arcadex 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/Rakefile +34 -0
- data/app/assets/javascripts/arcadex/application.js +13 -0
- data/app/assets/stylesheets/arcadex/application.css +13 -0
- data/app/controllers/arcadex/application_controller.rb +4 -0
- data/app/helpers/arcadex/application_helper.rb +4 -0
- data/app/models/arcadex/token.rb +17 -0
- data/app/views/layouts/arcadex/application.html.erb +14 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20140806194834_create_arcadex_tokens.rb +11 -0
- data/db/migrate/20140806202340_add_index_to_token.rb +5 -0
- data/lib/arcadex.rb +168 -0
- data/lib/arcadex/engine.rb +5 -0
- data/lib/arcadex/version.rb +3 -0
- data/lib/tasks/arcadex_tasks.rake +4 -0
- data/test/arcadex_test.rb +7 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/controllers/application_controller.rb +5 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +4 -0
- data/test/dummy/bin/rake +4 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +23 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +29 -0
- data/test/dummy/config/environments/production.rb +80 -0
- data/test/dummy/config/environments/test.rb +36 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +12 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +4 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/schema.rb +26 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +16 -0
- data/test/dummy/log/test.log +22 -0
- data/test/dummy/public/404.html +58 -0
- data/test/dummy/public/422.html +58 -0
- data/test/dummy/public/500.html +57 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/fixtures/arcadex/tokens.yml +11 -0
- data/test/integration/navigation_test.rb +10 -0
- data/test/models/arcadex/token_test.rb +9 -0
- data/test/test_helper.rb +15 -0
- metadata +185 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 76d7606a57e1a5ec7c7cb64b8dde2bba67086e87
|
4
|
+
data.tar.gz: c04a13f9712b001f4c27149e4e2289e4b9310e69
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 547e1fed79f10cc9100970f3aa7523dfc8625afa47e8fe6df81aacb6a797c13b85fe1ca17bf07d7f8cab22008ebda08c701cf5e337bfe24c5da1871b23fb3026
|
7
|
+
data.tar.gz: 76ab77ba76a7696c7ad8b17229f8f73ba2f5ba051bbe72faccb80ef37a348cb998ddc392c7efa57e1d2d6c2a69709a8b2be69183845c481966e4011825862b54
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2014 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'Arcadex'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
|
18
|
+
load 'rails/tasks/engine.rake'
|
19
|
+
|
20
|
+
|
21
|
+
|
22
|
+
Bundler::GemHelper.install_tasks
|
23
|
+
|
24
|
+
require 'rake/testtask'
|
25
|
+
|
26
|
+
Rake::TestTask.new(:test) do |t|
|
27
|
+
t.libs << 'lib'
|
28
|
+
t.libs << 'test'
|
29
|
+
t.pattern = 'test/**/*_test.rb'
|
30
|
+
t.verbose = false
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
task default: :test
|
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,13 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the top of the
|
9
|
+
* compiled file, but it's generally better to create a new file per style scope.
|
10
|
+
*
|
11
|
+
*= require_self
|
12
|
+
*= require_tree .
|
13
|
+
*/
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Arcadex
|
2
|
+
class Token < ActiveRecord::Base
|
3
|
+
before_validation :generate_hash, on: :create
|
4
|
+
|
5
|
+
belongs_to :imageable, :polymorphic => true
|
6
|
+
|
7
|
+
validates :imageable_id, presence: true
|
8
|
+
validates :imageable_type, presence: true
|
9
|
+
validates :auth_token, presence: true
|
10
|
+
#This also needs to exist at the database level
|
11
|
+
validates :auth_token, uniqueness: true
|
12
|
+
|
13
|
+
def generate_hash
|
14
|
+
self.auth_token = ::Arcadex.generate_auth_token
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>Arcadex</title>
|
5
|
+
<%= stylesheet_link_tag "arcadex/application", media: "all" %>
|
6
|
+
<%= javascript_include_tag "arcadex/application" %>
|
7
|
+
<%= csrf_meta_tags %>
|
8
|
+
</head>
|
9
|
+
<body>
|
10
|
+
|
11
|
+
<%= yield %>
|
12
|
+
|
13
|
+
</body>
|
14
|
+
</html>
|
data/config/routes.rb
ADDED
data/lib/arcadex.rb
ADDED
@@ -0,0 +1,168 @@
|
|
1
|
+
require "arcadex/engine"
|
2
|
+
|
3
|
+
module Arcadex
|
4
|
+
|
5
|
+
################Below are authentication methods###########################
|
6
|
+
############This should be called by the user##############################
|
7
|
+
def self.full_authentication(params,request,should_use_email)
|
8
|
+
auth_token = grab_token(params,request)
|
9
|
+
email = grab_email(params,request)
|
10
|
+
if should_use_email
|
11
|
+
return authenticate_with_email_token(auth_token,email)
|
12
|
+
else
|
13
|
+
return authenticate_with_only_token(auth_token)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
##########Below are authentication helper methods##########################
|
18
|
+
#########These dont normally need to be called by the user#################
|
19
|
+
#authenticate_with methods return nil if not authenticated and make a hash
|
20
|
+
#if things go fine.
