authify-api 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -1
- data/.travis.yml +3 -1
- data/Dockerfile +46 -0
- data/Rakefile +36 -1
- data/authify-api.gemspec +4 -1
- data/db/migrate/20170328151033_add_verified_to_user.rb +10 -0
- data/db/schema.rb +8 -5
- data/lib/authify/api.rb +5 -0
- data/lib/authify/api/controllers/apikey.rb +3 -3
- data/lib/authify/api/controllers/group.rb +6 -6
- data/lib/authify/api/controllers/identity.rb +4 -4
- data/lib/authify/api/controllers/organization.rb +29 -23
- data/lib/authify/api/controllers/user.rb +23 -14
- data/lib/authify/api/helpers/jwt_encryption.rb +1 -1
- data/lib/authify/api/models/organization.rb +2 -1
- data/lib/authify/api/models/user.rb +28 -2
- data/lib/authify/api/serializers/user_serializer.rb +1 -0
- data/lib/authify/api/services/jwt_provider.rb +1 -8
- data/lib/authify/api/services/registration.rb +40 -10
- data/lib/authify/api/version.rb +1 -1
- metadata +36 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1ad42a62cd052be494876ad2448c87fadc49d779
|
|
4
|
+
data.tar.gz: 63e6a369a12ea65833c62330d6f1df2a25ed1473
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c17f797d481991ff2237c8c9d16b965670094394609a9b0e20fd1745ca6b84de4610a843ee8010bc999f4815975d0cc12aeb678966232f8fc0137b50c2835d80
|
|
7
|
+
data.tar.gz: 0eb621c92eaa49877952c8b3cf03741056af7084170c05af708ba0d921dbc4f62d741bdddefa5cad85975a4457ba593a494302324abb62478cd20ff470faf31e
|
data/.rubocop.yml
CHANGED
|
@@ -16,12 +16,14 @@ Metrics/CyclomaticComplexity:
|
|
|
16
16
|
Metrics/PerceivedComplexity:
|
|
17
17
|
Max: 9
|
|
18
18
|
|
|
19
|
-
BlockLength:
|
|
19
|
+
Metrics/BlockLength:
|
|
20
20
|
Max: 30
|
|
21
21
|
Exclude:
|
|
22
22
|
- '*.gemspec'
|
|
23
23
|
- 'lib/authify/api/controllers/*.rb'
|
|
24
24
|
- Rakefile
|
|
25
|
+
- 'spec/**/*_spec.rb'
|
|
26
|
+
- 'spec/spec_helper.rb'
|
|
25
27
|
|
|
26
28
|
AllCops:
|
|
27
29
|
Exclude:
|
data/.travis.yml
CHANGED
data/Dockerfile
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
FROM ruby:2.3.3-alpine
|
|
2
|
+
|
|
3
|
+
ENV AUTHIFY_PORT=9292
|
|
4
|
+
ENV AUTHIFY_ENVIRONMENT=development
|
|
5
|
+
ENV AUTHIFY_DB_URL=sqlite3:///app/authify-api.db
|
|
6
|
+
ENV AUTHIFY_REDIS_HOST=redis
|
|
7
|
+
ENV AUTHIFY_PUBKEY_PATH=/ssl/public.pem
|
|
8
|
+
ENV AUTHIFY_PRIVKEY_PATH=/ssl/private.pem
|
|
9
|
+
ENV AUTHIFY_JWT_ISSUER="My Awesome Company Inc."
