authralia 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8385e74f10affaebc8489d31883c8cd31a7b73b2984e328fd5df68f4325be3a
-  data.tar.gz: c50197c0b40fab4121e3648b25ceff8c0dfd9e9c5d168aa0a9a7d7defa3be70e
+  metadata.gz: 2992e694d931ea98652a6d624793d46239fcf1af73bb5d72e791eb487c994d62
+  data.tar.gz: c0d0706e07e39dea8f666670a57ac3b790d0c48916554389f4f04c9485e13b77
 SHA512:
-  metadata.gz: dac5585c2d7526e833ecade43d1472f085834ed55a1a35d2a8914c2930b91311b342b740deb8be3a9a91740b1a77aa9265f738ea85b57f3dd84362b04f266cab
-  data.tar.gz: e3b0bc76ae036c712d8cc79089f109a9bb49e9355a133a71a642c080035caed2da54fcc002fc4a4b675c781dfcdcaab2a09b3a05bd989653965a66f22e3fe0c2
+  metadata.gz: 4aa9d6497e33ebc8999bef5f0387054ed8e72282e4b538d2748a785f6b498aa0480d48aff380b43e40102738950f364edfcdeb312901e9beecea50f331cde9c5
+  data.tar.gz: 8d062d8f68e62577d4c6f596396a3d4514ae7333698bdc7328c3771d2d6c7952a088effa35d7fca816a98f02a1b396301f089590780925ab42e3331fae767a34

data/lib/authenticate/base.rb

@@ -0,0 +1,6 @@
+module Authralia
+  module Authenticate
+    class Base < ServiceObject::Base
+    end
+  end
+end

data/lib/authenticate/resource.rb

@@ -0,0 +1,27 @@
+module Authralia
+  module Authenticate
+    class Resource < Base
+      def initialize(resource_class_name, auth_data)
+        @auth_data = auth_data
+        @resource_class = resource_class_name.constantize
+      end
+
+      def call
+        if @auth_data.class.name == @resource_class.to_s
+          response(status: SUCCESS, payload: @auth_data)
+        else
+          resource = @resource_class.protect_thcope(@auth_data)
+
+          if resource&.authenticate(@auth_data[:password])
+            response(status: SUCCESS, payload: resource)
+          else
+            response(
+              status: FAIL,
+              message: "Incorrect Login Data"
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authenticated_session/acceptence.rb

@@ -0,0 +1,24 @@
+module Authralia
+  module AuthenticatedSession
+    class Acceptence < Base
+      def initialize(session_identifier, guid)
+        @session_identifier = session_identifier
+        @guid = guid
+      end
+
+      def call
+        response(status: SUCCESS) if @session_identifier.blank?
+
+        update_sessions(@session_identifier) do |session|
+          if session[:guid] == @guid
+            session[:is_accepted] = true
+          else
+            session[:new_session_guids].delete(@guid)
+          end
+        end
+
+        response(status: SUCCESS)
+      end
+    end
+  end
+end

data/lib/authenticated_session/base.rb

@@ -0,0 +1,74 @@
+module Authralia
+  module AuthenticatedSession
+    class Base < ServiceObject::Base
+      protected
+
+      def extract_resource_identifier(session_identifier)
+        session_identifier.split('#').first(2).join('#')
+      end
+
+      def extract_guid(session_identifier)
+        session_identifier.split('#').last
+      end
+
+      def build_resource_identifier(resource)
+        "#{resource.class.name}##{resource.id}"
+      end
+
+      def filter_sessions(value)
+        return [] unless value.is_a? Array
+
+        value.select do |session|
+          session.is_a?(Hash)
+        end.map do |session|
+          session.symbolize_keys
+        end
+      end
+
+      def add_session(resource, session)
+        handler = get_session_handler(resource)
+
+        handler.value ||= []
+        handler.value << session
+        handler.save
+      end
+
+      def update_sessions(resource, &block)
+        handler = get_session_handler(resource)
+        sessions = filter_sessions(handler.value)
+
+        sessions.each do |session|
+          yield(session)
+        end
+
+        handler.value = sessions
+        handler.save
+      end
+
+      def get_session_handler(value)
+        resource_identifier =
+          if is_session_identifier?(value)
+            extract_resource_identifier(value)
+          elsif is_resource_identifier?(value)
+            value
+          else
+            build_resource_identifier(value)
+          end
+
+        @session_handler ||= Chredis::Json.new resource_identifier
+      end
+
+      # TODO: validate using start_with?
+      def is_session_identifier?(value)
+        value.is_a?(String) &&
+        value.count('#').eql?(2)
+      end
+
+      # TODO: validate using start_with?
+      def is_resource_identifier?(value)
+        value.is_a?(String) &&
+        value.count('#').eql?(1)
+      end
+    end
+  end
+end

