balrog 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b518904751f63b68eab38cc945dfebe1cf013124be9b16abf684fbfe24450550
-  data.tar.gz: '0179daeb802833fdf7cb6771584f604fcba47bbdb4fe8177003ea70c1ec3aa4d'
+  metadata.gz: 232b0520af207a4da00798bba32874e5ef4ee33c55419793c7ec23e8312c5712
+  data.tar.gz: 4fc0f719261215f6b2c657f4d2a1964df096d92b67cf2b94f1585ec99a609b94
 SHA512:
-  metadata.gz: c85e1122e208eba94aa7dd98940b38a1274a5e048922d4f15b9cf7699daabb2f7d905efcdc1f5e711192270e554229a5c324cbfcf78e6decc6ab7c40b9588708
-  data.tar.gz: 5f0ad78e961fed3cc084af8f6a12c20fb8f5118967aa8de08491519fd33ca55fa481fa168b3df5a505279cbeed3de008e79c9a636ae7f0606f5e74ce048c2982
+  metadata.gz: 4521321149b2a0636694f064e43cb20e8416c8eb2f93fd90668195d82a68dfd17bca183618664049139428dec095e7a74f1754b0b66a650d71d3d78610a91806
+  data.tar.gz: 4d7fbda793ea374006246abae4c9f1aa62b9369972e33f94aa090a152c799a2800d0081b29ec65a1a8d9a1b2a351f11bfe7ce9a85a47ff0637b54b769a707e69

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# 1.1.0
+- added `Balrog::Middleware#session_expires_after`, which would force end users to login again after a certain period of time.
+- added `balrog:view` generator, enabling users to modify their Balrog gate view.
+
 # 1.0.0
 
 - added `Balrog::RoutesMiddleware` module, which can be used to protect mounted Rack applications.

data/Gemfile.lock

@@ -1,66 +1,79 @@
 PATH
   remote: .
   specs:
-    balrog (1.0.0)
+    balrog (1.1.0)
       bcrypt (~> 3.0)
       rails (>= 5)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.3)
-      actionpack (= 5.2.3)
+    actioncable (6.0.1)
+      actionpack (= 6.0.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+    actionmailbox (6.0.1)
+      actionpack (= 6.0.1)
+      activejob (= 6.0.1)
+      activerecord (= 6.0.1)
+      activestorage (= 6.0.1)
+      activesupport (= 6.0.1)
+      mail (>= 2.7.1)
+    actionmailer (6.0.1)
+      actionpack (= 6.0.1)
+      actionview (= 6.0.1)
+      activejob (= 6.0.1)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
+    actionpack (6.0.1)
+      actionview (= 6.0.1)
+      activesupport (= 6.0.1)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.1)
+      actionpack (= 6.0.1)
+      activerecord (= 6.0.1)
+      activestorage (= 6.0.1)
+      activesupport (= 6.0.1)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.1)
+      activesupport (= 6.0.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.1)
+      activesupport (= 6.0.1)
       globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
-      arel (>= 9.0)
-    activestorage (5.2.3)
-      actionpack (= 5.2.3)
-      activerecord (= 5.2.3)
+    activemodel (6.0.1)
+      activesupport (= 6.0.1)
+    activerecord (6.0.1)
+      activemodel (= 6.0.1)
+      activesupport (= 6.0.1)
+    activestorage (6.0.1)
+      actionpack (= 6.0.1)
+      activejob (= 6.0.1)
+      activerecord (= 6.0.1)
       marcel (~> 0.3.1)
-    activesupport (5.2.3)
+    activesupport (6.0.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    arel (9.0.0)
-    bcrypt (3.1.12)
+      zeitwerk (~> 2.2)
+    bcrypt (3.1.13)
     builder (3.2.3)
     concurrent-ruby (1.1.5)
-    crass (1.0.4)
+    crass (1.0.5)
     diff-lcs (1.3)
-    erubi (1.8.0)
+    erubi (1.9.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    i18n (1.6.0)
+    i18n (1.7.0)
       concurrent-ruby (~> 1.0)
-    loofah (2.2.3)
+    loofah (2.3.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -69,54 +82,56 @@ GEM
       mimemagic (~> 0.3.2)
     method_source (0.9.2)
     mimemagic (0.3.3)
-    mini_mime (1.0.1)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    nio4r (2.3.1)
-    nokogiri (1.10.3)
+    minitest (5.13.0)
+    nio4r (2.5.2)
+    nokogiri (1.10.5)
       mini_portile2 (~> 2.4.0)
     rack (2.0.7)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.3)
-      actioncable (= 5.2.3)
-      actionmailer (= 5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
-      activemodel (= 5.2.3)
-      activerecord (= 5.2.3)
-      activestorage (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails (6.0.1)
+      actioncable (= 6.0.1)
+      actionmailbox (= 6.0.1)
+      actionmailer (= 6.0.1)
+      actionpack (= 6.0.1)
+      actiontext (= 6.0.1)
+      actionview (= 6.0.1)
+      activejob (= 6.0.1)
+      activemodel (= 6.0.1)
+      activerecord (= 6.0.1)
+      activestorage (= 6.0.1)
+      activesupport (= 6.0.1)
       bundler (>= 1.3.0)
-      railties (= 5.2.3)
+      railties (= 6.0.1)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.0.1)
+      actionpack (= 6.0.1)
+      activesupport (= 6.0.1)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      thor (>= 0.20.3, < 2.0)
     rake (10.5.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.3)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    sprockets (3.7.2)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.0)
+    sprockets (4.0.0)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
@@ -127,9 +142,10 @@ GEM
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    websocket-driver (0.7.0)
+    websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
+    zeitwerk (2.2.1)
 
