auther 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 093c3e3b89c2368100edded3b52d2d3a11461031
4
- data.tar.gz: 7e351f9e60c11c0e4336c4795dff68e4f0fdd5dd
3
+ metadata.gz: 485ebcc245f0f5f8afe7aa31578a4cf1b24539f2
4
+ data.tar.gz: 3b01086eb3e8daf9f42a7d826c5579172c11c4d0
5
5
  SHA512:
6
- metadata.gz: 40258f7e43264a953509038a46472a43f1ee56acd71818cda863446bbdc356aae0dba2ac70672cd042ea9917a346eec42b03669d7ce00607fa014b4a700fe85d
7
- data.tar.gz: 3e8a937baaa20506299883b701f35aeb268200c318d468ddc0fb66c993026f989ba6a0843b0ec167c83a32d18733d1a23e33bfe00f09fcb0d5cd10fb3aa28285
6
+ metadata.gz: ec0105f688b04a3afed063caa12fafb8d8f8ca646b4d6473ad4da46dd28dc2b75bb73fc64ebcdc963beeb978f6fbbe20a218a3ec8f6963b105b59eee60fac620
7
+ data.tar.gz: 116393582fcd43e9cd3c9c1e774c90683f582610af2fa16cb71d784faa9028a2325b722b43751a458f0b04a4ec9e865a90e4dbf938dc8744eb7f85b500784dc4
Binary file
data.tar.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -9,9 +9,10 @@ HTTP Basic Authentication and/or want to be compatible with password managers.
9
9
 
10
10
  # Features
11
11
 
12
+ * Encrypted session account credentials.
12
13
  * Form-based authentication compatible with password managers like [1Password](https://agilebits.com/onepassword).
13
14
  * Multiple account support with account specific blacklisted paths.
14
- * Auto-redirection to blacklisted path (once credentials have been verified).
15
+ * Auto-redirection to requested path (once credentials have been verified).
15
16
  * Customizable session view.
16
17
  * Customizable session controller.
17
18
 
@@ -22,12 +23,12 @@ HTTP Basic Authentication and/or want to be compatible with password managers.
22
23
 
23
24
  # Setup
24
25
 
25
- Type the following from the command line to securely install (recommended):
26
+ For a secure install, type the following from the command line (recommended):
26
27
 
27
28
  gem cert --add <(curl -Ls http://www.redalchemist.com/gem-public.pem)
28
29
  gem install auther -P HighSecurity
29
30
 
30
- ...or type the following to insecurely install (not recommended):
31
+ ...or, for an insecure install, type the following (not recommended):
31
32
 
32
33
  gem install auther
33
34
 
@@ -35,12 +36,11 @@ Add the following to your Gemfile:
35
36
 
36
37
  gem "auther"
37
38
 
38
- # Usage
39
-
40
39
  Edit your routes.rb as follows:
41
40
 
42
41
  Rails.application.routes.draw do
43
42
  mount Auther::Engine => "/auther"
43
+ get "/login", to: "auther/session#new"
44
44
  end
45
45
 
46
46
  Edit your application.rb as follows:
@@ -51,16 +51,40 @@ Edit your application.rb as follows:
51
51
  accounts: [
52
52
  {
53
53
  name: "test",
54
- login: "test@test.com",
55
- password: "password",
54
+ login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
55
+ password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
56
56
  paths: ["/admin"]
57
57
  }
58
58
  ],
59
- auth_url: "/auther/session/new"
59
+ secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
60
+ auth_url: "/login"
60
61
  }
61
62
  end
62
63
  end
63
64
 