|
|
10
|
+
ENV AUTHIFY_JWT_ALGORITHM="ES512"
|
|
11
|
+
ENV AUTHIFY_JWT_EXPIRATION="15"
|
|
12
|
+
|
|
13
|
+
RUN apk --no-cache upgrade \
|
|
14
|
+
&& apk --no-cache add \
|
|
15
|
+
git \
|
|
16
|
+
sqlite-libs mariadb-client mariadb-client-libs
|
|
17
|
+
|
|
18
|
+
RUN apk --no-cache add --virtual build-dependencies \
|
|
19
|
+
build-base \
|
|
20
|
+
ruby-dev \
|
|
21
|
+
sqlite-dev \
|
|
22
|
+
mariadb-dev
|
|
23
|
+
|
|
24
|
+
COPY . /app
|
|
25
|
+
RUN cd /app \
|
|
26
|
+
&& bundle install --jobs=4 \
|
|
27
|
+
&& apk del build-dependencies
|
|
28
|
+
|
|
29
|
+
RUN mkdir /ssl
|
|
30
|
+
|
|
31
|
+
RUN chown -R root:root /app \
|
|
32
|
+
&& chown nobody:nogroup /app/db \
|
|
33
|
+
&& chown nobody:nogroup /app/db/schema.rb \
|
|
34
|
+
&& rm -f /app/.travis.yml \
|
|
35
|
+
&& chown -R nobody:nogroup /ssl
|
|
36
|
+
|
|
37
|
+
USER nobody
|
|
38
|
+
WORKDIR /app
|
|
39
|
+
|
|
40
|
+
VOLUME /ssl
|
|
41
|
+
|
|
42
|
+
CMD bundle exec rake db:migrate \
|
|
43
|
+
&& bundle exec rackup \
|
|
44
|
+
-o 0.0.0.0 \
|
|
45
|
+
-p $AUTHIFY_PORT \
|
|
46
|
+
-E $AUTHIFY_ENVIRONMENT
|
data/Rakefile
CHANGED
|
@@ -12,13 +12,41 @@ end
|
|
|
12
12
|
RSpec::Core::RakeTask.new(:spec)
|
|
13
13
|
RuboCop::RakeTask.new(:rubocop)
|
|
14
14
|
|
|
15
|
-
task default:
|
|
15
|
+
task default: %i(spec rubocop)
|
|
16
16
|
|
|
17
17
|
desc 'Start the demo using `rackup`'
|
|
18
18
|
task :start do
|
|
19
19
|
exec 'rackup config.ru'
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
+
namespace :jwt do
|
|
23
|
+
desc 'Generate a Signer Certificate'
|
|
24
|
+
task :gencert do
|
|
25
|
+
jwtalgo = ENV['AUTHIFY_JWT_ALGORITHM']
|
|
26
|
+
privpath = ENV['AUTHIFY_PRIVKEY_PATH']
|
|
27
|
+
pubpath = ENV['AUTHIFY_PUBKEY_PATH']
|
|
28
|
+
raise 'Missing ENV settings' unless jwtalgo && privpath && pubpath
|
|
29
|
+
|
|
30
|
+
require 'authify/api'
|
|
31
|
+
algo = case jwtalgo
|
|
32
|
+
when 'ES256'
|
|
33
|
+
'prime256v1'
|
|
34
|
+
when 'ES384'
|
|
35
|
+
'secp384r1'
|
|
36
|
+
when 'ES512'
|
|
37
|
+
'secp521r1'
|
|
38
|
+
end
|
|
39
|
+
secret_key = OpenSSL::PKey::EC.new(algo)
|
|
40
|
+
secret_key.generate_key
|
|
41
|
+
# write out the private key to a file...
|
|
42
|
+
File.write(File.expand_path(privpath), secret_key.to_pem)
|
|
43
|
+
public_key = secret_key
|
|
44
|
+
public_key.private_key = nil
|
|
45
|
+
# write out the public key to a file...
|
|
46
|
+
File.write(File.expand_path(pubpath), public_key.to_pem)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
22
50
|
namespace :delegate do
|
|
23
51
|
desc 'Add a Trusted Delegate'
|
|
24
52
|
task :add, [:name] do |_t, args|
|
|
@@ -56,3 +84,10 @@ namespace :delegate do
|
|
|
56
84
|
end
|
|
57
85
|
end
|
|
58
86
|
end
|
|
87
|
+
|
|
88
|
+
namespace :docker do
|
|
89
|
+
desc 'Build a fresh docker image'
|
|
90
|
+
task :build do
|
|
91
|
+
exec 'docker build -t authify/api .'