data/lib/authenticated_session/creation.rb

@@ -0,0 +1,42 @@
+module Authralia
+  module AuthenticatedSession
+    class Creation < Base
+      def initialize(resource, controller)
+        @resource = resource
+        @controller = controller
+      end
+
+      def call
+        session_guid = SecureRandom.uuid
+        browser_guid = SecureRandom.uuid
+        resource_identifier = build_resource_identifier(@resource)
+
+        handler = get_session_handler(@resource)
+        sessions = filter_sessions(handler.value)
+
+        add_session(
+          @resource,
+          {
+            guid: session_guid,
+            browser_guid: @controller.send(:cookies)[:browser_guid],
+            login_at: Time.now.utc,
+            login_ip: @controller.request.ip,
+            host: @controller.request.host,
+            user_agent: @controller.request.user_agent,
+            expires_at: Time.now.utc + Authralia.expires_in.hours,
+            is_accepted: sessions.size.zero?,
+            new_session_guids: []
+          }
+        )
+
+        response(
+          status: SUCCESS,
+          payload: {
+            browser_guid: browser_guid,
+            session_identifier: "#{resource_identifier}##{session_guid}"
+          }
+        )
+      end
+    end
+  end
+end

data/lib/authenticated_session/rejection.rb

@@ -0,0 +1,16 @@
+module Authralia
+  module AuthenticatedSession
+    class Rejection < Removal
+      def initialize(session_identifier, guid)
+        @session_identifier = session_identifier
+        @guid = guid
+      end
+
+      def call
+        response(status: FAIL) if @session_identifier.blank?
+        remove_session_based_on_guid(@session_identifier, @guid)
+        response(status: SUCCESS)
+      end
+    end
+  end
+end

data/lib/authenticated_session/removal.rb

@@ -0,0 +1,36 @@
+module Authralia
+  module AuthenticatedSession
+    class Removal < Base
+      def initialize(session_identifier)
+        @session_identifier = session_identifier
+      end
+
+      def call
+        guid = extract_guid(@session_identifier)
+
+        response(status: FAIL) if @session_identifier.blank?
+        remove_session_based_on_guid(@session_identifier, guid)
+        response(status: SUCCESS)
+      end
+
+      protected
+
+      def remove_session_based_on_guid(session_identifier, guid)
+        handler = get_session_handler(session_identifier)
+        collection = filter_sessions(handler.value)
+        collection = collection.reject { |s| s[:guid] == guid }
+
+        collection.each do |session|
+          session[:new_session_guids].delete(guid)
+        end
+
+        if collection.size.zero?
+          handler.clear
+        else
+          handler.value = collection
+          handler.save
+        end
+      end
+    end
+  end
+end