 PLATFORMS
   ruby

data/README.md

@@ -30,8 +30,8 @@ Run the installer to generate an initializer:
 
 ```shell
 $ bundle exec rails generate balrog:install
-Enter New Password:
-Confirm New Password:
+Enter New Password: 
+Confirm New Password: 
       create  config/initializers/balrog.rb
 $
 ```
@@ -107,6 +107,43 @@ Other usage examples:
 <%= balrog_logout_button class: 'fancy-button--with-default-text' %>
 ```
 
+## Changing session expiry length
+
+`set_session_expiry` requires the user to login again after a period of time.
+To customise this value, open `config/initializers/balrog.rb` after running `balrog:install`
+and change the argument being passed to `set_session_expiry`.
+
+The argument passed to `set_session_expiry` can be any of the
+[Rails time extensions](https://api.rubyonrails.org/classes/Numeric.html).
+
+If you don't want sessions to expire, remove `set_session_expiry`
+from the initializer completely.
+
+```ruby
+Rails.application.config.middleware.use Balrog::Middleware do
+  password_hash '$2a$12$BLz7XCFdG9YfwL64KlTgY.T3FY55aQk8SZEzHfpHfw15F2uN1kuSi'
+  set_session_expiry 30.minutes
+end
+```
+## Configuring the Balrog gate view
+
+We built Balrog to have a default view and stylesheet so that you can drop 
+Balrog into your project and everything should “just work”.
+However, we don't want to be in your way if you needed to customise 
+your Balrog gate view.
+
+If you want to customise the Balrog view, you can run the `balrog:view` 
+generator, which will copy the required view and layout to your application:
+
+```shell
+$ rails generate balrog:view
+```
+
+After running the generator, you can now add elements and classes to the 
+`views/balrog/gate.html.erb`, add styles to the 
+`assets/stylesheets/application.css` and import the application stylesheet in 
+`app/views/layouts/balrog.html.erb`. For an example, see the 
+[dummy-rails-app](https://github.com/pixielabs/balrog/tree/master/spec/dummy-rails-app) in the spec folder.
 
 ## Contributing
 
@@ -137,5 +174,3 @@ Before contributing, please read the [code of conduct](CODE_OF_CONDUCT.md).
 
  * Restricting access via `routes.rb`
  * Test coverage
- * Check it's OK with Ruby on Rails 6
- * Expire sessions

data/app/views/balrog/gate.html.erb

@@ -1,26 +1,6 @@
-<!doctype html>
-<html lang=en>
-<head>
-  <meta charset=utf-8>
-  <title>Login</title>
-  <%= stylesheet_link_tag "balrog/gate" %>
-</head>
-
-<body>
-
-  <section>
-    <form action='/balrog/signin' method='POST'>
-      <input autofocus type='password' name='password' placeholder='Password'>
-      <button type='submit'>Login</button>
-    </form>
-  </section>
-
-  <footer>
-    <a href="https://github.com/pixielabs/balrog" target="_blank">
-      <%= image_tag "balrog/logo.png", class: 'logo' %>
-    </a>
-  </footer>
-
-</body>
-
-</html>
+<section>
+  <form action='/balrog/signin' method='POST'>
+    <input autofocus type='password' name='password' placeholder='Password'>