|
|
92
|
+
end
|
|
93
|
+
end
|
data/authify-api.gemspec
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
|
+
|
|
2
3
|
lib = File.expand_path('../lib', __FILE__)
|
|
3
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
5
|
require 'authify/api/version'
|
|
@@ -22,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
|
22
23
|
|
|
23
24
|
spec.required_ruby_version = '~> 2.0'
|
|
24
25
|
|
|
25
|
-
spec.add_runtime_dependency 'authify-core'
|
|
26
|
+
spec.add_runtime_dependency 'authify-core', '~> 0.1'
|
|
26
27
|
spec.add_runtime_dependency 'authify-middleware'
|
|
27
28
|
spec.add_runtime_dependency 'connection_pool', '~> 2.2'
|
|
28
29
|
spec.add_runtime_dependency 'sinatra', '>= 2.0.0.beta2', '< 3'
|
|
@@ -35,6 +36,7 @@ Gem::Specification.new do |spec|
|
|
|
35
36
|
spec.add_runtime_dependency 'jsonapi-serializers', '~> 0.16'
|
|
36
37
|
# spec.add_runtime_dependency 'sinja', '~> 1.2', '>= 1.2.4'
|
|
37
38
|
spec.add_runtime_dependency 'puma', '~> 3.7'
|
|
39
|
+
spec.add_runtime_dependency 'resque', '~> 1.26'
|
|
38
40
|
|
|
39
41
|
spec.add_development_dependency 'bundler', '~> 1.12'
|
|
40
42
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
@@ -43,4 +45,5 @@ Gem::Specification.new do |spec|
|
|
|
43
45
|
spec.add_development_dependency 'yard', '~> 0.8'
|
|
44
46
|
spec.add_development_dependency 'travis', '~> 1.8'
|
|
45
47
|
spec.add_development_dependency 'simplecov', '~> 0.13'
|
|
48
|
+
spec.add_development_dependency 'rack-test', '~> 0.6'
|
|
46
49
|
end
|
data/db/schema.rb
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
#
|
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
|
12
12
|
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
|
13
|
+
ActiveRecord::Schema.define(version: 20170328151033) do
|
|
14
14
|
|
|
15
15
|
create_table "apikeys", force: :cascade, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8" do |t|
|
|
16
16
|
t.integer "user_id"
|
|
@@ -85,13 +85,16 @@ ActiveRecord::Schema.define(version: 20170208022427) do
|
|
|
85
85
|
|
|
86
86
|
create_table "users", force: :cascade, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8" do |t|
|
|
87
87
|
t.string "email"
|
|
88
|
-
t.text "password_digest",
|
|
88
|
+
t.text "password_digest", limit: 65535
|
|
89
89
|
t.string "full_name"
|
|
90
|
-
t.datetime "created_at",
|
|
91
|
-
t.datetime "updated_at",
|
|
92
|
-
t.boolean "admin",
|
|
90
|
+
t.datetime "created_at", null: false
|
|
91
|
+
t.datetime "updated_at", null: false
|
|
92
|
+
t.boolean "admin", default: false, null: false
|
|
93
|
+
t.boolean "verified"
|
|
94
|
+
t.string "verification_token"
|
|
93
95
|
t.index ["admin"], name: "index_users_on_admin", using: :btree
|
|
94
96
|
t.index ["email"], name: "index_users_on_email", using: :btree
|
|
97
|
+
t.index ["verified"], name: "index_users_on_verified", using: :btree
|
|
95
98
|
end
|
|
96
99
|
|
|
97
100
|
end
|
data/lib/authify/api.rb
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
# External Requirements
|
|
4
4
|
require 'authify/core'
|
|
5
|
+
require 'authify/core/jobs/email'
|
|
5
6
|
require 'authify/middleware'
|
|
6
7
|
require 'sinatra/base'
|
|
7
8
|
require 'sinatra/activerecord'
|
|
@@ -10,6 +11,7 @@ require 'sinatra/jsonapi'
|
|
|
10
11
|
require 'tilt/erb'
|
|
11
12
|
require 'connection_pool'
|
|
12
13
|
require 'moneta'
|
|
14
|
+
require 'resque'
|
|
13
15
|
|
|
14
16
|
# Internal Requirements
|
|
15
17
|
module Authify
|
|
@@ -26,6 +28,9 @@ module Authify
|
|
|
26
28
|
end
|
|
27
29
|
end
|
|
28
30
|
|
|
31
|
+
redis_config = Authify::API::CONFIG[:redis]
|
|
32
|
+
Resque.redis = "#{redis_config[:host]}:#{redis_config[:port]}"
|
|
33
|
+
|
|
29
34
|
require 'authify/api/version'
|
|
30
35
|
require 'authify/api/jsonapi_utils'
|
|
31
36
|
require 'authify/api/controllers/apikey'
|
|
@@ -18,7 +18,7 @@ module Authify
|
|
|
18
18
|
Models::APIKey.all
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