data/lib/authenticated_session/validation.rb

@@ -0,0 +1,95 @@
+module Authralia
+  module AuthenticatedSession
+    class Validation < Base
+      AMOGUS = :AMOGUS
+
+      def initialize(session_identifier, controller)
+        @controller = controller
+        @session_identifier = session_identifier
+      end
+
+      def call
+        login_message = 'Please login to continue'
+
+        unless is_session_identifier?(@session_identifier)
+          return response(status: FAIL, message: login_message)
+        end
+
+        resource_name, resource_id, guid = @session_identifier.split('#')
+        resource = resource_name.constantize.find_by_id(resource_id)
+
+        handler = get_session_handler(resource)
+        sessions = filter_sessions(handler.value)
+        session = sessions.detect { |s| s[:guid].eql? guid }
+
+        if resource.blank? || session.blank?
+          return response(status: FAIL, message: login_message)
+        end
+
+        if is_session_expire?(session)
+          response(status: FAIL, message: "Session expire. #{login_message}")
+        elsif is_session_sus?(guid, sessions)
+          response(status: AMOGUS, message: 'AMOGUS')
+        else
+          if sessions.size >= 1 && !session[:is_accepted]
+            sessions = notify_other_sessions(sessions, guid)
+            handler.value = sessions
+            handler.save
+          end
+
+          response(
+            status: SUCCESS,
+            payload: { resource:, session: }
+          )
+        end
+      end
+
+      private
+
+      def notify_other_sessions(sessions, guid)
+        sessions.each do |s|
+          new_session_guids = s[:new_session_guids]
+          is_accepted_session = s[:guid] != guid && s[:is_accepted]
+
+          if is_accepted_session && !new_session_guids.include?(guid)
+            s.update(new_session_guids: new_session_guids << guid)
+          end
+        end
+      end
+
+      def is_session_expire?(session)
+        (Time.now.utc - session[:expires_at].to_time) >= Authralia.expires_in.hours
+      end
+
+      def is_session_sus?(guid, sessions)
+        sessions.detect do |session|
+          is_guid_valid?(guid, session) &&
+          is_browser_valid?(session) &&
+          is_ip_valid?(session) &&
+          is_host_valid?(session) &&
+          is_user_agent_valid?(session)
+        end.blank?
+      end
+
+      def is_guid_valid?(guid, session)
+        session[:guid] == guid
+      end
+
+      def is_browser_valid?(session)
+        session[:browser_guid] == @controller.send(:cookies)[:browser_guid]
+      end
+
+      def is_ip_valid?(session)
+        session[:login_ip] == @controller.request.ip
+      end
+
+      def is_host_valid?(session)
+        session[:host] == @controller.request.host
+      end
+
+      def is_user_agent_valid?(session)
+        session[:user_agent] == @controller.request.user_agent
+      end
+    end
+  end
+end

data/lib/authenticated_session/wipeout.rb

@@ -0,0 +1,15 @@
+module Authralia
+  module AuthenticatedSession
+    class Wipeout < Base
+      def initialize(identifier)
+        @identifier = identifier
+      end
+
+      def call
+        get_session_handler(@identifier).clear
+
+        response(status: SUCCESS)
+      end
+    end
+  end
+end

data/lib/authralia.rb

@@ -9,7 +9,7 @@ module Authralia
   end
 
   module AuthenticatedSession
-    autoload :Base, 'session/base'
+    autoload :Base, 'authenticated_session/base'
     autoload :Acceptence, 'authenticated_session/acceptence'
     autoload :Creation, 'authenticated_session/creation'
     autoload :Rejection, 'authenticated_session/rejection'
@@ -26,8 +26,8 @@ module Authralia
     autoload :ThydneyTheProtector, 'models/thydney_the_protector'
   end
 
-  mattr_accessor :single_active_session
-  @@single_active_session = false
+  mattr_accessor :single_active_session_for
+  @@single_active_session_for = []
 
   mattr_accessor :expires_in
   @@expires_in = 1.hour
@@ -41,11 +41,11 @@ module Authralia
 end
 
 ActiveSupport.on_load(:action_controller_base) do
-  include WowAuthralia::Controllers::Helpers
+  include Authralia::Controllers::Helpers
 end
 
 ActiveSupport.on_load(:active_record) do
-  include WowAuthralia::Models::ThydneyTheProtector
+  include Authralia::Models::ThydneyTheProtector
 end
 
