auth 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +6 -1
- data/lib/auth.rb +12 -0
- data/lib/auth/sentry.rb +19 -6
- data/lib/auth/server.rb +16 -21
- data/lib/auth/version.rb +1 -1
- data/test/auth_test.rb +6 -0
- metadata +26 -11
data/CHANGELOG
CHANGED
data/lib/auth.rb
CHANGED
data/lib/auth/sentry.rb
CHANGED
|
@@ -9,16 +9,29 @@ module Auth
|
|
|
9
9
|
@request = request
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def authenticate!
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
def authenticate!(domain=:default)
|
|
13
|
+
case domain.to_sym
|
|
14
|
+
when :client
|
|
15
|
+
@client = Auth.authenticate_client(@request.params['client_id'], @request.params['client_secret'])
|
|
16
|
+
unless @client
|
|
17
|
+
raise AuthException, 'Invalid client'
|
|
18
|
+
end
|
|
15
19
|
else
|
|
16
|
-
|
|
20
|
+
if Auth.authenticate_account(@request.params['username'], @request.params['password'])
|
|
21
|
+
@user_id = @request.params['username']
|
|
22
|
+
else
|
|
23
|
+
raise AuthException, 'Invalid username or password'
|
|
24
|
+
end
|
|
17
25
|
end
|
|
18
26
|
end
|
|
19
27
|
|
|
20
|
-
def user
|
|
21
|
-
|
|
28
|
+
def user(domain=:default)
|
|
29
|
+
case domain.to_sym
|
|
30
|
+
when :client
|
|
31
|
+
@client ? @client : nil
|
|
32
|
+
else
|
|
33
|
+
@user_id ? User.new(@user_id) : nil
|
|
34
|
+
end
|
|
22
35
|
end
|
|
23
36
|
end
|
|
24
37
|
end
|
data/lib/auth/server.rb
CHANGED
|
@@ -55,22 +55,16 @@ module Auth
|
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def sentry
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
halt(403, 'Invalid client identifier') unless @client
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def require_client_authentication!
|
|
67
|
-
@client = Auth.authenticate_client(params[:client_id], params[:client_secret])
|
|
68
|
-
halt(403, 'Invalid client identifier or client secret') unless @client
|
|
58
|
+
if Auth.sentry
|
|
59
|
+
@sentry ||= Auth.sentry.new(request)
|
|
60
|
+
else
|
|
61
|
+
@sentry ||= request.env['warden'] || request.env['rack.auth'] || Sentry.new(request)
|
|
62
|
+
end
|
|
69
63
|
end
|
|
70
64
|
|
|
71
65
|
def validate_redirect_uri!
|
|
72
|
-
params[:redirect_uri] ||=
|
|
73
|
-
if URI(params[:redirect_uri]).host.downcase != URI(
|
|
66
|
+
params[:redirect_uri] ||= sentry.user(:client).redirect_uri
|
|
67
|
+
if URI(params[:redirect_uri]).host.downcase != URI(sentry.user(:client).redirect_uri).host.downcase
|
|
74
68
|
halt(400, 'Invalid redirect URI')
|
|
75
69
|
end
|
|
76
70
|
rescue URI::InvalidURIError
|
|
@@ -103,7 +97,7 @@ module Auth
|
|
|
103
97
|
|
|
104
98
|
['', '/authorize'].each do |action|
|
|
105
99
|
get action do
|
|
106
|
-
|
|
100
|
+
sentry.authenticate!(:client)
|
|
107
101
|
validate_redirect_uri!
|
|
108
102
|
sentry.authenticate!
|
|
109
103
|
unless ['code', 'token', 'code_and_token', nil].include?(params[:response_type])
|
|
@@ -111,19 +105,20 @@ module Auth
|
|
|
111
105
|
'The authorization server does not support obtaining an ' +
|
|
112
106
|
'authorization code using this method.'