show(roles:
|
|
21
|
+
show(roles: %i(myself admin)) do
|
|
22
22
|
last_modified resource.updated_at
|
|
23
23
|
next resource, exclude: [:secret_key]
|
|
24
24
|
end
|
|
@@ -31,7 +31,7 @@ module Authify
|
|
|
31
31
|
next key.id, key
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
destroy(roles:
|
|
34
|
+
destroy(roles: %i(myself admin)) do
|
|
35
35
|
resource.destroy
|
|
36
36
|
end
|
|
37
37
|
|
|
@@ -40,7 +40,7 @@ module Authify
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
has_one :user do
|
|
43
|
-
pluck(roles:
|
|
43
|
+
pluck(roles: %i(myself admin)) do
|
|
44
44
|
resource.user
|
|
45
45
|
end
|
|
46
46
|
end
|
|
@@ -19,7 +19,7 @@ module Authify
|
|
|
19
19
|
Models::Group.all
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
show(roles:
|
|
22
|
+
show(roles: %i(admin owner)) do
|
|
23
23
|
last_modified resource.updated_at
|
|
24
24
|
next resource
|
|
25
25
|
end
|
|
@@ -30,7 +30,7 @@ module Authify
|
|
|
30
30
|
next g
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
destroy(roles:
|
|
33
|
+
destroy(roles: %i(admin owner)) do
|
|
34
34
|
resource.destroy
|
|
35
35
|
end
|
|
36
36
|
|
|
@@ -39,23 +39,23 @@ module Authify
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
has_many :users do
|
|
42
|
-
fetch(roles:
|
|
42
|
+
fetch(roles: %i(admin owner)) do
|
|
43
43
|
resource.users
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
-
replace(roles:
|
|
46
|
+
replace(roles: %i(admin owner)) do |rios|
|
|
47
47
|
refs = rios.map { |attrs| Models::User.find(attrs) }
|
|
48
48
|
resource.users = refs
|
|
49
49
|
resource.save
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
merge(roles:
|
|
52
|
+
merge(roles: %i(admin owner)) do |rios|
|
|
53
53
|
refs = rios.map { |attrs| Models::User.find(attrs) }
|
|
54
54
|
resource.users << refs
|
|
55
55
|
resource.save
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
-
subtract(roles:
|
|
58
|
+
subtract(roles: %i(admin owner)) do |rios|
|
|
59
59
|
refs = rios.map { |attrs| Models::User.find(attrs) }
|
|
60
60
|
# This only removes the linkage, not the actual users
|
|
61
61
|
resource.users.delete(refs)
|
|
@@ -14,11 +14,11 @@ module Authify
|
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
index(roles:
|
|
17
|
+
index(roles: %i(admin trusted)) do
|
|
18
18
|
Models::Identity.all
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
show(roles:
|
|
21
|
+
show(roles: %i(myself admin trusted)) do
|
|
22
22
|
last_modified resource.updated_at
|
|
23
23
|
next resource
|
|
24
24
|
end
|
|
@@ -30,7 +30,7 @@ module Authify
|
|
|
30
30
|
next ident.id, ident
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
destroy(roles:
|
|
33
|
+
destroy(roles: %i(myself admin)) do
|
|
34
34
|
resource.destroy
|
|
35
35
|
end
|
|
36
36
|
|
|
@@ -39,7 +39,7 @@ module Authify
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
has_one :user do
|
|
42
|
-
pluck(roles:
|
|
42
|
+
pluck(roles: %i(myself admin trusted)) do
|
|
43
43
|
resource.user
|
|
44
44
|
end
|
|
45
45
|
end
|
|
@@ -4,7 +4,7 @@ module Authify
|
|
|
4
4
|
Organization = proc do
|
|
5
5
|
helpers do
|
|
6
6
|
def find(id)
|
|
7
|
-
Models::Organization.find(id.to_i)
|
|
7
|
+
Models::Organization.includes(:users, :groups, :admins).find(id.to_i)
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def role
|
|
@@ -15,15 +15,15 @@ module Authify
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def modifiable_fields
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
18
|
+
%i(
|
|
19
|
+
name
|
|
20
|
+
public_email
|
|
21
|
+
gravatar_email
|
|
22
|
+
billing_email
|
|
23
|
+
description
|
|
24
|
+
url
|
|
25
|
+
location
|
|
26
|
+
)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def filtered_attributes(attributes)
|
|
@@ -41,54 +41,60 @@ module Authify
|
|
|
41
41
|
end
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
-
index(roles:
|
|
45
|
-
Models::Organization.
