auther 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +32 -8
- data/app/controllers/auther/session_controller.rb +36 -8
- data/app/models/auther/account.rb +17 -0
- data/app/views/auther/session/new.html.slim +12 -6
- data/lib/auther.rb +1 -0
- data/lib/auther/cipher.rb +21 -0
- data/lib/auther/gatekeeper.rb +12 -1
- data/lib/auther/version.rb +1 -1
- metadata +5 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 485ebcc245f0f5f8afe7aa31578a4cf1b24539f2
|
|
4
|
+
data.tar.gz: 3b01086eb3e8daf9f42a7d826c5579172c11c4d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ec0105f688b04a3afed063caa12fafb8d8f8ca646b4d6473ad4da46dd28dc2b75bb73fc64ebcdc963beeb978f6fbbe20a218a3ec8f6963b105b59eee60fac620
|
|
7
|
+
data.tar.gz: 116393582fcd43e9cd3c9c1e774c90683f582610af2fa16cb71d784faa9028a2325b722b43751a458f0b04a4ec9e865a90e4dbf938dc8744eb7f85b500784dc4
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/README.md
CHANGED
|
@@ -9,9 +9,10 @@ HTTP Basic Authentication and/or want to be compatible with password managers.
|
|
|
9
9
|
|
|
10
10
|
# Features
|
|
11
11
|
|
|
12
|
+
* Encrypted session account credentials.
|
|
12
13
|
* Form-based authentication compatible with password managers like [1Password](https://agilebits.com/onepassword).
|
|
13
14
|
* Multiple account support with account specific blacklisted paths.
|
|
14
|
-
* Auto-redirection to
|
|
15
|
+
* Auto-redirection to requested path (once credentials have been verified).
|
|
15
16
|
* Customizable session view.
|
|
16
17
|
* Customizable session controller.
|
|
17
18
|
|
|
@@ -22,12 +23,12 @@ HTTP Basic Authentication and/or want to be compatible with password managers.
|
|
|
22
23
|
|
|
23
24
|
# Setup
|
|
24
25
|
|
|
25
|
-
|
|
26
|
+
For a secure install, type the following from the command line (recommended):
|
|
26
27
|
|
|
27
28
|
gem cert --add <(curl -Ls http://www.redalchemist.com/gem-public.pem)
|
|
28
29
|
gem install auther -P HighSecurity
|
|
29
30
|
|
|
30
|
-
...or type the following
|
|
31
|
+
...or, for an insecure install, type the following (not recommended):
|
|
31
32
|
|
|
32
33
|
gem install auther
|
|
33
34
|
|
|
@@ -35,12 +36,11 @@ Add the following to your Gemfile:
|
|
|
35
36
|
|
|
36
37
|
gem "auther"
|
|
37
38
|
|
|
38
|
-
# Usage
|
|
39
|
-
|
|
40
39
|
Edit your routes.rb as follows:
|
|
41
40
|
|
|
42
41
|
Rails.application.routes.draw do
|
|
43
42
|
mount Auther::Engine => "/auther"
|
|
43
|
+
get "/login", to: "auther/session#new"
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
Edit your application.rb as follows:
|
|
@@ -51,16 +51,40 @@ Edit your application.rb as follows:
|
|
|
51
51
|
accounts: [
|
|
52
52
|
{
|
|
53
53
|
name: "test",
|
|
54
|
-
login: "
|
|
55
|
-
password: "
|
|
54
|
+
login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
|
|
55
|
+
password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
|
|
56
56
|
paths: ["/admin"]
|
|
57
57
|
}
|
|
58
58
|
],
|
|
59
|
-
|
|
59
|
+
secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
|
|
60
|
+
auth_url: "/login"
|
|
60
61
|
}
|
|
61
62
|
end
|
|
62
63
|
end
|
|
63
64
|
|
|
65
|
+
NOTE: The decrypted account credentials, for example above, are as follows:
|
|
66
|
+
|
|
67
|
+
* login: test@test.com
|
|
68
|
+
* password: password
|
|
69
|
+
|
|
70
|
+
# Usage
|
|
71
|
+
|
|
72
|
+
Using the setup examples, from above, launch your Rails application and visit either of the following routes:
|
|
73
|
+
|
|
74
|
+
http://localhost:3000/login
|
|
75
|
+
http://localhost:3000/admin # Will redirect to /login if not authorized.