65
+ NOTE: The decrypted account credentials, for example above, are as follows:
66
+
67
+ * login: test@test.com
68
+ * password: password
69
+
70
+ # Usage
71
+
72
+ Using the setup examples, from above, launch your Rails application and visit either of the following routes:
73
+
74
+ http://localhost:3000/login
75
+ http://localhost:3000/admin # Will redirect to /login if not authorized.
76
+
77
+ To encrypt/decrypt account credentials, launch a rails console and type the following:
78
+
79
+ # Best if more than 150 characters and gibberish to read. Must be the same as defined in auther settings.
80
+ cipher = Auther::Cipher.new "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb"
81
+
82
+ # Do this to encrypt an unecrypted value.
83
+ cipher.encrypt "test@test.com"
84
+
85
+ # Do this to decrypt an encrypted value.
86
+ cipher.decrypt "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331"
87
+
64
88
  # Customization
65
89
 
66
90
  Don't like the default authorization form? No problem, simply create the following file within your Rails application
@@ -1,21 +1,21 @@
1
1
  class Auther::SessionController < ApplicationController
2
2
  layout "auther/auth"
3
+ before_filter :name_options, only: [:new, :create]
3
4
 
4
5
  def show
5
6
  redirect_to action: :new
6
7
  end
7
8
 
8
9
  def new
10
+ @account = Auther::Account.new
9
11
  end
10
12
 
11
13
  def create
12
- settings = Rails.application.config.auther_settings
13
- account = settings.fetch(:accounts).select { |account| account.fetch(:login) == params[:login] }.first
14
+ account_params = params.fetch(:account)
15
+ @account = Auther::Account.new find_account(account_params.fetch(:name))
14
16
 
15
- if account
16
- keymaster = Auther::Keymaster.new account[:name]
17
- session[keymaster.login_key] = params[:login]
18
- session[keymaster.password_key] = params[:password]
17
+ if @account.valid?
18
+ store_credentials @account, account_params.fetch(:login), account_params.fetch(:password)
19
19
  redirect_to session["auther_redirect_url"] || '/'
20
20
  else
21
21
  render template: "auther/session/new"
@@ -23,9 +23,37 @@ class Auther::SessionController < ApplicationController
23
23
  end
24
24
 
25
25
  def destroy
26
- keymaster = Auther::Keymaster.new params[:account_name]
26
+ remove_credentials params[:name]
27
+ redirect_to action: :new
28
+ end
29
+
30
+ private
31
+
32
+ def settings
33
+ Rails.application.config.auther_settings
34
+ end
35
+
36
+ def name_options
37
+ @name_options = settings.fetch(:accounts).map do |account|
38
+ name = account.fetch :name
39
+ [name.capitalize, name]
40
+ end
41
+ end
42
+
43
+ def find_account name
44
+ settings.fetch(:accounts).select { |account| account.fetch(:name) == name }.first
45
+ end
46
+
47
+ def store_credentials account, login, password
48
+ keymaster = Auther::Keymaster.new account.name
49
+ cipher = Auther::Cipher.new settings.fetch(:secret)
50
+ session[keymaster.login_key] = cipher.encrypt login
51
+ session[keymaster.password_key] = cipher.encrypt password
52
+ end
53
+
54
+ def remove_credentials name
55
+ keymaster = Auther::Keymaster.new name
27
56
  session.delete keymaster.login_key
28
57
  session.delete keymaster.password_key
29
- redirect_to action: :new
30
58
  end
31
59
  end
@@ -0,0 +1,17 @@
1
+ module Auther
2
+ class Account
3
+ include ActiveModel::Validations
4
+
5
+ attr_accessor :name, :login, :password, :paths
6
+
7
+ validates :name, :login, :password, presence: true
8
+ validates :paths, presence: {unless: lambda { |account| account.paths.is_a? Array }, message: "must be an array"}
9
+
10
+ def initialize name: nil, login: nil, password: nil, paths: []
11
+ @name = name
12
+ @login = login
13
+ @password = password
14
+ @paths = paths
15
+ end
16
+ end
17
+ end
@@ -1,19 +1,25 @@
1
- = form_tag "/auther/session", class: "auther-form"
1
+ = form_for @account, as: :account, url: "/auther/session", html: {class: "auther-form"} do |form|
2
2
  .row
3
3
  h1.title Authorization
4
4
 
