auther 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +32 -8
- data/app/controllers/auther/session_controller.rb +36 -8
- data/app/models/auther/account.rb +17 -0
- data/app/views/auther/session/new.html.slim +12 -6
- data/lib/auther.rb +1 -0
- data/lib/auther/cipher.rb +21 -0
- data/lib/auther/gatekeeper.rb +12 -1
- data/lib/auther/version.rb +1 -1
- metadata +5 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 485ebcc245f0f5f8afe7aa31578a4cf1b24539f2
|
4
|
+
data.tar.gz: 3b01086eb3e8daf9f42a7d826c5579172c11c4d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ec0105f688b04a3afed063caa12fafb8d8f8ca646b4d6473ad4da46dd28dc2b75bb73fc64ebcdc963beeb978f6fbbe20a218a3ec8f6963b105b59eee60fac620
|
7
|
+
data.tar.gz: 116393582fcd43e9cd3c9c1e774c90683f582610af2fa16cb71d784faa9028a2325b722b43751a458f0b04a4ec9e865a90e4dbf938dc8744eb7f85b500784dc4
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/README.md
CHANGED
@@ -9,9 +9,10 @@ HTTP Basic Authentication and/or want to be compatible with password managers.
|
|
9
9
|
|
10
10
|
# Features
|
11
11
|
|
12
|
+
* Encrypted session account credentials.
|
12
13
|
* Form-based authentication compatible with password managers like [1Password](https://agilebits.com/onepassword).
|
13
14
|
* Multiple account support with account specific blacklisted paths.
|
14
|
-
* Auto-redirection to
|
15
|
+
* Auto-redirection to requested path (once credentials have been verified).
|
15
16
|
* Customizable session view.
|
16
17
|
* Customizable session controller.
|
17
18
|
|
@@ -22,12 +23,12 @@ HTTP Basic Authentication and/or want to be compatible with password managers.
|
|
22
23
|
|
23
24
|
# Setup
|
24
25
|
|
25
|
-
|
26
|
+
For a secure install, type the following from the command line (recommended):
|
26
27
|
|
27
28
|
gem cert --add <(curl -Ls http://www.redalchemist.com/gem-public.pem)
|
28
29
|
gem install auther -P HighSecurity
|
29
30
|
|
30
|
-
...or type the following
|
31
|
+
...or, for an insecure install, type the following (not recommended):
|
31
32
|
|
32
33
|
gem install auther
|
33
34
|
|
@@ -35,12 +36,11 @@ Add the following to your Gemfile:
|
|
35
36
|
|
36
37
|
gem "auther"
|
37
38
|
|
38
|
-
# Usage
|
39
|
-
|
40
39
|
Edit your routes.rb as follows:
|
41
40
|
|
42
41
|
Rails.application.routes.draw do
|
43
42
|
mount Auther::Engine => "/auther"
|
43
|
+
get "/login", to: "auther/session#new"
|
44
44
|
end
|
45
45
|
|
46
46
|
Edit your application.rb as follows:
|
@@ -51,16 +51,40 @@ Edit your application.rb as follows:
|
|
51
51
|
accounts: [
|
52
52
|
{
|
53
53
|
name: "test",
|
54
|
-
login: "
|
55
|
-
password: "
|
54
|
+
login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
|
55
|
+
password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
|
56
56
|
paths: ["/admin"]
|
57
57
|
}
|
58
58
|
],
|
59
|
-
|
59
|
+
secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
|
60
|
+
auth_url: "/login"
|
60
61
|
}
|
61
62
|
end
|
62
63
|
end
|
63
64
|
|
65
|
+
NOTE: The decrypted account credentials, for example above, are as follows:
|
66
|
+
|
67
|
+
* login: test@test.com
|
68
|
+
* password: password
|
69
|
+
|
70
|
+
# Usage
|
71
|
+
|
72
|
+
Using the setup examples, from above, launch your Rails application and visit either of the following routes:
|
73
|
+
|
74
|
+
http://localhost:3000/login
|
75
|
+
http://localhost:3000/admin # Will redirect to /login if not authorized.
