Merge branch 'master' into fix_params_in_post

Ted Kulp · Ted Kulp · commit c15d9bbd5729 · 2011-07-14T23:50:58.000-04:00
Conflicts:
	lib/grape/middleware/formatter.rb
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -0,0 +1,52 @@
+PATH
+  remote: .
+  specs:
+    grape (0.1.4)
+      multi_json
+      multi_xml
+      rack
+      rack-jsonp
+      rack-mount
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    ZenTest (4.5.0)
+    diff-lcs (1.1.2)
+    json_pure (1.5.2)
+    maruku (0.6.0)
+      syntax (>= 1.0.0)
+    multi_json (1.0.3)
+    multi_xml (0.2.2)
+    rack (1.3.0)
+    rack-jsonp (1.2.0)
+      rack
+    rack-mount (0.8.1)
+      rack (>= 1.0.0)
+    rack-test (0.6.0)
+      rack (>= 1.0)
+    rake (0.9.2)
+    rspec (2.6.0)
+      rspec-core (~> 2.6.0)
+      rspec-expectations (~> 2.6.0)
+      rspec-mocks (~> 2.6.0)
+    rspec-core (2.6.4)
+    rspec-expectations (2.6.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.6.0)
+    syntax (1.0.0)
+    yard (0.7.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ZenTest
+  bundler
+  grape!
+  json_pure
+  maruku
+  rack-test
+  rake
+  rspec (~> 2.6.0)
+  yard
diff --git a/lib/grape.rb b/lib/grape.rb
@@ -17,6 +17,7 @@ module Middleware
     module Auth
       autoload :OAuth2, 'grape/middleware/auth/oauth2'
       autoload :Basic,  'grape/middleware/auth/basic'
+      autoload :Digest,	'grape/middleware/auth/digest'
     end
   end
 end
diff --git a/lib/grape/api.rb b/lib/grape/api.rb
@@ -1,5 +1,6 @@
 require 'rack/mount'
 require 'rack/auth/basic'
+require 'rack/auth/digest/md5'
 require 'logger'
 
 module Grape
@@ -138,7 +139,7 @@ def helpers(&block)
       end
       
       # Add an authentication type to the API. Currently
-      # only `:http_basic` is supported.
+      # only `:http_basic`, `:http_digest` and `:oauth2` are supported.
       def auth(type = nil, options = {}, &block)
         if type
           set(:auth, {:type => type.to_sym, :proc => block}.merge(options))
@@ -155,6 +156,12 @@ def http_basic(options = {}, &block)
         options[:realm] ||= "API Authorization"
         auth :http_basic, options, &block
       end
+
+      def http_digest(options = {}, &block)
+        options[:realm] ||= "API Authorization"
+	options[:opaque] ||= "secret"
+        auth :http_digest, options, &block
+      end
       
       # Defines a route that will be recognized
       # by the Grape API.
@@ -257,6 +264,7 @@ def build_endpoint(&block)
           :format => settings[:error_format] || :txt, 
           :rescue_options => settings[:rescue_options]
         b.use Rack::Auth::Basic, settings[:auth][:realm], &settings[:auth][:proc] if settings[:auth] && settings[:auth][:type] == :http_basic
+	b.use Rack::Auth::Digest::MD5, settings[:auth][:realm], settings[:auth][:opaque], &settings[:auth][:proc] if settings[:auth] && settings[:auth][:type] == :http_digest
         b.use Grape::Middleware::Prefixer, :prefix => prefix if prefix        
         b.use Grape::Middleware::Versioner, :versions => (version if version.is_a?(Array)) if version
         b.use Grape::Middleware::Formatter, :default_format => default_format || :json
diff --git a/lib/grape/middleware/auth/digest.rb b/lib/grape/middleware/auth/digest.rb
@@ -0,0 +1,30 @@
+require 'rack/auth/digest/md5'
+
+module Grape
+  module Middleware
+    module Auth
+      class Digest < Grape::Middleware::Base
+        attr_reader :authenticator
+        
+        def initialize(app, options = {}, &authenticator)
+          super(app, options)
+          @authenticator = authenticator
+        end
+        
+        def digest_request
+          Rack::Auth::Digest::Request.new(env)
+        end
+        
+        def credentials
+          digest_request.provided?? digest_request.credentials : [nil, nil]
+        end
+        
+        def before
+          unless authenticator.call(*credentials)
+            throw :error, :status => 401, :message => "API Authorization Failed."
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/grape/middleware/auth/oauth2.rb b/lib/grape/middleware/auth/oauth2.rb
@@ -1,10 +1,12 @@
 module Grape::Middleware::Auth
+  # OAuth 2.0 authorization for Grape APIs.
   class OAuth2 < Grape::Middleware::Base
     def default_options
       {
         :token_class => 'AccessToken',
         :realm => 'OAuth API',
         :parameter => %w(bearer_token oauth_token),
+        :accepted_headers => %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION),
         :header => [/Bearer (.*)/i, /OAuth (.*)/i]
       }
     end
@@ -21,14 +23,21 @@ def token_parameter
     end
 
