bsm-sso-client 0.12.0 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/bsm/sso/client.rb +5 -4
- data/lib/bsm/sso/client/ability.rb +8 -11
- data/lib/bsm/sso/client/abstract_resource.rb +23 -20
- data/lib/bsm/sso/client/authorized_controller.rb +29 -30
- data/lib/bsm/sso/client/cached.rb +1 -1
- data/lib/bsm/sso/client/cached/active_record.rb +1 -3
- data/lib/bsm/sso/client/failure_app.rb +3 -3
- data/lib/bsm/sso/client/railtie.rb +3 -7
- data/lib/bsm/sso/client/strategies/http_auth.rb +2 -2
- data/lib/bsm/sso/client/strategies/ticket.rb +0 -2
- data/lib/bsm/sso/client/test_helpers.rb +1 -3
- data/lib/bsm/sso/client/url_helpers.rb +2 -4
- data/lib/bsm/sso/client/user.rb +18 -18
- data/lib/bsm/sso/client/user_methods.rb +8 -11
- data/lib/bsm/sso/client/warden_ext.rb +2 -2
- metadata +42 -29
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c084ba477e33a910155a4a2c8a317d1288c51fe700e017f3776198a21c34529
|
|
4
|
+
data.tar.gz: 4d23e704261c51d62f1c07c61dd24b6b5a69714e63a82a3ef5fa8bd1e2aac342
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 335af965c679c91e99055c90ef27c37d3e8a347c4eb4a4f8f28558964a3c8a6bd8d5e39d428a81381199e92a2bcf229591101aed9d74b2f9bc5e09ebcbb27b23
|
|
7
|
+
data.tar.gz: 0a3da5caa3a7fdca38da422eae0c8164c29b174b7c087530e3367f26f0071b3774f07fa7fa76195757e09cd94fbf5877122783fc07866446faacf7b775d679c1
|
data/lib/bsm/sso/client.rb
CHANGED
|
@@ -42,14 +42,14 @@ module Bsm
|
|
|
42
42
|
@@navigational_formats = [:html, :all, :js, nil].to_set
|
|
43
43
|
|
|
44
44
|
mattr_reader :api_formats
|
|
45
|
-
@@api_formats = [
|
|
45
|
+
@@api_formats = %i[xml json].to_set
|
|
46
46
|
|
|
47
47
|
mattr_accessor :cache_store
|
|
48
|
-
@@cache_store = ActiveSupport::Cache::NullStore.new :
|
|
48
|
+
@@cache_store = ActiveSupport::Cache::NullStore.new namespace: "bsm:sso:client:#{Rails.env}"
|
|
49
49
|
|
|
50
50
|
class << self
|
|
51
51
|
|
|
52
|
-
delegate :site=, :site, :
|
|
52
|
+
delegate :site=, :site, to: :"Bsm::Sso::Client::AbstractResource"
|
|
53
53
|
|
|
54
54
|
def user_class
|
|
55
55
|
if @@user_class.respond_to?(:constantize)
|
|
@@ -62,6 +62,7 @@ module Bsm
|
|
|
62
62
|
# Default message verifier
|
|
63
63
|
def verifier
|
|
64
64
|
raise "Please configure a secret! Example: Bsm::Sso::Client.secret = '...'" unless secret.present?
|
|
65
|
+
|
|
65
66
|
@verifier ||= ActiveSupport::MessageVerifier.new(secret)
|
|
66
67
|
end
|
|
67
68
|
|
|
@@ -89,7 +90,7 @@ module Bsm
|
|
|
89
90
|
end
|
|
90
91
|
|
|
91
92
|
# Raises an UnauthorizedAccess exception
|
|
92
|
-
def forbidden!(request, message
|
|
93
|
+
def forbidden!(request, message=nil)
|
|
93
94
|
message ||= "You are not permitted to access the resource in #{request.path}"
|
|
94
95
|
raise UnauthorizedAccess, message
|
|
95
96
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
begin
|
|
2
2
|
require 'cancan/ability'
|
|
3
|
-
rescue LoadError
|
|
3
|
+
rescue LoadError
|
|
4
4
|
warn "\n [!] Please install `cancan` Gem to use the Ability module\n"
|
|
5
5
|
raise
|
|
6
6
|
end
|
|
@@ -13,16 +13,14 @@ module Bsm::Sso::Client::Ability
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
module ClassMethods
|
|
16
|
-
|
|
17
16
|
# @return [Hash] roles, scoped by user type
|
|
18
17
|
def roles
|
|
19
|
-
private_instance_methods(false).
