auther 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 98f97c242fb1e0ce4bb8b86105692557df24e4b9
-  data.tar.gz: ca16c0813966c536e347366e9899acefcfab666a
+  metadata.gz: 3aa8d5b9e69a0da12775b372eaeb59f432a55e81
+  data.tar.gz: 7520d5dec549472e751e7990180d96eb4e4900c6
 SHA512:
-  metadata.gz: 2775da83a612d96b4411537077150c440c95b12b60d07f3f8e79bfcddb44651e030aafc8c984c92867f53a27051c2a2dbd434e931a61702e3662d48266ec8f24
-  data.tar.gz: c224366a29f6f11ad2aad9cc03ae4d9ba72e21f42ddc434bec7091e37feb4cf8d248e18762c9290e99abe9a253e897b6494b46413d321a8ac425b65deb05173b
+  metadata.gz: 35a1ecbe6c0d2fe98b8453ed77b06fd1942c7a920519097a2cfcc17726a326ca86272813aa1770b026665751e16de37d791ac306ad5727de947406415400fd2d
+  data.tar.gz: 7da34db7c1e792ee3c40e7d6dfe2685745985bf26cc71968bbfb465b79d0863bb9647a8291413aacdcea4e09a192ef84db745c64c41ce578fddc55a4518ab455

data/README.md

@@ -20,10 +20,11 @@ making for a pleasent user experience.
 
 * Encrypted account credentials.
 * Multiple account support with account specific blacklisted paths.
-* Log filtering for account credentials (login and password).
 * Auto-redirection to requested path (once credentials have been verified).
-* Customizable view.
-* Customizable controller.
+* Log filtering for account credentials (login and password).
+* Customizable logger support.
+* Customizable view support.
+* Customizable controller support.
 
 # Requirements
 
@@ -38,9 +39,12 @@ making for a pleasent user experience.
 For a secure install, type the following from the command line (recommended):
 
     gem cert --add <(curl -Ls http://www.redalchemist.com/gem-public.pem)
-    gem install auther --trust-policy HighSecurity
+    gem install auther --trust-policy MediumSecurity
+
+NOTE: A HighSecurity trust policy would be best but MediumSecurity enables signed gem verification while
+allowing the installation of unsigned dependencies since they are beyond the scope of this gem.
 
-...or, for an insecure install, type the following (not recommended):
+For an insecure install, type the following (not recommended):
 
     gem install auther
 
@@ -70,7 +74,8 @@ Edit your application.rb as follows:
             paths: ["/admin"]
           ],
           secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
-          auth_url: "/login"
+          auth_url: "/login",
+          logger: ActiveSupport::Logger.new("log/#{Rails.env}.log")
         }
 
       end
@@ -78,14 +83,15 @@ Edit your application.rb as follows:
 
 The purpose of each setting is as follows:
 
-* *title* - The HTML page title (as rendered within a browser tab).
-* *label* - The page label (what would appear above the form).
-* *accounts* - The array of accounts with different or similar access to the application.
-    * *login* - The encrypted account login. For example, the above decrypts to: *test@test.com*.
-    * *password* - The encrypted account password. For example, the above decrypts to: *password*.
-    * *paths* - The array of blacklisted paths for which only this account has access to.
-* *secret* - The secret passphrase used to encrypt/decrypt account credentials.
-* *auth_url* - The URL to redirect to when enforcing authentication to a blacklisted path.
+* *title* - Optional. The HTML page title (as rendered within a browser tab). Default: "Authorization".
+* *label* - Optional. The page label (what would appear above the form). Default: "Authorization".
+* *accounts* - Required. The array of accounts with different or similar access to the application.
+    * *login* - Required. The encrypted account login. For example, the above decrypts to: *test@test.com*.
+    * *password* - Required. The encrypted account password. For example, the above decrypts to: *password*.
+    * *paths* - Required. The array of blacklisted paths for which only this account has access to.
+* *secret* - Required. The secret passphrase used to encrypt/decrypt account credentials.
+* *auth_url* - Required. The URL to redirect to when enforcing authentication to a blacklisted path.
+* *logger* - Optional. The logger used to log path/account authorization messages. Default: Auther::NullLogger.
 
 # Usage
 
@@ -148,6 +154,14 @@ As mentioned in the setup above, the routes can also be customized. Example:
       delete "/logout", to: "auther/session#destroy"
     end
 
+## Logging
+
+As mentioned in the setup above, the logger can be customized or removed completely. Examples:
+
+    Auther::NullLogger.new # This is the default logger (which is no logging at all).
+    ActiveSupport::Logger.new("log/#{Rails.env}.log") # Can be used to log to the environment log.
+    Logger.new($stdout) # Can be used to log to standard output.
+
 # Tests
 
 To test, do the following:

data/app/assets/stylesheets/auther/auther.scss

@@ -1,6 +1,5 @@
 .authorization {
   position: relative;
-  top: 25%;
   -webkit-transform: translateY(25%);
   -ms-transform: translateY(25%);
   transform: translateY(25%);

data/app/controllers/auther/base_controller.rb

@@ -26,11 +26,11 @@ module Auther
     private
 
     def load_title
-      @title = settings[:title]
+      @title = settings.fetch :title, "Authorization"
     end
 
     def load_label
-      @label = settings[:label]
+      @label = settings.fetch :label, "Authorization"
     end
 
     def settings

data/lib/auther.rb

@@ -1,4 +1,5 @@
 require "slim-rails"
+require "auther/null_logger"
 require "auther/cipher"
 require "auther/keymaster"
 require "auther/gatekeeper"

data/lib/auther/engine.rb

@@ -10,6 +10,10 @@ module Auther
       jquery_gem_path = Gem.loaded_specs["jquery-rails"].full_gem_path
       app.config.assets.paths << "#{jquery_gem_path}/vendor/assets/javascripts"
 