|
|
44
|
+
index(roles: %i(admin user)) do
|
|
45
|
+
Models::Organization.includes(:users, :groups, :admins)
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
get '/mine' do
|
|
49
49
|
halt(403) unless can?(:create)
|
|
50
|
-
serialize_models current_user.organizations
|
|
50
|
+
serialize_models current_user.organizations.includes(:users, :groups, :admins)
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
show(roles: [:user]) do
|
|
54
54
|
last_modified resource.updated_at
|
|
55
|
-
|
|
55
|
+
exclude = []
|
|
56
|
+
unless role?(:admin, :owner)
|
|
57
|
+
exclude << 'billing_email'
|
|
58
|
+
exclude << 'gravatar_email'
|
|
59
|
+
end
|
|
60
|
+
next resource, exclude: exclude
|
|
56
61
|
end
|
|
57
62
|
|
|
58
63
|
show_many do |ids|
|
|
59
|
-
Models::Organization.find(ids)
|
|
64
|
+
Models::Organization.includes(:users, :groups, :admins).find(ids)
|
|
60
65
|
end
|
|
61
66
|
|
|
62
67
|
create(roles: [:user]) do |attrs|
|
|
63
|
-
o = Models::Organization.new(attrs)
|
|
64
|
-
|
|
68
|
+
o = Models::Organization.new filtered_attributes(attrs)
|
|
69
|
+
new_member = Models::OrganizationMembership.new(user: current_user, admin: true)
|
|
70
|
+
o.organization_memberships << new_member
|
|
65
71
|
o.save
|
|
66
|
-
next o
|
|
72
|
+
next o.id, o
|
|
67
73
|
end
|
|
68
74
|
|
|
69
|
-
update(roles:
|
|
75
|
+
update(roles: %i(owner admin)) do |attrs|
|
|
70
76
|
resource.update filtered_attributes(attrs)
|
|
71
77
|
next resource
|
|
72
78
|
end
|
|
73
79
|
|
|
74
|
-
destroy(roles:
|
|
80
|
+
destroy(roles: %i(owner admin)) do
|
|
75
81
|
resource.destroy
|
|
76
82
|
end
|
|
77
83
|
|
|
78
84
|
has_many :users do
|
|
79
|
-
fetch(roles:
|
|
85
|
+
fetch(roles: %i(owner admin member)) do
|
|
80
86
|
resource.users
|
|
81
87
|
end
|
|
82
88
|
end
|
|
83
89
|
|
|
84
90
|
has_many :admins do
|
|
85
|
-
fetch(roles:
|
|
91
|
+
fetch(roles: %i(owner admin member)) do
|
|
86
92
|
resource.admins
|
|
87
93
|
end
|
|
88
94
|
end
|
|
89
95
|
|
|
90
96
|
has_many :groups do
|
|
91
|
-
fetch(roles:
|
|
97
|
+
fetch(roles: %i(owner admin member)) do
|
|
92
98
|
resource.groups
|
|
93
99
|
end
|
|
94
100
|
end
|
|
@@ -8,13 +8,13 @@ module Authify
|
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def role
|
|
11
|
-
Array(super).tap do |a|
|
|
11
|
+
Array(super.dup).tap do |a|
|
|
12
12
|
a << :myself if current_user && resource && (resource.id == current_user.id)
|
|
13
13
|
end.uniq
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def modifiable_fields
|
|
17
|
-
|
|
17
|
+
%i(full_name email).tap do |a|
|
|
18
18
|
a << :admin if role.include?(:admin)
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -34,11 +34,11 @@ module Authify
|
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
index(roles:
|
|
37
|
+
index(roles: %i(user trusted)) do
|
|
38
38
|
Models::User.all
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
show(roles:
|
|
41
|
+
show(roles: %i(user trusted)) do
|
|
42
42
|
last_modified resource.updated_at
|
|
43
43
|
next resource
|
|
44
44
|
end
|
|
@@ -49,21 +49,30 @@ module Authify
|
|
|
49
49
|
next user
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
+
update(roles: %i(admin myself)) do |attrs|
|
|
53
|
+
# Necessary because #password= is overridden for Models::User
|
|
54
|
+
new_pass = attrs[:password] if attrs && attrs.key?(:password)
