better_record 0.19.2 → 0.19.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/better_record.rb +10 -0
- data/lib/better_record/jwt.rb +50 -10
- data/lib/better_record/version.rb +1 -1
- data/lib/generators/better_record/setup/templates/initializer.rb +34 -19
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0633a14373cccb30674e55d090a3f7530c6be80f23e4884e38ac2a09f94d6d49
|
|
4
|
+
data.tar.gz: f11953ac897dfc56cdb3d2f95b094a5f61ef17c724d86df12c0446f75b625894
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81c92498fc3982a43e54ac93d0723c3ca05d3069c4c9525831b99fd6b10ddf75c7c97c13d2787e0491103c030c4394ad3fe8765190275131cd5dab0a2586720d
|
|
7
|
+
data.tar.gz: a4ddec5b642bf43dd6d1ce26ad4e2ef7433a58ccb729de2836e92e26b309a1c786329129ff7fa99824f2599ffdc4f602f3af388ccd63df8415580f2046c46c96
|
data/lib/better_record.rb
CHANGED
|
@@ -29,6 +29,11 @@ module BetterRecord
|
|
|
29
29
|
:certificate_session_user_method,
|
|
30
30
|
:certificate_header,
|
|
31
31
|
:certificate_is_hashed,
|
|
32
|
+
:certificate_cleaning_method,
|
|
33
|
+
:certificate_cleaning_send_as_arg,
|
|
34
|
+
:token_encryption_method,
|
|
35
|
+
:token_decryption_method,
|
|
36
|
+
:token_send_as_arg,
|
|
32
37
|
].freeze
|
|
33
38
|
|
|
34
39
|
class << self
|
|
@@ -72,6 +77,11 @@ module BetterRecord
|
|
|
72
77
|
self.certificate_session_user_method = (ENV.fetch('BR_CERTIFICATE_SESSION_USER_METHOD') { :user }).to_sym
|
|
73
78
|
self.certificate_header = (ENV.fetch('BR_CERTIFICATE_HEADER') { :HTTP_X_SSL_CERT }).to_sym
|
|
74
79
|
self.certificate_is_hashed = Boolean.strict_parse(ENV.fetch('BR_CERTIFICATE_IS_HASHED') { false })
|
|
80
|
+
self.certificate_cleaning_method = (ENV.fetch('BR_CERTIFICATE_CLEANING_METHOD') { :clean_certificate }).to_sym
|
|
81
|
+
self.certificate_cleaning_send_as_arg = Boolean.strict_parse(ENV.fetch('BR_CERTIFICATE_CLEANING_AS_ARG') { false })
|
|
82
|
+
self.token_decryption_method = (ENV.fetch('BR_TOKEN_DECRYPTION_METHOD') { :to_s }).to_sym
|
|
83
|
+
self.token_encryption_method = (ENV.fetch('BR_TOKEN_ENCRYPTION_METHOD') { :to_s }).to_sym
|
|
84
|
+
self.token_send_as_arg = Boolean.strict_parse(ENV.fetch('BR_TOKEN_AS_ARG') { false })
|
|
75
85
|
end
|
|
76
86
|
|
|
77
87
|
Dir.glob("#{File.expand_path(__dir__)}/better_record/*.rb").each do |d|
|
data/lib/better_record/jwt.rb
CHANGED
|
@@ -101,7 +101,8 @@ module BetterRecord
|
|
|
101
101
|
data = nil
|
|
102
102
|
data = session_data ? session_data.call(user) : {
|
|
103
103
|
user_id: user.__send__(session_column),
|
|
104
|
-
created_at: Time.now.to_i
|
|
104
|
+
created_at: Time.now.to_i,
|
|
105
|
+
device_id: requesting_device_id
|
|
105
106
|
}
|
|
106
107
|
BetterRecord::JWT.encode(data.merge(additional_headers.except(*data.keys)))
|
|
107
108
|
end
|
|
@@ -111,9 +112,9 @@ module BetterRecord
|
|
|
111
112
|
user = u_class.where.not(certificate_session_column => nil)
|
|
112
113
|
|
|
113
114
|
if certificate_is_hashed
|
|
114
|
-
user = user.find_by("#{certificate_session_column} = crypt(?, #{certificate_session_column})", cert
|
|
115
|
+
user = user.find_by("#{certificate_session_column} = crypt(?, #{certificate_session_column})", br_get_clean_cert(cert))
|
|
115
116
|
else
|
|
116
|
-
user = user.find_by(certificate_session_column => cert
|
|
117
|
+
user = user.find_by(certificate_session_column => br_get_clean_cert(cert))
|
|
117
118
|
end
|
|
118
119
|
|
|
119
120
|
if user
|
|
@@ -127,6 +128,16 @@ module BetterRecord
|
|
|
127
128
|
end
|
|
128
129
|
end
|
|
129
130
|
|
|
131
|
+
def br_get_clean_cert(certificate)
|
|
132
|
+
certificate_cleaning_send_as_arg ?
