aurora 0.0.1 → 0.1.10

data/lib/aurora/migrations/001_create_users.rb

@@ -0,0 +1,13 @@
+class CreateUsers < Sequel::Migration
+  def up
+    create_table :users do
+      primary_key :id
+      varchar   :username, :size => 16, :unique => true, :null => false
+      varchar   :password, :size => 32, :null => false
+      text      :permissions, :null => false
+    end
+  end
+  def down
+    execute 'DROP TABLE users'
+  end
+end

data/lib/aurora/migrations/002_create_tokens.rb

@@ -0,0 +1,13 @@
+class CreateTokens < Sequel::Migration
+  def up
+    create_table :tokens do
+      primary_key :id
+      varchar   :username, :size => 16, :null => false
+      varchar   :token, :size => 32, :null => false
+      datetime  :expires_at, :null => false
+    end
+  end
+  def down
+    execute 'DROP TABLE tokens'
+  end
+end

data/lib/aurora/server.rb

@@ -1,26 +1,274 @@
-$:.unshift File.dirname(__FILE__)
-
+#!/usr/bin/env ruby
 #--
-# Created by Matt Todd on 2007-11-10.
-# Copyright (c) 2007 The HUB, Clayton State University. All rights reserved.
+#  Created by Matt Todd on 2008-01-11.
+#  Copyright (c) 2008. All rights reserved.
 #++
 
+$:.unshift File.dirname(File.join('..', __FILE__))
+$:.unshift File.dirname(__FILE__)
+
 #--
-# Dependencies
+# dependencies
 #++
 
-require 'rubygems'
-require 'logger'
-require 'uri'
-require 'json'
-require 'digest/md5'
-require 'mongrel'
+%w(rubygems aurora halcyon/server sequel digest/md5).each {|dep|require dep}
 
