authentication_identifier_transposer 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +4 -0
- data/.rspec +2 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/Dockerfile +10 -0
- data/Gemfile +3 -0
- data/README.md +52 -0
- data/Rakefile +6 -0
- data/authentication_identifier_transposer.gemspec +30 -0
- data/bin/console +14 -0
- data/bin/keypair-generator +37 -0
- data/bin/rotate-configs +23 -0
- data/bin/setup +8 -0
- data/docker-compose.yml +9 -0
- data/lib/authentication_identifier_transposer.rb +5 -0
- data/lib/authentication_identifier_transposer/rack_middleware.rb +19 -0
- data/lib/authentication_identifier_transposer/version.rb +3 -0
- data/spec/rack_middleware_spec.rb +69 -0
- data/spec/spec_helper.rb +12 -0
- metadata +181 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: c71709f3bc73521b8a9bd81f60c4328f23d4985a
|
4
|
+
data.tar.gz: 3c848e086b4cf5cc43c9877df03e1d7c5194d682
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 94c3b281371b97c732d830e70d8ef6ce4ea6fffa91c97f7bec6fd1f660bb5a7647b30b2b4729e8c2b06aa8fc66cc28ab73d92ef2bb2df6447d808cd7f74471cf
|
7
|
+
data.tar.gz: 42350ec80f937679a7a61438a37ed6df849e7648cfa9a5a10684bb7104aedaae1b1a82dcc523bec1260300637eb0abdea00ac185a2f1388f4064ac68f500ec8f
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
authentication_identifier_transposer
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby-2.3.0
|
data/Dockerfile
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
# AuthenticationIdentifierTransposer
|
2
|
+
|
3
|
+
This gem provides Rack Middleware transposing the authenticated identifier for Soar SC
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
gem 'authentication_identifier_transposer'
|
11
|
+
```
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
```bash
|
15
|
+
bundle
|
16
|
+
```
|
17
|
+
|
18
|
+
Or install it yourself as:
|
19
|
+
```bash
|
20
|
+
gem install authentication_identifier_transposer
|
21
|
+
```
|
22
|
+
|
23
|
+
## Testing
|
24
|
+
|
25
|
+
Run the rspec test tests using docker compose:
|
26
|
+
|
27
|
+
```bash
|
28
|
+
export UID
|
29
|
+
docker-compose build --force-rm --no-cache
|
30
|
+
docker-compose down
|
31
|
+
docker-compose run --rm tests
|
32
|
+
docker-compose down
|
33
|
+
```
|
34
|
+
|
35
|
+
## Usage
|
36
|
+
|
37
|
+
### RackMiddleware
|
38
|
+
|
39
|
+
```ruby
|
40
|
+
use AuthenticationIdentifierTransposer::RackMiddleware
|
41
|
+
```
|
42
|
+
|
43
|
+
This middleware will perform the simple action of looking for the authenticated identifier in the HTTP header 'X-GATEWAY-AUTHENTICATED-IDENTIFIER' and copy that to the request.session['user'] and request.env['REMOTE_USER'] request variables where SoarAuthentication can pick it up from.