|
|
76
|
+
|
|
77
|
+
To encrypt/decrypt account credentials, launch a rails console and type the following:
|
|
78
|
+
|
|
79
|
+
# Best if more than 150 characters and gibberish to read. Must be the same as defined in auther settings.
|
|
80
|
+
cipher = Auther::Cipher.new "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb"
|
|
81
|
+
|
|
82
|
+
# Do this to encrypt an unecrypted value.
|
|
83
|
+
cipher.encrypt "test@test.com"
|
|
84
|
+
|
|
85
|
+
# Do this to decrypt an encrypted value.
|
|
86
|
+
cipher.decrypt "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331"
|
|
87
|
+
|
|
64
88
|
# Customization
|
|
65
89
|
|
|
66
90
|
Don't like the default authorization form? No problem, simply create the following file within your Rails application
|
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
class Auther::SessionController < ApplicationController
|
|
2
2
|
layout "auther/auth"
|
|
3
|
+
before_filter :name_options, only: [:new, :create]
|
|
3
4
|
|
|
4
5
|
def show
|
|
5
6
|
redirect_to action: :new
|
|
6
7
|
end
|
|
7
8
|
|
|
8
9
|
def new
|
|
10
|
+
@account = Auther::Account.new
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def create
|
|
12
|
-
|
|
13
|
-
account =
|
|
14
|
+
account_params = params.fetch(:account)
|
|
15
|
+
@account = Auther::Account.new find_account(account_params.fetch(:name))
|
|
14
16
|
|
|
15
|
-
if account
|
|
16
|
-
|
|
17
|
-
session[keymaster.login_key] = params[:login]
|
|
18
|
-
session[keymaster.password_key] = params[:password]
|
|
17
|
+
if @account.valid?
|
|
18
|
+
store_credentials @account, account_params.fetch(:login), account_params.fetch(:password)
|
|
19
19
|
redirect_to session["auther_redirect_url"] || '/'
|
|
20
20
|
else
|
|
21
21
|
render template: "auther/session/new"
|
|
@@ -23,9 +23,37 @@ class Auther::SessionController < ApplicationController
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def destroy
|
|
26
|
-
|
|
26
|
+
remove_credentials params[:name]
|
|
27
|
+
redirect_to action: :new
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
private
|
|
31
|
+
|
|
32
|
+
def settings
|
|
33
|
+
Rails.application.config.auther_settings
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def name_options
|
|
37
|
+
@name_options = settings.fetch(:accounts).map do |account|
|
|
38
|
+
name = account.fetch :name
|
|
39
|
+
[name.capitalize, name]
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def find_account name
|
|
44
|
+
settings.fetch(:accounts).select { |account| account.fetch(:name) == name }.first
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def store_credentials account, login, password
|
|
48
|
+
keymaster = Auther::Keymaster.new account.name
|
|
49
|
+
cipher = Auther::Cipher.new settings.fetch(:secret)
|
|
50
|
+
session[keymaster.login_key] = cipher.encrypt login
|
|
51
|
+
session[keymaster.password_key] = cipher.encrypt password
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def remove_credentials name
|
|
55
|
+
keymaster = Auther::Keymaster.new name
|
|
27
56
|
session.delete keymaster.login_key
|
|
28
57
|
session.delete keymaster.password_key
|
|
29
|
-
redirect_to action: :new
|
|
30
58
|
end
|
|
31
59
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Auther
|
|
2
|
+
class Account
|
|
3
|
+
include ActiveModel::Validations
|
|
4
|
+
|
|
5
|
+
attr_accessor :name, :login, :password, :paths
|
|
6
|
+
|
|
7
|
+
validates :name, :login, :password, presence: true
|
|
8
|
+
validates :paths, presence: {unless: lambda { |account| account.paths.is_a? Array }, message: "must be an array"}
|
|
9
|
+
|
|
10
|
+
def initialize name: nil, login: nil, password: nil, paths: []
|
|
11
|
+
@name = name
|
|
12
|
+
@login = login
|
|
13
|
+
@password = password
|
|
14
|
+
