angus-authentication 0.0.4 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/angus/authentication/provider.rb +49 -35
- data/lib/angus/authentication/version.rb +1 -1
- metadata +23 -51
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 080062cb636890dfd1eb9f6711775374dcab517e
|
|
4
|
+
data.tar.gz: a8c4d762dff97f53d11e18cf045821e1f0f9ee34
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 2a16551b23b7819e9550938be9b425e2bf486d6420fd816f2d1cbb30304be1ccfe7943821a41dc6864afccf76adfff5643d85747b4cf62cb357e8e66ba1c821c
|
|
7
|
+
data.tar.gz: 8d39de5c20d58c842a3f88adb47729b3b6cc129a62279d11a76e8f24cb5b0e5ef994cd52d04178b23ab1c5ae6bf49acea123df43242564392c3ac52e08baf505
|
|
@@ -9,21 +9,23 @@ module Angus
|
|
|
9
9
|
|
|
10
10
|
class Provider
|
|
11
11
|
|
|
12
|
-
DEFAULT_ID_TTL
|
|
13
|
-
DEFAULT_SESSION_TTL
|
|
14
|
-
DEFAULT_PRIVATE_KEY
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
12
|
+
DEFAULT_ID_TTL = 60 * 60
|
|
13
|
+
DEFAULT_SESSION_TTL = 60 * 60
|
|
14
|
+
DEFAULT_PRIVATE_KEY = 'change_me'
|
|
15
|
+
DEFAULT_USE_SESSION = false
|
|
16
|
+
|
|
17
|
+
AUTHENTICATION_HEADER = 'HTTP_AUTHORIZATION'
|
|
18
|
+
BAAS_AUTHENTICATION_HEADER = 'HTTP_X_BAAS_AUTH'
|
|
19
|
+
BAAS_SESSION_HEADER = 'X-Baas-Session-Seed'
|
|
20
|
+
DATE_HEADER = 'HTTP_DATE'
|
|
21
|
+
REQUEST_HEADER = 'REQUEST_METHOD'
|
|
22
|
+
PATH_HEADER = 'PATH_INFO'
|
|
22
23
|
|
|
23
24
|
def initialize(settings, env)
|
|
24
25
|
@session_id_ttl = settings[:session_id_ttl] || DEFAULT_ID_TTL
|
|
25
26
|
@session_ttl = settings[:session_ttl] || DEFAULT_SESSION_TTL
|
|
26
27
|
@private_key = settings[:private_key] || DEFAULT_PRIVATE_KEY
|
|
28
|
+
@use_session = settings[:use_session]
|
|
27
29
|
@authenticator = settings[:authenticator] || DefaultAuthenticator.new(@private_key)
|
|
28
30
|
@store = RedisStore.new(settings[:store] || {})
|
|
29
31
|
@excluded_regexps = settings[:excluded_regexps] || []
|
|
@@ -33,7 +35,7 @@ module Angus
|
|
|
33
35
|
def authenticate!
|
|
34
36
|
return unless should_authenticate?
|
|
35
37
|
|
|
36
|
-
if has_session?
|
|
38
|
+
if has_session? && use_session?
|
|
37
39
|
authenticate_session
|
|
38
40
|
else
|
|
39
41
|
start_session
|
|
@@ -41,17 +43,19 @@ module Angus
|
|
|
41
43
|
end
|
|
42
44
|
|
|
43
45
|
def update_response_header(response)
|
|
44
|
-
return unless should_authenticate?
|
|
46
|
+
return unless use_session? && should_authenticate?
|
|
45
47
|
|
|
46
48
|
headers = response[1]
|
|
47
49
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
headers[BAAS_SESSION_HEADER] = session_data['key_seed']
|
|
50
|
+
headers[BAAS_SESSION_HEADER] = get_session_data['key_seed']
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
private
|
|
54
54
|
|
|
55
|
+
def use_session?
