auther 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 98f97c242fb1e0ce4bb8b86105692557df24e4b9
4
- data.tar.gz: ca16c0813966c536e347366e9899acefcfab666a
3
+ metadata.gz: 3aa8d5b9e69a0da12775b372eaeb59f432a55e81
4
+ data.tar.gz: 7520d5dec549472e751e7990180d96eb4e4900c6
5
5
  SHA512:
6
- metadata.gz: 2775da83a612d96b4411537077150c440c95b12b60d07f3f8e79bfcddb44651e030aafc8c984c92867f53a27051c2a2dbd434e931a61702e3662d48266ec8f24
7
- data.tar.gz: c224366a29f6f11ad2aad9cc03ae4d9ba72e21f42ddc434bec7091e37feb4cf8d248e18762c9290e99abe9a253e897b6494b46413d321a8ac425b65deb05173b
6
+ metadata.gz: 35a1ecbe6c0d2fe98b8453ed77b06fd1942c7a920519097a2cfcc17726a326ca86272813aa1770b026665751e16de37d791ac306ad5727de947406415400fd2d
7
+ data.tar.gz: 7da34db7c1e792ee3c40e7d6dfe2685745985bf26cc71968bbfb465b79d0863bb9647a8291413aacdcea4e09a192ef84db745c64c41ce578fddc55a4518ab455
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -20,10 +20,11 @@ making for a pleasent user experience.
20
20
 
21
21
  * Encrypted account credentials.
22
22
  * Multiple account support with account specific blacklisted paths.
23
- * Log filtering for account credentials (login and password).
24
23
  * Auto-redirection to requested path (once credentials have been verified).
25
- * Customizable view.
26
- * Customizable controller.
24
+ * Log filtering for account credentials (login and password).
25
+ * Customizable logger support.
26
+ * Customizable view support.
27
+ * Customizable controller support.
27
28
 
28
29
  # Requirements
29
30
 
@@ -38,9 +39,12 @@ making for a pleasent user experience.
38
39
  For a secure install, type the following from the command line (recommended):
39
40
 
40
41
  gem cert --add <(curl -Ls http://www.redalchemist.com/gem-public.pem)
41
- gem install auther --trust-policy HighSecurity
42
+ gem install auther --trust-policy MediumSecurity
43
+
44
+ NOTE: A HighSecurity trust policy would be best but MediumSecurity enables signed gem verification while
45
+ allowing the installation of unsigned dependencies since they are beyond the scope of this gem.
42
46
 
43
- ...or, for an insecure install, type the following (not recommended):
47
+ For an insecure install, type the following (not recommended):
44
48
 
45
49
  gem install auther
46
50
 
@@ -70,7 +74,8 @@ Edit your application.rb as follows:
70
74
  paths: ["/admin"]
71
75
  ],
72
76
  secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
73
- auth_url: "/login"
77
+ auth_url: "/login",
78
+ logger: ActiveSupport::Logger.new("log/#{Rails.env}.log")
74
79
  }
75
80
 
76
81
  end
@@ -78,14 +83,15 @@ Edit your application.rb as follows:
78
83
 
79
84
  The purpose of each setting is as follows:
80
85
 
81
- * *title* - The HTML page title (as rendered within a browser tab).
82
- * *label* - The page label (what would appear above the form).
83
- * *accounts* - The array of accounts with different or similar access to the application.
84
- * *login* - The encrypted account login. For example, the above decrypts to: *test@test.com*.
85
- * *password* - The encrypted account password. For example, the above decrypts to: *password*.
86
- * *paths* - The array of blacklisted paths for which only this account has access to.
87
- * *secret* - The secret passphrase used to encrypt/decrypt account credentials.
88
- * *auth_url* - The URL to redirect to when enforcing authentication to a blacklisted path.
86
+ * *title* - Optional. The HTML page title (as rendered within a browser tab). Default: "Authorization".
87
+ * *label* - Optional. The page label (what would appear above the form). Default: "Authorization".
88
+ * *accounts* - Required. The array of accounts with different or similar access to the application.
89
+ * *login* - Required. The encrypted account login. For example, the above decrypts to: *test@test.com*.
90
+ * *password* - Required. The encrypted account password. For example, the above decrypts to: *password*.
91
+ * *paths* - Required. The array of blacklisted paths for which only this account has access to.
92
+ * *secret* - Required. The secret passphrase used to encrypt/decrypt account credentials.
93
+ * *auth_url* - Required. The URL to redirect to when enforcing authentication to a blacklisted path.
94
+ * *logger* - Optional. The logger used to log path/account authorization messages. Default: Auther::NullLogger.
89
95
 
