apipie-bindings 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/doc/release_notes.md +3 -0
- data/lib/apipie_bindings/authenticators/base.rb +7 -0
- data/lib/apipie_bindings/authenticators/negotiate.rb +65 -0
- data/lib/apipie_bindings/authenticators.rb +1 -0
- data/lib/apipie_bindings/exceptions.rb +9 -0
- data/lib/apipie_bindings/version.rb +1 -1
- metadata +18 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e93c13921f92db59b1bd280310cb4ace26fe6767f97671e4c895cbc7acc04c9e
|
4
|
+
data.tar.gz: fa4bcb25505765dcf6e8c8664465ba068f82fa3e3709466d25b8a359b66ca75d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f0e5ad7af8416017fda3a1d6bca9e95ccfbfacc6a0322c66b640975dcaa2af20dba421ea0d09274b473d101c45bdebf88f02102c828a2db6a5a189800274f3ba
|
7
|
+
data.tar.gz: 1caa898dc4998246a0d0843423904f6bc4fb18a230918e841d5f84f560d3c4090ede054ad6c4de4cee4ca44ffdcff74370f95e9356460eaa1c2fb3772e45c666
|
data/doc/release_notes.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
Release notes
|
2
2
|
=============
|
3
|
+
### 0.5.0 (2022-05-10)
|
4
|
+
* Add support for kerberos negotiate auth ([PR #81](https://github.com/Apipie/apipie-bindings/pull/81))
|
5
|
+
|
3
6
|
### 0.4.0 (2020-05-29)
|
4
7
|
* support Ruby 2.7 ([PR #79](https://github.com/Apipie/apipie-bindings/pull/79))
|
5
8
|
|
@@ -1,6 +1,13 @@
|
|
1
1
|
module ApipieBindings
|
2
2
|
module Authenticators
|
3
3
|
class Base
|
4
|
+
# In case an authenticator needs to make an authentication call
|
5
|
+
# before the original one you might want to set auth_cookie
|
6
|
+
# returned by the server to be available for futher processing
|
7
|
+
# (e.g. saving the session id) since it may contain session id
|
8
|
+
# to use with all the next calls
|
9
|
+
attr_reader :auth_cookie
|
10
|
+
|
4
11
|
def authenticate(request, args)
|
5
12
|
end
|
6
13
|
|
@@ -0,0 +1,65 @@
|
|
1
|
+
require 'apipie_bindings/authenticators/base'
|
2
|
+
require 'gssapi'
|
3
|
+
|
4
|
+
module ApipieBindings
|
5
|
+
module Authenticators
|
6
|
+
# Negotiate authenticator
|
7
|
+
# Implements gssapi negotiation with preexisting kerberos ticket
|
8
|
+
# Requires a authentication url, the authentication request will be against.
|
9
|
+
# This url needs to support auth negotiation and after successful auth it should return 'set-cookie' header with session.
|
10
|
+
# This session will be initiated in the auth request and the original request will be made with this cookie.
|
11
|
+
# Next requests should be already skip the negotiation, please implement Session support in your client, for not using the negotiation on every request.