+      # Add Modernizr assets.
+      modernizr_gem_path = Gem.loaded_specs["modernizr-rails"].full_gem_path
+      app.config.assets.paths << "#{modernizr_gem_path}/vendor/assets/javascripts"
+
       # Add Zurb Foundation assets.
       foundation_gem_path = Gem.loaded_specs["foundation-rails"].full_gem_path
       app.config.assets.paths << "#{foundation_gem_path}/vendor/assets/stylesheets"

data/lib/auther/gatekeeper.rb

@@ -1,10 +1,11 @@
 module Auther
   class Gatekeeper
-    attr_reader :application, :environment, :settings
+    attr_reader :application, :environment, :settings, :logger
 
     def initialize application, settings = []
       @application = application
       @settings = settings
+      @logger = @settings.fetch :logger, Auther::NullLogger.new(STDOUT)
     end
 
     def call environment
@@ -35,19 +36,45 @@ module Auther
       Rack::Response.new body, status, headers
     end
 
+    def info message
+      id = "[#{Auther::Keymaster.namespace}]"
+      logger.info [id, message].join(": ")
+    end
+
     def find_account
       session["auther_init"] = true # Force session to initialize.
       account_name = Auther::Keymaster.get_account_name session
-      settings.fetch(:accounts).select { |account| account.fetch(:name) == account_name }.first
+      account = settings.fetch(:accounts).detect { |account| account.fetch(:name) == account_name }
+
+      account ? info("Account found.") : info("Account unknown.")
+      account
+    end
+
+    def clean_paths paths
+      paths.map { |path| path.chomp '/' }
+    end
+
+    def blacklisted_paths accounts
+      paths = accounts.map { |account| clean_paths account.fetch(:paths) }
+      paths.flatten.uniq
     end
 
-    def blacklisted_path? path
-      blacklisted_paths = settings.fetch(:accounts).map {|account| account.fetch :paths }.flatten
-      blacklisted_paths.map { |blacklisted_path| path.include? blacklisted_path }.any?
+    def blacklisted_matched_paths accounts, path
+      paths = blacklisted_paths accounts
+      paths.select { |blacklisted_path| path.include? blacklisted_path }
     end
 
     def blacklisted_account? account, path
-      account.fetch(:paths).include? path
+      paths = clean_paths account.fetch(:paths)
+      blacklisted = paths.include? path
+
+      if blacklisted
+        info %(Authorization failed! Requested path "#{request.path}" blacklisted by "#{account.fetch :name}" account blacklist: #{paths}.)
+      else
+        info %(Authorization passed. Requested path "#{request.path}" allowed for "#{account.fetch :name}" account blacklist: #{paths}.)
+      end
+
+      blacklisted
     end
 
     def authenticated? account
@@ -59,15 +86,27 @@ module Auther
         session_password = cipher.decrypt session[keymaster.password_key]
         account_login = cipher.decrypt account.fetch(:login)
         account_password = cipher.decrypt account.fetch(:password)
+        authenticated = session_login == account_login && session_password == account_password
+
+        if authenticated
+          info %(Authentication passed for "#{account.fetch :name}" account.)
+        else
+          info %(Authentication failed for "#{account.fetch :name}" account!)
+        end
 
-        session_login == account_login && session_password == account_password
+        authenticated
       rescue ActiveSupport::MessageVerifier::InvalidSignature => error
+        info %(Authentication failed! Invalid credential(s) for "#{account.fetch :name}" account.)
         false
       end
     end
 
     def authorized? path
-      if blacklisted_path?(path)
+      accounts = settings.fetch :accounts
+      all_blacklisted_paths = blacklisted_paths settings.fetch(:accounts)
+
+      if blacklisted_matched_paths(accounts, path).any?
+        info %(Requested path "#{request.path}" found in blacklisted paths: #{all_blacklisted_paths}.)
         account = find_account
         account && authenticated?(account) && !blacklisted_account?(account, path)
       else

data/lib/auther/null_logger.rb

@@ -0,0 +1,25 @@
+module Auther
+  # The default logger which purposefully does nothing at all.
+  class NullLogger
+    def initialize(*)
+    end
+
+    def info(*)
+    end
+
+    def info(*)
+    end
+
+    def warn(*)
+    end
+
+    def error(*)
+    end
+
+    def fatal(*)
+    end
+
+    def debug(*)
+    end
+  end
+end

data/lib/auther/version.rb

@@ -1,3 +1,3 @@
 module Auther
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auther
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Brooke Kuhlmann
@@ -30,7 +30,7 @@ cert_chain:
   SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
   4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
   -----END CERTIFICATE-----
-date: 2014-04-08 00:00:00.000000000 Z
+date: 2014-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry-byebug
@@ -285,6 +285,7 @@ files:
 - lib/auther/engine.rb
 - lib/auther/gatekeeper.rb
 - lib/auther/keymaster.rb
+- lib/auther/null_logger.rb
 - lib/auther/version.rb
 homepage: https://github.com/bkuhlmann/auther
 licenses: