better_record 0.19.2 → 0.19.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/better_record.rb +10 -0
- data/lib/better_record/jwt.rb +50 -10
- data/lib/better_record/version.rb +1 -1
- data/lib/generators/better_record/setup/templates/initializer.rb +34 -19
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0633a14373cccb30674e55d090a3f7530c6be80f23e4884e38ac2a09f94d6d49
|
|
4
|
+
data.tar.gz: f11953ac897dfc56cdb3d2f95b094a5f61ef17c724d86df12c0446f75b625894
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81c92498fc3982a43e54ac93d0723c3ca05d3069c4c9525831b99fd6b10ddf75c7c97c13d2787e0491103c030c4394ad3fe8765190275131cd5dab0a2586720d
|
|
7
|
+
data.tar.gz: a4ddec5b642bf43dd6d1ce26ad4e2ef7433a58ccb729de2836e92e26b309a1c786329129ff7fa99824f2599ffdc4f602f3af388ccd63df8415580f2046c46c96
|
data/lib/better_record.rb
CHANGED
|
@@ -29,6 +29,11 @@ module BetterRecord
|
|
|
29
29
|
:certificate_session_user_method,
|
|
30
30
|
:certificate_header,
|
|
31
31
|
:certificate_is_hashed,
|
|
32
|
+
:certificate_cleaning_method,
|
|
33
|
+
:certificate_cleaning_send_as_arg,
|
|
34
|
+
:token_encryption_method,
|
|
35
|
+
:token_decryption_method,
|
|
36
|
+
:token_send_as_arg,
|
|
32
37
|
].freeze
|
|
33
38
|
|
|
34
39
|
class << self
|
|
@@ -72,6 +77,11 @@ module BetterRecord
|
|
|
72
77
|
self.certificate_session_user_method = (ENV.fetch('BR_CERTIFICATE_SESSION_USER_METHOD') { :user }).to_sym
|
|
73
78
|
self.certificate_header = (ENV.fetch('BR_CERTIFICATE_HEADER') { :HTTP_X_SSL_CERT }).to_sym
|
|
74
79
|
self.certificate_is_hashed = Boolean.strict_parse(ENV.fetch('BR_CERTIFICATE_IS_HASHED') { false })
|
|
80
|
+
self.certificate_cleaning_method = (ENV.fetch('BR_CERTIFICATE_CLEANING_METHOD') { :clean_certificate }).to_sym
|
|
81
|
+
self.certificate_cleaning_send_as_arg = Boolean.strict_parse(ENV.fetch('BR_CERTIFICATE_CLEANING_AS_ARG') { false })
|
|
82
|
+
self.token_decryption_method = (ENV.fetch('BR_TOKEN_DECRYPTION_METHOD') { :to_s }).to_sym
|
|
83
|
+
self.token_encryption_method = (ENV.fetch('BR_TOKEN_ENCRYPTION_METHOD') { :to_s }).to_sym
|
|
84
|
+
self.token_send_as_arg = Boolean.strict_parse(ENV.fetch('BR_TOKEN_AS_ARG') { false })
|
|
75
85
|
end
|
|
76
86
|
|
|
77
87
|
Dir.glob("#{File.expand_path(__dir__)}/better_record/*.rb").each do |d|
|
data/lib/better_record/jwt.rb
CHANGED
|
@@ -101,7 +101,8 @@ module BetterRecord
|
|
|
101
101
|
data = nil
|
|
102
102
|
data = session_data ? session_data.call(user) : {
|
|
103
103
|
user_id: user.__send__(session_column),
|
|
104
|
-
created_at: Time.now.to_i
|
|
104
|
+
created_at: Time.now.to_i,
|
|
105
|
+
device_id: requesting_device_id
|
|
105
106
|
}
|
|
106
107
|
BetterRecord::JWT.encode(data.merge(additional_headers.except(*data.keys)))
|
|
107
108
|
end
|
|
@@ -111,9 +112,9 @@ module BetterRecord
|
|
|
111
112
|
user = u_class.where.not(certificate_session_column => nil)
|
|
112
113
|
|
|
113
114
|
if certificate_is_hashed
|
|
114
|
-
user = user.find_by("#{certificate_session_column} = crypt(?, #{certificate_session_column})", cert
|
|
115
|
+
user = user.find_by("#{certificate_session_column} = crypt(?, #{certificate_session_column})", br_get_clean_cert(cert))
|
|
115
116
|
else
|
|
116
|
-
user = user.find_by(certificate_session_column => cert
|
|
117
|
+
user = user.find_by(certificate_session_column => br_get_clean_cert(cert))
|
|
117
118
|
end
|
|
118
119
|
|
|
119
120
|
if user
|
|
@@ -127,6 +128,16 @@ module BetterRecord
|
|
|
127
128
|
end
|
|
128
129
|
end
|
|
129
130
|
|
|
131
|
+
def br_get_clean_cert(certificate)
|
|
132
|
+
certificate_cleaning_send_as_arg ?
