authlete 1.0.21 → 1.0.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b18c3acf2bff70c5782f1dfa6e3d3a652ad60759
-  data.tar.gz: b684b91b3dbc5a9b6c7adf12094f730c4e8d2790
+SHA256:
+  metadata.gz: 76874c7e1a1d4c0ce39569f657df73d1d445df1907bfa08602eb75fae353ce79
+  data.tar.gz: 7ce55dd3873f5b4a79f2df58ce84da52d0c45889701820e5a711fd1d12c496ac
 SHA512:
-  metadata.gz: a12c3ea20cc4e6a487f4509c6fcfc82805e54b2fbcaf0861e7378f2dec11f5549050edf505a9aae0b341ee122981034019ad79d580018258bdda5838d3d14d72
-  data.tar.gz: 450b964300dad2371ffcf3def464eed3014662c82c78dc1f321a1fecce7f1918cb341e2bfe68e77ca0f7f0d44947b8a464136a5caec395e55fccfa15b878ed6c
+  metadata.gz: 62a1f340f9c25fb0a052ef5211dd4e0809f68a26b9a3e5e4e204dab8cbf5c22f8e5f1733ee063330b0d3d7cdbf0b92189ec3c7b5a90510de7d572f474c3f3c74
+  data.tar.gz: c44961fd3bead0938e2f7db4f1e980495ec4f826974d218dcb90b57870dd5348a043d9b9f2b2ca066da19918b677e435899a0166820d821c785184a4e72061f0

data/README.md

@@ -1,20 +1,20 @@
-authlete-ruby-gem
-=================
-
-# Overview
-
-Ruby library for [Authlete Web APIs](https://docs.authlete.com/).
-
-
-# License
-
-Apache License, Version 2.0
-
-
-# See Also
-
-* [Authlete Website](https://www.authlete.com/)
-* [Authlete Facebook](https://www.facebook.com/authlete)
-* [Authelte Twitter](https://twitter.com/authlete)
-* [Authlete GitHub](https://github.com/authlete)
-* [Authlete Email](mailto:support@authlete.com)
+authlete-ruby-gem
+=================
+
+# Overview
+
+Ruby library for [Authlete Web APIs](https://docs.authlete.com/).
+
+
+# License
+
+Apache License, Version 2.0
+
+
+# See Also
+
+* [Authlete Website](https://www.authlete.com/)
+* [Authlete Facebook](https://www.facebook.com/authlete)
+* [Authelte Twitter](https://twitter.com/authlete)
+* [Authlete GitHub](https://github.com/authlete)
+* [Authlete Email](mailto:support@authlete.com)

data/lib/authlete/authentication-server.rb

@@ -1,230 +1,230 @@
-# :nodoc:
-#
-# Copyright (C) 2014-2018 Authlete, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-require 'rack'
-
-
-module Authlete
-  # == Authlete::AuthenticationServer class
-  #
-  # This class is a base class for an authentication server based on Rack.
-  # Some method must/should be overridden by subclasses.
-  #
-  # 1. <tt>authenticate_api_call</tt>
-  # 2. <tt>authenticate_user</tt>
-  # 3. <tt>collect_claims</tt>
-  # 4. <tt>authentication_callback_endpoint_path</tt>
-  class AuthenticationServer
-    def initialize(app = nil)
-      # Accept 'app' so that this class can work as a Rack middleware
-      # as well as a Rack application.
-      @app = app
-    end
-
-    def call(env)
-      # Request
-      request = Rack::Request.new(env)
-
-      # If the request is not an authentication callback request.
-      if match_authentication_callback_request(request) == false
-        # If this class is used as a Rack middleware.
-        if @app && @app.respond_to?(:call)
-          # Call chain to the next Rack middleware.
-          return @app.call(env)
-        else
-          # 404 Not Found
-          return generate_not_found(request)
-        end
-      end
-
-      # Basic Authentication for the API call.