|
76
|
+
|
77
|
+
To encrypt/decrypt account credentials, launch a rails console and type the following:
|
78
|
+
|
79
|
+
# Best if more than 150 characters and gibberish to read. Must be the same as defined in auther settings.
|
80
|
+
cipher = Auther::Cipher.new "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb"
|
81
|
+
|
82
|
+
# Do this to encrypt an unecrypted value.
|
83
|
+
cipher.encrypt "test@test.com"
|
84
|
+
|
85
|
+
# Do this to decrypt an encrypted value.
|
86
|
+
cipher.decrypt "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331"
|
87
|
+
|
64
88
|
# Customization
|
65
89
|
|
66
90
|
Don't like the default authorization form? No problem, simply create the following file within your Rails application
|
@@ -1,21 +1,21 @@
|
|
1
1
|
class Auther::SessionController < ApplicationController
|
2
2
|
layout "auther/auth"
|
3
|
+
before_filter :name_options, only: [:new, :create]
|
3
4
|
|
4
5
|
def show
|
5
6
|
redirect_to action: :new
|
6
7
|
end
|
7
8
|
|
8
9
|
def new
|
10
|
+
@account = Auther::Account.new
|
9
11
|
end
|
10
12
|
|
11
13
|
def create
|
12
|
-
|
13
|
-
account =
|
14
|
+
account_params = params.fetch(:account)
|
15
|
+
@account = Auther::Account.new find_account(account_params.fetch(:name))
|
14
16
|
|
15
|
-
if account
|
16
|
-
|
17
|
-
session[keymaster.login_key] = params[:login]
|
18
|
-
session[keymaster.password_key] = params[:password]
|
17
|
+
if @account.valid?
|
18
|
+
store_credentials @account, account_params.fetch(:login), account_params.fetch(:password)
|
19
19
|
redirect_to session["auther_redirect_url"] || '/'
|
20
20
|
else
|
21
21
|
render template: "auther/session/new"
|
@@ -23,9 +23,37 @@ class Auther::SessionController < ApplicationController
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def destroy
|
26
|
-
|
26
|
+
remove_credentials params[:name]
|
27
|
+
redirect_to action: :new
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def settings
|
33
|
+
Rails.application.config.auther_settings
|
34
|
+
end
|
35
|
+
|
36
|
+
def name_options
|
37
|
+
@name_options = settings.fetch(:accounts).map do |account|
|
38
|
+
name = account.fetch :name
|
39
|
+
[name.capitalize, name]
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def find_account name
|
44
|
+
settings.fetch(:accounts).select { |account| account.fetch(:name) == name }.first
|
45
|
+
end
|
46
|
+
|
47
|
+
def store_credentials account, login, password
|
48
|
+
keymaster = Auther::Keymaster.new account.name
|
49
|
+
cipher = Auther::Cipher.new settings.fetch(:secret)
|
50
|
+
session[keymaster.login_key] = cipher.encrypt login
|
51
|
+
session[keymaster.password_key] = cipher.encrypt password
|
52
|
+
end
|
53
|
+
|
54
|
+
def remove_credentials name
|
55
|
+
keymaster = Auther::Keymaster.new name
|
27
56
|
session.delete keymaster.login_key
|
28
57
|
session.delete keymaster.password_key
|
29
|
-
redirect_to action: :new
|
30
58
|
end
|
31
59
|
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Auther
|
2
|
+
class Account
|
3
|
+
include ActiveModel::Validations
|
4
|
+
|
5
|
+
attr_accessor :name, :login, :password, :paths
|
6
|
+
|
7
|
+
validates :name, :login, :password, presence: true
|
8
|
+
validates :paths, presence: {unless: lambda { |account| account.paths.is_a? Array }, message: "must be an array"}
|
9
|
+
|
10
|
+
def initialize name: nil, login: nil, password: nil, paths: []
|
11
|
+
@name = name
|
12
|
+
@login = login
|
13
|
+
@password = password
|
14
|
+
@paths = paths
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -1,19 +1,25 @@
|
|