|
44
|
+
|
45
|
+
## Contributing
|
46
|
+
|
47
|
+
Bug reports and feature requests are welcome by email to barney dot de dot villiers at hetzner dot co dot za. This gem is sponsored by Hetzner (Pty) Ltd (http://hetzner.co.za)
|
48
|
+
|
49
|
+
|
50
|
+
## License
|
51
|
+
|
52
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'authentication_identifier_transposer/version'
|
5
|
+
|
6
|
+
|
7
|
+
Gem::Specification.new do |spec|
|
8
|
+
spec.name = "authentication_identifier_transposer"
|
9
|
+
spec.version = AuthenticationIdentifierTransposer::VERSION
|
10
|
+
spec.authors = ["Barney de Villiers"]
|
11
|
+
spec.email = ["barney.de.villiers@hetzner.co.za"]
|
12
|
+
spec.description = %q{Rack Middleware transposing the authenticated identifier for Soar SC}
|
13
|
+
spec.summary = %q{Rack Middleware transposing the authenticated identifier into something that is Soar SC friendly, this is to be used only when a Soar SC component is behind a gateway handling authentication.}
|
14
|
+
spec.homepage = "https://gitlab.host-h.net/hetznerZA/authentication-identifier-transposer-rack-middleware"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files`.split($/)
|
18
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
19
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.add_dependency "rack", '>= 1.6.4', '< 3.0.0'
|
23
|
+
|
24
|
+
spec.add_development_dependency 'bundler', '~> 1.3'
|
25
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
26
|
+
spec.add_development_dependency 'rspec', '~> 2.13'
|
27
|
+
spec.add_development_dependency "capybara", '~> 2.1', '>= 2.1.0'
|
28
|
+
spec.add_development_dependency "simplecov", '~> 0'
|
29
|
+
spec.add_development_dependency "simplecov-rcov", '~> 0'
|
30
|
+
end
|
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "authentication_identifier_transposer"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
@@ -0,0 +1,37 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require "pathname"
|
3
|
+
bin_file = Pathname.new(__FILE__).realpath
|
4
|
+
$:.unshift File.expand_path("../../lib", bin_file)
|
5
|
+
|
6
|
+
require 'authentication_identifier_transposer'
|
7
|
+
require 'yaml'
|
8
|
+
require 'json'
|
9
|
+
|
10
|
+
class Main
|
11
|
+
|
12
|
+
def generate_keypair
|
13
|
+
#create and configure auditing instance
|
14
|
+
keypair_generator = AuthenticationIdentifierTransposer::KeypairGenerator.new
|
15
|
+
private_key, public_key = keypair_generator.generate
|
16
|
+
configuration = {
|
17
|
+
'private_key' => private_key,
|
18
|
+
'public_key' => public_key
|
19
|
+
}
|
20
|
+
puts "------------"
|
21
|
+
puts "YAML Format:"
|
22
|
+
puts "------------"
|
23
|
+
print configuration.to_yaml
|
24
|
+
puts ""
|
25
|
+
puts "------------"
|
26
|
+
puts "JSON Format:"
|
27
|
+
puts "------------"
|
28
|
+
print configuration.to_json
|
29
|
+
puts ""
|
30
|
+
puts ""
|
31
|
+
puts "------------"
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
main = Main.new
|
37
|
+
main.generate_keypair
|
data/bin/rotate-configs
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require "pathname"
|
3
|
+
bin_file = Pathname.new(__FILE__).realpath
|
4
|
+
$:.unshift File.expand_path("../../lib", bin_file)
|
5
|
+
|
6
|
+
require 'authentication_identifier_transposer'
|
7
|
+
require 'thor'
|
8
|
+
|
9
|
+
class RotateConfigCLI < Thor
|
10
|
+
desc "rotate [OPTIONS]", "rotate configurations"
|
11
|
+
option :generator_config_file, :aliases => '-g', :desc => 'Configuration file of the generator'
|
12
|
+
option :validator_config_file, :aliases => '-v', :desc => 'Configuration file of the validator'
|
13
|
+
def rotate
|
14
|
+
raise 'generator_config_file must be specified' unless options['generator_config_file']
|
15
|
+
|
16
|
+
rotator = AuthenticationIdentifierTransposer::ConfigRotator.new
|
17
|
+
rotator.rotate_json_config_files(generator_file_name: options['generator_config_file'],
|
18
|
+
validator_file_name: options['validator_config_file'])
|
19
|
+
end
|
20
|
+
default_task :rotate
|
21
|
+
end
|
22
|
+
|
23
|
+
RotateConfigCLI.start(ARGV)
|
data/bin/setup
ADDED
data/docker-compose.yml
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'rack'
