apipie-bindings 0.4.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/doc/release_notes.md +6 -0
- data/lib/apipie_bindings/authenticators/base.rb +7 -0
- data/lib/apipie_bindings/authenticators/basic_auth_external.rb +31 -0
- data/lib/apipie_bindings/authenticators/negotiate.rb +65 -0
- data/lib/apipie_bindings/authenticators.rb +2 -0
- data/lib/apipie_bindings/exceptions.rb +9 -0
- data/lib/apipie_bindings/version.rb +1 -1
- metadata +19 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a72210de6a88e0e439158f565d71b121f2f375d730924256318ebd0ae53c7f7
|
|
4
|
+
data.tar.gz: 8aeb8cc14f9901452ab26a408a4db348fa7babeb874eab5b097e3811d1341245
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 31c03299a7adbc40fb3f3678160a0b132993ff065c111de6d38f8d2e22013b0ca1700ca72127098f14691c19848cc35ef9057c2024021090d8a7c6e19c7033ea
|
|
7
|
+
data.tar.gz: 9b729a79631b955e8d99fb2d1e1c3546add63fa582d436cd059884c8b1f7a46b08f6cb3bf333e16ad4d05ee839b1f6efb51e068b324a1f1eb10dc48448c3cf3b
|
data/doc/release_notes.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
Release notes
|
|
2
2
|
=============
|
|
3
|
+
### 0.6.0 (2023-02-10)
|
|
4
|
+
* Add basic auth external ([PR #82](https://github.com/Apipie/apipie-bindings/pull/82))
|
|
5
|
+
|
|
6
|
+
### 0.5.0 (2022-05-10)
|
|
7
|
+
* Add support for kerberos negotiate auth ([PR #81](https://github.com/Apipie/apipie-bindings/pull/81))
|
|
8
|
+
|
|
3
9
|
### 0.4.0 (2020-05-29)
|
|
4
10
|
* support Ruby 2.7 ([PR #79](https://github.com/Apipie/apipie-bindings/pull/79))
|
|
5
11
|
|
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
module ApipieBindings
|
|
2
2
|
module Authenticators
|
|
3
3
|
class Base
|
|
4
|
+
# In case an authenticator needs to make an authentication call
|
|
5
|
+
# before the original one you might want to set auth_cookie
|
|
6
|
+
# returned by the server to be available for futher processing
|
|
7
|
+
# (e.g. saving the session id) since it may contain session id
|
|
8
|
+
# to use with all the next calls
|
|
9
|
+
attr_reader :auth_cookie
|
|
10
|
+
|
|
4
11
|
def authenticate(request, args)
|
|
5
12
|
end
|
|
6
13
|
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require 'apipie_bindings/authenticators/basic_auth'
|
|
2
|
+
|
|
3
|
+
module ApipieBindings
|
|
4
|
+
module Authenticators
|
|
5
|
+
class BasicAuthExternal < BasicAuth
|
|
6
|
+
def initialize(user, password, authentication_url, auth_request_options = {})
|
|
7
|
+
super(user, password)
|
|
8
|
+
@authentication_url = authentication_url
|
|
9
|
+
@auth_request_options = auth_request_options
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authenticate(original_request, _args)
|
|
13
|
+
request = RestClient::Resource.new(
|
|
14
|
+
@authentication_url,
|
|
15
|
+
@auth_request_options.merge({ user: @user, password: @password })
|
|
16
|
+
)
|
|
17
|
+
request.get do |response, _, raw_response|
|
|
18
|
+
if response.code == 401
|
|
19
|
+
raise RestClient::Unauthorized.new(response), 'External authentication did not pass.'
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
cookie = raw_response['set-cookie'].split('; ')[0]
|
|
23
|
+
@auth_cookie = cookie
|
|
24
|
+
original_request['Cookie'] = cookie
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
original_request
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
require 'apipie_bindings/authenticators/base'
|
|
2
|
+
require 'gssapi'
|
|
3
|
+
|
|
4
|
+
module ApipieBindings
|
|
5
|
+
module Authenticators
|
|
6
|
+
# Negotiate authenticator
|
|
7
|
+
# Implements gssapi negotiation with preexisting kerberos ticket
|
|
8
|
+
# Requires a authentication url, the authentication request will be against.
|
|
9
|
+
# This url needs to support auth negotiation and after successful auth it should return 'set-cookie' header with session.
|
|
10
|
+
# This session will be initiated in the auth request and the original request will be made with this cookie.
|
|
11
|
+
# Next requests should be already skip the negotiation, please implement Session support in your client, for not using the negotiation on every request.