|
|
18
|
+
private_instance_methods(false).each_with_object({}) do |name, result|
|
|
20
19
|
prefix, scope, name = name.to_s.split('__')
|
|
21
|
-
next result unless prefix ==
|
|
20
|
+
next result unless prefix == 'as' && scope && name
|
|
22
21
|
|
|
23
22
|
result[scope.to_sym] ||= []
|
|
24
23
|
result[scope.to_sym] << name
|
|
25
|
-
result
|
|
26
24
|
end
|
|
27
25
|
end
|
|
28
26
|
|
|
@@ -34,13 +32,13 @@ module Bsm::Sso::Client::Ability
|
|
|
34
32
|
|
|
35
33
|
define_method(method_name) do
|
|
36
34
|
return false if self.scope != scope || applied.include?(name.to_s)
|
|
35
|
+
|
|
37
36
|
applied.add(name.to_s)
|
|
38
37
|
instance_eval(&block)
|
|
39
38
|
true
|
|
40
39
|
end
|
|
41
40
|
private method_name
|
|
42
41
|
end
|
|
43
|
-
|
|
44
42
|
end
|
|
45
43
|
|
|
46
44
|
# @attr_reader [User] current user record
|
|
@@ -77,8 +75,7 @@ module Bsm::Sso::Client::Ability
|
|
|
77
75
|
|
|
78
76
|
private
|
|
79
77
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
end
|
|
78
|
+
def administrator?
|
|
79
|
+
(@user.respond_to?(:level?) && @user.level.to_i >= 90) || (@user.respond_to?(:admin?) && @user.admin?)
|
|
80
|
+
end
|
|
81
|
+
end
|
|
@@ -10,15 +10,17 @@ class Bsm::Sso::Client::AbstractResource < Hash
|
|
|
10
10
|
# @param [String] url
|
|
11
11
|
def site=(url)
|
|
12
12
|
@site = Excon.new url,
|
|
13
|
-
mock:
|
|
13
|
+
mock: defined?(WebMock),
|
|
14
14
|
idempotent: true,
|
|
15
|
-
expects:
|
|
16
|
-
headers:
|
|
15
|
+
expects: [200, 422],
|
|
16
|
+
headers: { 'Accept' => Mime[:json].to_s, 'Content-Type' => Mime[:json].to_s }
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
# @return [Excon::Connection] site connection
|
|
20
20
|
def site
|
|
21
|
-
@site ||
|
|
21
|
+
@site ||
|
|
22
|
+
(superclass.respond_to?(:site) && superclass.site) ||
|
|
23
|
+
raise("No site specified for #{name}. Please specify #{name}.site = 'http://your.sso.host'")
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
# @return [Hash] default headers
|
|
@@ -29,10 +31,10 @@ class Bsm::Sso::Client::AbstractResource < Hash
|
|
|
29
31
|
# @param [String] path
|
|
30
32
|
# @param [Hash] params, request params - see Excon::Connection#request
|
|
31
33
|
# @return [Bsm::Sso::Client::AbstractResource] fetches object from remote
|
|
32
|
-
def get(path, params
|
|
34
|
+
def get(path, params={})
|
|
33
35
|
params[:query] ||= params.delete(:params)
|
|
34
36
|
collection = params.delete(:collection)
|
|
35
|
-
params = params.merge(:
|
|
37
|
+
params = params.merge(path: path)
|
|
36
38
|
params[:headers] = (params[:headers] || {}).merge(headers)
|
|
37
39
|
|
|
38
40
|
response = site.get(params)
|
|
@@ -52,18 +54,18 @@ class Bsm::Sso::Client::AbstractResource < Hash
|
|
|
52
54
|
|
|
53
55
|
# Constuctor
|
|
54
56
|
# @param [Hash,NilClass] attributes the attributes to assign
|
|
55
|
-
def initialize(attributes
|
|
57
|
+
def initialize(attributes=nil)
|
|
56
58
|
super()
|
|
57
59
|
update(attributes.stringify_keys) if attributes.is_a?(Hash)
|
|
58
60
|
end
|
|
59
61
|
|
|
60
62
|
# @return [Integer] ID, the primary key
|
|
61
63
|
def id
|
|
62
|
-
self[
|
|
64
|
+
self['id']