|
2
|
+
|
3
|
+
module AuthenticationIdentifierTransposer
|
4
|
+
class RackMiddleware
|
5
|
+
def initialize(app)
|
6
|
+
@app = app
|
7
|
+
end
|
8
|
+
|
9
|
+
def call(env)
|
10
|
+
request = Rack::Request.new env
|
11
|
+
authenticated_identifier = request.env['HTTP_X_GATEWAY_AUTHENTICATED_IDENTIFIER']
|
12
|
+
if authenticated_identifier
|
13
|
+
request.session['user'] = authenticated_identifier
|
14
|
+
request.env['REMOTE_USER'] = authenticated_identifier
|
15
|
+
end
|
16
|
+
return @app.call env
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'rack'
|
3
|
+
require 'rack/test'
|
4
|
+
|
5
|
+
describe AuthenticationIdentifierTransposer::RackMiddleware do
|
6
|
+
include Rack::Test::Methods
|
7
|
+
|
8
|
+
before :each do
|
9
|
+
@test_app = lambda do |env|
|
10
|
+
request = Rack::Request.new env
|
11
|
+
session = request.session
|
12
|
+
test_app_response_data = {
|
13
|
+
'message' => "tested",
|
14
|
+
'session_user' => request.session['user'],
|
15
|
+
'remote_user' => request.env['REMOTE_USER']
|
16
|
+
}
|
17
|
+
[200, {"Content-Type" => "application/json"}, test_app_response_data ]
|
18
|
+
end
|
19
|
+
@iut = AuthenticationIdentifierTransposer::RackMiddleware.new(@test_app)
|
20
|
+
end
|
21
|
+
|
22
|
+
context "when initialized" do
|
23
|
+
it 'remembers the app provided' do
|
24
|
+
expect(@iut.instance_variable_get("@app")).to eq(@test_app)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "when called with a request environment" do
|
29
|
+
context 'with X-GATEWAY-AUTHENTICATED-IDENTIFIER header' do
|
30
|
+
it "pass requests to the application" do
|
31
|
+
opts = { 'X-GATEWAY-AUTHENTICATED-IDENTIFIER' => 'test_uuid' }
|
32
|
+
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
33
|
+
expect([code, env, body['message']]).to eq([200, {"Content-Type"=>"application/json"}, "tested"])
|
34
|
+
end
|
35
|
+
|
36
|
+
it "set the user key in the request session" do
|
37
|
+
opts = { 'X-GATEWAY-AUTHENTICATED-IDENTIFIER' => 'test_uuid' }
|
38
|
+
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
39
|
+
expect(body['session_user']).to eq 'test_uuid'
|
40
|
+
end
|
41
|
+
|
42
|
+
it "set the remote user in the request environment" do
|
43
|
+
opts = { 'X-GATEWAY-AUTHENTICATED-IDENTIFIER' => 'test_uuid' }
|
44
|
+
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
45
|
+
expect(body['remote_user']).to eq 'test_uuid'
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
context 'without X-GATEWAY-AUTHENTICATED-IDENTIFIER header' do
|
50
|
+
it "pass requests to the application" do
|
51
|
+
opts = { }
|
52
|
+
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
53
|
+
expect([code, env, body['message'], body['session_user'], body['remote_user']]).to eq([200, {"Content-Type"=>"application/json"}, "tested", nil, nil])
|
54
|
+
end
|
55
|
+
|
56
|
+
it "does not modify the user key in the request session" do
|
57
|
+
opts = { }
|
58
|
+
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
59
|
+
expect(body['session_user']).to eq nil
|
60
|
+
end
|
61
|
+
|
62
|
+
it "does not modify the remote user in the request environment" do
|
63
|
+
opts = { }
|
64
|
+
code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts)
|
65
|
+
expect(body['remote_user']).to eq nil
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'simplecov'
|
2
|
+
require 'simplecov-rcov'
|
3
|
+
|
4
|
+
SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
|
5
|
+
SimpleCov.start do
|
6
|
+
add_filter "/spec/"
|
7
|
+
end
|
8
|
+
|
9
|
+
$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
|
10
|
+
$LOAD_PATH.unshift File.expand_path('../../spec/support', __FILE__)
|
11
|
+
|
12
|
+
require 'authentication_identifier_transposer'
|
metadata
ADDED
@@ -0,0 +1,181 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: authentication_identifier_transposer
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Barney de Villiers
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-06-12 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rack
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 1.6.4
|
20
|
+
