auth_origin_control 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +66 -0
- data/Rakefile +27 -0
- data/app/assets/javascripts/auth_origin_control/application.js +15 -0
- data/app/assets/stylesheets/auth_origin_control/application.css +13 -0
- data/app/controllers/auth_origin_control/application_controller.rb +4 -0
- data/app/controllers/auth_origin_control/original_clients_controller.rb +32 -0
- data/app/helpers/auth_origin_control/application_helper.rb +4 -0
- data/app/views/layouts/auth_origin_control/application.html.erb +14 -0
- data/config/routes.rb +3 -0
- data/lib/auth_origin_control/api_auth/app.rb +59 -0
- data/lib/auth_origin_control/api_auth/identification/local.rb +26 -0
- data/lib/auth_origin_control/api_auth/identification/remote.rb +71 -0
- data/lib/auth_origin_control/base.rb +23 -0
- data/lib/auth_origin_control/encoded_secret/encoded_secret.rb +39 -0
- data/lib/auth_origin_control/engine.rb +5 -0
- data/lib/auth_origin_control/helpers/helpers.rb +27 -0
- data/lib/auth_origin_control/signed_request/request.rb +62 -0
- data/lib/auth_origin_control/version.rb +3 -0
- data/lib/auth_origin_control.rb +53 -0
- data/lib/tasks/auth_origin_control_tasks.rake +4 -0
- metadata +134 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
M2VjNTMwY2ZmZDUzNGI4ZDlmNDdhMDk0ZjU2NzI4YWJhODk5MzkwMQ==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
ODAxMjRkYmM4M2E5YzQ0MGI5YjY5MDI3YTUwMTlkMmEyMTdlYzdjMg==
|
7
|
+
!binary "U0hBNTEy":
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
ZWE4NjEzY2E1NGQ0OWYwMjY3NzcyZmJkMzE2NDM4NTYyY2ViYzY2YTMzMDky
|
10
|
+
OGMyNzgzY2IxNDJiYzdkMzUwMDlhMzY5MTBkY2Y5MThhMjRkOGUyZGI4ZmNk
|
11
|
+
MTQwZWIyM2NiMjM4YTBlMzk2ODhiODc5NWRlMzY2NjI2NjUzZjQ=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
Mzc0MTIxNGI4MzY5N2U0MDNiY2ZmZGMzZjQwMDQyZWRlY2U0YmE4ZmU1M2U3
|
14
|
+
OTg2ZTJiNWIwNGM2ZTM3ZGMxNzk1YjMyMTkyNmZkZWQ2ZjFkYWUxMTVlYmVm
|
15
|
+
NzlkMzk5MGMyMDVlYWU3ZmRiNjYwZDU0YmVhNGQ1MzYxMGMxYmY=
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2013 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,66 @@
|
|
1
|
+
= AuthOriginControl
|
2
|
+
|
3
|
+
Authenticate your apis in server - to - server operations
|
4
|
+
|
5
|
+
is based on api-auth gem
|
6
|
+
|
7
|
+
------
|
8
|
+
|
9
|
+
== In your omniauth provider
|
10
|
+
|
11
|
+
=== Gemfile
|
12
|
+
|
13
|
+
gem 'auth_origin_control'
|
14
|
+
|
15
|
+
=== config/initializers/auth_origin_control
|
16
|
+
|
17
|
+
BorderPatrol.setup do |config|
|
18
|
+
config.clients_model = "Doorkeeper::Application" # assuming you use Doorkeeper gem
|
19
|
+
end
|
20
|
+
|
21
|
+
=== controllers
|
22
|
+
|
23
|
+
before_filter :origin_control
|
24
|
+
|
25
|
+
=== routes
|
26
|
+
|
27
|
+
mount AuthOriginControl::Engine => "YOUR DESIRED PATH"
|
28
|
+
|
29
|
+
------
|
30
|
+
|
31
|
+
== In your intermediary api
|
32
|
+
|
33
|
+
=== Gemfile
|
34
|
+
|
35
|
+
gem 'auth_origin_control'
|
36
|
+
gem "api-auth", github: "NicoArbogast/api_auth", branch: 'temp' # needed until merged into mgomes/api_auth
|
37
|
+
|
38
|
+
=== config/initializers/auth_origin_control
|
39
|
+
|
40
|
+
AuthOriginControl.setup do |config|