|
|
133
|
+
self.__send__(certificate_cleaning_method, certificate) :
|
|
134
|
+
certificate.
|
|
135
|
+
__send__(
|
|
136
|
+
certificate_cleaning_method,
|
|
137
|
+
*(certificate_cleaning_method_args)
|
|
138
|
+
)
|
|
139
|
+
end
|
|
140
|
+
|
|
130
141
|
def current_user
|
|
131
142
|
BetterRecord::Current.user || check_user
|
|
132
143
|
end
|
|
@@ -135,19 +146,35 @@ module BetterRecord
|
|
|
135
146
|
logged_in? ? JWT.decode(current_token).deep_symbolize_keys : {}
|
|
136
147
|
end
|
|
137
148
|
|
|
149
|
+
def has_correct_origin?
|
|
150
|
+
true
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
def requesting_device_id
|
|
154
|
+
session[:requesting_device_id] ||= SecureRandom.uuid
|
|
155
|
+
end
|
|
156
|
+
|
|
138
157
|
def logged_in?
|
|
139
|
-
current_token.present? ||
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
158
|
+
current_token.present? || certificate_session_exists?
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
def certificate_string
|
|
162
|
+
@certificate_string ||= certificate_header &&
|
|
163
|
+
header_hash[certificate_header].presence
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
def certificate_session_exists?
|
|
167
|
+
!!(
|
|
168
|
+
certificate_string &&
|
|
169
|
+
has_correct_origin? &&
|
|
170
|
+
create_session_from_certificate(certificate_string)
|
|
144
171
|
)
|
|
145
172
|
end
|
|
146
173
|
|
|
147
174
|
def current_token
|
|
148
175
|
if use_bearer_token
|
|
149
176
|
@current_token ||= authenticate_with_http_token do |token, **options|
|
|
150
|
-
token
|
|
177
|
+
decrypt_token(token, options)
|
|
151
178
|
end
|
|
152
179
|
else
|
|
153
180
|
@current_token ||= session[:current_user]
|
|
@@ -173,9 +200,22 @@ module BetterRecord
|
|
|
173
200
|
end
|
|
174
201
|
|
|
175
202
|
def set_auth_header
|
|
176
|
-
response.set_header("AUTH_TOKEN", current_token
|
|
203
|
+
response.set_header("AUTH_TOKEN", encrypt_token) if current_token.present?