- - "<"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 3.0.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 1.6.4
|
30
|
+
- - "<"
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 3.0.0
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: bundler
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '1.3'
|
40
|
+
type: :development
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '1.3'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rake
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - "~>"
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '10.0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '10.0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: rspec
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '2.13'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '2.13'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: capybara
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - "~>"
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '2.1'
|
82
|
+
- - ">="
|
83
|
+
- !ruby/object:Gem::Version
|
84
|
+
version: 2.1.0
|
85
|
+
type: :development
|
86
|
+
prerelease: false
|
87
|
+
version_requirements: !ruby/object:Gem::Requirement
|
88
|
+
requirements:
|
89
|
+
- - "~>"
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
version: '2.1'
|
92
|
+
- - ">="
|
93
|
+
- !ruby/object:Gem::Version
|
94
|
+
version: 2.1.0
|
95
|
+
- !ruby/object:Gem::Dependency
|
96
|
+
name: simplecov
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - "~>"
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
type: :development
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
requirements:
|
106
|
+
- - "~>"
|
107
|
+
- !ruby/object:Gem::Version
|
108
|
+
version: '0'
|
109
|
+
- !ruby/object:Gem::Dependency
|
110
|
+
name: simplecov-rcov
|
111
|
+
requirement: !ruby/object:Gem::Requirement
|
112
|
+
requirements:
|
113
|
+
- - "~>"
|
114
|
+
- !ruby/object:Gem::Version
|
115
|
+
version: '0'
|
116
|
+
type: :development
|
117
|
+
prerelease: false
|
118
|
+
version_requirements: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - "~>"
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '0'
|
123
|
+
description: Rack Middleware transposing the authenticated identifier for Soar SC
|
124
|
+
email:
|
125
|
+
- barney.de.villiers@hetzner.co.za
|
126
|
+
executables:
|
127
|
+
- console
|
128
|
+
- keypair-generator
|
129
|
+
- rotate-configs
|
130
|
+
- setup
|
131
|
+
extensions: []
|
132
|
+
extra_rdoc_files: []
|
133
|
+
files:
|
134
|
+
- ".gitignore"
|
135
|
+
- ".rspec"
|
136
|
+
- ".ruby-gemset"
|
137
|
+
- ".ruby-version"
|
138
|
+
- Dockerfile
|
139
|
+
- Gemfile
|
140
|
+
- README.md
|
141
|
+
- Rakefile
|
142
|
+
- authentication_identifier_transposer.gemspec
|
143
|
+
- bin/console
|
144
|
+
- bin/keypair-generator
|
145
|
+
- bin/rotate-configs
|
146
|
+
- bin/setup
|
147
|
+
- docker-compose.yml
|
148
|
+
- lib/authentication_identifier_transposer.rb
|
149
|
+
- lib/authentication_identifier_transposer/rack_middleware.rb
|
150
|
+
- lib/authentication_identifier_transposer/version.rb
|
151
|
+
- spec/rack_middleware_spec.rb
|
152
|
+
- spec/spec_helper.rb
|
153
|
+
homepage: https://gitlab.host-h.net/hetznerZA/authentication-identifier-transposer-rack-middleware
|
154
|
+
licenses:
|
155
|
+
- MIT
|
156
|
+
metadata: {}
|
157
|
+
post_install_message:
|
158
|
+
rdoc_options: []
|
159
|
+
require_paths:
|
160
|
+
- lib
|
161
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - ">="
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '0'
|
166
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
167
|
+
requirements:
|
168
|
+
- - ">="
|
169
|
+
- !ruby/object:Gem::Version
|
170
|
+
version: '0'
|
171
|
+
requirements: []
|
172
|
+
rubyforge_project:
|
173
|
+
rubygems_version: 2.5.1
|
174
|
+
signing_key:
|
175
|
+
specification_version: 4
|
176
|
+
summary: Rack Middleware transposing the authenticated identifier into something that
|
177
|
+
is Soar SC friendly, this is to be used only when a Soar SC component is behind
|
178
|
+
a gateway handling authentication.
|
179
|
+
test_files:
|
180
|
+
- spec/rack_middleware_spec.rb
|
181
|
+
- spec/spec_helper.rb
|