+    <button type='submit'>Login</button>
+  </form>
+</section>

data/app/views/layouts/balrog.html.erb

@@ -0,0 +1,21 @@
+<!doctype html>
+<html lang=en>
+<head>
+  <meta charset=utf-8>
+  <title>Login</title>
+  <%= stylesheet_link_tag "balrog/gate" %>
+</head>
+
+<body>
+
+  <%= yield %>
+
+  <footer>
+    <a href="https://github.com/pixielabs/balrog" target="_blank">
+      <%= image_tag "balrog/logo.png", class: 'logo' %>
+    </a>
+  </footer>
+
+</body>
+
+</html>

data/lib/balrog/generators.rb

@@ -1,6 +1,6 @@
 # This Railtie makes the Balrog Generators available from the command line.
 class Balrog::Generators < Rails::Railtie
   generators do
-    require File.join(File.dirname(__FILE__), 'generators', 'install_generator')
+    Dir[File.join(__dir__, 'generators', '*.rb')].each { |file| require file }
   end
 end

data/lib/balrog/generators/install_generator.rb

@@ -8,6 +8,7 @@ class Balrog::InstallGenerator < Rails::Generators::Base
     contents = <<~EOF
       Rails.application.config.middleware.use Balrog::Middleware do
         password_hash '#{password_hash}'
+        set_session_expiry 30.minutes
       end
     EOF
     create_file "config/initializers/balrog.rb", contents

data/lib/balrog/generators/view_generator.rb

@@ -0,0 +1,25 @@
+class Balrog::ViewGenerator < Rails::Generators::Base
+
+  desc "Copies the Balrog gate view and layout into your application, where you can edit and style them."
+  def copy_gate_view
+    gate_view = File.open(
+      File.join(__dir__, '../../../', 'app/views/balrog/gate.html.erb'),
+      'r')
+
+    content = gate_view.read
+    gate_view.close
+
+    create_file "app/views/balrog/gate.html.erb", content
+  end
+
+  def copy_layout
+    gate_view = File.open(
+      File.join(__dir__, '../../../', 'app/views/layouts/balrog.html.erb'),
+      'r')
+
+    content = gate_view.read
+    gate_view.close
+
+    create_file "app/views/layouts/balrog.html.erb", content
+  end
+end

data/lib/balrog/guard.rb

@@ -0,0 +1,24 @@
+# Contains authentication logic to check the user has been authenticated,
+# and that the session hasn't expired.
+module Balrog::Guard
+  def authenticated?(balrog_session)
+    @balrog_session = balrog_session
+    previously_authenticated? && still_valid?
+  end
+
+  private
+
+  # A method to check that the user has been authenticated before.
+  def previously_authenticated?
+    return false unless @balrog_session
+    @balrog_session['value'] == 'authenticated'
+  end
+
+  # A method to check that the authentication has not expired.
+  def still_valid?
+    # If the user did not set configured the Balrog session 
+    # to expire, the cookie is valid.
+    return true unless @balrog_session['expiry_date']
+    DateTime.current < @balrog_session['expiry_date']
+  end
+end

data/lib/balrog/helpers.rb

@@ -1,8 +1,12 @@
+require_relative 'guard'
+
 # Helpers methods are made available in all controllers by the code in engine.rb.
 module Balrog::Helpers