|
41
|
+
config.local_or_remote_authority = 'remote'
|
42
|
+
config.self_identity = {:access_id => ACCESS_ID_REGISTERED_FOR_THIS_APP, :secret_key => ACCESS_SECRET_REGISTERED_FOR_THIS_APP}
|
43
|
+
end
|
44
|
+
|
45
|
+
=== controllers
|
46
|
+
|
47
|
+
before_filter :origin_control
|
48
|
+
|
49
|
+
------
|
50
|
+
|
51
|
+
== In your client api
|
52
|
+
|
53
|
+
=== Gemfile
|
54
|
+
|
55
|
+
gem 'auth_origin_control'
|
56
|
+
gem "api-auth", github: "NicoArbogast/api_auth", branch: 'temp' # needed until merged into mgomes/api_auth
|
57
|
+
|
58
|
+
=== config/initializers/auth_origin_control
|
59
|
+
|
60
|
+
AuthOriginControl.setup do |config|
|
61
|
+
config.self_identity = {:access_id => ACCESS_ID_REGISTERED_FOR_THIS_APP, :secret_key => ACCESS_SECRET_REGISTERED_FOR_THIS_APP}
|
62
|
+
end
|
63
|
+
|
64
|
+
=== In your http Interfaces to your apis
|
65
|
+
|
66
|
+
AuthOriginControl::SignedRequest.new
|
data/Rakefile
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
begin
|
3
|
+
require 'bundler/setup'
|
4
|
+
rescue LoadError
|
5
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
6
|
+
end
|
7
|
+
begin
|
8
|
+
require 'rdoc/task'
|
9
|
+
rescue LoadError
|
10
|
+
require 'rdoc/rdoc'
|
11
|
+
require 'rake/rdoctask'
|
12
|
+
RDoc::Task = Rake::RDocTask
|
13
|
+
end
|
14
|
+
|
15
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
16
|
+
rdoc.rdoc_dir = 'rdoc'
|
17
|
+
rdoc.title = 'AuthOriginControl'
|
18
|
+
rdoc.options << '--line-numbers'
|
19
|
+
rdoc.rdoc_files.include('README.rdoc')
|
20
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
21
|
+
end
|
22
|
+
|
23
|
+
|
24
|
+
|
25
|
+
|
26
|
+
Bundler::GemHelper.install_tasks
|
27
|
+
|
@@ -0,0 +1,15 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// the compiled file.
|
9
|
+
//
|
10
|
+
// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
|
11
|
+
// GO AFTER THE REQUIRES BELOW.
|
12
|
+
//
|
13
|
+
//= require jquery
|
14
|
+
//= require jquery_ujs
|
15
|
+
//= require_tree .
|
@@ -0,0 +1,13 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the top of the
|
9
|
+
* compiled file, but it's generally better to create a new file per style scope.
|
10
|
+
*
|
11
|
+
*= require_self
|
12
|
+
*= require_tree .
|
13
|
+
*/
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module AuthOriginControl
|
2
|
+
class OriginalClientsController < AuthOriginControl::ApplicationController
|
3
|
+
before_filter :origin_control
|
4
|
+
|
5
|
+
def show
|
6
|
+
render_original_request_client
|
7
|
+
end
|
8
|
+
|
9
|
+
private
|
10
|
+
|
11
|
+
# receives a signed request from an api
|
12
|
+
# original - intermediary - passport_api
|
13
|
+
#
|
14
|
+
# containing the authorization_header from an original api call
|
15
|
+
# gets the original_api id from this authorization_header
|
16
|
+
# returns the original app hash {id: XXXXX, secret: XXXXX} encoded
|
17
|
+
# using the intermediary secret
|
18
|
+
#
|
19
|
+
# intermediary decodes response based on its own secret
|
20
|
+
# and authentifies original request
|
21
|
+
#
|
22
|
+
def render_original_request_client
|
23
|
+