1
|
-
=
|
1
|
+
= form_for @account, as: :account, url: "/auther/session", html: {class: "auther-form"} do |form|
|
2
2
|
.row
|
3
3
|
h1.title Authorization
|
4
4
|
|
5
5
|
.row
|
6
6
|
.label
|
7
|
-
=
|
7
|
+
= form.label :login, "Login:"
|
8
8
|
.input
|
9
|
-
=
|
9
|
+
= form.text_field :login
|
10
10
|
|
11
11
|
.row
|
12
12
|
.label
|
13
|
-
=
|
13
|
+
= form.label :password, "Password:"
|
14
14
|
.input
|
15
|
-
=
|
15
|
+
= form.password_field :password
|
16
|
+
|
17
|
+
.row
|
18
|
+
.label
|
19
|
+
= form.label :name, "Account:"
|
20
|
+
.input
|
21
|
+
= form.select :name, @name_options
|
16
22
|
|
17
23
|
.row
|
18
24
|
.actions
|
19
|
-
=
|
25
|
+
= form.submit "Login"
|
data/lib/auther.rb
CHANGED
@@ -0,0 +1,21 @@
|
|
1
|
+
module Auther
|
2
|
+
class Cipher
|
3
|
+
def initialize secret
|
4
|
+
@encryptor = ActiveSupport::MessageEncryptor.new secret
|
5
|
+
end
|
6
|
+
|
7
|
+
def encrypt data
|
8
|
+
encryptor.encrypt_and_sign data
|
9
|
+
end
|
10
|
+
|
11
|
+
def decrypt data
|
12
|
+
encryptor.decrypt_and_verify data
|
13
|
+
end
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def encryptor
|
18
|
+
@encryptor
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
data/lib/auther/gatekeeper.rb
CHANGED
@@ -42,7 +42,18 @@ module Auther
|
|
42
42
|
def authenticated? env, account
|
43
43
|
session = env.fetch "rack.session"
|
44
44
|
keymaster = Auther::Keymaster.new account.fetch(:name)
|
45
|
-
|
45
|
+
cipher = Auther::Cipher.new settings.fetch(:secret)
|
46
|
+
|
47
|
+
begin
|
48
|
+
session_login = cipher.decrypt session[keymaster.login_key]
|
49
|
+
session_password = cipher.decrypt session[keymaster.password_key]
|
50
|
+
account_login = cipher.decrypt account.fetch(:login)
|
51
|
+
account_password = cipher.decrypt account.fetch(:password)
|
52
|
+
|
53
|
+
session_login == account_login && session_password == account_password
|
54
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature => error
|
55
|
+
false
|
56
|
+
end
|
46
57
|
end
|
47
58
|
|
48
59
|
def authorized? env, path
|
data/lib/auther/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: auther
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brooke Kuhlmann
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
30
30
|
SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
|
31
31
|
4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
|
32
32
|
-----END CERTIFICATE-----
|
33
|
-
date: 2014-01-
|
33
|
+
date: 2014-01-13 00:00:00.000000000 Z
|
34
34
|
dependencies:
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: rails
|
@@ -259,11 +259,13 @@ files:
|
|
259
259
|
- app/controllers/auther/application_controller.rb
|
260
260
|
- app/controllers/auther/session_controller.rb
|
261
261
|
- app/helpers/auther/application_helper.rb
|
262
|
+
- app/models/auther/account.rb
|
262
263
|
- app/views/auther/session/new.html.slim
|
263
264
|
- app/views/layouts/auther/auth.html.slim
|
264
265
|
- bin/rails
|
265
266
|
- config/routes.rb
|
266
267
|
- lib/auther.rb
|
268
|
+
- lib/auther/cipher.rb
|
267
269
|
- lib/auther/engine.rb
|
268
270
|
- lib/auther/gatekeeper.rb
|
269
271
|
- lib/auther/keymaster.rb
|
@@ -288,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
288
290
|
version: '0'
|
289
291
|
requirements: []
|
290
292
|
rubyforge_project:
|
291
|
-
rubygems_version: 2.2.
|
293
|
+
rubygems_version: 2.2.1
|
292
294
|
signing_key:
|
293
295
|
specification_version: 4
|
294
296
|
summary: A Rails Engine with simple, form-based authentication support.
|
metadata.gz.sig
CHANGED
Binary file
|