auther 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3aa8d5b9e69a0da12775b372eaeb59f432a55e81
-  data.tar.gz: 7520d5dec549472e751e7990180d96eb4e4900c6
+  metadata.gz: 65a58c9e0dbe816215f33e5daa86064c83a06185
+  data.tar.gz: 276515d8c4cf3b4fcc96e6dd548400f362270d03
 SHA512:
-  metadata.gz: 35a1ecbe6c0d2fe98b8453ed77b06fd1942c7a920519097a2cfcc17726a326ca86272813aa1770b026665751e16de37d791ac306ad5727de947406415400fd2d
-  data.tar.gz: 7da34db7c1e792ee3c40e7d6dfe2685745985bf26cc71968bbfb465b79d0863bb9647a8291413aacdcea4e09a192ef84db745c64c41ce578fddc55a4518ab455
+  metadata.gz: f85b9b1dd51400d5a52aa18f006e9c06bc8a5f5c91e1757bda195c323e6df33e8b9709b6d3fbd0586a94466154b2e1be388960b9741ed765251b76262ace07ef
+  data.tar.gz: 4e8e0a69cb00fa91133f3c074517643c9affa4c6970edcc65609ec6d4e48e9540ab2055ea208640f8c54f0bfb2c4c4f0616a3e86087c2eb8c3f037301fe47814

checksums.yaml.gz.sig

@@ -1 +1,2 @@
-�/
+�{k=��&53����Ђǃ��5�
q^�<����}XyJ���#�F���:6��}��a�l���%i A��r�4�Kqs�
+�}��9s

data/README.md

@@ -59,37 +59,34 @@ Edit your routes.rb as follows:
       get "/login", to: "auther/session#new"
     end
 
-Edit your application.rb as follows:
-
-    module Example
-      class Application < Rails::Application
-
-        config.auther_settings = {
-          title: "Authorization",
-          label: "Authorization",
-          accounts: [
-            name: "admin",
-            login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
-            password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
-            paths: ["/admin"]
-          ],
-          secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
-          auth_url: "/login",
-          logger: ActiveSupport::Logger.new("log/#{Rails.env}.log")
-        }
-
-      end
-    end
+Add a config/initializers/auther.rb to your application with the following content:
+
+    Rails.application.config.auther_settings = {
+      secret: "vuKrwD9XWoYuv@s99?tR(9VqryiL,KV{W7wFnejUa4QcVBP+D{2rD4JfuD(mXgA=$tNK4Pfn#NeGs3o3TZ3CqNc^Qb",
+      accounts: [
+        name: "admin",
+        login: "N3JzR213WlBISDZsMjJQNkRXbEVmYVczbVdnMHRYVHRud29lOWRCekp6ST0tLWpFMkROekUvWDBkOHZ4ZngxZHV6clE9PQ==--cd863c39991fa4bb9a35de918aa16da54514e331",
+        password: "cHhFSStjRm9KbEYwK3ZJVlF2MmpTTWVVZU5acEdlejZsZEhjWFJoQWxKND0tLTE3cmpXZVBQdW5VUW1jK0ZSSDdLUnc9PQ==--f51171174fa77055540420f205e0dd9d499cfeb6",
+        paths: ["/admin"]
+      ],
+      auth_url: "/login"
+    }
 
 The purpose of each setting is as follows:
 
 * *title* - Optional. The HTML page title (as rendered within a browser tab). Default: "Authorization".
 * *label* - Optional. The page label (what would appear above the form). Default: "Authorization".
+* *secret* - Required. The secret passphrase used to encrypt/decrypt account credentials.
 * *accounts* - Required. The array of accounts with different or similar access to the application.
+    * *name* - Required. The account name. The name that uniquely identifies each account.
     * *login* - Required. The encrypted account login. For example, the above decrypts to: *test@test.com*.
     * *password* - Required. The encrypted account password. For example, the above decrypts to: *password*.
     * *paths* - Required. The array of blacklisted paths for which only this account has access to.
-* *secret* - Required. The secret passphrase used to encrypt/decrypt account credentials.
+    * *success_url* - Optional. The URL to redirect to upon successful authorization. Success redirection works
+      as follows (in the order defined):
+          0. The blacklisted path (if requested prior to authorization but now authorized).
+          0. The success URL (if defined and the blacklisted path wasn't requested).
+          0. The root path (if none of the above).
 * *auth_url* - Required. The URL to redirect to when enforcing authentication to a blacklisted path.
 * *logger* - Optional. The logger used to log path/account authorization messages. Default: Auther::NullLogger.
 
@@ -138,7 +135,7 @@ you add a controller to your app that inherits from the Auther::BaseController.
 