|
|
55
|
+
resource.update filtered_attributes(attrs)
|
|
56
|
+
resource.password = new_pass if new_pass
|
|
57
|
+
resource.save
|
|
58
|
+
next resource
|
|
59
|
+
end
|
|
60
|
+
|
|
52
61
|
show_many do |ids|
|
|
53
62
|
Models::User.find(ids)
|
|
54
63
|
end
|
|
55
64
|
|
|
56
65
|
has_many :apikeys do
|
|
57
|
-
fetch(roles:
|
|
66
|
+
fetch(roles: %i(myself admin)) do
|
|
58
67
|
resource.apikeys
|
|
59
68
|
end
|
|
60
69
|
|
|
61
|
-
clear(roles:
|
|
70
|
+
clear(roles: %i(myself admin)) do
|
|
62
71
|
resource.apikeys.destroy_all
|
|
63
72
|
resource.save
|
|
64
73
|
end
|
|
65
74
|
|
|
66
|
-
subtract(roles:
|
|
75
|
+
subtract(roles: %i(myself admin)) do |rios|
|
|
67
76
|
refs = rios.map { |attrs| Models::APIKey.find(attrs) }
|
|
68
77
|
# This actually calls #destroy on the keys (we don't need orphaned keys)
|
|
69
78
|
resource.apikeys.destroy(refs)
|
|
@@ -72,36 +81,36 @@ module Authify
|
|
|
72
81
|
end
|
|
73
82
|
|
|
74
83
|
has_many :identities do
|
|
75
|
-
fetch(roles:
|
|
84
|
+
fetch(roles: %i(myself admin trusted)) do
|
|
76
85
|
resource.identities
|
|
77
86
|
end
|
|
78
87
|
|
|
79
|
-
clear(roles:
|
|
88
|
+
clear(roles: %i(myself admin)) do
|
|
80
89
|
resource.identities.destroy_all
|
|
81
90
|
resource.save
|
|
82
91
|
end
|
|
83
92
|
|
|
84
93
|
merge(roles: [:myself]) do |rios|
|
|
85
|
-
refs = rios.map { |attrs| Models::
|
|
94
|
+
refs = rios.map { |attrs| Models::Identity.new(attrs) }
|
|
86
95
|
resource.identities << refs
|
|
87
96
|
resource.save
|
|
88
97
|
end
|
|
89
98
|
|
|
90
|
-
subtract(roles:
|
|
91
|
-
refs = rios.map { |attrs| Models::
|
|
99
|
+
subtract(roles: %i(myself admin)) do |rios|
|
|
100
|
+
refs = rios.map { |attrs| Models::Identity.find(attrs) }
|
|
92
101
|
resource.identities.destroy(refs)
|
|
93
102
|
resource.save
|
|
94
103
|
end
|
|
95
104
|
end
|
|
96
105
|
|
|
97
106
|
has_many :organizations do
|
|
98
|
-
fetch(roles:
|
|
107
|
+
fetch(roles: %i(user myself admin)) do
|
|
99
108
|
resource.organizations
|
|
100
109
|
end
|
|
101
110
|
end
|
|
102
111
|
|
|
103
112
|
has_many :groups do
|
|
104
|
-
fetch(roles:
|
|
113
|
+
fetch(roles: %i(myself admin)) do
|
|
105
114
|
resource.groups
|
|
106
115
|
end
|
|
107
116
|
end
|
|
@@ -16,7 +16,7 @@ module Authify
|
|
|
16
16
|
iat: Time.now.to_i,
|
|
17
17
|
iss: CONFIG[:jwt][:issuer],
|
|
18
18
|
scopes: Core::Constants::JWTSCOPES.dup.tap do |scopes|
|
|
19
|
-
scopes << :admin_access if
|
|
19
|
+
scopes << :admin_access if user.admin?
|
|
20
20
|
end,
|
|
21
21
|
user: {
|
|
22
22
|
username: user.email,
|
|
@@ -38,21 +38,47 @@ module Authify
|
|
|
38
38
|
|
|
39
39
|
def authenticate(unencrypted_password)
|
|
40
40
|
return false unless unencrypted_password && !unencrypted_password.empty?
|
|
41
|
+
return false unless password_digest && !password_digest.empty?
|
|
41
42
|
compare_salted_sha512(unencrypted_password, password_digest)
|
|
42
43
|
end
|
|
43
44
|
|
|
45
|
+
def verify(vtoken)
|
|
46
|
+
return false unless verification_token
|
|
47
|
+
token, valid_until = verification_token.split(':')
|
|
48
|
+
token == vtoken && Time.now.to_i <= Integer(valid_until)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
# Both sets a token in the DB *and* emails it to the user
|
|
52
|
+
def set_verification_token!
|
|
53
|
+
return false if verified?