if original_request_auth = params[:original_request_auth]
|
24
|
+
render :text => AuthOriginControl::EncodedSecret.new(@current_client_app[:secret]).from_app_id(original_request_auth)
|
25
|
+
else
|
26
|
+
render :json => {:error => "Please provide the original request if you need to authenticate original request client"}
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>AuthOriginControl</title>
|
5
|
+
<%= stylesheet_link_tag "auth_origin_control/application", :media => "all" %>
|
6
|
+
<%= javascript_include_tag "auth_origin_control/application" %>
|
7
|
+
<%= csrf_meta_tags %>
|
8
|
+
</head>
|
9
|
+
<body>
|
10
|
+
|
11
|
+
<%= yield %>
|
12
|
+
|
13
|
+
</body>
|
14
|
+
</html>
|
data/config/routes.rb
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
require 'auth_origin_control/api_auth/identification/local'
|
2
|
+
require 'auth_origin_control/api_auth/identification/remote'
|
3
|
+
|
4
|
+
module AuthOriginControl
|
5
|
+
module ApiAuth
|
6
|
+
class App
|
7
|
+
|
8
|
+
attr_accessor :request
|
9
|
+
|
10
|
+
def initialize(request, args = {})
|
11
|
+
@request = request
|
12
|
+
@config = args[:config]
|
13
|
+
|
14
|
+
if @local = args[:local]
|
15
|
+
@app_model = ApiAuth::Identification::Local.new({
|
16
|
+
app: self,
|
17
|
+
config: @config
|
18
|
+
})
|
19
|
+
else
|
20
|
+
@app_model = ApiAuth::Identification::Remote.new({
|
21
|
+
app: self,
|
22
|
+
config: @config
|
23
|
+
})
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def authentified_app
|
28
|
+
secret_key.try(:[],'error') ? secret_key : (authentic? ? app : identification_error_msg(nil, (@local ? "you" : "original client")))
|
29
|
+
end
|
30
|
+
|
31
|
+
def access_id
|
32
|
+
@access_id ||= ::ApiAuth.access_id(@request)
|
33
|
+
end
|
34
|
+
|
35
|
+
|
36
|
+
private
|
37
|
+
|
38
|
+
def app
|
39
|
+
valid? ? { id: access_id, secret: secret_key } : nil
|
40
|
+
end
|
41
|
+
|
42
|
+
def valid?
|
43
|
+
!!access_id && !!secret_key
|
44
|
+
end
|
45
|
+
|
46
|
+
def authentic?
|
47
|
+
::ApiAuth.authentic?(@request, secret_key)
|
48
|
+
end
|
49
|
+
|
50
|
+
def secret_key
|
51
|
+
@secret_key ||= @app_model.secret_key
|
52
|
+
end
|
53
|
+
|
54
|
+
def identification_error_msg(response, client_id = "request client")
|
55
|
+
{"error" => response.try(:[],"error") || "Error verifying ID of #{client_id}"}
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module AuthOriginControl
|
2
|
+
module ApiAuth
|
3
|
+
module Identification
|
4
|
+
class Local
|
5
|
+
|
6
|
+
def initialize(args = {})
|
7
|
+
@app= args[:app]
|
8
|
+
@config = args[:config] || AuthOriginControl
|
9
|
+
|
10
|
+
@clients_model= @config.clients_model.try(:constantize)
|
11
|
+
@clients_model_access_id= @config.clients_model_keys[:access_id]
|
12
|
+
@clients_model_secret_key= @config.clients_model_keys[:secret_key]
|
13
|
+
end
|
14
|
+
|
15
|
+
# find client app based on request signature
|
16
|
+
# returns nil if not found
|
17
|
+
# returns secret_key if app found
|
18
|
+
#
|
19
|
+
def secret_key access_id = @app.access_id
|
20
|
+
@clients_model.try("find_by_#{@clients_model_access_id}", access_id).