|
|
63
65
|
end
|
|
64
66
|
|
|
65
67
|
# @return [Boolean] true, if method exists?
|
|
66
|
-
def
|
|
68
|
+
def respond_to_missing?(method, *)
|
|
67
69
|
super || key?(method.to_s.sub(/[=?]$/, ''))
|
|
68
70
|
end
|
|
69
71
|
|
|
@@ -74,17 +76,18 @@ class Bsm::Sso::Client::AbstractResource < Hash
|
|
|
74
76
|
|
|
75
77
|
protected
|
|
76
78
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
79
|
+
def method_missing(method, *arguments)
|
|
80
|
+
method = method.to_s.sub(/([=?])$/, '')
|
|
81
|
+
punctation = Regexp.last_match(1)
|
|
82
|
+
|
|
83
|
+
case punctation
|
|
84
|
+
when '='
|
|
85
|
+
store(method, arguments.first)
|
|
86
|
+
when '?'
|
|
87
|
+
self[method]
|
|
88
|
+
else
|
|
89
|
+
key?(method) ? fetch(method) : super
|
|
88
90
|
end
|
|
91
|
+
end
|
|
89
92
|
|
|
90
93
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
begin
|
|
2
2
|
require 'inherited_resources'
|
|
3
|
-
rescue LoadError
|
|
3
|
+
rescue LoadError
|
|
4
4
|
warn "\n [!] Please install `inherited_resources` Gem to use the AuthorizedController\n"
|
|
5
5
|
raise
|
|
6
6
|
end
|
|
@@ -14,32 +14,31 @@ module Bsm::Sso::Client::AuthorizedController
|
|
|
14
14
|
|
|
15
15
|
protected
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
end
|
|
17
|
+
# Override. Apply `accessible_by` scope if #scope_accessible? applies
|
|
18
|
+
def apply_scopes(*)
|
|
19
|
+
relation = super
|
|
20
|
+
relation = relation.accessible_by(current_ability) if scope_accessible?
|
|
21
|
+
relation
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Callback. Default authorization of inherited resources
|
|
25
|
+
def authorize_inherited_resource!
|
|
26
|
+
authorize! :show, parent if parent?
|
|
27
|
+
authorize! authorizable_action, authorize_resource? ? resource : resource_class
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# @return [Boolean] true if a single resource is to be authorized, false if the whole resource class
|
|
31
|
+
def authorize_resource?
|
|
32
|
+
!!(resources_configuration[:self][:singleton] || params[:id])
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# @return [Boolean] true if accessible_by scope should be applied
|
|
36
|
+
def scope_accessible?
|
|
37
|
+
!authorize_resource? && %w[new create].exclude?(action_name)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# @return [Symbol] resource permission name, defaults to the action name
|
|
41
|
+
def authorizable_action
|
|
42
|
+
action_name.to_sym
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -10,7 +10,6 @@ module Bsm::Sso::Client::Cached::ActiveRecord
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
module ClassMethods
|
|
13
|
-
|
|
14
13
|
# Retrieve cached
|
|
15
14
|
def sso_find(id)
|
|
16
15
|
where(id: id).first || super
|
|
@@ -26,13 +25,12 @@ module Bsm::Sso::Client::Cached::ActiveRecord
|
|
|
26
25
|
end
|
|
27
26
|
|
|
28
27
|
# Cache!
|
|
29
|
-
def sso_cache(resource,
|
|
28
|
+
def sso_cache(resource, _action=nil)
|
|
30
29
|
record = where(id: resource.id).first_or_initialize
|
|
31
30
|
attrs = [resource.attributes.slice(*record.attribute_names)]
|
|
32
31
|
record.assign_attributes(*attrs)
|
|
33
32
|
record.changed? ? record.save! : record.touch
|
|
34
33
|
record
|
|
35
34
|
end
|
|
36
|
-
|
|
37
35
|
end
|
|
38
36
|
end
|
|
@@ -19,8 +19,8 @@ class Bsm::Sso::Client::FailureApp < ActionController::Metal
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def redirect!
