From 4753f67bd3425bafd54c5790a99d35c810af2c00 Mon Sep 17 00:00:00 2001 From: Manabu Niseki Date: Thu, 26 Oct 2023 03:29:42 +0900 Subject: [PATCH] Remove Rack::Auth::Digest (#2361) * Remove Rack::Auth::Digest * Update README.md to remove digest auth * Update UPGRADING and CHANGELOG * Fix typo * Bump the version up to 2.0.0 * Quote the class name * Update Stable Release version --- CHANGELOG.md | 3 +- README.md | 22 +---- UPGRADING.md | 8 +- lib/grape.rb | 1 - lib/grape/middleware/auth/strategies.rb | 3 +- lib/grape/version.rb | 2 +- spec/grape/middleware/auth/strategies_spec.rb | 88 ------------------- 7 files changed, 15 insertions(+), 112 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54906d7d12..aabf664f24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,11 @@ -### 1.9.0 (Next) +### 2.0.0 (Next) #### Features * [#2353](https://github.com/ruby-grape/grape/pull/2353): Added Rails 7.1 support - [@ericproulx](https://github.com/ericproulx). * [#2355](https://github.com/ruby-grape/grape/pull/2355): Set response headers based on Rack version - [@schinery](https://github.com/schinery). * [#2360](https://github.com/ruby-grape/grape/pull/2360): Reduce gem size by removing specs - [@ericproulx](https://github.com/ericproulx). +* [#2361](https://github.com/ruby-grape/grape/pull/2361): Remove `Rack::Auth::Digest` - [@ninoseki](https://github.com/ninoseki). * Your contribution here. #### Fixes diff --git a/README.md b/README.md index 0e28d24c1f..f0d66f8094 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ - [Active Model Serializers](#active-model-serializers) - [Sending Raw or No Data](#sending-raw-or-no-data) - [Authentication](#authentication) - - [Basic and Digest Auth](#basic-and-digest-auth) + - [Basic Auth](#basic-auth) - [Register custom middleware for authentication](#register-custom-middleware-for-authentication) - [Describing and Inspecting an API](#describing-and-inspecting-an-api) - [Current Route and Endpoint](#current-route-and-endpoint) @@ -160,7 +160,7 @@ content negotiation, versioning and much more. ## Stable Release -You're reading the documentation for the next release of Grape, which should be **1.9.0**. +You're reading the documentation for the next release of Grape, which should be **2.0.0**. Please read [UPGRADING](UPGRADING.md) when upgrading from a previous version. The current stable release is [1.8.0](https://github.com/ruby-grape/grape/blob/v1.8.0/README.md). @@ -3422,9 +3422,9 @@ end ## Authentication -### Basic and Digest Auth +### Basic Auth -Grape has built-in Basic and Digest authentication (the given `block` +Grape has built-in Basic authentication (the given `block` is executed in the context of the current `Endpoint`). Authentication applies to the current namespace and any children, but not parents. @@ -3435,20 +3435,6 @@ http_basic do |username, password| end ``` -Digest auth supports clear-text passwords and password hashes. - -```ruby -http_digest({ realm: 'Test Api', opaque: 'app secret' }) do |username| - # lookup the user's password here -end -``` - -```ruby -http_digest(realm: { realm: 'Test Api', opaque: 'app secret', passwords_hashed: true }) do |username| - # lookup the user's password hash here -end -``` - ### Register custom middleware for authentication Grape can use custom Middleware for authentication. How to implement these diff --git a/UPGRADING.md b/UPGRADING.md index b799dc4c05..b9877889ee 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -1,7 +1,7 @@ Upgrading Grape =============== -### Upgrading to >= 1.9.0 +### Upgrading to >= 2.0.0 #### Headers @@ -30,6 +30,12 @@ end See [#2355](https://github.com/ruby-grape/grape/pull/2355) for more information. +#### Digest auth deprecation + +Digest auth has been