|
|
133
|
+
self.__send__(certificate_cleaning_method, certificate) :
|
|
134
|
+
certificate.
|
|
135
|
+
__send__(
|
|
136
|
+
certificate_cleaning_method,
|
|
137
|
+
*(certificate_cleaning_method_args)
|
|
138
|
+
)
|
|
139
|
+
end
|
|
140
|
+
|
|
130
141
|
def current_user
|
|
131
142
|
BetterRecord::Current.user || check_user
|
|
132
143
|
end
|
|
@@ -135,19 +146,35 @@ module BetterRecord
|
|
|
135
146
|
logged_in? ? JWT.decode(current_token).deep_symbolize_keys : {}
|
|
136
147
|
end
|
|
137
148
|
|
|
149
|
+
def has_correct_origin?
|
|
150
|
+
true
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
def requesting_device_id
|
|
154
|
+
session[:requesting_device_id] ||= SecureRandom.uuid
|
|
155
|
+
end
|
|
156
|
+
|
|
138
157
|
def logged_in?
|
|
139
|
-
current_token.present? ||
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
158
|
+
current_token.present? || certificate_session_exists?
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
def certificate_string
|
|
162
|
+
@certificate_string ||= certificate_header &&
|
|
163
|
+
header_hash[certificate_header].presence
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
def certificate_session_exists?
|
|
167
|
+
!!(
|
|
168
|
+
certificate_string &&
|
|
169
|
+
has_correct_origin? &&
|
|
170
|
+
create_session_from_certificate(certificate_string)
|
|
144
171
|
)
|
|
145
172
|
end
|
|
146
173
|
|
|
147
174
|
def current_token
|
|
148
175
|
if use_bearer_token
|
|
149
176
|
@current_token ||= authenticate_with_http_token do |token, **options|
|
|
150
|
-
token
|
|
177
|
+
decrypt_token(token, options)
|
|
151
178
|
end
|
|
152
179
|
else
|
|
153
180
|
@current_token ||= session[:current_user]
|
|
@@ -173,9 +200,22 @@ module BetterRecord
|
|
|
173
200
|
end
|
|
174
201
|
|
|
175
202
|
def set_auth_header
|
|
176
|
-
response.set_header("AUTH_TOKEN", current_token
|
|
203
|
+
response.set_header("AUTH_TOKEN", encrypt_token) if current_token.present?