|
|
56
|
+
@use_session || DEFAULT_USE_SESSION
|
|
57
|
+
end
|
|
58
|
+
|
|
55
59
|
def should_authenticate?
|
|
56
60
|
return true if @excluded_regexps.empty?
|
|
57
61
|
|
|
@@ -67,12 +71,7 @@ module Angus
|
|
|
67
71
|
end
|
|
68
72
|
|
|
69
73
|
def start_session
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
private_session_key, private_session_key_seed = @authenticator.call(session_id, auth_data,
|
|
73
|
-
auth_token)
|
|
74
|
-
|
|
75
|
-
raise InvalidAuthorizationData unless private_session_key
|
|
74
|
+
private_session_key, private_session_key_seed = get_session_credentials
|
|
76
75
|
|
|
77
76
|
session_data = {
|
|
78
77
|
'private_key' => private_session_key,
|
|
@@ -80,26 +79,45 @@ module Angus
|
|
|
80
79
|
'created_at' => Time.now.iso8601
|
|
81
80
|
}
|
|
82
81
|
|
|
83
|
-
|
|
82
|
+
set_session_data(session_data)
|
|
84
83
|
end
|
|
85
84
|
|
|
86
85
|
def authenticate_session
|
|
87
|
-
raise MissingAuthorizationData unless session_data_present?
|
|
86
|
+
raise MissingAuthorizationData unless session_data_present? || authorization_data_present?
|
|
88
87
|
|
|
89
88
|
if session_expired? && authorization_data_present?
|
|
90
|
-
start_session
|
|
89
|
+
start_session
|
|
91
90
|
elsif session_expired?
|
|
92
91
|
raise AuthorizationTimeout
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
if authenticate_session_token(session_data['private_key'])
|
|
92
|
+
elsif !valid_session_token? && authorization_data_present?
|
|
93
|
+
start_session
|
|
94
|
+
elsif !valid_session_token?
|
|
97
95
|
raise InvalidAuthorizationData
|
|
98
96
|
end
|
|
99
97
|
end
|
|
100
98
|
|
|
101
|
-
def
|
|
102
|
-
|
|
99
|
+
def get_session_credentials
|
|
100
|
+
raise MissingAuthorizationData unless authorization_data_present?
|
|
101
|
+
|
|
102
|
+
private_session_key, private_session_key_seed = @authenticator.call(session_id, auth_data,
|
|
103
|
+
auth_token)
|
|
104
|
+
|
|
105
|
+
raise InvalidAuthorizationData unless private_session_key
|
|
106
|
+
|
|
107
|
+
return private_session_key, private_session_key_seed
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def set_session_data(session_data)
|
|
111
|
+
@store.save_session_data(session_id, session_data, @session_id_ttl + @session_ttl)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
def valid_session_token?
|
|
115
|
+
private_key = get_session_data['private_key']
|
|
116
|
+
Digest::SHA1.hexdigest("#{private_key}\n#{auth_data}") == session_auth_token
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
def get_session_data
|
|
120
|
+
@store.get_session_data(session_id)
|
|
103
121
|
end
|
|
104
122
|
|
|
105
123
|
def authorization_data_present?
|
|
@@ -113,13 +131,9 @@ module Angus
|
|
|
113
131
|
end
|
|
114
132
|
|
|
115
133
|
def session_expired?