     # Example Path:  app/controllers/session_controller.rb
     class SessionController < Auther::BaseController
-      layout "example_site_layout"
+      layout "example"
     end
 
 This allows complete customization of session controller behavior to serve any special business needs. See the
@@ -146,7 +143,7 @@ Auther::BaseController for additional details or the Auther::SessionController f
 
 ## Routes
 
-As mentioned in the setup above, the routes can also be customized. Example:
+As mentioned in the setup above, the routes can be customized as follows:
 
     Rails.application.routes.draw do
       mount Auther::Engine => "/auther"
@@ -156,7 +153,7 @@ As mentioned in the setup above, the routes can also be customized. Example:
 
 ## Logging
 
-As mentioned in the setup above, the logger can be customized or removed completely. Examples:
+As mentioned in the setup above, the logger can be customized as follows:
 
     Auther::NullLogger.new # This is the default logger (which is no logging at all).
     ActiveSupport::Logger.new("log/#{Rails.env}.log") # Can be used to log to the environment log.

data/app/controllers/auther/base_controller.rb

@@ -11,7 +11,7 @@ module Auther
     def create
       if account.valid?
         store_credentials
-        redirect_to session["auther_redirect_url"] || '/'
+        redirect_to redirect_url
       else
         remove_credentials account.name
         render template: new_template_path
@@ -46,7 +46,8 @@ module Auther
         secure_login: account_settings.fetch(:login),
         password: account_params.fetch(:password),
         secure_password: account_settings.fetch(:password),
-        secret: settings.fetch(:secret)
+        secret: settings.fetch(:secret),
+        success_url: account_settings.fetch(:success_url, nil)
     end
 
     def name_options
@@ -60,6 +61,10 @@ module Auther
       raise NotImplementedError, "The method, #new_template_path, is not implemented."
     end
 
+    def redirect_url
+      session["auther_redirect_url"] || account.success_url || '/'
+    end
+
     def find_account name
       settings.fetch(:accounts).select { |account| account.fetch(:name) == name }.first
     end

data/app/models/auther/account.rb

@@ -2,7 +2,7 @@ module Auther
   class Account
     include ActiveModel::Validations
 
-    attr_accessor :name, :login, :secure_login, :password, :secure_password, :paths
+    attr_accessor :name, :login, :secure_login, :password, :secure_password, :paths, :success_url
 
     validates :name, presence: true
     validates :paths, presence: {unless: lambda { |account| account.paths.is_a? Array }, message: "must be an array"}
@@ -15,6 +15,7 @@ module Auther
       @secure_password = options.fetch :secure_password, nil
       @paths = options.fetch :paths, []
       @secret = options.fetch :secret, nil
+      @success_url = options.fetch :success_url, nil
     end
 
     def valid?

data/app/views/auther/session/new.html.slim

@@ -18,7 +18,7 @@
               = form.label :login, "Login:", class: "inline right"
             = content_tag :div, class: render_foundation_error(login_error, classes: %w(small-6 columns))
               = form.text_field :login
-              = content_tag(:small, @account.errors.full_messages.first) if login_error
+              = content_tag(:small, @account.errors.full_messages.first, class: "error") if login_error
       .row
         .small-8
           .row
@@ -26,7 +26,7 @@
               = form.label :password, "Password:", class: "inline right"
             = content_tag :div, class: render_foundation_error(password_error, classes: %w(small-6 columns))
               = form.password_field :password
-              = content_tag(:small, @account.errors.full_messages.first) if password_error
+              = content_tag(:small, @account.errors.full_messages.first, class: "error") if password_error
 
       .row
         .small-8

data/lib/auther/engine.rb

@@ -6,18 +6,17 @@ module Auther
     config.auther_settings = {}
 
     initializer "auther.initialize" do |app|
+      asset_paths = app.config.assets.paths
+
       # Add jQuery assets.
-      jquery_gem_path = Gem.loaded_specs["jquery-rails"].full_gem_path
-      app.config.assets.paths << "#{jquery_gem_path}/vendor/assets/javascripts"
+      add_asset_paths asset_paths, "jquery-rails", "javascripts"
 
       # Add Modernizr assets.
-      modernizr_gem_path = Gem.loaded_specs["modernizr-rails"].full_gem_path
-      app.config.assets.paths << "#{modernizr_gem_path}/vendor/assets/javascripts"
+      add_asset_paths asset_paths, "modernizr-rails", "javascripts"
 
       # Add Zurb Foundation assets.
-      foundation_gem_path = Gem.loaded_specs["foundation-rails"].full_gem_path
-      app.config.assets.paths << "#{foundation_gem_path}/vendor/assets/stylesheets"
-      app.config.assets.paths << "#{foundation_gem_path}/vendor/assets/javascripts"
+      add_asset_paths asset_paths, "foundation-rails", "javascripts"
+      add_asset_paths asset_paths, "foundation-rails", "stylesheets"
 