 #--
-# Module
+# module
 #++
 
-require 'server/base'
-require 'server/server'
-require 'server/handler'
-require 'server/token'
+module Aurora
+  
+  # = Aurora Server
+  # 
+  # The Aurora Server handles user authentication requests, token creation and
+  # management, and permissions querying and verification.
+  # 
+  # == Usage
+  # 
+  #   class Aurora::Server
+  #     def authenticate(username, password)
+  #       username == 'test' && password == 'secret'
+  #     end
+  #   end
+  # 
+  # This will define an authentication processor for verifying users'
+  # authenticity. This method is only defaulted to when token authentication
+  # is not able to be used (such as for creating sessions), so its use should
+  # be minimized by token authentication.
+  class Server < Halcyon::Server::Base
+    
+    def self.version
+      VERSION.join('.')
+    end
+    
+    route do |r|
+      # authentication routes
+      r.match('/user/auth/:username').to(:module => 'user', :action => 'auth')
+      r.match('/token/auth/:token').to(:module => 'token', :action => 'auth')
+      
+      # user routes
+      r.match('/user/show/:username').to(:module => 'user', :action => 'show')
+      
+      # token routes
+      r.match('/token/destroy/:token').to(:module => 'token', :action => 'destroy')
+      
+      # permission routes
+      r.match('/user/:username/:app/permissions').to(:module => 'user', :action => 'permisisons')
+      r.match('/user/:username/:app/permit/:permission').to(:module => 'user', :action => 'permit')
+      
+      # generic
+      r.match('/:module/:action/:id').to()
+      r.match('/:module/:action').to()
+      r.match('/:action/:id').to()
+      r.match('/:action').to()
+      
+      # failover
+      {:action => 'unauthorized'}
+    end
+    
+    # Makes sure the Database server connection is created, tables migrated,
+    # and other tasks.
+    def startup
+      # TODO: setup startup tasks
+      
+      # connect to database
+      host = credentials = ''
+      host = "#{@config[:db][:host]}/" unless @config[:db][:host].nil?
+      credentials = "#{@config[:db][:username]}:#{@config[:db][:password]}@" unless @config[:db][:username].nil?
+      @db = Sequel("#{@config[:db][:adapter]}://#{credentials}#{host}#{@config[:db][:database]}")
+      @logger.info 'Connected to Database.'
+      
+      # run migrations if version is outdated
+      current_version = Sequel::Migrator.get_current_migration_version(@db)
+      latest_version = Sequel::Migrator.apply(@db, File.join(File.dirname(__FILE__),'migrations'))
+      @logger.info 'Migrations loaded!' if current_version < latest_version
+      
+      # clean expired sessions/tokens
+      expire_tokens
+      @logger.info 'Expired sessions/tokens removed.'
+    end
+    
+    # = User Module
+    # 
+    # User actions, including authentication, permissions testing and
+    # management, and data querying.
+    user do
+      
+      #--
+      # Authentication
+      #++
+      
+      # Calls the supplied authentication method. Creates a token on success,
+      # returning that token, and raises Unauthorized on failure.
+      def auth
+        username, password = params[:username], @req.POST['password']
+        if authenticate(username, password)
+          # authenticated
+          
+          # generate token and expiration date
+          token = Digest::MD5.hexdigest("#{username}:#{password}:#{Time.now.to_s}")
+          expiration = generate_expiration
+          
+          # save to the DB
+          @db[:tokens].filter(:username => username).delete # removes previous tokens
+          @db[:tokens] << {:username => username, :token => token, :expires_at => expiration}
+          
+          # create the user if not already in the DB
+          if @db[:users].filter(:username => username).empty?
+          	# retrieve the new user permissions
+          	permissions = initialize_permissions(username)
+          	
+          	# create a new user
+          	@db[:users] << {:username => username, :password => Digest::MD5.hexdigest(password), :permissions => permissions.to_json}
+          	@logger.info "#{username} cached."
+          else
+          	# or just cache the password so the user's profile is up-to-date
+          	# if the authentication source is not available
+          	@db[:users].filter(:username => username).update(:password => Digest::MD5.hexdigest(password))
+          	@logger.debug "#{username} updated."
+          end
+          
+          # return success with token for client
+          ok(token)
+        else
+          # failed authentication
+          raise Exceptions::Unauthorized.new
+        end
+      end
+      
+      #--
+      # General
+      #++
+      
+      # Show user data.
+      def show
+        # TODO: consider removing as potentially unsafe
+      end
+      
+      #--
+      # Permissions
+      #++
+      
+      # Request the full permissions of a given user
+      def permissions
+        # TODO: consider removing as potentially unsafe
+        # (in the event a malicious user wants to model a super user with a real
+        # super user's permissions)
+      end
+      
+      # Handles action branching depending on the method for permission setting
+      # or getting. Defers to +permit?+ and +permit!+.
+      def permit
+        case method
+        when :get
+          permit?
+        when :post
+          permit!
+        end
+      end
+      
+      # Does the user have permission?
+      def permit?
+        username, app, permission = params[:username], params[:app], params[:permission]
+        
+        # pull the permissions for the user
+        perms = JSON.parse(@db[:users][:username => username][:permissions])
+        
+        # test the permissions
+        unless perms[app].nil?
+          ok(perms[app][permission])
+        else
+          # no permissions were found for the given app
+          ok(false)
+        end
+      end
+      
+      # Give permissions to user
+      def permit!
+        username, app, permission, value = params[:username], params[:app], params[:permission], post[:value]
+        
+        # pull the permissions for the user
+        perms = JSON.parse(@db[:users][:username => username][:permissions])
+        
+        # test the permissions
+        unless perms[app].nil?
+          if perms[app][permission] == value
+            ok(true)
+          else
+            raise Exceptions::Unauthorized.new
+          end
+        else
+          # no permissions were found for the given app
+          raise Exceptions::Unauthorized.new
+        end
+      end
+      
+    end
+    
+    # = Token Module
+    # 
+    # Token actions, including authentication and destroying tokens. Tokens
+    # represent authenticated sessions allowing for faster repeated
+    # authentication requests in a short period of time (such as each page load
+    # in a larger web application).
+    token do
+      
+      # Authenticates the token.
+      def auth
+        # expire_tokens # TODO: investigate how much of a performance hit checking (and deleting) is
+        unless @db[:tokens].filter('token = ? AND expires_at > ?', params[:token], Time.now).empty?
+          # authenticated
+          
+          # update the expiration date if close to expiring
+          unless @db[:tokens].filter('token = ? AND expires_at <= ?', params[:token], generate_expiration(15)).empty?
+          	@db[:tokens].filter(:token => params[:token]).update(:expires_at => generate_expiration)
+          end
+          
+          # return success and token for client
+          ok(params[:token])
+        else
+          # failed authentication
+          raise Exceptions::Unauthorized.new
+        end
+      end
+      
+      def destroy
+        @db[:tokens].filter(:token => params[:token]).delete
+        ok
+      end
+      
+    end
+    
+    # The default unauthorized action which raises an Unauthorized exception
+    def unauthorized(params={})
+      raise Exceptions::Unauthorized.new
+    end
+    
+    #--
+    # Utility methods
+    #++
+    
+    # Removes expired tokens.
+    def expire_tokens
+      @db[:tokens].filter('expires_at < ?',Time.now).delete
+    end
+    
+    # Sets up a given user's permissions. Overwrite this method to specify more
+    # specific or dynamic default permissions, for instance connecting to LDAP
+    # to determine department and granting permissions that way.
+    def initialize_permissions(username)
+    	# by default, no permissions are setup
+    	# the returned value is JSON-ized
+    	{}
+    end
+    
+    # Generates a new time to expire from the minutes given, defaulting to the
+    # number of minutes given as a token lifetime in the configuration file.
+    def generate_expiration(lifetime=@config[:tokens][:lifetime])
+    	(Time.now + (lifetime.to_i*60))
+    end
+    
+  end
+  
+end