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
created_at = Time.iso8601(session_data['created_at'])
|
|
134
|
+
created_at = Time.iso8601(get_session_data['created_at'])
|
|
119
135
|
|
|
120
136
|
(created_at + @session_ttl) < Time.now
|
|
121
|
-
rescue Exception
|
|
122
|
-
true
|
|
123
137
|
end
|
|
124
138
|
|
|
125
139
|
def auth_data
|
metadata
CHANGED
|
@@ -1,20 +1,18 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: angus-authentication
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 0.0.6
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
8
7
|
- Adrian Gomez
|
|
9
8
|
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date:
|
|
11
|
+
date: 2014-04-21 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: rack
|
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
-
none: false
|
|
18
16
|
requirements:
|
|
19
17
|
- - ~>
|
|
20
18
|
- !ruby/object:Gem::Version
|
|
@@ -22,7 +20,6 @@ dependencies:
|
|
|
22
20
|
type: :runtime
|
|
23
21
|
prerelease: false
|
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
-
none: false
|
|
26
23
|
requirements:
|
|
27
24
|
- - ~>
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
@@ -30,23 +27,20 @@ dependencies:
|
|
|
30
27
|
- !ruby/object:Gem::Dependency
|
|
31
28
|
name: redis
|
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
-
none: false
|
|
34
30
|
requirements:
|
|
35
|
-
- -
|
|
31
|
+
- - '>='
|
|
36
32
|
- !ruby/object:Gem::Version
|
|
37
33
|
version: '0'
|
|
38
34
|
type: :runtime
|
|
39
35
|
prerelease: false
|
|
40
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
-
none: false
|
|
42
37
|
requirements:
|
|
43
|
-
- -
|
|
38
|
+
- - '>='
|
|
44
39
|
- !ruby/object:Gem::Version
|
|
45
40
|
version: '0'
|
|
46
41
|
- !ruby/object:Gem::Dependency
|
|
47
42
|
name: bcrypt-ruby
|
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
-
none: false
|
|
50
44
|
requirements:
|
|
51
45
|
- - ~>
|
|
52
46
|
- !ruby/object:Gem::Version
|
|
@@ -54,7 +48,6 @@ dependencies:
|
|
|
54
48
|
type: :runtime
|
|
55
49
|
prerelease: false
|
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
-
none: false
|
|
58
51
|
requirements:
|
|
59
52
|
- - ~>
|
|
60
53
|
- !ruby/object:Gem::Version
|
|
@@ -62,7 +55,6 @@ dependencies:
|
|
|
62
55
|
- !ruby/object:Gem::Dependency
|
|
63
56
|
name: connection_pool
|
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
|
65
|
-
none: false
|
|
66
58
|
requirements:
|
|
67
59
|
- - ~>
|
|
68
60
|
- !ruby/object:Gem::Version
|
|
@@ -70,7 +62,6 @@ dependencies:
|
|
|
70
62
|
type: :runtime
|
|
71
63
|
prerelease: false
|
|
72
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
-
none: false
|
|
74
65
|
requirements:
|
|
75
66
|
- - ~>
|
|
76
67
|
- !ruby/object:Gem::Version
|
|
@@ -78,7 +69,6 @@ dependencies:
|
|
|
78
69
|
- !ruby/object:Gem::Dependency
|
|
79
70
|
name: rake
|
|
80
71
|
requirement: !ruby/object:Gem::Requirement
|
|
81
|
-
none: false
|
|
82
72
|
requirements:
|
|
83
73
|
- - ~>
|
|
84
74
|
- !ruby/object:Gem::Version
|
|
@@ -86,7 +76,6 @@ dependencies:
|
|
|
86
76
|
type: :development
|
|
87
77
|
prerelease: false
|
|
88
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
-
none: false
|
|