|
|
54
|
+
token = peppered_sha512(rand(999).to_s)[0...16]
|
|
55
|
+
valid_until = (Time.now + (15 * 60)).to_i
|
|
56
|
+
self.verification_token = "#{token}:#{valid_until}"
|
|
57
|
+
|
|
58
|
+
email_opts = {
|
|
59
|
+
body: "Your verification token is: #{token}"
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
Resque.enqueue(
|
|
63
|
+
Authify::Core::Jobs::Email,
|
|
64
|
+
email,
|
|
65
|
+
'Authify Verification Email',
|
|
66
|
+
email_opts
|
|
67
|
+
)
|
|
68
|
+
end
|
|
69
|
+
|
|
44
70
|
def admin_for?(organization)
|
|
45
71
|
admin? || organization.admins.include?(self)
|
|
46
72
|
end
|
|
47
73
|
|
|
48
74
|
def self.from_api_key(access, secret)
|
|
49
75
|
key = APIKey.find_by_access_key(access)
|
|
50
|
-
key.user if key && key.compare_secret(secret)
|
|
76
|
+
key.user if key && key.compare_secret(secret) && key.user.verified?
|
|
51
77
|
end
|
|
52
78
|
|
|
53
79
|
def self.from_email(email, password)
|
|
54
80
|
found_user = Models::User.find_by_email(email)
|
|
55
|
-
found_user if found_user && found_user.authenticate(password)
|
|
81
|
+
found_user if found_user && found_user.authenticate(password) && found_user.verified?
|
|
56
82
|
end
|
|
57
83
|
|
|
58
84
|
def self.from_identity(provider, uid)
|
|
@@ -36,19 +36,12 @@ module Authify
|
|
|
36
36
|
email = @parsed_body[:email]
|
|
37
37
|
password = @parsed_body[:password]
|
|
38
38
|
# For Trusted Delegates signing users in via omniauth
|
|
39
|
-
del_data = @parsed_body[:delegate]
|
|
40
39
|
omni_provider = @parsed_body[:provider]
|
|
41
40
|
omni_uid = @parsed_body[:uid]
|
|
42
|
-
trusted_delegate = if del_data
|
|
43
|
-
Models::TrustedDelegate.from_access_key(
|
|
44
|
-
del_data[:access],
|
|
45
|
-
del_data[:secret]
|
|
46
|
-
)
|
|
47
|
-
end
|
|
48
41
|
|
|
49
42
|
found_user = if access
|
|
50
43
|
Models::User.from_api_key(access, secret)
|
|
51
|
-
elsif
|
|
44
|
+
elsif remote_app
|
|
52
45
|
Models::User.from_identity(omni_provider, omni_uid)
|
|
53
46
|
elsif email
|
|
54
47
|
Models::User.from_email(email, password)
|
|
@@ -33,29 +33,59 @@ module Authify
|
|
|
33
33
|
via = @parsed_body[:via]
|
|
34
34
|
password = @parsed_body[:password]
|
|
35
35
|
name = @parsed_body[:name]
|
|
36
|
-
del_data = @parsed_body[:delegate]
|
|
37
|
-
trusted_delegate = if del_data
|
|
38
|
-
Models::TrustedDelegate.from_access_key(
|
|
39
|
-
del_data[:access],
|
|
40
|
-
del_data[:secret]
|
|
41
|
-
)
|
|
42
|
-
end
|
|
43
36
|
|
|
44
37
|
halt(422, 'Duplicate User') if Models::User.exists?(email: email)
|
|
45
|
-
halt(403, 'Password Required') unless password ||
|
|
38
|
+
halt(403, 'Password Required') unless password || remote_app
|
|
46
39
|
|
|
47
40
|
new_user = Models::User.new(email: email)
|
|
48
41
|
new_user.full_name = name if name
|
|
49
42
|
new_user.password = password if password
|
|
50
|
-
if via && via[:provider]
|
|
43
|
+
if via && via[:provider] && remote_app
|
|
51
44
|
new_user.identities.build(
|
|
52
45
|
provider: via[:provider],
|
|
53
46
|
uid: via[:uid] ? via[:uid] : email
|
|
54
47
|
)
|
|
48
|
+
new_user.verified = true
|
|
49
|
+
else
|
|
50
|
+
new_user.set_verification_token!
|
|
55
51
|
end
|
|
52
|
+
|
|
56
53
|
new_user.save
|
|
57
54
|
update_current_user new_user
|
|
58
|
-
|
|
55
|
+
|
|
56
|
+
response = { id: new_user.id, email: new_user.email }
|
|
57
|
+
if new_user.verified?