     def token_header
-      return false unless env['Authorization']
+      return false unless authorization_header
       Array(options[:header]).each do |regexp|
-        if env['Authorization'] =~ regexp
+        if authorization_header =~ regexp
           return $1
         end
       end
       nil
     end
+
+    def authorization_header
+      options[:accepted_headers].each do |head|
+        return env[head] if env[head]
+      end
+      nil
+    end
     
     def token_class
       @klass ||= eval(options[:token_class])
@@ -39,7 +48,7 @@ def verify_token(token)
         if token.respond_to?(:expired?) && token.expired?
           error_out(401, 'expired_token')
         else
-          if token.permission_for?(env)
+          if !token.respond_to?(:permission_for?) || token.permission_for?(env)
             env['api.token'] = token
           else
             error_out(403, 'insufficient_scope')
@@ -50,12 +59,6 @@ def verify_token(token)
       end
     end
     
-    def parse_authorization_header
-      if env['Authorization'] =~ /oauth (.*)/i
-        $1
-      end
-    end
-    
     def error_out(status, error)
       throw :error, {
         :message => error,
diff --git a/lib/grape/middleware/base.rb b/lib/grape/middleware/base.rb
@@ -2,7 +2,7 @@ module Grape
   module Middleware
     class Base
       attr_reader :app, :env, :options
-      
+
       # @param [Rack Application] app The standard argument for a Rack middleware.
       # @param [Hash] options A hash of options, simply stored for use by subclasses.
       def initialize(app, options = {})
@@ -38,6 +38,52 @@ def request
       def response
         Rack::Response.new(@app_response)
       end
+
+
+      module Formats
+
+        CONTENT_TYPES = {
+          :xml => 'application/xml',
+          :json => 'application/json',
+          :atom => 'application/atom+xml',
+          :rss => 'application/rss+xml',
+          :txt => 'text/plain'
+        }
+        FORMATTERS = {
+          :json => :encode_json,
+          :txt => :encode_txt,
+        }
+
+        def formatters
+          FORMATTERS.merge(options[:formatters] || {})
+        end
+
+        def content_types
+          CONTENT_TYPES.merge(options[:content_types] || {})
+        end
+
+        def content_type
+          content_types[options[:format]] || 'text/html'
+        end
+
+        def mime_types
+          content_types.invert
+        end
+
+        def formatter_for(api_format)
+          spec = formatters[api_format]
+          case spec
+          when nil
+            lambda { |obj| obj }
+          when Symbol
+            method(spec)
+          else
+            spec
+          end
+        end
+
+      end
+
     end
   end
-end
+end
diff --git a/lib/grape/middleware/error.rb b/lib/grape/middleware/error.rb
@@ -4,7 +4,8 @@
 module Grape
   module Middleware
     class Error < Base
-    
+      include Formats
+
       def default_options
       { 
         :default_status => 403, # default status returned on error
@@ -18,36 +19,15 @@ def default_options
       }
       end
 