-      authenticated = do_authenticate_api_call(env)
-      if authenticated == false
-        # 401 Unauthorized
-        return generate_api_call_authentication_failure()
-      end
-
-      begin
-        # Parse the request body as AuthenticationCallbackRequest.
-        req = parse_authentication_callback_request(request)
-      rescue => e
-        # 400 Bad Request
-        return generate_authentication_callback_request_format_error(e)
-      end
-
-      # Prepare an empty response.
-      res = Authlete::Model::Response::AuthenticationCallbackResponse.new
-
-      # Let the subclass authenticate the end-user.
-      # When authenticated successfully, a non-nil value is returned.
-      subject = authenticate_user(req)
-      if subject.nil?
-        # End-user authentication failed.
-        # Return {"authenticated": false} to Authlete.
-        res.authenticated = false
-        return res.to_rack_response
-      end
-
-      # The end-user has been authenticated successfully.
-      res.authenticated = true
-      res.subject       = subject
-
-      if req.claims.nil? == false && req.claims.length != 0
-        # Make the subclass collect values of the requested claims.
-        res.claims = collect_claims(req, subject)
-      end
-
-      # Return {"authenticated": true, ...} to Authlete.
-      return res.to_rack_response
-    end
-
-    private
-
-    def match_authentication_callback_request(request)
-      request.post? &&
-      request.path_info == authentication_callback_endpoint_path() &&
-      %r{^application/json}i === request.content_type
-    end
-
-    def do_authenticate_api_call(env)
-      # API key and secret for the API call to the authentication endpoint.
-      api_key, api_secret = nil, nil
-
-      # Basic Authentication for the API call.
-      auth = Rack::Auth::Basic::Request.new(env)
-
-      if auth.provided? && auth.basic?
-        api_key, api_secret = *auth.credentials
-      end
-
-      # Let the subclass authenticate the API call.
-      authenticate_api_call(api_key, api_secret)
-    end
-
-    # 404 Not Found
-    def generate_not_found(request)
-      [
-        404,
-        {
-          'Content-Type' => 'text/plain'
-        },
-        [
-          "Not Found: #{request.request_method} #{request.path_info} (#{request.content_type})"
-        ]
-      ]
-    end
-
-    # 401 Unauthorized
-    def generate_api_call_authentication_failure
-      [
-        401,
-        {
-          'Content-Type'     => 'text/plain',
-          'WWW-Authenticate' => 'Basic realm="Authentication Callback Endpoint"'
-        },
-        [
-          'Authentication of the API call to the authentication callback endpoint failed.'
-        ]
-      ]
-    end
-
-    # 400 Bad Request
-    def generate_authentication_callback_request_format_error(exception)
-      [
-        400,
-        {
-          'Content-Type' => 'text/plain',
-        },
-        [
-          "The format of the authentication callback request was wrong: #{exception.to_s}"
-        ]
-      ]
-    end
-
-    def parse_authentication_callback_request(request)
-      # In case someone has already read it.
-      request.body.rewind
-
-      # JSON
-      json = request.body.read
-
-      # Parse the authentication callback request.
-      Authlete::Model::Request::AuthenticationCallbackRequest.parse(json)
-    end
-
-    protected
-
-    # Authenticate the API call to the authentication callback endpoint
-    # from Authlete. Subclasses must override this method. This default
-    # implementation returns false, meaning 'unauthorized API call'.
-    #
-    # The argument of this method is the API key and the API secret that
-    # the caller has presented. When the pair of the API credentials is
-    # valid, return true. Otherwise, return false.
-    def authenticate_api_call(api_key, api_secret)
-      # Unauthorized API call.
-      false
-    end
-
-    # Authenticate the end-user. Subclasses must override this method.
-    # This default implementation returns nil, meaning 'invalid end-user'.
-    #
-    # The argument of this method is an instance of
-    # <tt>Authlete::Model::Request::AuthenticationCallbackRequest</tt>.
-    # When the end-user is successfully authenticated, this method must
-    # return a unique identifier (= subject) of the end-user. Otherwise,
-    # nil must be returned to indicate authentication failure.