@paths = paths
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,19 +1,25 @@
|
|
|
1
|
-
=
|
|
1
|
+
= form_for @account, as: :account, url: "/auther/session", html: {class: "auther-form"} do |form|
|
|
2
2
|
.row
|
|
3
3
|
h1.title Authorization
|
|
4
4
|
|
|
5
5
|
.row
|
|
6
6
|
.label
|
|
7
|
-
=
|
|
7
|
+
= form.label :login, "Login:"
|
|
8
8
|
.input
|
|
9
|
-
=
|
|
9
|
+
= form.text_field :login
|
|
10
10
|
|
|
11
11
|
.row
|
|
12
12
|
.label
|
|
13
|
-
=
|
|
13
|
+
= form.label :password, "Password:"
|
|
14
14
|
.input
|
|
15
|
-
=
|
|
15
|
+
= form.password_field :password
|
|
16
|
+
|
|
17
|
+
.row
|
|
18
|
+
.label
|
|
19
|
+
= form.label :name, "Account:"
|
|
20
|
+
.input
|
|
21
|
+
= form.select :name, @name_options
|
|
16
22
|
|
|
17
23
|
.row
|
|
18
24
|
.actions
|
|
19
|
-
=
|
|
25
|
+
= form.submit "Login"
|
data/lib/auther.rb
CHANGED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Auther
|
|
2
|
+
class Cipher
|
|
3
|
+
def initialize secret
|
|
4
|
+
@encryptor = ActiveSupport::MessageEncryptor.new secret
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def encrypt data
|
|
8
|
+
encryptor.encrypt_and_sign data
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def decrypt data
|
|
12
|
+
encryptor.decrypt_and_verify data
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def encryptor
|
|
18
|
+
@encryptor
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/auther/gatekeeper.rb
CHANGED
|
@@ -42,7 +42,18 @@ module Auther
|
|
|
42
42
|
def authenticated? env, account
|
|
43
43
|
session = env.fetch "rack.session"
|
|
44
44
|
keymaster = Auther::Keymaster.new account.fetch(:name)
|
|
45
|
-
|
|
45
|
+
cipher = Auther::Cipher.new settings.fetch(:secret)
|
|
46
|
+
|
|
47
|
+
begin
|
|
48
|
+
session_login = cipher.decrypt session[keymaster.login_key]
|
|
49
|
+
session_password = cipher.decrypt session[keymaster.password_key]
|
|
50
|
+
account_login = cipher.decrypt account.fetch(:login)
|
|
51
|
+
account_password = cipher.decrypt account.fetch(:password)
|
|
52
|
+
|
|
53
|
+
session_login == account_login && session_password == account_password
|
|
54
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature => error
|
|
55
|
+
false
|
|
56
|
+
end
|
|
46
57
|
end
|
|
47
58
|
|
|
48
59
|
def authorized? env, path
|
data/lib/auther/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: auther
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brooke Kuhlmann
|
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
|
30
30
|
SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
|
|
31
31
|
4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2014-01-
|
|
33
|
+
date: 2014-01-13 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: rails
|
|
@@ -259,11 +259,13 @@ files:
|
|
|
259
259
|
- app/controllers/auther/application_controller.rb
|
|
260
260
|
- app/controllers/auther/session_controller.rb
|
|
261
261
|
- app/helpers/auther/application_helper.rb
|
|
262
|
+
- app/models/auther/account.rb
|
|
262
263
|
- app/views/auther/session/new.html.slim
|
|
263
264
|
- app/views/layouts/auther/auth.html.slim
|
|
264
265
|
- bin/rails
|
|
265
266
|
- config/routes.rb
|
|
266
267
|
- lib/auther.rb
|
|
268
|
+
- lib/auther/cipher.rb
|
|
267
269
|
- lib/auther/engine.rb
|
|
268
270
|
- lib/auther/gatekeeper.rb
|
|
269
271
|
- lib/auther/keymaster.rb
|
|
@@ -288,7 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
288
290
|
version: '0'
|
|
289
291
|
requirements: []
|
|
290
292
|
rubyforge_project:
|
|
291
|
-
rubygems_version: 2.2.
|
|
293
|
+
rubygems_version: 2.2.1
|
|
292
294
|
signing_key:
|
|
293
295
|
specification_version: 4
|
|
294
296
|
summary: A Rails Engine with simple, form-based authentication support.
|
metadata.gz.sig
CHANGED
|
Binary file
|