|
21
|
+
#current_owner = @instance_hash["current_user"]
|
22
|
+
#current_token = @instance_hash["current_token"]
|
23
|
+
|
24
|
+
#Gets the auth_token from either the url or header
|
25
|
+
def self.grab_token(params,request)
|
26
|
+
#Header token has preference
|
27
|
+
if !params["auth_token"].blank?
|
28
|
+
auth_token = params["auth_token"]
|
29
|
+
end
|
30
|
+
if !request.headers["Auth-Token"].blank?
|
31
|
+
auth_token = request.headers["Auth-Token"]
|
32
|
+
end
|
33
|
+
return auth_token
|
34
|
+
end
|
35
|
+
#Gets the email from either the url or header
|
36
|
+
def self.grab_email(params,request)
|
37
|
+
#Header email has preference
|
38
|
+
if !params["email"].blank?
|
39
|
+
email = params["email"]
|
40
|
+
end
|
41
|
+
if !request.headers["Email"].blank?
|
42
|
+
email = request.headers["Email"]
|
43
|
+
end
|
44
|
+
return email
|
45
|
+
end
|
46
|
+
#This should be used in the application_controller before all actions
|
47
|
+
def self.authenticate_with_email_token(auth_token,email)
|
48
|
+
#Find token from auth_token and owner from token
|
49
|
+
token = ::Arcadex.find_token_by_auth_token(auth_token)
|
50
|
+
owner = ::Arcadex.find_owner_by_token(token)
|
51
|
+
#This assumes that the owner of the token is indeed a user
|
52
|
+
if !token.nil?
|
53
|
+
user = Object.const_get(token.imageable_type).find_by(email: email)
|
54
|
+
#user = ::People::User.find_by(email: email)
|
55
|
+
end
|
56
|
+
#This is to mitigate timing attacks
|
57
|
+
::Devise.secure_compare(auth_token,auth_token)
|
58
|
+
if owner.nil? || user.nil? || user.id != owner.id
|
59
|
+
return nil
|
60
|
+
else
|
61
|
+
#These are the variables available to every controller that inherits
|
62
|
+
instance_hash = {"current_user" => owner, "current_token" => token}
|
63
|
+
return instance_hash
|
64
|
+
end
|
65
|
+
end
|
66
|
+
#This should be used in the application_controller before all actions
|
67
|
+
def self.authenticate_with_only_token(auth_token)
|
68
|
+
#Find token from auth_token and owner from token
|
69
|
+
token = ::Arcadex.find_token_by_auth_token(auth_token)
|
70
|
+
owner = ::Arcadex.find_owner_by_token(token)
|
71
|
+
#This is to mitigate timing attacks
|
72
|
+
::Devise.secure_compare(auth_token,auth_token)
|
73
|
+
if owner.nil?
|
74
|
+
return nil
|
75
|
+
else
|
76
|
+
#These are the variables available to every controller that inherits
|
77
|
+
instance_hash = {"current_user" => owner, "current_token" => token}
|
78
|
+
return instance_hash
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
####################Below are helper methods###############################
|
83
|
+
############These dont need to be called by the user#######################
|
84
|
+
|
85
|
+
#This is now called by the token when it's first saved
|
86
|
+
#token = instance.tokens.new
|
87
|
+
#token.auth_token = Arcadex.generate_auth_token
|
88
|
+
#token.save
|
89
|
+
def self.generate_auth_token
|
90
|
+
token = ::Devise.friendly_token
|
91
|
+
while Token.exists?(token)
|
92
|
+
token = ::Devise.friendly_token
|
93
|
+
end
|
94
|
+
return token
|
95
|
+
end
|
96
|
+
#Arcadex.create_token(instance.id,instance.class.to_s)
|
97
|
+
def self.create_token(id,type)
|
98
|
+
token = Token.new
|
99
|
+
token.imageable_id = id
|
100
|
+
token.imageable_type = type
|
101
|
+
#token.auth_token = generate_auth_token
|
102
|
+
token.save
|
103
|
+
return token
|
104
|
+
end
|
105
|
+
|
106
|
+
|
107
|
+
#Arcadex.find_token_by_auth_token(token.auth_token)
|
108
|
+
def self.find_token_by_auth_token(auth_token_string)
|
109
|
+
token = Token.find_by(auth_token: auth_token_string)
|
110
|
+
if token.nil?
