apipie-bindings 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/doc/release_notes.md +3 -0
- data/lib/apipie_bindings/authenticators/base.rb +7 -0
- data/lib/apipie_bindings/authenticators/negotiate.rb +65 -0
- data/lib/apipie_bindings/authenticators.rb +1 -0
- data/lib/apipie_bindings/exceptions.rb +9 -0
- data/lib/apipie_bindings/version.rb +1 -1
- metadata +18 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e93c13921f92db59b1bd280310cb4ace26fe6767f97671e4c895cbc7acc04c9e
|
|
4
|
+
data.tar.gz: fa4bcb25505765dcf6e8c8664465ba068f82fa3e3709466d25b8a359b66ca75d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0e5ad7af8416017fda3a1d6bca9e95ccfbfacc6a0322c66b640975dcaa2af20dba421ea0d09274b473d101c45bdebf88f02102c828a2db6a5a189800274f3ba
|
|
7
|
+
data.tar.gz: 1caa898dc4998246a0d0843423904f6bc4fb18a230918e841d5f84f560d3c4090ede054ad6c4de4cee4ca44ffdcff74370f95e9356460eaa1c2fb3772e45c666
|
data/doc/release_notes.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
Release notes
|
|
2
2
|
=============
|
|
3
|
+
### 0.5.0 (2022-05-10)
|
|
4
|
+
* Add support for kerberos negotiate auth ([PR #81](https://github.com/Apipie/apipie-bindings/pull/81))
|
|
5
|
+
|
|
3
6
|
### 0.4.0 (2020-05-29)
|
|
4
7
|
* support Ruby 2.7 ([PR #79](https://github.com/Apipie/apipie-bindings/pull/79))
|
|
5
8
|
|
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
module ApipieBindings
|
|
2
2
|
module Authenticators
|
|
3
3
|
class Base
|
|
4
|
+
# In case an authenticator needs to make an authentication call
|
|
5
|
+
# before the original one you might want to set auth_cookie
|
|
6
|
+
# returned by the server to be available for futher processing
|
|
7
|
+
# (e.g. saving the session id) since it may contain session id
|
|
8
|
+
# to use with all the next calls
|
|
9
|
+
attr_reader :auth_cookie
|
|
10
|
+
|
|
4
11
|
def authenticate(request, args)
|
|
5
12
|
end
|
|
6
13
|
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
require 'apipie_bindings/authenticators/base'
|
|
2
|
+
require 'gssapi'
|
|
3
|
+
|
|
4
|
+
module ApipieBindings
|
|
5
|
+
module Authenticators
|
|
6
|
+
# Negotiate authenticator
|
|
7
|
+
# Implements gssapi negotiation with preexisting kerberos ticket
|
|
8
|
+
# Requires a authentication url, the authentication request will be against.
|
|
9
|
+
# This url needs to support auth negotiation and after successful auth it should return 'set-cookie' header with session.
|
|
10
|
+
# This session will be initiated in the auth request and the original request will be made with this cookie.
|
|
11
|
+
# Next requests should be already skip the negotiation, please implement Session support in your client, for not using the negotiation on every request.