90
79
|
requirements:
|
|
91
80
|
- - ~>
|
|
92
81
|
- !ruby/object:Gem::Version
|
|
@@ -94,7 +83,6 @@ dependencies:
|
|
|
94
83
|
- !ruby/object:Gem::Dependency
|
|
95
84
|
name: rspec
|
|
96
85
|
requirement: !ruby/object:Gem::Requirement
|
|
97
|
-
none: false
|
|
98
86
|
requirements:
|
|
99
87
|
- - ~>
|
|
100
88
|
- !ruby/object:Gem::Version
|
|
@@ -102,7 +90,6 @@ dependencies:
|
|
|
102
90
|
type: :development
|
|
103
91
|
prerelease: false
|
|
104
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
-
none: false
|
|
106
93
|
requirements:
|
|
107
94
|
- - ~>
|
|
108
95
|
- !ruby/object:Gem::Version
|
|
@@ -110,7 +97,6 @@ dependencies:
|
|
|
110
97
|
- !ruby/object:Gem::Dependency
|
|
111
98
|
name: rack-test
|
|
112
99
|
requirement: !ruby/object:Gem::Requirement
|
|
113
|
-
none: false
|
|
114
100
|
requirements:
|
|
115
101
|
- - ~>
|
|
116
102
|
- !ruby/object:Gem::Version
|
|
@@ -118,7 +104,6 @@ dependencies:
|
|
|
118
104
|
type: :development
|
|
119
105
|
prerelease: false
|
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
-
none: false
|
|
122
107
|
requirements:
|
|
123
108
|
- - ~>
|
|
124
109
|
- !ruby/object:Gem::Version
|
|
@@ -126,39 +111,34 @@ dependencies:
|
|
|
126
111
|
- !ruby/object:Gem::Dependency
|
|
127
112
|
name: mock_redis
|
|
128
113
|
requirement: !ruby/object:Gem::Requirement
|
|
129
|
-
none: false
|
|
130
114
|
requirements:
|
|
131
|
-
- -
|
|
115
|
+
- - '>='
|
|
132
116
|
- !ruby/object:Gem::Version
|
|
133
117
|
version: '0'
|
|
134
118
|
type: :development
|
|
135
119
|
prerelease: false
|
|
136
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
137
|
-
none: false
|
|
138
121
|
requirements:
|
|
139
|
-
- -
|
|
122
|
+
- - '>='
|
|
140
123
|
- !ruby/object:Gem::Version
|
|
141
124
|
version: '0'
|
|
142
125
|
- !ruby/object:Gem::Dependency
|
|
143
126
|
name: timecop
|
|
144
127
|
requirement: !ruby/object:Gem::Requirement
|
|
145
|
-
none: false
|
|
146
128
|
requirements:
|
|
147
|
-
- -
|
|
129
|
+
- - '>='
|
|
148
130
|
- !ruby/object:Gem::Version
|
|
149
131
|
version: '0'
|
|
150
132
|
type: :development
|
|
151
133
|
prerelease: false
|
|
152
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
153
|
-
none: false
|
|
154
135
|
requirements:
|
|
155
|
-
- -
|
|
136
|
+
- - '>='
|
|
156
137
|
- !ruby/object:Gem::Version
|
|
157
138
|
version: '0'
|
|
158
139
|
- !ruby/object:Gem::Dependency
|
|
159
140
|
name: simplecov
|
|
160
141
|
requirement: !ruby/object:Gem::Requirement
|
|
161
|
-
none: false
|
|
162
142
|
requirements:
|
|
163
143
|
- - ~>
|
|
164
144
|
- !ruby/object:Gem::Version
|
|
@@ -166,7 +146,6 @@ dependencies:
|
|
|
166
146
|
type: :development
|
|
167
147
|
prerelease: false
|
|
168
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
169
|
-
none: false
|
|
170
149
|
requirements:
|
|
171
150
|
- - ~>
|
|
172
151
|
- !ruby/object:Gem::Version
|
|
@@ -174,49 +153,43 @@ dependencies:
|
|
|
174
153
|
- !ruby/object:Gem::Dependency
|
|
175
154
|
name: simplecov-rcov
|
|
176
155
|
requirement: !ruby/object:Gem::Requirement
|
|
177
|
-
none: false
|
|
178
156
|
requirements:
|
|
179
|
-
- -
|
|
157
|
+
- - '>='
|
|
180
158
|
- !ruby/object:Gem::Version
|