|
21
|
+
try(@clients_model_secret_key).try(:gsub, /\\n/,"\n")
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
module AuthOriginControl
|
2
|
+
module ApiAuth
|
3
|
+
module Identification
|
4
|
+
class Remote
|
5
|
+
|
6
|
+
def initialize(args = {})
|
7
|
+
@app = args[:app]
|
8
|
+
@config = args[:config]
|
9
|
+
|
10
|
+
@original_request = @app.request
|
11
|
+
|
12
|
+
@passport_api_url = @config.passport_api.try(:[],:url)
|
13
|
+
@passport_api_original_client_path = @config.passport_api.try(:[],:original_request_client_path)
|
14
|
+
@passport_api_original_client_key = @config.passport_api.try(:[],:original_request_client_response_key)
|
15
|
+
|
16
|
+
@self_id = @config.self_identity.try(:[],:access_id)
|
17
|
+
@self_secret = @config.self_identity.try(:[],:secret_key)
|
18
|
+
end
|
19
|
+
|
20
|
+
def secret_key access_id = @app.access_id
|
21
|
+
_secret_from_authority = secret_key_from_authority
|
22
|
+
_secret_from_authority.try(:[],'error') ? _secret_from_authority : _secret_from_authority.try(:gsub, /\\n/,"\n")
|
23
|
+
end
|
24
|
+
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def secret_key_from_authority
|
29
|
+
app_from_authority
|
30
|
+
end
|
31
|
+
|
32
|
+
# using RestClient
|
33
|
+
#
|
34
|
+
# # Net::Http
|
35
|
+
# uri = URI(uri_string)
|
36
|
+
# Net::HTTP.start(uri.host, uri.port) do |http|
|
37
|
+
# _request = Net::HTTP::Get.new(uri_string)
|
38
|
+
# ApiAuth.sign!(_request, self_identity[:access_id], self_identity[:secret_key])
|
39
|
+
# return http.request _request
|
40
|
+
# end
|
41
|
+
#
|
42
|
+
def app_from_authority
|
43
|
+
result_raw = AuthOriginControl::SignedRequest.new(authority_request_uri).try(:result_raw)
|
44
|
+
decoded_result = decode(result_raw) if result_raw
|
45
|
+
result = ActiveSupport::JSON.decode(decoded_result) if decoded_result
|
46
|
+
#puts result
|
47
|
+
return result if result.try(:[],'error')
|
48
|
+
original_client_secret_key = result.try(:[],@passport_api_original_client_key)
|
49
|
+
#puts original_client_secret_key
|
50
|
+
return original_client_secret_key
|
51
|
+
end
|
52
|
+
|
53
|
+
def decode(encoded_string)
|
54
|
+
AuthOriginControl::EncodedSecret.new(@self_secret).decode(encoded_string)
|
55
|
+
end
|
56
|
+
|
57
|
+
def authority_request_uri
|
58
|
+
uri_root = @passport_api_url + @passport_api_original_client_path
|
59
|
+
uri_params = "?original_request_auth=" + (original_request_auth.try(:parameterize) || '')
|
60
|
+
uri_root + uri_params
|
61
|
+
end
|
62
|
+
|
63
|
+
def original_request_auth
|
64
|
+
# api_auth_headers = ::ApiAuth::Headers.new(@original_request)
|
65
|
+
# api_auth_headers.respond_to?(:authorization_header) ? api_auth_headers.try(:authorization_header) : nil
|
66
|
+
@app.access_id
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require "auth_origin_control/encoded_secret/encoded_secret"
|
2
|
+
require "auth_origin_control/signed_request/request"
|
3
|
+
require "auth_origin_control/helpers/helpers"
|
4
|
+
require 'auth_origin_control/api_auth/app'
|
5
|
+
|
6
|
+
module AuthOriginControl
|
7
|
+
class Base
|
8
|
+
|
9
|
+
def initialize(request, args={})
|
10
|
+
@request = request
|
11
|
+
|
12
|
+
@config = AuthOriginControl
|
13
|
+
@local = @config.local_or_remote_authority != "remote"
|
14
|
+
end
|
15
|
+
|
16
|
+
def app
|
17
|
+
AuthOriginControl::ApiAuth::App.new(@request, { local: (@local),
|
18
|
+
config: @config
|
19
|
+
}).authentified_app
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'encryptor'
|
2
|
+
|
3
|
+
module AuthOriginControl
|
4
|
+
class EncodedSecret
|
5
|
+
|
6
|
+
def initialize encode_key
|
7
|
+
@config = AuthOriginControl
|
8
|
+
@self_secret = @config.self_identity.try(:[],:secret_key)
|
9
|
+
|
10
|
+
@encrypt_key = Digest::SHA256.hexdigest(encode_key)
|
11
|
+
end
|
12
|
+
|
13
|
+
def from_app_id _app_id
|
14
|
+
if secret = find_secret_from_id(_app_id)
|
15
|
+
encode({:original_request_client_secret => secret}.to_json)
|
16
|
+
else
|
17
|
+
encode({:error => "Client App could not be found with id #{_app_id}"}.to_json)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def encode data