90
96
  # Usage
91
97
 
@@ -148,6 +154,14 @@ As mentioned in the setup above, the routes can also be customized. Example:
148
154
  delete "/logout", to: "auther/session#destroy"
149
155
  end
150
156
 
157
+ ## Logging
158
+
159
+ As mentioned in the setup above, the logger can be customized or removed completely. Examples:
160
+
161
+ Auther::NullLogger.new # This is the default logger (which is no logging at all).
162
+ ActiveSupport::Logger.new("log/#{Rails.env}.log") # Can be used to log to the environment log.
163
+ Logger.new($stdout) # Can be used to log to standard output.
164
+
151
165
  # Tests
152
166
 
153
167
  To test, do the following:
@@ -1,6 +1,5 @@
1
1
  .authorization {
2
2
  position: relative;
3
- top: 25%;
4
3
  -webkit-transform: translateY(25%);
5
4
  -ms-transform: translateY(25%);
6
5
  transform: translateY(25%);
@@ -26,11 +26,11 @@ module Auther
26
26
  private
27
27
 
28
28
  def load_title
29
- @title = settings[:title]
29
+ @title = settings.fetch :title, "Authorization"
30
30
  end
31
31
 
32
32
  def load_label
33
- @label = settings[:label]
33
+ @label = settings.fetch :label, "Authorization"
34
34
  end
35
35
 
36
36
  def settings
data/lib/auther.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require "slim-rails"
2
+ require "auther/null_logger"
2
3
  require "auther/cipher"
3
4
  require "auther/keymaster"
4
5
  require "auther/gatekeeper"
data/lib/auther/engine.rb CHANGED
@@ -10,6 +10,10 @@ module Auther
10
10
  jquery_gem_path = Gem.loaded_specs["jquery-rails"].full_gem_path
11
11
  app.config.assets.paths << "#{jquery_gem_path}/vendor/assets/javascripts"
12
12
 
13
+ # Add Modernizr assets.
14
+ modernizr_gem_path = Gem.loaded_specs["modernizr-rails"].full_gem_path
15
+ app.config.assets.paths << "#{modernizr_gem_path}/vendor/assets/javascripts"
16
+
13
17
  # Add Zurb Foundation assets.
14
18
  foundation_gem_path = Gem.loaded_specs["foundation-rails"].full_gem_path
15
19
  app.config.assets.paths << "#{foundation_gem_path}/vendor/assets/stylesheets"
@@ -1,10 +1,11 @@
1
1
  module Auther
2
2
  class Gatekeeper
3
- attr_reader :application, :environment, :settings
3
+ attr_reader :application, :environment, :settings, :logger
4
4
 
5
5
  def initialize application, settings = []
6
6
  @application = application
7
7
  @settings = settings
8
+ @logger = @settings.fetch :logger, Auther::NullLogger.new(STDOUT)
8
9
  end
9
10
 
10
11
  def call environment
@@ -35,19 +36,45 @@ module Auther
35
36
  Rack::Response.new body, status, headers
36
37
  end
37
38
 
39
+ def info message
40
+ id = "[#{Auther::Keymaster.namespace}]"
41
+ logger.info [id, message].join(": ")
42
+ end
43
+
38
44
  def find_account
39
45
  session["auther_init"] = true # Force session to initialize.
40
46
  account_name = Auther::Keymaster.get_account_name session
41
- settings.fetch(:accounts).select { |account| account.fetch(:name) == account_name }.first
47
+ account = settings.fetch(:accounts).detect { |account| account.fetch(:name) == account_name }
48
+
49
+ account ? info("Account found.") : info("Account unknown.")
50
+ account
51
+ end
52
+
53
+ def clean_paths paths
54
+ paths.map { |path| path.chomp '/' }
55
+ end
56
+
57
+ def blacklisted_paths accounts
58
+ paths = accounts.map { |account| clean_paths account.fetch(:paths) }
59
+ paths.flatten.uniq
42
60
  end
43
61
 