|
|
22
|
-
path = request.env[
|
|
23
|
-
redirect_to Bsm::Sso::Client.user_class.sso_sign_in_url(:
|
|
22
|
+
path = request.env['warden.options'].try(:[], :attempted_path) || request.fullpath
|
|
23
|
+
redirect_to Bsm::Sso::Client.user_class.sso_sign_in_url(service: service_url(path)), status: 303
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def respond_with_js!
|
|
@@ -32,7 +32,7 @@ class Bsm::Sso::Client::FailureApp < ActionController::Metal
|
|
|
32
32
|
def stop!
|
|
33
33
|
self.status = 403
|
|
34
34
|
self.content_type = Mime[:html]
|
|
35
|
-
self.response_body =
|
|
35
|
+
self.response_body = '<html><head></head><body><h1>Access Forbidden</h1></body></html>'
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
end
|
|
@@ -2,16 +2,12 @@ require 'bsm/sso/client'
|
|
|
2
2
|
require 'rails'
|
|
3
3
|
|
|
4
4
|
class Bsm::Sso::Client::Railtie < ::Rails::Railtie
|
|
5
|
-
RESCUE_RESPONSES = {
|
|
5
|
+
RESCUE_RESPONSES = { 'Bsm::Sso::Client::UnauthorizedAccess' => :forbidden }.freeze
|
|
6
6
|
|
|
7
7
|
config.app_middleware.use RailsWarden::Manager do |manager|
|
|
8
8
|
manager.default_strategies :sso_ticket, :sso_http_auth
|
|
9
9
|
manager.failure_app = Bsm::Sso::Client::FailureApp
|
|
10
|
-
Bsm::Sso::Client.warden_configuration
|
|
10
|
+
Bsm::Sso::Client.warden_configuration&.call(manager)
|
|
11
11
|
end
|
|
12
|
-
|
|
13
|
-
if config.action_dispatch.key?(:rescue_responses)
|
|
14
|
-
config.action_dispatch.rescue_responses.merge!(RESCUE_RESPONSES)
|
|
15
|
-
end
|
|
16
|
-
|
|
12
|
+
config.action_dispatch.rescue_responses.merge!(RESCUE_RESPONSES) if config.action_dispatch.key?(:rescue_responses)
|
|
17
13
|
end
|
|
@@ -15,9 +15,9 @@ class Bsm::Sso::Client::Strategies::HttpAuth < Bsm::Sso::Client::Strategies::Bas
|
|
|
15
15
|
|
|
16
16
|
def token
|
|
17
17
|
return nil unless request.authorization && request.authorization =~ /^Basic (.*)/m
|
|
18
|
-
|
|
18
|
+
|
|
19
|
+
@token ||= Base64.decode64(Regexp.last_match(1)).split(/:/, 2).first
|
|
19
20
|
end
|
|
20
21
|
|
|
21
22
|
Warden::Strategies.add :sso_http_auth, self
|
|
22
23
|
end
|
|
23
|
-
|
|
@@ -5,7 +5,6 @@ module Bsm
|
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
6
|
|
|
7
7
|
included do
|
|
8
|
-
|
|
9
8
|
before do
|
|
10
9
|
@request.env['action_controller.instance'] = @controller
|
|
11
10
|
@request.env['warden'] = warden
|
|
@@ -14,9 +13,8 @@ module Bsm
|
|
|
14
13
|
let :warden do
|
|
15
14
|
Warden::Proxy.new @request.env, Warden::Manager.new(nil)
|
|
16
15
|
end
|
|
17
|
-
|
|
18
16
|
end
|
|
19
17
|
end
|
|
20
18
|
end
|
|
21
19
|
end
|
|
22
|
-
end
|
|
20
|
+
end
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
module Bsm::Sso::Client::UrlHelpers
|
|
2
|
-
|
|
3
|
-
def service_url(path = request.fullpath)
|
|
2
|
+
def service_url(path=request.fullpath)
|
|
4
3
|
part = Regexp.escape({ ticket: params.fetch(:ticket, '') }.to_query)
|
|
5
|
-
request.base_url + path.sub(/#{part}\&?/, '').chomp(
|
|
4
|
+
request.base_url + path.sub(/#{part}\&?/, '').chomp('&').chomp('?')