|
111
|
+
return nil
|
112
|
+
end
|
113
|
+
if token_expired?(token)
|
114
|
+
destroy_token(token)
|
115
|
+
return nil
|
116
|
+
else
|
117
|
+
return token
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
|
122
|
+
#Arcadex.destroy_token(token.auth_token)
|
123
|
+
def self.destroy_auth_token(auth_token)
|
124
|
+
token = find_token_by_auth_token(auth_token)
|
125
|
+
destroy_token(token)
|
126
|
+
end
|
127
|
+
def self.destroy_token(token)
|
128
|
+
if token.nil?
|
129
|
+
return nil
|
130
|
+
end
|
131
|
+
token.destroy
|
132
|
+
end
|
133
|
+
#Arcadex.destroy_all_tokens(instance.id,instance.class.to_s)
|
134
|
+
def self.destroy_all_tokens(id,type)
|
135
|
+
if Object.const_get(type).exists?(id)
|
136
|
+
instance = Object.const_get(type).find(id)
|
137
|
+
instance.tokens.destroy_all
|
138
|
+
end
|
139
|
+
end
|
140
|
+
|
141
|
+
|
142
|
+
#Arcadex.find_owner_by_auth_token(auth_token)
|
143
|
+
def self.find_owner_by_auth_token(auth_token)
|
144
|
+
token = Arcadex.find_token_by_auth_token(auth_token)
|
145
|
+
return Arcadex.find_owner_by_token(token)
|
146
|
+
end
|
147
|
+
#Arcadex.find_owner_by_token(token)
|
148
|
+
def self.find_owner_by_token(token)
|
149
|
+
if token.nil?
|
150
|
+
return nil
|
151
|
+
end
|
152
|
+
if token_expired?(token)
|
153
|
+
destroy_token(token)
|
154
|
+
return nil
|
155
|
+
else
|
156
|
+
instance = Object.const_get(token.imageable_type).find(token.imageable_id)
|
157
|
+
return instance
|
158
|
+
end
|
159
|
+
end
|
160
|
+
|
161
|
+
|
162
|
+
#Arcadex.token_expired?(token)
|
163
|
+
#How long should tokens last? A day if not rememberable
|
164
|
+
#And a month if you are?
|
165
|
+
def self.token_expired?(token)
|
166
|
+
return false
|
167
|
+
end
|
168
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
== README
|
2
|
+
|
3
|
+
This README would normally document whatever steps are necessary to get the
|
4
|
+
application up and running.
|
5
|
+
|
6
|
+
Things you may want to cover:
|
7
|
+
|
8
|
+
* Ruby version
|
9
|
+
|
10
|
+
* System dependencies
|
11
|
+
|
12
|
+
* Configuration
|
13
|
+
|
14
|
+
* Database creation
|
15
|
+
|
16
|
+
* Database initialization
|
17
|
+
|
18
|
+
* How to run the test suite
|
19
|
+
|
20
|
+
* Services (job queues, cache servers, search engines, etc.)
|
21
|
+
|
22
|
+
* Deployment instructions
|
23
|
+
|
24
|
+
* ...
|
25
|
+
|
26
|
+
|
27
|
+
Please feel free to use a different markup language if you do not plan to run
|
28
|
+
<tt>rake doc:app</tt>.
|
data/test/dummy/Rakefile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,13 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the top of the
|
9
|
+
* compiled file, but it's generally better to create a new file per style scope.
|
10
|
+
*
|
11
|
+
*= require_self
|
12
|
+
*= require_tree .
|
13
|
+
*/
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>Dummy</title>
|
5
|
+
<%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %>
|
6
|
+
<%= javascript_include_tag "application", "data-turbolinks-track" => true %>
|
7
|
+
<%= csrf_meta_tags %>
|
8
|
+
</head>
|
9
|
+
<body>
|
10
|
+
|
11
|
+
<%= yield %>
|
12
|
+
|
13
|
+
</body>
|
14
|
+
</html>
|