|
|
12
|
+
class Negotiate < Base
|
|
13
|
+
|
|
14
|
+
# Creates new authenticator for Negotiate auth
|
|
15
|
+
# @param [String] url to make authentication request to.
|
|
16
|
+
# @param [Hash] auth_request_options passed to RestClient::Request - especially for SSL options
|
|
17
|
+
# see https://github.com/rest-client/rest-client/blob/master/lib/restclient/request.rb.
|
|
18
|
+
# @option service service principal used for gssapi tickets - defaults to HTTP.
|
|
19
|
+
# @option method http method used for the auth request - defaults to 'get'.
|
|
20
|
+
def initialize(authorization_url, auth_request_options = {})
|
|
21
|
+
@authorization_url = authorization_url
|
|
22
|
+
@service = auth_request_options.delete(:service) || 'HTTP'
|
|
23
|
+
auth_request_options[:method] ||= 'get'
|
|
24
|
+
@auth_request_options = auth_request_options
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def error(ex)
|
|
28
|
+
if ex.is_a?(GSSAPI::GssApiError)
|
|
29
|
+
raise ApipieBindings::AuthenticatorError.new(:negotiate, :no_context, ex)
|
|
30
|
+
elsif ex.is_a?(ApipieBindings::ConfigurationError)
|
|
31
|
+
raise ApipieBindings::AuthenticatorError.new(:negotiate, :configuration, ex)
|
|
32
|
+
else
|
|
33
|
+
raise ex
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def authenticate(original_request, args)
|
|
38
|
+
uri = URI.parse(@authorization_url)
|
|
39
|
+
@gsscli = GSSAPI::Simple.new(uri.host, @service)
|
|
40
|
+
|
|
41
|
+
token = @gsscli.init_context
|
|
42
|
+
headers = { 'Authorization' => "Negotiate #{Base64.strict_encode64(token)}" }
|
|
43
|
+
|
|
44
|
+
RestClient::Request.execute(@auth_request_options.merge(headers: headers, url: @authorization_url)) do |response, request, raw_response|
|
|
45
|
+
if response.code == 401
|
|
46
|
+
raise RestClient::Unauthorized.new(response), 'Negotiation authentication did not pass.'
|
|
47
|
+
end
|
|
48
|
+
if response.code == 302 && response.headers[:location].end_with?('/users/login')
|
|
49
|
+
raise ApipieBindings::ConfigurationError, 'Server misconfiguration detected'
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# This part is only for next calls, that could be simplified if all resources are behind negotiate auth
|
|
53
|
+
itok = Array(raw_response['WWW-Authenticate']).pop.split(/\s+/).last
|
|
54
|
+
@gsscli.init_context(Base64.strict_decode64(itok)) # The context should now return true
|
|
55
|
+
|
|
56
|
+
cookie = raw_response['set-cookie'].split('; ')[0]
|
|
57
|
+
@auth_cookie = cookie
|
|
58
|
+
original_request['Cookie'] = cookie
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
original_request
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
require 'apipie_bindings/authenticators/basic_auth'
|
|
2
|
+
require 'apipie_bindings/authenticators/basic_auth_external'
|
|
2
3
|
require 'apipie_bindings/authenticators/credentials_legacy'
|
|
3
4
|
require 'apipie_bindings/authenticators/oauth'
|
|
5
|
+
require 'apipie_bindings/authenticators/negotiate'
|
|
4
6
|
require 'apipie_bindings/authenticators/token_auth'
|
|
@@ -33,4 +33,13 @@ module ApipieBindings
|
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
class AuthenticatorError < StandardError
|
|
37
|
+
attr_reader :type, :cause, :original_error
|
|
38
|
+
|
|
39
|
+
def initialize(type, cause, original_error)
|
|
40
|
+
@type = type
|
|
41
|
+
@cause = cause
|
|
42
|
+
@original_error = original_error
|
|
43
|
+
end
|
|
44
|
+
end
|
|
36
45
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apipie-bindings
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Bačovský
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-02-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
@@ -58,6 +58,20 @@ dependencies:
|
|
|
58
58
|
- - ">="
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: '0'
|
|
61
|
+
- !ruby/object:Gem::Dependency
|
|
62
|
+
name: gssapi
|
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '0'
|
|
68
|
+
type: :runtime
|
|
69
|
+
prerelease: false
|
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '0'
|
|
61
75
|
- !ruby/object:Gem::Dependency
|
|
62
76
|
name: rake
|
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -183,7 +197,9 @@ files:
|
|
|
183
197
|
- lib/apipie_bindings/authenticators.rb
|
|
184
198
|
- lib/apipie_bindings/authenticators/base.rb
|
|
185
199
|
- lib/apipie_bindings/authenticators/basic_auth.rb
|
|
200
|
+
- lib/apipie_bindings/authenticators/basic_auth_external.rb
|
|
186
201
|
- lib/apipie_bindings/authenticators/credentials_legacy.rb
|
|
202
|
+
- lib/apipie_bindings/authenticators/negotiate.rb
|
|
187
203
|
- lib/apipie_bindings/authenticators/oauth.rb
|
|
188
204
|
- lib/apipie_bindings/authenticators/token_auth.rb
|
|
189
205
|
- lib/apipie_bindings/credentials.rb
|
|
@@ -256,8 +272,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
272
|
- !ruby/object:Gem::Version
|
|
257
273
|
version: '0'
|
|
258
274
|
requirements: []
|
|
259
|
-
|
|
260
|
-
rubygems_version: 2.7.6.2
|
|
275
|
+
rubygems_version: 3.1.6
|
|
261
276
|
signing_key:
|
|
262
277
|
specification_version: 4
|
|
263
278
|
summary: The Ruby bindings for Apipie documented APIs
|