|
|
6
5
|
end
|
|
7
|
-
|
|
8
6
|
end
|
data/lib/bsm/sso/client/user.rb
CHANGED
|
@@ -3,48 +3,48 @@ class Bsm::Sso::Client::User < Bsm::Sso::Client::AbstractResource
|
|
|
3
3
|
class << self
|
|
4
4
|
|
|
5
5
|
def all(options={})
|
|
6
|
-
get(
|
|
6
|
+
get('/users', options.reverse_merge(expects: [200, 404, 422], collection: true))
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def sso_find(id)
|
|
10
|
-
Bsm::Sso::Client.cache_store.fetch "users:#{id}", :
|
|
11
|
-
get "/users/#{id}", :
|
|
10
|
+
Bsm::Sso::Client.cache_store.fetch "users:#{id}", expires_in: Bsm::Sso::Client.expire_after do
|
|
11
|
+
get "/users/#{id}", expects: [200, 404, 422]
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def sso_consume(ticket, service)
|
|
16
|
-
get
|
|
16
|
+
get '/consume', query: { ticket: ticket, service: service }
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def sso_authorize(token)
|
|
20
|
-
get
|
|
20
|
+
get '/authorize', query: { auth_token: token }
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
def sso_authenticate(credentials)
|
|
24
|
-
get
|
|
24
|
+
get '/authenticate', query: credentials.slice(:email, :password)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
def sso_sign_in_url(params
|
|
27
|
+
def sso_sign_in_url(params={})
|
|
28
28
|
sso_custom_absolute_method_root_url(:sign_in, params)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
def sso_sign_out_url(params
|
|
31
|
+
def sso_sign_out_url(params={})
|
|
32
32
|
sso_custom_absolute_method_root_url(:sign_out, params)
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
private
|
|
36
36
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
url = "#{conn[:scheme]}://#{conn[:host]}#{port}/#{method_name.to_s}"
|
|
45
|
-
url << "?#{params.to_h.to_query}" unless params.empty?
|
|
46
|
-
url
|
|
37
|
+
def sso_custom_absolute_method_root_url(method_name, params={})
|
|
38
|
+
conn = site.data
|
|
39
|
+
port = ''
|
|
40
|
+
unless conn[:port].blank? || (conn[:scheme] == 'http' && conn[:port].to_i == 80) || (conn[:scheme] == 'https' && conn[:port].to_i == 443)
|
|
41
|
+
port = ":#{conn[:port]}"
|
|
47
42
|
end
|
|
48
43
|
|
|
44
|
+
url = "#{conn[:scheme]}://#{conn[:host]}#{port}/#{method_name}"
|
|
45
|
+
url << "?#{params.to_h.to_query}" unless params.empty?
|
|
46
|
+
url
|
|
47
|
+
end
|
|
48
|
+
|
|
49
49
|
end
|
|
50
50
|
end
|
|
@@ -3,36 +3,33 @@ module Bsm::Sso::Client::UserMethods
|
|
|
3
3
|
|
|
4
4
|
included do
|
|
5
5
|
class << self
|
|
6
|
-
delegate :sso_sign_in_url, :sso_sign_out_url, :
|
|
6
|
+
delegate :sso_sign_in_url, :sso_sign_out_url, to: :"Bsm::Sso::Client::User"
|
|
7
7
|
end
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
module ClassMethods
|
|
11
|
-
|
|
12
11
|
def sso_find(id)
|
|
13
12
|
resource = Bsm::Sso::Client::User.sso_find(id)
|
|
14
13
|
sso_cache(resource, :find) if resource
|
|
15
14
|
end
|
|
16
15
|
|
|
17
|
-
def sso_consume(*
|
|
18
|
-
resource = Bsm::Sso::Client::User.sso_consume(*
|
|
16
|
+
def sso_consume(*args)
|
|
17
|
+
resource = Bsm::Sso::Client::User.sso_consume(*args)
|
|
19
18
|
sso_cache(resource, :consume) if resource
|
|
20
19
|
end
|
|
21
20
|
|
|
22
|
-
def sso_authenticate(*
|
|
23
|
-
resource = Bsm::Sso::Client::User.sso_authenticate(*
|
|
21
|
+
def sso_authenticate(*args)
|
|
22
|
+
resource = Bsm::Sso::Client::User.sso_authenticate(*args)
|
|
24
23
|