data/test/aurora/server_spec.rb

@@ -0,0 +1,24 @@
+describe "Aurora::Server" do
+  
+  before do
+    @serv = Specr.new :port => 6211
+  end
+  
+  it "should authenticate users with proper credentials" do
+    response = JSON.parse(Rack::MockRequest.new(@serv).post("/user/auth/test", :input => '&password=pass&').body)
+    response['status'].should == 200
+  end
+  
+  it "should provide a token for authenticated users with proper credentials" do
+    response = JSON.parse(Rack::MockRequest.new(@serv).post("/user/auth/test", :input => '&password=pass&').body)
+    response['status'].should == 200
+    response['body'].should == Digest::MD5.hexdigest(Time.now.to_s)
+  end
+  
+  it "should return unauthorized error if improper credentials are attempting authentication" do
+    response = JSON.parse(Rack::MockRequest.new(@serv).post("/user/auth/test", :input => '&password=fail&').body)
+    response['status'].should == 401
+    response['body'].should == 'Unauthorized'
+  end
+  
+end

data/test/spec_helper.rb

@@ -0,0 +1,20 @@
+require 'rack/mock'
+require 'aurora/server'
+
+$test = true
+
+# Testing inheriting the Aurora server
+class Specr < Aurora::Server
+  def authenticate(user, pass)
+    # if pass isn't pass then it fails... get it?
+    pass == 'pass'
+  end
+end
+
+# Testing modifying the aurora server's authenticate method directly
+class Aurora::Server
+  def authenticate(user, pass)
+    # if pass isn't pass then it fails... get it?
+    pass == 'pass'
+  end
+end

metadata

@@ -1,112 +1,68 @@
 --- !ruby/object:Gem::Specification 
 name: aurora
 version: !ruby/object:Gem::Version 
-  version: 0.0.1
-platform: ""
+  version: 0.1.10
+platform: ruby
 authors: 
 - Matt Todd
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2007-11-27 00:00:00 -05:00
+date: 2008-02-19 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: json
+  name: halcyon
   version_requirement: 
   version_requirements: !ruby/object:Gem::Requirement 
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.1.1
+        version: 0.3.28
     version: 
-- !ruby/object:Gem::Dependency 
-  name: mongrel
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 1.1.1
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: dhkeyexchange
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 1.0.0
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: rack
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 0.2.0
-    version: 
-description: Simple authentication server and user permissions management tool.
-email: mtodd@clayton.edu
-executables: []
-
+description: A Simple Authentication Server
+email: chiology@gmail.com
+executables: 
+- aurora
 extensions: []
 
 extra_rdoc_files: 
-- History.txt
-- License.txt
-- Manifest.txt
-- README.txt
-- website/index.txt
+- lib
 files: 
-- History.txt
-- License.txt
-- Manifest.txt
-- README.txt
+- lib
 - Rakefile
-- config/hoe.rb
-- config/requirements.rb
-- examples/basics.rb
-- lib/aurora.rb
+- test/aurora
+- test/aurora/server_spec.rb
+- test/spec_helper.rb
+- lib/aurora
 - lib/aurora/client.rb
-- lib/aurora/client/base.rb
-- lib/aurora/client/token.rb
+- lib/aurora/migrations
+- lib/aurora/migrations/001_create_users.rb
+- lib/aurora/migrations/002_create_tokens.rb
 - lib/aurora/server.rb
-- lib/aurora/server/base.rb
-- lib/aurora/server/handler.rb
-- lib/aurora/server/server.rb
-- lib/aurora/server/token.rb
-- lib/aurora/version.rb
-- log/debug.log
-- script/destroy
-- script/generate
-- script/txt2html
-- setup.rb
-- tasks/deployment.rake
-- tasks/environment.rake
-- tasks/website.rake
-- test/test_aurora.rb
-- test/test_helper.rb
-- website/index.html
-- website/index.txt
-- website/javascripts/rounded_corners_lite.inc.js
-- website/stylesheets/screen.css
-- website/template.rhtml
+- lib/aurora.rb
 has_rdoc: true
 homepage: http://aurora.rubyforge.org
 post_install_message: 
 rdoc_options: 
-- --main
-- README.txt
+- --all
+- --quiet
+- --op
+- rdoc
+- --line-numbers
+- --inline-source
+- --title
+- "\"Aurora Documentation\""
+- --exclude
+- "\"^(_darcs|test|pkg|.svn)/\""
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      version: "0"
+      version: 1.8.6
   version: 
 required_rubygems_version: !ruby/object:Gem::Requirement 
   requirements: 
@@ -114,13 +70,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version 
       version: "0"
   version: 
-requirements: []
-
-rubyforge_project: aurora
-rubygems_version: 0.9.5
+requirements: 
+- ""
+rubyforge_project: 
+rubygems_version: 1.0.1
 signing_key: 
 specification_version: 2
-summary: Simple authentication server and user permissions management tool.
-test_files: 
-- test/test_aurora.rb
-- test/test_helper.rb
+summary: A Simple Authentication Server
+test_files: []
+