|
|
113
107
|
end
|
|
108
|
+
@client = sentry.user(:client)
|
|
114
109
|
erb(:authorize)
|
|
115
110
|
end
|
|
116
111
|
end
|
|
117
112
|
|
|
118
113
|
['', '/authorize'].each do |action|
|
|
119
114
|
post action do
|
|
120
|
-
|
|
115
|
+
sentry.authenticate!(:client)
|
|
121
116
|
validate_redirect_uri!
|
|
122
117
|
sentry.authenticate!
|
|
123
118
|
case params[:response_type]
|
|
124
119
|
when 'code', nil
|
|
125
120
|
authorization_code = Auth.issue_code(sentry.user.id,
|
|
126
|
-
|
|
121
|
+
sentry.user(:client).id,
|
|
127
122
|
params[:redirect_uri],
|
|
128
123
|
params[:scope])
|
|
129
124
|
redirect_uri = merge_uri_with_query_parameters(
|
|
@@ -146,7 +141,7 @@ module Auth
|
|
|
146
141
|
when 'code_and_token'
|
|
147
142
|
ttl = ENV['AUTH_TOKEN_TTL'].to_i
|
|
148
143
|
authorization_code = Auth.issue_code(sentry.user.id,
|
|
149
|
-
|
|
144
|
+
sentry.user(:client).id,
|
|
150
145
|
params[:redirect_uri],
|
|
151
146
|
params[:scope])
|
|
152
147
|
access_token = Auth.issue_token(sentry.user.id, params[:scope], ttl)
|
|
@@ -170,12 +165,12 @@ module Auth
|
|
|
170
165
|
|
|
171
166
|
['/token', '/access_token'].each do |action|
|
|
172
167
|
post action do
|
|
173
|
-
|
|
168
|
+
sentry.authenticate!(:client)
|
|
174
169
|
validate_redirect_uri!
|
|
175
170
|
case params[:grant_type]
|
|
176
171
|
when 'authorization_code', nil
|
|
177
172
|
account_id, scopes = Auth.validate_code(
|
|
178
|
-
params[:code],
|
|
173
|
+
params[:code], sentry.user(:client).id, params[:redirect_uri])
|
|
179
174
|
if account_id
|
|
180
175
|
ttl = ENV['AUTH_TOKEN_TTL'].to_i
|
|
181
176
|
access_token = Auth.issue_token(account_id, scopes, ttl)
|
|
@@ -203,7 +198,7 @@ module Auth
|
|
|
203
198
|
when 'refresh_token'
|
|
204
199
|
raise AuthException, 'Unsupported grant type'
|
|
205
200
|
when 'client_credentials'
|
|
206
|
-
access_token = Auth.issue_token("client:#{
|
|
201
|
+
access_token = Auth.issue_token("client:#{sentry.user(:client).id}")
|
|
207
202
|
@token = {
|
|
208
203
|
:access_token => access_token,
|
|
209
204
|
:token_type => 'client'
|
|
@@ -222,7 +217,7 @@ module Auth
|
|
|
222
217
|
end
|
|
223
218
|
|
|
224
219
|
get '/validate' do
|
|
225
|
-
|
|
220
|
+
sentry.authenticate!(:client)
|
|
226
221
|
headers['Content-Type'] = 'text/plain;charset=utf-8'
|
|
227
222
|
if account_id = Auth.validate_token(params[:access_token], params[:scope])
|
|
228
223
|
[200, account_id]
|
data/lib/auth/version.rb
CHANGED
data/test/auth_test.rb
CHANGED
|
@@ -13,6 +13,12 @@ class AuthTest < Test::Unit::TestCase
|
|
|
13
13
|
assert_equal 'namespace', Auth.redis.namespace
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
+
def test_can_set_a_custom_sentry
|
|
17
|
+
assert_nil Auth.sentry
|
|
18
|
+
Auth.sentry = Auth::Sentry
|
|
19
|
+
assert_equal Auth::Sentry, Auth.sentry
|
|
20
|
+
end
|
|
21
|
+
|
|
16
22
|
def test_can_register_an_account
|
|
17
23
|
assert Auth.register_account('test', 'test')
|
|
18
24
|
end
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
version: 0.0.