 module ActionDispatch::Routing

data/lib/controllers/helpers.rb

@@ -0,0 +1,112 @@
+module Authralia
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        add_flash_types :error
+
+        protected
+
+        Authralia.resource_class_names.each do |resource_class_name|
+          resource_name = resource_class_name.underscore
+
+          attr_reader "current_#{resource_name}".to_sym,
+                      "current_#{resource_name}_session".to_sym
+
+          helper_method "current_#{resource_name}".to_sym,
+                        "current_#{resource_name}_session".to_sym
+
+          # SECURITY: CSRF countermeasure
+          rescue_from ActionController::InvalidAuthenticityToken,
+                      with: "logout_#{resource_name}!".to_sym
+
+          define_method "authenticate_#{resource_name}!" do
+            validation_response = AuthenticatedSession::Validation.call(
+              session[resource_name], self
+            )
+
+            case validation_response.status
+            when AuthenticatedSession::Validation::SUCCESS
+              instance_variable_set(
+                "@current_#{resource_name}",
+                validation_response.payload[:resource]
+              )
+
+              instance_variable_set(
+                "@current_#{resource_name}_session",
+                validation_response.payload[:session]
+              )
+            when AuthenticatedSession::Validation::AMOGUS
+              reset_session
+
+              when_authtralia_fail(validation_response)
+            when AuthenticatedSession::Validation::FAIL
+              send("logout_#{resource_name}!")
+              when_authtralia_fail(validation_response)
+            end
+          end
+
+          define_method "logout_#{resource_name}!" do
+            return unless session[resource_name]
+
+            removal_response = AuthenticatedSession::Removal.call(
+              session[resource_name]
+            )
+
+            case removal_response.status
+            when Authenticate::Resource::SUCCESS
+              session.delete(resource_name)
+            end
+          end
+
+          define_method "login_#{resource_name}!" do |auth_data, &block|
+            set_browser_guid
+
+            auth_res_response = Authenticate::Resource.call(
+              resource_class_name, auth_data
+            )
+
+            case auth_res_response.status
+            when Authenticate::Resource::SUCCESS
+              resource = auth_res_response.payload
+
+              if Authralia.single_active_session_for.include?(resource_class_name) &&
+                AuthenticatedSession::Wipeout.call(resource)
+              end
+
+              # SECURITY: multi device and session fixation countermeasure
+              authed_sess_response = AuthenticatedSession::Creation.call(
+                resource, self
+              )
+
+              # SECURITY: session fixation countermeasure
+              session.delete(resource_name)
+
+              session[resource_name] =
+                authed_sess_response.payload[:session_identifier]
+
+              block.call(true, auth_res_response) if block
+            when Authenticate::Resource::FAIL
+              block.call(false, auth_res_response) if block
+            end
+          end
+
+          define_method "accept_#{resource_name}_session!" do |guid:|
+            AuthenticatedSession::Acceptence.call(session[resource_name], guid)
+          end
+
+          define_method "reject_#{resource_name}_session!" do |guid:|
+            AuthenticatedSession::Rejection.call(session[resource_name], guid)
+          end
+        end
+      end
+
+      def set_browser_guid
+        if cookies[:browser_guid].blank?
+          cookies.permanent.signed.encrypted[:browser_guid] = SecureRandom.uuid
+        end
+      end
+    end
+  end
+end

data/lib/models/thydney_the_protector.rb

@@ -0,0 +1,21 @@
+module Authralia
+  module Models
+    module ThydneyTheProtector
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def thydney_protects(*fields)
+          has_secure_password
+
+          define_singleton_method :protect_thcope do |params|
+            field = fields.detect { |f| params[f].present? }
+
+            return nil unless field
+
+            find_by("#{field}": params[field])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/wow_authralia.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# when Mike Tyson marvel at Australia's beautiful view
+
+# TODO: use warden
+# http://railscasts.com/episodes/305-authentication-with-warden?view=asciicast
+module WowAuthralia
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield configuration
+  end
+end
+
+
+class WowAuthralia::Configuration
+  include ActiveSupport::Configurable
+
+  config_accessor(:single_active_session) { false }
+  config_accessor(:expires_in) { 1.hour }
+  config_accessor(:resource_class_names) { [] }
+end
+
+ActiveSupport.on_load(:action_controller_base) do
+  include WowAuthralia::Controllers::Helpers
+end
+
+ActiveSupport.on_load(:active_record) do
+  include WowAuthralia::Models::ThydneyTheProtector
+end
+
+module ActionDispatch::Routing
+  class Mapper
+    def when_authticanted(resource_class_name, &block)
+      constraint = lambda do |request|
+        request.session[resource_class_name.underscore].present?
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+
+    def when_unauthticanted(resource_class_name, &block)
+      constraint = lambda do |request|
+        request.session[resource_class_name.underscore].blank?
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authralia
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Gilang Mugni Respaty
@@ -9,14 +9,54 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2022-11-16 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chredis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: serpis_objek
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A authentication dedicated to Mike Tyson
 email: gilmoregarland@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/authenticate/base.rb
+- lib/authenticate/resource.rb
+- lib/authenticated_session/acceptence.rb
+- lib/authenticated_session/base.rb
+- lib/authenticated_session/creation.rb
+- lib/authenticated_session/rejection.rb
+- lib/authenticated_session/removal.rb
+- lib/authenticated_session/validation.rb
+- lib/authenticated_session/wipeout.rb
 - lib/authralia.rb
+- lib/controllers/helpers.rb
+- lib/models/thydney_the_protector.rb
+- lib/wow_authralia.rb
 homepage: https://rubygems.org/gems/hola
 licenses:
 - MIT