-    def authenticate_user(req)
-      # Invalid end-user.
-      nil
-    end
-
-    # Collect claim values of the end-user. Subclasses should override this
-    # method. This default implementation returns nil, meaning 'no claim values'.
-    #
-    # The argument of this method is an instance of
-    # <tt>Authlete::Model::Request::AuthenticationCallbackRequest</tt> and the subject
-    # which has been returned from the preceding call of <tt>authenticate_user</tt>
-    # method.
-    #
-    # 'Claim' is a piece of information about an end-user. A subclass should
-    # collect values of requested claims (<tt>req.claims</tt>) as many as
-    # possible and format them in JSON format like below.
-    #
-    #   {
-    #     "name": "Takahiko Kawasaki",
-    #     "gender": "male"
-    #   }
-    #
-    # Collected claim values are used to generate an {ID token}
-    # [http://openid.net/specs/openid-connect-core-1_0.html#IDToken].
-    #
-    # If no claim values are available, or if you don't want to provide any
-    # claim value, return nil.
-    def collect_claims(req, subject)
-      # No claim values.
-      nil
-    end
-
-    # Get the path of the authentication callback endpoint. This default
-    # implementation returns '/authentication'. Subclasses may override
-    # this method to change the path.
-    def authentication_callback_endpoint_path
-      '/authentication'
-    end
-  end
+# :nodoc:
+#
+# Copyright (C) 2014-2018 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require 'rack'
+
+
+module Authlete
+  # == Authlete::AuthenticationServer class
+  #
+  # This class is a base class for an authentication server based on Rack.
+  # Some method must/should be overridden by subclasses.
+  #
+  # 1. <tt>authenticate_api_call</tt>
+  # 2. <tt>authenticate_user</tt>
+  # 3. <tt>collect_claims</tt>
+  # 4. <tt>authentication_callback_endpoint_path</tt>
+  class AuthenticationServer
+    def initialize(app = nil)
+      # Accept 'app' so that this class can work as a Rack middleware
+      # as well as a Rack application.
+      @app = app
+    end
+
+    def call(env)
+      # Request
+      request = Rack::Request.new(env)
+
+      # If the request is not an authentication callback request.
+      if match_authentication_callback_request(request) == false
+        # If this class is used as a Rack middleware.
+        if @app && @app.respond_to?(:call)
+          # Call chain to the next Rack middleware.
+          return @app.call(env)
+        else
+          # 404 Not Found
+          return generate_not_found(request)
+        end
+      end
+
+      # Basic Authentication for the API call.
+      authenticated = do_authenticate_api_call(env)
+      if authenticated == false
+        # 401 Unauthorized
+        return generate_api_call_authentication_failure()
+      end
+
+      begin
+        # Parse the request body as AuthenticationCallbackRequest.
+        req = parse_authentication_callback_request(request)
+      rescue => e
+        # 400 Bad Request
+        return generate_authentication_callback_request_format_error(e)
+      end
+
+      # Prepare an empty response.
+      res = Authlete::Model::Response::AuthenticationCallbackResponse.new
+
+      # Let the subclass authenticate the end-user.
+      # When authenticated successfully, a non-nil value is returned.
+      subject = authenticate_user(req)
+      if subject.nil?
+        # End-user authentication failed.
+        # Return {"authenticated": false} to Authlete.
+        res.authenticated = false
+        return res.to_rack_response
+      end
+
+      # The end-user has been authenticated successfully.
+      res.authenticated = true
+      res.subject       = subject
+
+      if req.claims.nil? == false && req.claims.length != 0
+        # Make the subclass collect values of the requested claims.
+        res.claims = collect_claims(req, subject)
+      end
+
+      # Return {"authenticated": true, ...} to Authlete.
+      return res.to_rack_response
+    end
+
+    private
+
+    def match_authentication_callback_request(request)
+      request.post? &&
+      request.path_info == authentication_callback_endpoint_path() &&
+      %r{^application/json}i === request.content_type
+    end
+
+    def do_authenticate_api_call(env)
+      # API key and secret for the API call to the authentication endpoint.