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
def decrypt_token(t, **options)
|
|
207
|
+
token_send_as_arg ?
|
|
208
|
+
__send__(token_decryption_method, t, options) :
|
|
209
|
+
t.__send__(token_decryption_method)
|
|
177
210
|
end
|
|
178
211
|
|
|
212
|
+
def encrypt_token
|
|
213
|
+
token_send_as_arg ?
|
|
214
|
+
__send__(token_encryption_method, current_token) :
|
|
215
|
+
current_token.__send__(token_encryption_method)
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
|
|
179
219
|
def set_user(user)
|
|
180
220
|
BetterRecord::Current.set(user, get_ip_address)
|
|
181
221
|
end
|
|
@@ -1,25 +1,30 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module BetterRecord
|
|
4
|
-
|
|
5
|
-
#
|
|
6
|
-
#
|
|
7
|
-
#
|
|
8
|
-
#
|
|
9
|
-
#
|
|
10
|
-
#
|
|
11
|
-
#
|
|
12
|
-
#
|
|
13
|
-
#
|
|
14
|
-
#
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
21
|
-
#
|
|
22
|
-
|
|
4
|
+
##############################################################################
|
|
5
|
+
# THE FOLLOWING SETTINGS CAN ALSO BE SET THROUGH ENVIRONMENT VARIABLES #
|
|
6
|
+
# #
|
|
7
|
+
# strict_booleans: BR_STRICT_BOOLEANS #
|
|
8
|
+
# default_polymorphic_method: BR_DEFAULT_POLYMORPHIC_METHOD #
|
|
9
|
+
# db_audit_schema: BR_DB_AUDIT_SCHEMA #
|
|
10
|
+
# has_auditing_relation_by_default: BR_ADD_HAS_MANY #
|
|
11
|
+
# audit_relation_name: BR_AUDIT_RELATION_NAME #
|
|
12
|
+
# layout_template: BR_LAYOUT_TEMPLATE #
|
|
13
|
+
# app_domain_name: APP_DOMAIN_NAME #
|
|
14
|
+
# after_login_path: BR_AFTER_LOGIN_PATH #
|
|
15
|
+
# use_bearer_token: BR_USE_BEARER_TOKEN #
|
|
16
|
+
# session_column: BR_SESSION_COLUMN #
|
|
17
|
+
# session_authenticate_method: BR_SESSION_AUTHENTICATE_METHOD #
|
|
18
|
+
# certificate_session_column: BR_CERTIFICATE_SESSION_COLUMN #
|
|
19
|
+
# certificate_session_user_method: BR_CERTIFICATE_SESSION_USER_METHOD #
|
|
20
|
+
# certificate_header: BR_CERTIFICATE_HEADER #
|
|
21
|
+
# certificate_is_hashed: BR_CERTIFICATE_IS_HASHED #
|
|
22
|
+
# certificate_cleaning_method: BR_CERTIFICATE_CLEANING_METHOD #
|
|
23
|
+
# certificate_cleaning_send_as_arg: BR_CERTIFICATE_CLEANING_AS_ARG #
|
|
24
|
+
# token_send_as_arg: BR_TOKEN_AS_ARG #
|
|
25
|
+
# token_encryption_method: BR_TOKEN_ENCRYPTION_METHOD #
|
|
26
|
+
# token_decryption_method: BR_TOKEN_DECRYPTION_METHOD #
|
|
27
|
+
##############################################################################
|
|
23
28
|
|
|
24
29
|
# uncomment the following line to disable three-state booleans in models
|
|
25
30
|
|
|
@@ -93,6 +98,16 @@ module BetterRecord
|
|
|
93
98
|
# self.certificate_header = :HTTP_X_CERTIFICATE
|
|
94
99
|
|
|
95
100
|
# self.certificate_is_hashed = true
|
|
101
|
+
|
|
102
|
+
# self.certificate_cleaning_method = :to_s
|
|
103
|
+
|
|
104
|
+
# self.certificate_cleaning_send_as_arg = []
|
|
105
|
+
|
|
106
|
+
# self.token_send_as_arg = false
|
|
107
|
+
|
|
108
|
+
# self.token_encryption_method = :to_s
|
|
109
|
+
|
|
110
|
+
# self.token_decryption_method = :to_s
|
|
96
111
|
# end
|
|
97
112
|
|
|
98
113
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: better_record
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.19.
|
|
4
|
+
version: 0.19.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sampson Crowley
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-03-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|