|
22
|
+
Encryptor.encrypt(data, :key => @encrypt_key)
|
23
|
+
end
|
24
|
+
|
25
|
+
def decode data
|
26
|
+
begin
|
27
|
+
Encryptor.decrypt(data, :key => @encrypt_key)
|
28
|
+
rescue OpenSSL::Cipher::CipherError
|
29
|
+
return data
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def find_secret_from_id _app_id
|
36
|
+
AuthOriginControl::ApiAuth::Identification::Local.new.secret_key _app_id
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module AuthOriginControl
|
2
|
+
module Helpers
|
3
|
+
extend ActiveSupport::Concern
|
4
|
+
|
5
|
+
def origin_control
|
6
|
+
@current_client_app = identify_client
|
7
|
+
if _error = @current_client_app["error"]
|
8
|
+
if self.is_a? ActionController::Base
|
9
|
+
render :json => { "error" => _error}
|
10
|
+
else
|
11
|
+
error!('401 Unauthorized', 401)
|
12
|
+
end
|
13
|
+
else
|
14
|
+
true
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def identify_client(_request = request)
|
19
|
+
AuthOriginControl::Base.new(_request).app
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
class ActionController::Base
|
25
|
+
include AuthOriginControl::Helpers
|
26
|
+
end
|
27
|
+
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module AuthOriginControl
|
2
|
+
class SignedRequest
|
3
|
+
|
4
|
+
def initialize(url, args={})
|
5
|
+
@request_uri = url
|
6
|
+
|
7
|
+
@payload = args.delete(:payload)
|
8
|
+
@method = args.delete(:method) || :get
|
9
|
+
@timeout = args.delete(:timeout) || -1
|
10
|
+
@open_timeout = args.delete(:open_timeout) || -1
|
11
|
+
@headers = args
|
12
|
+
|
13
|
+
@self_id = AuthOriginControl.self_identity[:access_id]
|
14
|
+
@self_secret = AuthOriginControl.self_identity[:secret_key]
|
15
|
+
end
|
16
|
+
|
17
|
+
# Sends a cross_border_request
|
18
|
+
#
|
19
|
+
# rest_client_request = RestClient::Request.new(
|
20
|
+
# :url => uri_string,
|
21
|
+
# :headers => {},
|
22
|
+
# :method => :get)
|
23
|
+
#
|
24
|
+
# Net::Http
|
25
|
+
# uri = URI(uri_string)
|
26
|
+
# Net::HTTP.start(uri.host, uri.port) do |http|
|
27
|
+
# _request = Net::HTTP::Get.new(uri_string)
|
28
|
+
# ApiAuth.sign!(_request, self_identity[:access_id], self_identity[:secret_key])
|
29
|
+
# return http.request _request
|
30
|
+
# end
|
31
|
+
# sign the request and send
|
32
|
+
#
|
33
|
+
def result
|
34
|
+
_rslt_raw = result_raw
|
35
|
+
_rslt_raw && _rslt_raw.code != 401 ? ActiveSupport::JSON.decode(_rslt_raw) : {error: _rslt_raw, code: _rslt_raw.try(:code)}
|
36
|
+
end
|
37
|
+
|
38
|
+
def result_raw
|
39
|
+
signed_authority_request.execute do |response, request, result|
|
40
|
+
return response
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def signed_authority_request
|
45
|
+
::ApiAuth.sign!(authority_request, @self_id, @self_secret)
|
46
|
+
end
|
47
|
+
|
48
|
+
# RestClient Request
|
49
|
+
#
|
50
|
+
# # Net::Http
|
51
|
+
# # _request = Net::HTTP::Get.new(uri_string)
|
52
|
+
#
|
53
|
+
def authority_request
|
54
|
+
RestClient::Request.new(
|
55
|
+
:url => @request_uri,
|
56
|
+
:payload => @payload,
|
57
|
+
:timeout => @timeout,
|
58
|
+
:headers => @headers,
|
59
|
+
:method => @method)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'api-auth'
|
2
|
+
require 'rest-client'
|
3
|
+
|
4
|
+
require "auth_origin_control/engine"
|
5
|
+
require "auth_origin_control/base"
|
6
|
+
|
7
|
+
module AuthOriginControl
|
8
|
+
|
9
|
+
mattr_accessor :local_or_remote_authority
|
10
|
+
def self.local_or_remote_authority
|
11
|
+
@@local_or_remote_authority ||= "local"
|
12
|
+
end
|
13
|
+
|
14
|
+
mattr_accessor :clients_model
|
15
|
+
def self.clients_model
|
16
|
+
@@clients_model ||= "Doorkeeper::Application"
|
17
|
+
end
|
18
|
+
|
19
|
+
mattr_accessor :clients_model_keys
|
20
|
+
def self.clients_model_keys
|
21
|
+
(@@clients_model_keys || {}).reverse_merge!({
|
22
|
+
:access_id => "uid",
|
23
|
+
:secret_key => "secret"
|
24
|
+
})
|
25
|
+
end
|
26
|
+
|
27
|
+
mattr_accessor :passport_api
|
28
|
+
def self.passport_api
|
29
|
+
(@@passport_api || {}).reverse_merge!({