+      api_key, api_secret = nil, nil
+
+      # Basic Authentication for the API call.
+      auth = Rack::Auth::Basic::Request.new(env)
+
+      if auth.provided? && auth.basic?
+        api_key, api_secret = *auth.credentials
+      end
+
+      # Let the subclass authenticate the API call.
+      authenticate_api_call(api_key, api_secret)
+    end
+
+    # 404 Not Found
+    def generate_not_found(request)
+      [
+        404,
+        {
+          'Content-Type' => 'text/plain'
+        },
+        [
+          "Not Found: #{request.request_method} #{request.path_info} (#{request.content_type})"
+        ]
+      ]
+    end
+
+    # 401 Unauthorized
+    def generate_api_call_authentication_failure
+      [
+        401,
+        {
+          'Content-Type'     => 'text/plain',
+          'WWW-Authenticate' => 'Basic realm="Authentication Callback Endpoint"'
+        },
+        [
+          'Authentication of the API call to the authentication callback endpoint failed.'
+        ]
+      ]
+    end
+
+    # 400 Bad Request
+    def generate_authentication_callback_request_format_error(exception)
+      [
+        400,
+        {
+          'Content-Type' => 'text/plain',
+        },
+        [
+          "The format of the authentication callback request was wrong: #{exception.to_s}"
+        ]
+      ]
+    end
+
+    def parse_authentication_callback_request(request)
+      # In case someone has already read it.
+      request.body.rewind
+
+      # JSON
+      json = request.body.read
+
+      # Parse the authentication callback request.
+      Authlete::Model::Request::AuthenticationCallbackRequest.parse(json)
+    end
+
+    protected
+
+    # Authenticate the API call to the authentication callback endpoint
+    # from Authlete. Subclasses must override this method. This default
+    # implementation returns false, meaning 'unauthorized API call'.
+    #
+    # The argument of this method is the API key and the API secret that
+    # the caller has presented. When the pair of the API credentials is
+    # valid, return true. Otherwise, return false.
+    def authenticate_api_call(api_key, api_secret)
+      # Unauthorized API call.
+      false
+    end
+
+    # Authenticate the end-user. Subclasses must override this method.
+    # This default implementation returns nil, meaning 'invalid end-user'.
+    #
+    # The argument of this method is an instance of
+    # <tt>Authlete::Model::Request::AuthenticationCallbackRequest</tt>.
+    # When the end-user is successfully authenticated, this method must
+    # return a unique identifier (= subject) of the end-user. Otherwise,
+    # nil must be returned to indicate authentication failure.
+    def authenticate_user(req)
+      # Invalid end-user.
+      nil
+    end
+
+    # Collect claim values of the end-user. Subclasses should override this
+    # method. This default implementation returns nil, meaning 'no claim values'.
+    #
+    # The argument of this method is an instance of
+    # <tt>Authlete::Model::Request::AuthenticationCallbackRequest</tt> and the subject
+    # which has been returned from the preceding call of <tt>authenticate_user</tt>
+    # method.
+    #
+    # 'Claim' is a piece of information about an end-user. A subclass should
+    # collect values of requested claims (<tt>req.claims</tt>) as many as
+    # possible and format them in JSON format like below.
+    #
+    #   {
+    #     "name": "Takahiko Kawasaki",
+    #     "gender": "male"
+    #   }
+    #
+    # Collected claim values are used to generate an {ID token}
+    # [http://openid.net/specs/openid-connect-core-1_0.html#IDToken].
+    #
+    # If no claim values are available, or if you don't want to provide any
+    # claim value, return nil.
+    def collect_claims(req, subject)
+      # No claim values.
+      nil
+    end
+
+    # Get the path of the authentication callback endpoint. This default
+    # implementation returns '/authentication'. Subclasses may override
+    # this method to change the path.
+    def authentication_callback_endpoint_path
+      '/authentication'
+    end
+  end
 end