5
5
  .row
6
6
  .label
7
- = label_tag :login, "Login:"
7
+ = form.label :login, "Login:"
8
8
  .input
9
- = text_field_tag :login, nil
9
+ = form.text_field :login
10
10
 
11
11
  .row
12
12
  .label
13
- = label_tag :password, "Password:"
13
+ = form.label :password, "Password:"
14
14
  .input
15
- = password_field_tag :password, nil
15
+ = form.password_field :password
16
+
17
+ .row
18
+ .label
19
+ = form.label :name, "Account:"
20
+ .input
21
+ = form.select :name, @name_options
16
22
 
17
23
  .row
18
24
  .actions
19
- = submit_tag "Login", class: "btn btn-primary"
25
+ = form.submit "Login"
@@ -1,4 +1,5 @@
1
1
  require "slim-rails"
2
+ require "auther/cipher"
2
3
  require "auther/keymaster"
3
4
  require "auther/gatekeeper"
4
5
  require "auther/engine"
@@ -0,0 +1,21 @@
1
+ module Auther
2
+ class Cipher
3
+ def initialize secret
4
+ @encryptor = ActiveSupport::MessageEncryptor.new secret
5
+ end
6
+
7
+ def encrypt data
8
+ encryptor.encrypt_and_sign data
9
+ end
10
+
11
+ def decrypt data
12
+ encryptor.decrypt_and_verify data
13
+ end
14
+
15
+ private
16
+
17
+ def encryptor
18
+ @encryptor
19
+ end
20
+ end
21
+ end
@@ -42,7 +42,18 @@ module Auther
42
42
  def authenticated? env, account
43
43
  session = env.fetch "rack.session"
44
44
  keymaster = Auther::Keymaster.new account.fetch(:name)
45
- session[keymaster.login_key] == account.fetch(:login) && session[keymaster.password_key] == account.fetch(:password)
45
+ cipher = Auther::Cipher.new settings.fetch(:secret)
46
+
47
+ begin
48
+ session_login = cipher.decrypt session[keymaster.login_key]
49
+ session_password = cipher.decrypt session[keymaster.password_key]
50
+ account_login = cipher.decrypt account.fetch(:login)
51
+ account_password = cipher.decrypt account.fetch(:password)
52
+
53
+ session_login == account_login && session_password == account_password
54
+ rescue ActiveSupport::MessageVerifier::InvalidSignature => error
55
+ false
56
+ end
46
57
  end
47
58
 
48
59
  def authorized? env, path
@@ -1,3 +1,3 @@
1
1
  module Auther
2
- VERSION = "0.1.0"
2
+ VERSION = "0.2.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: auther
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brooke Kuhlmann
@@ -30,7 +30,7 @@ cert_chain:
30
30
  SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
31
31
  4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
32
32
  -----END CERTIFICATE-----
33
- date: 2014-01-10 00:00:00.000000000 Z
33
+ date: 2014-01-13 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: rails
@@ -259,11 +259,13 @@ files:
259
259
  - app/controllers/auther/application_controller.rb
260
260
  - app/controllers/auther/session_controller.rb
261
261
  - app/helpers/auther/application_helper.rb
262
+ - app/models/auther/account.rb
262
263
  - app/views/auther/session/new.html.slim
263
264
  - app/views/layouts/auther/auth.html.slim
264
265
  - bin/rails
265
266
  - config/routes.rb
266
267
  - lib/auther.rb
268
+ - lib/auther/cipher.rb
267
269
  - lib/auther/engine.rb
268
270
  - lib/auther/gatekeeper.rb
269
271
  - lib/auther/keymaster.rb
@@ -288,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
288
290
  version: '0'
289
291
  requirements: []
290
292
  rubyforge_project:
291
- rubygems_version: 2.2.0
293
+ rubygems_version: 2.2.1
292
294
  signing_key:
293
295
  specification_version: 4
294
296
  summary: A Rails Engine with simple, form-based authentication support.
metadata.gz.sig CHANGED
Binary file