       # Configure log filter parameters.
       app.config.filter_parameters += [:login, :password]
@@ -25,5 +24,15 @@ module Auther
       # Initialize Gatekeeper middleware.
       app.config.app_middleware.use Auther::Gatekeeper, app.config.auther_settings
     end
+
+    private
+
+    def full_gem_path name
+      Gem.loaded_specs[name].full_gem_path
+    end
+
+    def add_asset_paths paths, name, directory
+      paths << "#{full_gem_path name}/vendor/assets/#{directory}"
+    end
   end
 end

data/lib/auther/gatekeeper.rb

@@ -36,17 +36,35 @@ module Auther
       Rack::Response.new body, status, headers
     end
 
-    def info message
+    def log_info message
       id = "[#{Auther::Keymaster.namespace}]"
       logger.info [id, message].join(": ")
     end
 
+    def log_authentication authenticated, account_name
+      if authenticated
+        log_info %(Authentication passed. Account: "#{account_name}".)
+      else
+        log_info %(Authentication failed! Account: "#{account_name}".)
+      end
+    end
+
+    def log_authorization authorized, account_name, blacklist, request_path
+      details = %(Account: "#{account_name}". Blacklist: #{blacklist}. Request Path: "#{request_path}".)
+
+      if authorized
+        log_info %(Authorization failed! #{details})
+      else
+        log_info %(Authorization passed. #{details})
+      end
+    end
+
     def find_account
       session["auther_init"] = true # Force session to initialize.
       account_name = Auther::Keymaster.get_account_name session
       account = settings.fetch(:accounts).detect { |account| account.fetch(:name) == account_name }
 
-      account ? info("Account found.") : info("Account unknown.")
+      account ? log_info("Account found.") : log_info("Account unknown.")
       account
     end
 
@@ -64,19 +82,6 @@ module Auther
       paths.select { |blacklisted_path| path.include? blacklisted_path }
     end
 
-    def blacklisted_account? account, path
-      paths = clean_paths account.fetch(:paths)
-      blacklisted = paths.include? path
-
-      if blacklisted
-        info %(Authorization failed! Requested path "#{request.path}" blacklisted by "#{account.fetch :name}" account blacklist: #{paths}.)
-      else
-        info %(Authorization passed. Requested path "#{request.path}" allowed for "#{account.fetch :name}" account blacklist: #{paths}.)
-      end
-
-      blacklisted
-    end
-
     def authenticated? account
       keymaster = Auther::Keymaster.new account.fetch(:name)
       cipher = Auther::Cipher.new settings.fetch(:secret)
@@ -86,29 +91,32 @@ module Auther
         session_password = cipher.decrypt session[keymaster.password_key]
         account_login = cipher.decrypt account.fetch(:login)
         account_password = cipher.decrypt account.fetch(:password)
-        authenticated = session_login == account_login && session_password == account_password
-
-        if authenticated
-          info %(Authentication passed for "#{account.fetch :name}" account.)
-        else
-          info %(Authentication failed for "#{account.fetch :name}" account!)
-        end
 
+        authenticated = session_login == account_login && session_password == account_password
+        log_authentication authenticated, account.fetch(:name)
         authenticated
       rescue ActiveSupport::MessageVerifier::InvalidSignature => error
-        info %(Authentication failed! Invalid credential(s) for "#{account.fetch :name}" account.)
+        log_info %(Authentication failed! Invalid credential(s) for "#{account.fetch :name}" account.)
         false
       end
     end
 
+    def account_authorized? account, path
+      paths = clean_paths account.fetch(:paths)
+
+      authorized = paths.include? path
+      log_authorization authorized, account.fetch(:name), paths, request.path
+      authorized
+    end
+
     def authorized? path
       accounts = settings.fetch :accounts
       all_blacklisted_paths = blacklisted_paths settings.fetch(:accounts)
 
       if blacklisted_matched_paths(accounts, path).any?
-        info %(Requested path "#{request.path}" found in blacklisted paths: #{all_blacklisted_paths}.)
+        log_info %(Requested path "#{request.path}" found in blacklisted paths: #{all_blacklisted_paths}.)
         account = find_account
-        account && authenticated?(account) && !blacklisted_account?(account, path)
+        account && authenticated?(account) && !account_authorized?(account, path)
       else
         true
       end

data/lib/auther/version.rb

@@ -1,3 +1,3 @@
 module Auther
-  VERSION = "1.3.0"
+  VERSION = "1.4.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auther
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Brooke Kuhlmann
@@ -30,7 +30,7 @@ cert_chain:
   SJpzzzZ8gO6BKn4fhd+ENNQ333Qy3nuNk07TVIaNnlgeHhowUDuD9T7Z8Lka0pt3
   4PteiTppsf0SSVAM9zSO5IuFngXMRwWgvjOfXE70f43RDuUVTCSyylc=
   -----END CERTIFICATE-----
-date: 2014-05-27 00:00:00.000000000 Z
+date: 2014-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry-byebug