|
|
8
|
+
- 3
|
|
9
|
+
version: 0.0.3
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Niklas Holmgren
|
|
@@ -14,11 +14,11 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-
|
|
17
|
+
date: 2011-08-31 00:00:00 +02:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
|
-
name:
|
|
21
|
+
name: json
|
|
22
22
|
prerelease: false
|
|
23
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
24
|
none: false
|
|
@@ -33,7 +33,7 @@ dependencies:
|
|
|
33
33
|
type: :runtime
|
|
34
34
|
version_requirements: *id001
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
|
-
name:
|
|
36
|
+
name: rack-contrib
|
|
37
37
|
prerelease: false
|
|
38
38
|
requirement: &id002 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
@@ -48,9 +48,24 @@ dependencies:
|
|
|
48
48
|
type: :runtime
|
|
49
49
|
version_requirements: *id002
|
|
50
50
|
- !ruby/object:Gem::Dependency
|
|
51
|
-
name:
|
|
51
|
+
name: sinatra
|
|
52
52
|
prerelease: false
|
|
53
53
|
requirement: &id003 !ruby/object:Gem::Requirement
|
|
54
|
+
none: false
|
|
55
|
+
requirements:
|
|
56
|
+
- - ">"
|
|
57
|
+
- !ruby/object:Gem::Version
|
|
58
|
+
segments:
|
|
59
|
+
- 1
|
|
60
|
+
- 0
|
|
61
|
+
- 0
|
|
62
|
+
version: 1.0.0
|
|
63
|
+
type: :runtime
|
|
64
|
+
version_requirements: *id003
|
|
65
|
+
- !ruby/object:Gem::Dependency
|
|
66
|
+
name: redis
|
|
67
|
+
prerelease: false
|
|
68
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
54
69
|
none: false
|
|
55
70
|
requirements:
|
|
56
71
|
- - ">"
|
|
@@ -61,11 +76,11 @@ dependencies:
|
|
|
61
76
|
- 0
|
|
62
77
|
version: 2.0.0
|
|
63
78
|
type: :runtime
|
|
64
|
-
version_requirements: *
|
|
79
|
+
version_requirements: *id004
|
|
65
80
|
- !ruby/object:Gem::Dependency
|
|
66
81
|
name: redis-namespace
|
|
67
82
|
prerelease: false
|
|
68
|
-
requirement: &
|
|
83
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
69
84
|
none: false
|
|
70
85
|
requirements:
|
|
71
86
|
- - ">"
|
|
@@ -76,11 +91,11 @@ dependencies:
|
|
|
76
91
|
- 0
|
|
77
92
|
version: 0.8.0
|
|
78
93
|
type: :runtime
|
|
79
|
-
version_requirements: *
|
|
94
|
+
version_requirements: *id005
|
|
80
95
|
- !ruby/object:Gem::Dependency
|
|
81
96
|
name: rack-test
|
|
82
97
|
prerelease: false
|
|
83
|
-
requirement: &
|
|
98
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
84
99
|
none: false
|
|
85
100
|
requirements:
|
|
86
101
|
- - ">"
|
|
@@ -91,7 +106,7 @@ dependencies:
|
|
|
91
106
|
- 6
|
|
92
107
|
version: 0.5.6
|
|
93
108
|
type: :development
|
|
94
|
-
version_requirements: *
|
|
109
|
+
version_requirements: *id006
|
|
95
110
|
description: A high performance OAuth2 authorization server using Sinatra and Redis, inspired by Resque. Can be run both as a standalone server or as a rack middleware.
|
|
96
111
|
email: niklas@sutajio.se
|
|
97
112
|
executables: []
|