removed along with the deprecation of `Rack::Auth::Digest` in Rack 3. + +See [#2294](https://github.com/ruby-grape/grape/issues/2294) for more information. + ### Upgrading to >= 1.7.0 #### Exceptions renaming diff --git a/lib/grape.rb b/lib/grape.rb index cb36ebd1df..9eeecbde5a 100644 --- a/lib/grape.rb +++ b/lib/grape.rb @@ -5,7 +5,6 @@ require 'rack/builder' require 'rack/accept' require 'rack/auth/basic' -require 'rack/auth/digest/md5' require 'set' require 'bigdecimal' require 'date' diff --git a/lib/grape/middleware/auth/strategies.rb b/lib/grape/middleware/auth/strategies.rb index dc36eea48a..56855263e4 100644 --- a/lib/grape/middleware/auth/strategies.rb +++ b/lib/grape/middleware/auth/strategies.rb @@ -12,8 +12,7 @@ def add(label, strategy, option_fetcher = ->(_) { [] }) def auth_strategies @auth_strategies ||= { - http_basic: StrategyInfo.new(Rack::Auth::Basic, ->(settings) { [settings[:realm]] }), - http_digest: StrategyInfo.new(Rack::Auth::Digest::MD5, ->(settings) { [settings[:realm], settings[:opaque]] }) + http_basic: StrategyInfo.new(Rack::Auth::Basic, ->(settings) { [settings[:realm]] }) } end diff --git a/lib/grape/version.rb b/lib/grape/version.rb index 9b8501a1ed..c6660d510f 100644 --- a/lib/grape/version.rb +++ b/lib/grape/version.rb @@ -2,5 +2,5 @@ module Grape # The current version of Grape. - VERSION = '1.9.0' + VERSION = '2.0.0' end diff --git a/spec/grape/middleware/auth/strategies_spec.rb b/spec/grape/middleware/auth/strategies_spec.rb index 29749c5518..f6996695b8 100644 --- a/spec/grape/middleware/auth/strategies_spec.rb +++ b/spec/grape/middleware/auth/strategies_spec.rb @@ -29,92 +29,4 @@ def app expect(last_response.status).to eq(401) end end - - context 'Digest MD5 Auth' do - RSpec::Matchers.define :be_challenge do - match do |actual_response| - actual_response.status == 401 && - actual_response['WWW-Authenticate'].start_with?('Digest ') && - actual_response.body.empty? - end - end - - module StrategiesSpec - class PasswordHashed < Grape::API - http_digest(realm: { realm: 'Test Api', opaque: 'secret', passwords_hashed: true }) do |username| - { 'foo' => Digest::MD5.hexdigest(['foo', 'Test Api', 'bar'].join(':')) }[username] - end - - get '/test' do - [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }] - end - end - - class PasswordIsNotHashed < Grape::API - http_digest(realm: 'Test Api', opaque: 'secret') do |username| - { 'foo' => 'bar' }[username] - end - - get '/test' do - [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }] - end - end - end - - context 'when password is hashed' do - def app - StrategiesSpec::PasswordHashed - end - - it 'is a digest authentication challenge' do - get '/test' - expect(last_response).to be_challenge - end - - it 'throws a 401 if no auth is given' do - get '/test' - expect(last_response.status).to eq(401) - end - - it 'authenticates if given valid creds' do - digest_authorize 'foo', 'bar' - get '/test' - expect(last_response.status).to eq(200) - end - - it 'throws a 401 if given invalid creds' do - digest_authorize 'bar', 'foo' - get '/test' - expect(last_response.status).to eq(401) - end - end - - context 'when password is not hashed' do - def app - StrategiesSpec::PasswordIsNotHashed - end - - it 'is a digest authentication challenge' do - get '/test' - expect(last_response).to be_challenge - end - - it 'throws a 401 if no auth is given' do - get '/test' - expect(last_response.status).to eq(401) - end - - it 'authenticates if given valid creds' do - digest_authorize 'foo', 'bar' - get '/test' - expect(last_response.status).to eq(200) - end - - it 'throws a 401 if given invalid creds' do - digest_authorize 'bar', 'foo' - get '/test' - expect(last_response.status).to eq(401) - end - end - end end