|
|
12
|
+
class Negotiate < Base
|
|
13
|
+
|
|
14
|
+
# Creates new authenticator for Negotiate auth
|
|
15
|
+
# @param [String] url to make authentication request to.
|
|
16
|
+
# @param [Hash] auth_request_options passed to RestClient::Request - especially for SSL options
|
|
17
|
+
# see https://github.com/rest-client/rest-client/blob/master/lib/restclient/request.rb.
|
|
18
|
+
# @option service service principal used for gssapi tickets - defaults to HTTP.
|
|
19
|
+
# @option method http method used for the auth request - defaults to 'get'.
|
|
20
|
+
def initialize(authorization_url, auth_request_options = {})
|
|
21
|
+
@authorization_url = authorization_url
|
|
22
|
+
@service = auth_request_options.delete(:service) || 'HTTP'
|
|
23
|
+
auth_request_options[:method] ||= 'get'
|
|
24
|
+
@auth_request_options = auth_request_options
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def error(ex)
|
|
28
|
+
if ex.is_a?(GSSAPI::GssApiError)
|
|
29
|
+
raise ApipieBindings::AuthenticatorError.new(:negotiate, :no_context, ex)
|
|
30
|
+
elsif ex.is_a?(ApipieBindings::ConfigurationError)
|
|
31
|
+
raise ApipieBindings::AuthenticatorError.new(:negotiate, :configuration, ex)
|
|
32
|
+
else
|
|
33
|
+
raise ex
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def authenticate(original_request, args)
|
|
38
|
+
uri = URI.parse(@authorization_url)
|
|
39
|
+
@gsscli = GSSAPI::Simple.new(uri.host, @service)
|
|
40
|
+
|
|
41
|
+
token = @gsscli.init_context
|
|
42
|
+
headers = { 'Authorization' => "Negotiate #{Base64.strict_encode64(token)}" }
|
|
43
|
+
|
|
44
|
+
RestClient::Request.execute(@auth_request_options.merge(headers: headers, url: @authorization_url)) do |response, request, raw_response|
|
|
45
|
+
if response.code == 401
|
|
46
|
+
raise RestClient::Unauthorized.new(response), 'Negotiation authentication did not pass.'
|
|
47
|
+
end
|
|
48
|
+
if response.code == 302 && response.headers[:location].end_with?('/users/login')
|
|
49
|
+
raise ApipieBindings::ConfigurationError, 'Server misconfiguration detected'
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# This part is only for next calls, that could be simplified if all resources are behind negotiate auth
|
|
53
|
+
itok = Array(raw_response['WWW-Authenticate']).pop.split(/\s+/).last
|
|
54
|
+
@gsscli.init_context(Base64.strict_decode64(itok)) # The context should now return true
|
|
55
|
+
|
|
56
|
+
cookie = raw_response['set-cookie'].split('; ')[0]
|
|
57
|
+
@auth_cookie = cookie
|
|
58
|
+
original_request['Cookie'] = cookie
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
original_request
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
@@ -33,4 +33,13 @@ module ApipieBindings
|
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
class AuthenticatorError < StandardError
|
|
37
|
+
attr_reader :type, :cause, :original_error
|
|
38
|
+
|
|
39
|
+
def initialize(type, cause, original_error)
|
|
40
|
+
@type = type
|
|
41
|
+
@cause = cause
|
|
42
|
+
@original_error = original_error
|
|
43
|
+
end
|
|
44
|
+
end
|
|
36
45
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apipie-bindings
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Bačovský
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
@@ -58,6 +58,20 @@ dependencies:
|
|
|
58
58
|
- - ">="
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: '0'
|
|
61
|
+
- !ruby/object:Gem::Dependency
|
|
62
|
+
name: gssapi
|
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '0'
|
|
68
|
+
type: :runtime
|
|
69
|
+
prerelease: false
|
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '0'
|
|
61
75
|
- !ruby/object:Gem::Dependency
|
|
62
76
|
name: rake
|
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -184,6 +198,7 @@ files:
|
|
|
184
198
|
- lib/apipie_bindings/authenticators/base.rb
|
|
185
199
|
- lib/apipie_bindings/authenticators/basic_auth.rb
|
|
186
200
|
- lib/apipie_bindings/authenticators/credentials_legacy.rb
|
|
201
|
+
- lib/apipie_bindings/authenticators/negotiate.rb
|
|
187
202
|
- lib/apipie_bindings/authenticators/oauth.rb
|
|
188
203
|
- lib/apipie_bindings/authenticators/token_auth.rb
|
|
189
204
|
- lib/apipie_bindings/credentials.rb
|
|
@@ -256,8 +271,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
271
|
- !ruby/object:Gem::Version
|
|
257
272
|
version: '0'
|
|
258
273
|
requirements: []
|
|
259
|
-
|
|
260
|
-
rubygems_version: 2.7.6.2
|
|
274
|
+
rubygems_version: 3.1.2
|
|
261
275
|
signing_key:
|
|
262
276
|
specification_version: 4
|
|
263
277
|
summary: The Ruby bindings for Apipie documented APIs
|