|
181
159
|
version: '0'
|
|
182
160
|
type: :development
|
|
183
161
|
prerelease: false
|
|
184
162
|
version_requirements: !ruby/object:Gem::Requirement
|
|
185
|
-
none: false
|
|
186
163
|
requirements:
|
|
187
|
-
- -
|
|
164
|
+
- - '>='
|
|
188
165
|
- !ruby/object:Gem::Version
|
|
189
166
|
version: '0'
|
|
190
167
|
- !ruby/object:Gem::Dependency
|
|
191
168
|
name: simplecov-rcov-text
|
|
192
169
|
requirement: !ruby/object:Gem::Requirement
|
|
193
|
-
none: false
|
|
194
170
|
requirements:
|
|
195
|
-
- -
|
|
171
|
+
- - '>='
|
|
196
172
|
- !ruby/object:Gem::Version
|
|
197
173
|
version: '0'
|
|
198
174
|
type: :development
|
|
199
175
|
prerelease: false
|
|
200
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
201
|
-
none: false
|
|
202
177
|
requirements:
|
|
203
|
-
- -
|
|
178
|
+
- - '>='
|
|
204
179
|
- !ruby/object:Gem::Version
|
|
205
180
|
version: '0'
|
|
206
181
|
- !ruby/object:Gem::Dependency
|
|
207
182
|
name: ci_reporter
|
|
208
183
|
requirement: !ruby/object:Gem::Requirement
|
|
209
|
-
none: false
|
|
210
184
|
requirements:
|
|
211
|
-
- -
|
|
185
|
+
- - '>='
|
|
212
186
|
- !ruby/object:Gem::Version
|
|
213
187
|
version: '0'
|
|
214
188
|
type: :development
|
|
215
189
|
prerelease: false
|
|
216
190
|
version_requirements: !ruby/object:Gem::Requirement
|
|
217
|
-
none: false
|
|
218
191
|
requirements:
|
|
219
|
-
- -
|
|
192
|
+
- - '>='
|
|
220
193
|
- !ruby/object:Gem::Version
|
|
221
194
|
version: '0'
|
|
222
195
|
description:
|
|
@@ -226,36 +199,35 @@ executables: []
|
|
|
226
199
|
extensions: []
|
|
227
200
|
extra_rdoc_files: []
|
|
228
201
|
files:
|
|
202
|
+
- lib/angus-authentication.rb
|
|
229
203
|
- lib/angus/authentication/default_authenticator.rb
|
|
230
|
-
- lib/angus/authentication/version.rb
|
|
231
204
|
- lib/angus/authentication/exceptions.rb
|
|
232
|
-
- lib/angus/authentication/redis_store.rb
|
|
233
205
|
- lib/angus/authentication/provider.rb
|
|
234
|
-
- lib/angus
|
|
206
|
+
- lib/angus/authentication/redis_store.rb
|
|
207
|
+
- lib/angus/authentication/version.rb
|
|
235
208
|
- lib/rack/middleware/angus_authentication.rb
|
|
236
|
-
homepage:
|
|
209
|
+
homepage: https://github.com/Moove-it/angus-authentication
|
|
237
210
|
licenses:
|
|
238
211
|
- MIT
|
|
212
|
+
metadata: {}
|
|
239
213
|
post_install_message:
|
|
240
214
|
rdoc_options: []
|
|
241
215
|
require_paths:
|
|
242
216
|
- lib
|
|
243
217
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
244
|
-
none: false
|
|
245
218
|
requirements:
|
|
246
|
-
- -
|
|
219
|
+
- - '>='
|
|
247
220
|
- !ruby/object:Gem::Version
|
|
248
221
|
version: '0'
|
|
249
222
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
250
|
-
none: false
|
|
251
223
|
requirements:
|
|
252
|
-
- -
|
|
224
|
+
- - '>='
|
|
253
225
|
- !ruby/object:Gem::Version
|
|
254
226
|
version: '0'
|
|
255
227
|
requirements: []
|
|
256
228
|
rubyforge_project:
|
|
257
|
-
rubygems_version:
|
|
229
|
+
rubygems_version: 2.2.1
|
|
258
230
|
signing_key:
|
|
259
|
-
specification_version:
|
|
231
|
+
specification_version: 4
|
|
260
232
|
summary: Offers authentication for rack applications.
|
|
261
233
|
test_files: []
|