44
- def blacklisted_path? path
45
- blacklisted_paths = settings.fetch(:accounts).map {|account| account.fetch :paths }.flatten
46
- blacklisted_paths.map { |blacklisted_path| path.include? blacklisted_path }.any?
62
+ def blacklisted_matched_paths accounts, path
63
+ paths = blacklisted_paths accounts
64
+ paths.select { |blacklisted_path| path.include? blacklisted_path }
47
65
  end
48
66
 
49
67
  def blacklisted_account? account, path
50
- account.fetch(:paths).include? path
68
+ paths = clean_paths account.fetch(:paths)
69
+ blacklisted = paths.include? path
70
+
71
+ if blacklisted
72
+ info %(Authorization failed! Requested path "#{request.path}" blacklisted by "#{account.fetch :name}" account blacklist: #{paths}.)
73
+ else
74
+ info %(Authorization passed. Requested path "#{request.path}" allowed for "#{account.fetch :name}" account blacklist: #{paths}.)
75
+ end
76
+
77
+ blacklisted
51
78
  end
52
79
 
53
80
  def authenticated? account
@@ -59,15 +86,27 @@ module Auther
59
86
  session_password = cipher.decrypt session[keymaster.password_key]
60
87
  account_login = cipher.decrypt account.fetch(:login)
61
88
  account_password = cipher.decrypt account.fetch(:password)
89
+ authenticated = session_login == account_login && session_password == account_password
90
+
91
+ if authenticated
92
+ info %(Authentication passed for "#{account.fetch :name}" account.)
93
+ else
94
+ info %(Authentication failed for "#{account.fetch :name}" account!)
95
+ end
62
96
 
63
- session_login == account_login && session_password == account_password
97
+ authenticated
64
98
  rescue ActiveSupport::MessageVerifier::InvalidSignature => error
99
+ info %(Authentication failed! Invalid credential(s) for "#{account.fetch :name}" account.)
65
100
  false
66
101
  end
67
102
  end
68
103
 
69
104
  def authorized? path
70
- if blacklisted_path?(path)
105
+ accounts = settings.fetch :accounts
106
+ all_blacklisted_paths = blacklisted_paths settings.fetch(:accounts)
107
+
108
+ if blacklisted_matched_paths(accounts, path).any?
109
+ info %(Requested path "#{request.path}" found in blacklisted paths: #{all_blacklisted_paths}.)
71
110
  account = find_account
72
111
  account && authenticated?(account) && !blacklisted_account?(account, path)
73
112
  else
@@ -0,0 +1,25 @@
1
+ module Auther
2
+ # The default logger which purposefully does nothing at all.
3
+ class NullLogger
4
+ def initialize(*)
5
+ end
6
+
7
+ def info(*)
8
+ end
9
+
10
+ def info(*)
11
+ end
12
+
13
+ def warn(*)
14
+ end
15
+
16
+ def error(*)
17
+ end
18
+
19
+ def fatal(*)
20
+ end
21
+
22
+ def debug(*)
23
+ end
24
+ end
25
+ end
@@ -1,3 +1,3 @@
1
1
  module Auther
2
- VERSION = "1.2.0"
2
+ VERSION = "1.3.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: auther
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brooke Kuhlmann
@@ -30,7 +30,7 @@ cert_chain:
30
30
  SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
31
31
  4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
32
32
  -----END CERTIFICATE-----
33
- date: 2014-04-08 00:00:00.000000000 Z
33
+ date: 2014-05-27 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: pry-byebug
@@ -285,6 +285,7 @@ files:
285
285
  - lib/auther/engine.rb
286
286
  - lib/auther/gatekeeper.rb
287
287
  - lib/auther/keymaster.rb
288
+ - lib/auther/null_logger.rb
288
289
  - lib/auther/version.rb
289
290
  homepage: https://github.com/bkuhlmann/auther
290
291
  licenses:
metadata.gz.sig CHANGED
Binary file