bsm-sso-client 0.1.0

data/lib/bsm-sso-client.rb

@@ -0,0 +1 @@
+require 'bsm/sso/client'

data/lib/bsm/sso/client.rb

@@ -0,0 +1,57 @@
+require 'rails'
+require 'active_support/core_ext/numeric/time'
+require 'active_support/dependencies'
+require 'active_resource'
+require 'action_controller'
+require 'rails_warden'
+
+module Bsm
+  module Sso
+    module Client
+      autoload :User, 'bsm/sso/client/user'
+      autoload :UserMethods, 'bsm/sso/client/user_methods'
+      autoload :UrlHelpers, 'bsm/sso/client/url_helpers'
+      autoload :FailureApp, 'bsm/sso/client/failure_app'
+
+      mattr_accessor :secret
+      @@secret = nil
+
+      mattr_accessor :expire_after
+      @@expire_after = 2.hours
+
+      mattr_writer :user_class
+      @@user_class = nil
+
+      class << self
+
+        delegate :site=, :site, :to => :"Bsm::Sso::Client::User"
+
+        def user_class
+          @@user_class || Bsm::Sso::Client::User
+        end
+
+        # Default message verifier
+        def verifier
+          raise "Please configure a secret! Example: Bsm::Sso::Client.secret = '...'" unless secret.present?
+          @verifier ||= ActiveSupport::MessageVerifier.new(secret)
+        end
+
+        # Configure the SSO. Example:
+        #
+        #   # config/initializers/sso.rb
+        #   Bsm::Sso::Client.configure do |c|
+        #     c.site = "https://sso.example.com"
+        #     c.secret = "m4GHRWxvXiL3ZSR8adShpqNWXmepkqeyUqRfpB8F"
+        #   end
+        def configure(&block)
+          tap(&block)
+        end
+
+      end
+    end
+  end
+end
+
+require 'bsm/sso/client/railtie'
+require 'bsm/sso/client/warden_ext'
+require 'bsm/sso/client/strategies'

data/lib/bsm/sso/client/failure_app.rb

@@ -0,0 +1,41 @@
+class Bsm::Sso::Client::FailureApp < ActionController::Metal
+  include ActionController::RackDelegation
+  include ActionController::Redirecting
+  include Bsm::Sso::Client::UrlHelpers
+
+  NAVIGATIONAL_FORMATS = [:html, :all, :js, nil].to_set.freeze
+  UnauthorizedAccess   = Class.new(ActionController::ActionControllerError)
+
+  def self.call(env)
+    action(:respond).call(env)
+  end
+
+  def self.default_url_options(*args)
+    ApplicationController.default_url_options(*args)
+  end
+
+  def respond
+    if NAVIGATIONAL_FORMATS.include?(request.format.try(:to_sym))
+      request.xhr? ? respond_with_js! : redirect!
+    else
+      stop!
+    end
+  end
+
+  def redirect!
+    redirect_to Bsm::Sso::Client.user_class.sign_in_url(:service => service_url(env["warden.options"][:attempted_path])), :status => 303
+  end
+
+  def respond_with_js!
+    self.status = :ok
+    self.content_type  = request.format.to_s
+    self.response_body = "alert('Your session has expired');"
+  end
+
+  # Throws UnauthorizedAccess (rescued as 403 Forbidden response)
+  def stop!(message = nil)
+    message ||= "You are not permitted to access the resource in #{request.path}"
+    raise UnauthorizedAccess, message
+  end
+
+end

data/lib/bsm/sso/client/railtie.rb

@@ -0,0 +1,31 @@
+require 'bsm/sso/client'
+require 'rails'
+
+class Bsm::Sso::Client::Railtie < ::Rails::Railtie
+
+  initializer "bsm-sso.insert_middleware" do |app|
+    Bsm::Sso::Client::Railtie.insert_middleware!(app)
+  end
+
+  config.after_initialize do
+    Bsm::Sso::Client::Railtie.handle_exceptions!
+  end
+
+  def self.insert_middleware!(app)
+    app.config.middleware.use RailsWarden::Manager do |manager|
+      manager.default_strategies :sso_ticket, :sso_http_auth
+      manager.failure_app = Bsm::Sso::Client::FailureApp
+    end
+  end
+
+  def self.handle_exceptions!
+    return unless defined?(::ActionDispatch::ShowExceptions)
+    ActionDispatch::ShowExceptions.rescue_responses.update("Bsm::Sso::Client::FailureApp::UnauthorizedAccess" => :forbidden)
+  end
+
+  def self.plugin!(app)
+    insert_middleware!(app)
+    handle_exceptions!
+  end
+
+end

data/lib/bsm/sso/client/strategies.rb

@@ -0,0 +1,6 @@
+module Bsm::Sso::Client::Strategies
+end
+
+require 'bsm/sso/client/strategies/base'
+require 'bsm/sso/client/strategies/ticket'
+require 'bsm/sso/client/strategies/http_auth'

data/lib/bsm/sso/client/strategies/base.rb

@@ -0,0 +1,7 @@
+class Bsm::Sso::Client::Strategies::Base < ::Warden::Strategies::Base
+
+  def user_class
+    Bsm::Sso::Client.user_class
+  end
+
+end