-      FORMATTERS = {
-        :json => :format_json,
-        :txt => :format_txt,
-      }
-
-      def formatters
-        FORMATTERS.merge(options[:formatters])
-      end
-
-      def formatter_for(api_format)
-        spec = formatters[api_format]
-        case spec
-        when nil
-          lambda { |obj| obj }
-        when Symbol
-          method(spec)
-        else
-          spec
-        end
-      end
-
-      def format_json(message, backtrace)
+      def encode_json(message, backtrace)
         result = message.is_a?(Hash) ? message : { :error => message }
         if (options[:rescue_options] || {})[:backtrace] && backtrace && ! backtrace.empty?
           result = result.merge({ :backtrace => backtrace })
         end
         MultiJson.encode(result)
       end
       
-      def format_txt(message, backtrace)
+      def encode_txt(message, backtrace)
         result = message.is_a?(Hash) ? MultiJson.encode(message) : message
         if (options[:rescue_options] || {})[:backtrace] && backtrace && ! backtrace.empty?
           result += "\r\n "
@@ -73,7 +53,8 @@ def call!(env)
       def error_response(error = {})
         status = error[:status] || options[:default_status]
         message = error[:message] || options[:default_message]
-        headers = error[:headers] || {}
+        headers = {'Content-Type' => content_type}
+        headers.merge!(error[:headers]) if error[:headers].is_a?(Hash)
         backtrace = error[:backtrace] || []
         Rack::Response.new([format_message(message, backtrace, status)], status, headers).finish
       end
diff --git a/lib/grape/middleware/formatter.rb b/lib/grape/middleware/formatter.rb
@@ -4,21 +4,8 @@
 module Grape
   module Middleware
     class Formatter < Base
-      CONTENT_TYPES = {
-        :xml => 'application/xml',
-        :json => 'application/json',
-        :atom => 'application/atom+xml',
-        :rss => 'application/rss+xml',
-        :txt => 'text/plain'
-      }
-      FORMATTERS = {
-        :json => :encode_json,
-        :txt => :encode_txt,
-      }
-      PARSERS = {
-        :json => :decode_json
-      }
-      
+      include Formats
+
       def default_options
         { 
           :default_format => :txt,
@@ -28,22 +15,6 @@ def default_options
         }
       end
       
-      def content_types
-        CONTENT_TYPES.merge(options[:content_types])
-      end
-
-      def formatters
-        FORMATTERS.merge(options[:formatters])
-      end
-
-      def parsers
-        PARSERS.merge(options[:parsers])
-      end
-      
-      def mime_types
-        content_types.invert
-      end
-      
       def headers
         env.dup.inject({}){|h,(k,v)| h[k.downcase] = v; h}
       end
@@ -113,34 +84,6 @@ def after
         Rack::Response.new(bodymap, status, headers).to_a
       end
 
-      def formatter_for(api_format)
-        spec = formatters[api_format]
-        case spec
-        when nil
-          lambda { |obj| obj }
-        when Symbol
-          method(spec)
-        else
-          spec
-        end
-      end
-
-      def parser_for(api_format)
-        spec = parsers[api_format]
-        case spec
-        when nil
-          nil
-        when Symbol
-          method(spec)
-        else
-          spec
-        end
-      end
-
-      def decode_json(object)
-        MultiJson.decode(object)
-      end
-      
       def encode_json(object)
         if object.respond_to? :serializable_hash
           MultiJson.encode(object.serializable_hash)
diff --git a/spec/grape/api_spec.rb b/spec/grape/api_spec.rb
diff --git a/spec/grape/middleware/auth/digest_spec.rb b/spec/grape/middleware/auth/digest_spec.rb
diff --git a/spec/grape/middleware/auth/oauth2_spec.rb b/spec/grape/middleware/auth/oauth2_spec.rb
diff --git a/spec/grape/middleware/exception_spec.rb b/spec/grape/middleware/exception_spec.rb