|
|
58
|
+
response[:verified] = true
|
|
59
|
+
response[:jwt] = jwt_token(new_user)
|
|
60
|
+
else
|
|
61
|
+
response[:verified] = false
|
|
62
|
+
end
|
|
63
|
+
response.to_json
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
post '/verify' do
|
|
67
|
+
email = @parsed_body[:email]
|
|
68
|
+
password = @parsed_body[:password]
|
|
69
|
+
token = @parsed_body[:token]
|
|
70
|
+
|
|
71
|
+
halt(422, 'Invalid User') unless Models::User.exists?(email: email)
|
|
72
|
+
halt(403, 'Missing Parameters') unless email && password && token
|
|
73
|
+
|
|
74
|
+
found_user = Models::User.find_by_email(email)
|
|
75
|
+
if found_user.authenticate(password) && found_user.verify(token)
|
|
76
|
+
found_user.verified = true
|
|
77
|
+
else
|
|
78
|
+
halt(422, 'Verification Failed')
|
|
79
|
+
end
|
|
80
|
+
found_user.save
|
|
81
|
+
update_current_user found_user
|
|
82
|
+
|
|
83
|
+
{
|
|
84
|
+
id: found_user.id,
|
|
85
|
+
email: found_user.email,
|
|
86
|
+
verified: found_user.verified?,
|
|
87
|
+
jwt: jwt_token(found_user)
|
|
88
|
+
}.to_json
|
|
59
89
|
end
|
|
60
90
|
end
|
|
61
91
|
end
|
data/lib/authify/api/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authify-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Gnagy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-03-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: authify-core
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
19
|
+
version: '0.1'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
26
|
+
version: '0.1'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: authify-middleware
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -190,6 +190,20 @@ dependencies:
|
|
|
190
190
|
- - "~>"
|
|
191
191
|
- !ruby/object:Gem::Version
|
|
192
192
|
version: '3.7'
|
|
193
|
+
- !ruby/object:Gem::Dependency
|
|
194
|
+
name: resque
|
|
195
|
+
requirement: !ruby/object:Gem::Requirement
|
|
196
|
+
requirements:
|
|
197
|
+
- - "~>"
|
|
198
|
+
- !ruby/object:Gem::Version
|
|
199
|
+
version: '1.26'
|
|
200
|
+
type: :runtime
|
|
201
|
+
prerelease: false
|
|
202
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
203
|
+
requirements:
|
|
204
|
+
- - "~>"
|
|
205
|
+
- !ruby/object:Gem::Version
|
|
206
|
+
version: '1.26'
|
|
193
207
|
- !ruby/object:Gem::Dependency
|
|
194
208
|
name: bundler
|
|
195
209
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -288,6 +302,20 @@ dependencies:
|
|
|
288
302
|
- - "~>"
|
|
289
303
|
- !ruby/object:Gem::Version
|
|
290
304
|
version: '0.13'
|
|
305
|
+
- !ruby/object:Gem::Dependency
|
|
306
|
+
name: rack-test
|
|
307
|
+
requirement: !ruby/object:Gem::Requirement
|
|
308
|
+
requirements:
|
|
309
|
+
- - "~>"
|
|
310
|
+
- !ruby/object:Gem::Version
|
|
311
|
+
version: '0.6'
|
|
312
|
+
type: :development
|
|
313
|
+
prerelease: false
|
|
314
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
315
|
+
requirements:
|
|
316
|
+
- - "~>"
|
|
317
|
+
- !ruby/object:Gem::Version
|
|
318
|
+
version: '0.6'
|
|
291
319
|
description:
|
|
292
320
|
email:
|
|
293
321
|
- jgnagy@knuedge.com
|
|
@@ -299,6 +327,7 @@ files:
|
|
|
299
327
|
- ".rspec"
|
|
300
328
|
- ".rubocop.yml"
|
|
301
329
|
- ".travis.yml"
|
|
330
|
+
- Dockerfile
|
|
302
331
|
- Gemfile
|
|
303
332
|
- LICENSE.txt
|
|
304
333
|
- README.md
|
|
@@ -315,6 +344,7 @@ files:
|
|
|
315
344
|
- db/migrate/20170204001405_create_trusted_delegates.rb
|
|
316
345
|
- db/migrate/20170208021933_add_admin_to_user.rb
|
|
317
346
|
- db/migrate/20170208022427_set_default_for_user_admin.rb
|
|
347
|
+
- db/migrate/20170328151033_add_verified_to_user.rb
|
|
318
348
|
- db/schema.rb
|
|
319
349
|
- lib/authify/api.rb
|
|
320
350
|
- lib/authify/api/controllers/apikey.rb
|