+  include Balrog::Guard
+
   def authenticate_with_balrog!
-    unless session[:balrog] == 'authenticated'
-      render 'balrog/gate', layout: nil
+    unless authenticated?(session[:balrog])
+      render 'balrog/gate', layout: 'balrog'
     end
   end
 end

data/lib/balrog/middleware.rb

@@ -34,6 +34,10 @@ class Balrog::Middleware
     @password_hash = BCrypt::Password.new(input)
   end
 
+  def set_session_expiry(time_period)
+    @session_length = time_period
+  end
+
   def handle_login(env)
     if env['rack.request.form_hash']
       submitted_password = env['rack.request.form_hash']['password']
@@ -56,7 +60,9 @@ class Balrog::Middleware
     end
 
     if @password_hash == submitted_password
-      env['rack.session'][:balrog] = 'authenticated'
+      session_data = { value: 'authenticated' }
+      add_expiry_date!(session_data)
+      env['rack.session'][:balrog] = session_data
     end
 
     referer = env["HTTP_REFERER"] || '/'
@@ -69,5 +75,12 @@ class Balrog::Middleware
     [302, {"Location" => '/'}, [""]]
   end
 
+  # If the user configured the Balrog session to expire, add the 
+  # expiry_date to the Balrog session.
+  def add_expiry_date!(session_data)
+    if @session_length
+      session_data[:expiry_date] = DateTime.current + @session_length
+    end
+  end
 end
 

data/lib/balrog/routes_middleware.rb

@@ -1,3 +1,5 @@
+require_relative 'guard'
+
 # Public: Balrog routes middleware that redirects the user to a security
 # gate unless the session includes { 'balrog' => 'authenticated' }.
 # 
@@ -11,17 +13,18 @@
 # mount Sidekiq::Web => '/sidekiq'
 
 class Balrog::RoutesMiddleware
+  include Balrog::Guard
+
   def initialize(app)
     @app = app
   end
 
   def call(env)
-    unless env['rack.session']['balrog'] == 'authenticated'
-      html = ApplicationController.renderer.render 'balrog/gate', layout: nil
+    unless authenticated?(env['rack.session']['balrog'])
+      html = ApplicationController.renderer.render 'balrog/gate', layout: 'balrog'
       return [200, {"Content-Type" => "text/html"}, [html]]  
     end
     @app.call(env)
-  end 
-
+  end
 end
 

data/lib/balrog/version.rb

@@ -1,3 +1,3 @@
 module Balrog
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: balrog
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Pixie Labs
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-05-14 00:00:00.000000000 Z
+date: 2019-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -102,6 +102,7 @@ files:
 - app/assets/images/balrog/logo.png
 - app/assets/stylesheets/balrog/gate.css
 - app/views/balrog/gate.html.erb
+- app/views/layouts/balrog.html.erb
 - balrog.gemspec
 - bin/console
 - bin/setup
@@ -109,6 +110,8 @@ files:
 - lib/balrog/engine.rb
 - lib/balrog/generators.rb
 - lib/balrog/generators/install_generator.rb
+- lib/balrog/generators/view_generator.rb
+- lib/balrog/guard.rb
 - lib/balrog/helpers.rb
 - lib/balrog/middleware.rb
 - lib/balrog/password_hasher.rb