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
def decrypt_token(t, **options)
|
|
207
|
+
token_send_as_arg ?
|
|
208
|
+
__send__(token_decryption_method, t, options) :
|
|
209
|
+
t.__send__(token_decryption_method)
|
|
177
210
|
end
|
|
178
211
|
|
|
212
|
+
def encrypt_token
|
|
213
|
+
token_send_as_arg ?
|
|
214
|
+
__send__(token_encryption_method, current_token) :
|
|
215
|
+
current_token.__send__(token_encryption_method)
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
|
|
179
219
|
def set_user(user)
|
|
180
220
|
BetterRecord::Current.set(user, get_ip_address)
|
|
181
221
|
end
|
|
@@ -1,25 +1,30 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module BetterRecord
|
|
4
|
-
|
|
5
|
-
#
|
|
6
|
-
#
|
|
7
|
-
#
|
|
8
|
-
#
|
|
9
|
-
#
|
|
10
|
-
#
|
|
11
|
-
#
|
|
12
|
-
#
|
|
13
|
-
#
|
|
14
|
-
#
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
21
|
-
#
|
|
22
|
-
|
|
4
|
+
##############################################################################
|
|
5
|
+
# THE FOLLOWING SETTINGS CAN ALSO BE SET THROUGH ENVIRONMENT VARIABLES #
|
|
6
|
+
# #
|
|
7
|
+
# strict_booleans: BR_STRICT_BOOLEANS #
|
|
8
|
+
# default_polymorphic_method: BR_DEFAULT_POLYMORPHIC_METHOD #
|
|
9
|
+
# db_audit_schema: BR_DB_AUDIT_SCHEMA #
|
|
10
|
+
# has_auditing_relation_by_default: BR_ADD_HAS_MANY #
|
|
11
|
+
# audit_relation_name: BR_AUDIT_RELATION_NAME #
|
|
12
|
+
# layout_template: BR_LAYOUT_TEMPLATE #
|
|
13
|
+
# app_domain_name: APP_DOMAIN_NAME #
|
|
14
|
+
# after_login_path: BR_AFTER_LOGIN_PATH #
|
|
15
|
+
# use_bearer_token: BR_USE_BEARER_TOKEN #
|
|
16
|
+
# session_column: BR_SESSION_COLUMN #
|
|
17
|
+
# session_authenticate_method: BR_SESSION_AUTHENTICATE_METHOD #
|
|
18
|
+
# certificate_session_column: BR_CERTIFICATE_SESSION_COLUMN #
|
|
19
|
+
# certificate_session_user_method: BR_CERTIFICATE_SESSION_USER_METHOD #
|
|
20
|
+
# certificate_header: BR_CERTIFICATE_HEADER #
|
|
21
|
+
# certificate_is_hashed: BR_CERTIFICATE_IS_HASHED #
|
|
22
|
+
# certificate_cleaning_method: BR_CERTIFICATE_CLEANING_METHOD #
|
|
23
|
+
# certificate_cleaning_send_as_arg: BR_CERTIFICATE_CLEANING_AS_ARG #
|
|
24
|
+
# token_send_as_arg: BR_TOKEN_AS_ARG #
|
|
25
|
+
# token_encryption_method: BR_TOKEN_ENCRYPTION_METHOD #
|
|
26
|
+
# token_decryption_method: BR_TOKEN_DECRYPTION_METHOD #
|
|
27
|
+
##############################################################################
|
|
23
28
|
|
|
24
29
|
# uncomment the following line to disable three-state booleans in models
|
|
25
30
|
|
|
@@ -93,6 +98,16 @@ module BetterRecord
|
|
|
93
98
|
# self.certificate_header = :HTTP_X_CERTIFICATE
|
|
94
99
|
|
|
95
100
|
# self.certificate_is_hashed = true
|
|
101
|
+
|
|
102
|
+
# self.certificate_cleaning_method = :to_s
|
|
103
|
+
|
|
104
|
+
# self.certificate_cleaning_send_as_arg = []
|
|
105
|
+
|
|
106
|
+
# self.token_send_as_arg = false
|
|
107
|
+
|
|
108
|
+
# self.token_encryption_method = :to_s
|
|
109
|
+
|
|
110
|
+
# self.token_decryption_method = :to_s
|
|
96
111
|
# end
|
|
97
112
|
|
|
98
113
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: better_record
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.19.
|
|
4
|
+
version: 0.19.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sampson Crowley
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-03-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|