|
30
|
+
:url => "http://localhost:3000/auth_passport_office",
|
31
|
+
:original_request_client_path => "/original_client",
|
32
|
+
:original_request_client_response_key => "original_request_client_secret",
|
33
|
+
:signed_requests => true
|
34
|
+
})
|
35
|
+
end
|
36
|
+
|
37
|
+
mattr_accessor :self_identity
|
38
|
+
def self.self_identity
|
39
|
+
(@@self_identity || {}).reverse_merge!({
|
40
|
+
:access_id => "",
|
41
|
+
:secret_key => ""
|
42
|
+
})
|
43
|
+
end
|
44
|
+
|
45
|
+
mattr_accessor :path
|
46
|
+
def self.path
|
47
|
+
@@path ||= '/'
|
48
|
+
end
|
49
|
+
|
50
|
+
def self.setup
|
51
|
+
yield self
|
52
|
+
end
|
53
|
+
end
|
metadata
ADDED
@@ -0,0 +1,134 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: auth_origin_control
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- NicoArbogast
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-08-28 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 3.2.13
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ~>
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 3.2.13
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: api-auth
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.0.3.1
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.0.3.1
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rest-client
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 1.6.7
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 1.6.7
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: encryptor
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - '='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 1.1.3
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - '='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 1.1.3
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: mysql2
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ! '>='
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ! '>='
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
description: Auth Origin Control checks the origin of the request at app entry
|
84
|
+
email:
|
85
|
+
- nicolas@rbogast.me
|
86
|
+
executables: []
|
87
|
+
extensions: []
|
88
|
+
extra_rdoc_files: []
|
89
|
+
files:
|
90
|
+
- app/assets/javascripts/auth_origin_control/application.js
|
91
|
+
- app/assets/stylesheets/auth_origin_control/application.css
|
92
|
+
- app/controllers/auth_origin_control/application_controller.rb
|
93
|
+
- app/controllers/auth_origin_control/original_clients_controller.rb
|
94
|
+
- app/helpers/auth_origin_control/application_helper.rb
|
95
|
+
- app/views/layouts/auth_origin_control/application.html.erb
|
96
|
+
- config/routes.rb
|
97
|
+
- lib/auth_origin_control/api_auth/app.rb
|
98
|
+
- lib/auth_origin_control/api_auth/identification/local.rb
|
99
|
+
- lib/auth_origin_control/api_auth/identification/remote.rb
|
100
|
+
- lib/auth_origin_control/base.rb
|
101
|
+
- lib/auth_origin_control/encoded_secret/encoded_secret.rb
|
102
|
+
- lib/auth_origin_control/engine.rb
|
103
|
+
- lib/auth_origin_control/helpers/helpers.rb
|
104
|
+
- lib/auth_origin_control/signed_request/request.rb
|
105
|
+
- lib/auth_origin_control/version.rb
|
106
|
+
- lib/auth_origin_control.rb
|
107
|
+
- lib/tasks/auth_origin_control_tasks.rake
|
108
|
+
- MIT-LICENSE
|
109
|
+
- Rakefile
|
110
|
+
- README.rdoc
|
111
|
+
homepage: https://github.com/NicoArbogast/auth_origin_control.git
|
112
|
+
licenses: []
|
113
|
+
metadata: {}
|
114
|
+
post_install_message:
|
115
|
+
rdoc_options: []
|
116
|
+
require_paths:
|
117
|
+
- lib
|
118
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - ! '>='
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '0'
|
123
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
124
|
+
requirements:
|
125
|
+
- - ! '>='
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: '0'
|
128
|
+
requirements: []
|
129
|
+
rubyforge_project:
|
130
|
+
rubygems_version: 2.0.7
|
131
|
+
signing_key:
|
132
|
+
specification_version: 4
|
133
|
+
summary: Auth Origin Control checks the origin of the request at app entry
|
134
|
+
test_files: []
|