbolize(scope) | ||
map[namespace].include?(symbolized_scope) || map[NO_NAMESPACE].include?(symbolized_scope) | ||
end | ||
end | ||
|
||
private | ||
|
||
def map | ||
@parsed_map ||= empty_map.tap do |map| | ||
@string.split(SCOPE_SEPARATOR).each do |value| | ||
next if value.length < 1 | ||
|
||
parts = value.split(NAMESPACE_SEPARATOR, 2) | ||
if parts.length == 2 | ||
map[symbolize(parts[0])] << symbolize(parts[1]) | ||
else | ||
map[NO_NAMESPACE] << symbolize(parts[0]) | ||
end | ||
end | ||
end | ||
end | ||
|
||
def empty_map | ||
@empty_map ||= Hash.new do |hash, key| | ||
hash[key] = [] | ||
end | ||
end | ||
|
||
def symbolize(value) | ||
case value | ||
when Symbol then value | ||
when String then value.downcase.gsub('-', '_').intern | ||
else symbolize value.to_s | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
module Rack | ||
class PrxAuth | ||
VERSION = "0.3.0" | ||
VERSION = "1.0.0" | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
require 'test_helper' | ||
|
||
describe PrxAuth::ResourceMap do | ||
let(:map) { PrxAuth::ResourceMap.new(resources) } | ||
let(:resources) { {'123' => 'admin one two three ns1:namespaced', '456' => 'member four five six' } } | ||
|
||
describe '#authorized?' do | ||
it 'contains scopes in list' do | ||
assert map.contains?(123, :admin) | ||
end | ||
|
||
it 'does not include across aur limits' do | ||
assert !map.contains?(123, :member) | ||
end | ||
|
||
it 'does not require a scope' do | ||
assert map.contains?(123) | ||
end | ||
|
||
it 'does not match if it hasnt seen the resource' do | ||
assert !map.contains?(789) | ||
end | ||
|
||
it 'works with namespaced scopes' do | ||
assert map.contains?(123, :ns1, :namespaced) | ||
end | ||
|
||
describe 'with wildcard resource' do | ||
let(:resources) do | ||
{ | ||
'*' => 'peek', | ||
'123' => 'admin one two three', | ||
'456' => 'member four five six' | ||
} | ||
end | ||
|
||
it 'applies wildcard lists to queries with no matching value' do | ||
assert map.contains?(789, :peek) | ||
end | ||
|
||
it 'does not scan unscoped for wildcard resources' do | ||
assert !map.contains?(789) | ||
end | ||
|
||
it 'allows querying by wildcard resource directly' do | ||
assert map.contains?('*', :peek) | ||
assert !map.contains?('*', :admin) | ||
end | ||
|
||
it 'treats wildcard lists as additive to other explicit ones' do | ||
assert map.contains?(123, :peek) | ||
end | ||
|
||
it 'refuses to run against wildcard with no scope' do | ||
assert_raises ArgumentError do | ||
map.contains?('*') | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
require 'test_helper' | ||
|
||
describe PrxAuth::ScopeList do | ||
let (:scopes) { 'read write sell top-up' } | ||
let (:list) { PrxAuth::ScopeList.new(scopes) } | ||
|
||
it 'looks up successfully for a given scope' do | ||
assert list.contains?('write') | ||
end | ||
|
||
it 'scans for symbols' do | ||
assert list.contains?(:read) | ||
end | ||
|
||
it 'handles hyphen to underscore conversions' do | ||
assert list.contains?(:top_up) | ||
end | ||
|
||
it 'fails for contents not in the list' do | ||
assert !list.contains?(:buy) | ||
end | ||
|
||
describe 'with namespace' do | ||
let (:scopes) { 'ns1:hello ns2:goodbye aloha' } | ||
|
||
it 'works for namespaced lookups' do | ||
assert list.contains?(:ns1, :hello) | ||
end | ||
|
||
it 'fails when the wrong namespace is passed' do | ||
assert !list.contains?(:ns1, :goodbye) | ||
end | ||
|
||
it 'looks up global scopes when namespaced fails' do | ||
assert list.contains?(:ns1, :aloha) | ||
assert list.contains?(:ns3, :aloha) | ||
end | ||
|
||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.