|
12
|
+
class Negotiate < Base
|
13
|
+
|
14
|
+
# Creates new authenticator for Negotiate auth
|
15
|
+
# @param [String] url to make authentication request to.
|
16
|
+
# @param [Hash] auth_request_options passed to RestClient::Request - especially for SSL options
|
17
|
+
# see https://github.com/rest-client/rest-client/blob/master/lib/restclient/request.rb.
|
18
|
+
# @option service service principal used for gssapi tickets - defaults to HTTP.
|
19
|
+
# @option method http method used for the auth request - defaults to 'get'.
|
20
|
+
def initialize(authorization_url, auth_request_options = {})
|
21
|
+
@authorization_url = authorization_url
|
22
|
+
@service = auth_request_options.delete(:service) || 'HTTP'
|
23
|
+
auth_request_options[:method] ||= 'get'
|
24
|
+
@auth_request_options = auth_request_options
|
25
|
+
end
|
26
|
+
|
27
|
+
def error(ex)
|
28
|
+
if ex.is_a?(GSSAPI::GssApiError)
|
29
|
+
raise ApipieBindings::AuthenticatorError.new(:negotiate, :no_context, ex)
|
30
|
+
elsif ex.is_a?(ApipieBindings::ConfigurationError)
|
31
|
+
raise ApipieBindings::AuthenticatorError.new(:negotiate, :configuration, ex)
|
32
|
+
else
|
33
|
+
raise ex
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def authenticate(original_request, args)
|
38
|
+
uri = URI.parse(@authorization_url)
|
39
|
+
@gsscli = GSSAPI::Simple.new(uri.host, @service)
|
40
|
+
|
41
|
+
token = @gsscli.init_context
|
42
|
+
headers = { 'Authorization' => "Negotiate #{Base64.strict_encode64(token)}" }
|
43
|
+
|
44
|
+
RestClient::Request.execute(@auth_request_options.merge(headers: headers, url: @authorization_url)) do |response, request, raw_response|
|
45
|
+
if response.code == 401
|
46
|
+
raise RestClient::Unauthorized.new(response), 'Negotiation authentication did not pass.'
|
47
|
+
end
|
48
|
+
if response.code == 302 && response.headers[:location].end_with?('/users/login')
|
49
|
+
raise ApipieBindings::ConfigurationError, 'Server misconfiguration detected'
|
50
|
+
end
|
51
|
+
|
52
|
+
# This part is only for next calls, that could be simplified if all resources are behind negotiate auth
|
53
|
+
itok = Array(raw_response['WWW-Authenticate']).pop.split(/\s+/).last
|
54
|
+
@gsscli.init_context(Base64.strict_decode64(itok)) # The context should now return true
|
55
|
+
|
56
|
+
cookie = raw_response['set-cookie'].split('; ')[0]
|
57
|
+
@auth_cookie = cookie
|
58
|
+
original_request['Cookie'] = cookie
|
59
|
+
end
|
60
|
+
|
61
|
+
original_request
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -33,4 +33,13 @@ module ApipieBindings
|
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
|
+
class AuthenticatorError < StandardError
|
37
|
+
attr_reader :type, :cause, :original_error
|
38
|
+
|
39
|
+
def initialize(type, cause, original_error)
|
40
|
+
@type = type
|
41
|
+
@cause = cause
|
42
|
+
@original_error = original_error
|
43
|
+
end
|
44
|
+
end
|
36
45
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apipie-bindings
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Martin Bačovský
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|
@@ -58,6 +58,20 @@ dependencies:
|
|
58
58
|
- - ">="
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: '0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: gssapi
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ">="
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :runtime
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
61
75
|
- !ruby/object:Gem::Dependency
|
62
76
|
name: rake
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -184,6 +198,7 @@ files:
|
|
184
198
|
- lib/apipie_bindings/authenticators/base.rb
|
185
199
|
- lib/apipie_bindings/authenticators/basic_auth.rb
|
186
200
|
- lib/apipie_bindings/authenticators/credentials_legacy.rb
|
201
|
+
- lib/apipie_bindings/authenticators/negotiate.rb
|
187
202
|
- lib/apipie_bindings/authenticators/oauth.rb
|
188
203
|
- lib/apipie_bindings/authenticators/token_auth.rb
|
189
204
|
- lib/apipie_bindings/credentials.rb
|
@@ -256,8 +271,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
256
271
|
- !ruby/object:Gem::Version
|
257
272
|
version: '0'
|
258
273
|
requirements: []
|
259
|
-
|
260
|
-
rubygems_version: 2.7.6.2
|
274
|
+
rubygems_version: 3.1.2
|
261
275
|
signing_key:
|
262
276
|
specification_version: 4
|
263
277
|
summary: The Ruby bindings for Apipie documented APIs
|