data/lib/bsm/sso/client/strategies/http_auth.rb

@@ -0,0 +1,23 @@
+class Bsm::Sso::Client::Strategies::HttpAuth < Bsm::Sso::Client::Strategies::Base
+
+  def store?
+    false
+  end
+
+  def valid?
+    token.present?
+  end
+
+  def authenticate!
+    u = user_class.authorize(token)
+    u.nil? ? fail!(:invalid) : success!(u)
+  end
+
+  def token
+    return nil unless request.authorization && request.authorization =~ /^Basic (.*)/m
+    @token ||= ActiveSupport::Base64.decode64($1).split(/:/, 2).first
+  end
+
+  Warden::Strategies.add :sso_http_auth, self
+
+end

data/lib/bsm/sso/client/strategies/ticket.rb

@@ -0,0 +1,14 @@
+class Bsm::Sso::Client::Strategies::Ticket < Bsm::Sso::Client::Strategies::Base
+  include Bsm::Sso::Client::UrlHelpers
+
+  def valid?
+    params[:ticket].present?
+  end
+
+  def authenticate!
+    u = user_class.consume(params[:ticket], service_url)
+    u.nil? ? fail!(:invalid) : success!(u)
+  end
+
+  Warden::Strategies.add :sso_ticket, self
+end

data/lib/bsm/sso/client/url_helpers.rb

@@ -0,0 +1,12 @@
+require 'active_support/core_ext/string/encoding'
+
+
+module Bsm::Sso::Client::UrlHelpers
+
+  def service_url(path = request.fullpath)
+    part = Regexp.escape params.slice(:ticket).to_query
+    request.base_url + path.sub(/#{part}\&?/, '').chomp("&").chomp("?")
+  end
+
+end
+

data/lib/bsm/sso/client/user.rb

@@ -0,0 +1,45 @@
+class Bsm::Sso::Client::User < ActiveResource::Base
+  self.format = :json
+
+  class << self
+
+    def headers
+      { 'AUTHORIZATION' => Bsm::Sso::Client.verifier.generate(30.seconds.from_now) }
+    end
+
+    def consume(ticket, service)
+      # TODO rename Sso endpoint to /validate
+      find :one, :from => '/validate', :params => { :ticket => ticket, :service => service }
+    rescue ActiveResource::ResourceInvalid
+      nil
+    end
+
+    def authorize(token)
+      find :one, :from => '/authorize', :params => { :auth_token => token }
+    rescue ActiveResource::ResourceInvalid
+      nil
+    end
+
+    def authenticate(credentials)
+      find :one, :from => "/authenticate", :params => credentials.slice(:email, :password)
+    rescue ActiveResource::ResourceInvalid
+      nil
+    end
+
+    def sign_in_url(params = {})
+      custom_absolute_method_root_url(:sign_in, params)
+    end
+
+    def sign_out_url(params = {})
+      custom_absolute_method_root_url(:sign_out, params)
+    end
+
+    private
+
+      def custom_absolute_method_root_url(method_name, params = {})
+        "#{site.to_s.chomp('/')}/#{method_name}#{query_string(params)}"
+      end
+
+  end
+end
+

data/lib/bsm/sso/client/user_methods.rb

@@ -0,0 +1,29 @@
+module Bsm::Sso::Client::UserMethods
+  extend ActiveSupport::Concern
+
+  included do
+    class << self
+      delegate :sign_in_url, :sign_out_url, :to => :"Bsm::Sso::Client::User"
+    end
+  end
+
+  module ClassMethods
+
+    def consume(*a)
+      result = Bsm::Sso::Client::User.consume(*a)
+      new(result.attributes) if result
+    end
+
+    def authenticate(*a)
+      result = Bsm::Sso::Client::User.authenticate(*a)
+      new(result.attributes) if result
+    end
+
+    def authorize(*a)
+      result = Bsm::Sso::Client::User.authorize(*a)
+      new(result.attributes) if result
+    end
+
+  end
+end
+

data/lib/bsm/sso/client/warden_ext.rb

@@ -0,0 +1,11 @@
+class Warden::SessionSerializer
+
+  def serialize(record)
+    record.id
+  end
+
+  def deserialize(id)
+    Bsm::Sso::Client.user_class.find(id)
+  end
+
+end

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: bsm-sso-client
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Dimitrij Denissenko
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-10-21 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activeresource
+  requirement: &25666220 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *25666220
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: &25665200 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *25665200
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: &25663920 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *25663920
+- !ruby/object:Gem::Dependency
+  name: rails_warden
+  requirement: &25662760 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *25662760
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &25648320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *25648320
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &25646620 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *25646620
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &25646200 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *25646200
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: &25645560 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *25645560
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: &25644920 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *25644920
+description: ''
+email: dimitrij@blacksquaremedia.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/bsm/sso/client.rb
+- lib/bsm/sso/client/strategies/ticket.rb
+- lib/bsm/sso/client/strategies/base.rb
+- lib/bsm/sso/client/strategies/http_auth.rb
+- lib/bsm/sso/client/failure_app.rb
+- lib/bsm/sso/client/railtie.rb
+- lib/bsm/sso/client/user_methods.rb
+- lib/bsm/sso/client/url_helpers.rb
+- lib/bsm/sso/client/user.rb
+- lib/bsm/sso/client/warden_ext.rb
+- lib/bsm/sso/client/strategies.rb
+- lib/bsm-sso-client.rb
+homepage: https://github.com/bsm/sso-client
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: BSM's internal SSO client
+test_files: []