sso_cache(resource, :authenticate) if resource
|
|
25
24
|
end
|
|
26
25
|
|
|
27
|
-
def sso_authorize(*
|
|
28
|
-
resource = Bsm::Sso::Client::User.sso_authorize(*
|
|
26
|
+
def sso_authorize(*args)
|
|
27
|
+
resource = Bsm::Sso::Client::User.sso_authorize(*args)
|
|
29
28
|
sso_cache(resource, :authorize) if resource
|
|
30
29
|
end
|
|
31
30
|
|
|
32
|
-
def sso_cache(resource,
|
|
31
|
+
def sso_cache(resource, _action=nil)
|
|
33
32
|
new(resource.attributes)
|
|
34
33
|
end
|
|
35
|
-
|
|
36
34
|
end
|
|
37
35
|
end
|
|
38
|
-
|
|
@@ -17,8 +17,8 @@ Warden::Manager.after_set_user do |user, warden, opts|
|
|
|
17
17
|
warden.session(scope)['expire_at'] = Bsm::Sso::Client.expire_after.from_now.to_i
|
|
18
18
|
elsif opts[:event] == :fetch &&
|
|
19
19
|
warden.session(scope)['expire_at'].to_i < Time.now.to_i &&
|
|
20
|
-
warden.request.env[
|
|
20
|
+
warden.request.env['REQUEST_METHOD'] == 'GET'
|
|
21
21
|
warden.logout(scope)
|
|
22
|
-
throw :warden, :
|
|
22
|
+
throw :warden, scope: scope, message: :timeout
|
|
23
23
|
end
|
|
24
24
|
end
|
metadata
CHANGED
|
@@ -1,37 +1,31 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bsm-sso-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.12.
|
|
4
|
+
version: 0.12.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dimitrij Denissenko
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-08-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: actionpack
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
20
|
-
- - "<"
|
|
21
|
-
- !ruby/object:Gem::Version
|
|
22
|
-
version: 6.0.0
|
|
19
|
+
version: '0'
|
|
23
20
|
type: :runtime
|
|
24
21
|
prerelease: false
|
|
25
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
23
|
requirements:
|
|
27
24
|
- - ">="
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
29
|
-
version:
|
|
30
|
-
- - "<"
|
|
31
|
-
- !ruby/object:Gem::Version
|
|
32
|
-
version: 6.0.0
|
|
26
|
+
version: '0'
|
|
33
27
|
- !ruby/object:Gem::Dependency
|
|
34
|
-
name:
|
|
28
|
+
name: activesupport
|
|
35
29
|
requirement: !ruby/object:Gem::Requirement
|
|
36
30
|
requirements:
|
|
37
31
|
- - ">="
|
|
@@ -45,19 +39,25 @@ dependencies:
|
|
|
45
39
|
- !ruby/object:Gem::Version
|
|
46
40
|
version: '0'
|
|
47
41
|
- !ruby/object:Gem::Dependency
|
|
48
|
-
name:
|
|
42
|
+
name: excon
|
|
49
43
|
requirement: !ruby/object:Gem::Requirement
|
|
50
44
|
requirements:
|
|
51
45
|
- - ">="
|
|
52
46
|
- !ruby/object:Gem::Version
|
|
53
|
-
version:
|
|
47
|
+
version: 0.27.5
|
|
48
|
+
- - "<"
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: '1'
|
|
54
51
|
type: :runtime
|
|
55
52
|
prerelease: false
|
|
56
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
54
|
requirements:
|
|
58
55
|
- - ">="
|
|
59
56
|
- !ruby/object:Gem::Version
|
|
60
|
-
version:
|
|
57
|
+
version: 0.27.5
|
|
58
|
+
- - "<"
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '1'
|
|
61
61
|
- !ruby/object:Gem::Dependency
|
|
62
62
|
name: rails_warden
|
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -73,27 +73,27 @@ dependencies:
|
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
74
|
version: 0.5.0
|
|
75
75
|
- !ruby/object:Gem::Dependency
|
|
76
|
-
name:
|
|
76
|
+
name: railties
|
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
|
78
78
|
requirements:
|
|
79
79
|
- - ">="
|
|
80
80
|
- !ruby/object:Gem::Version
|
|
81
|
-
version: 0.
|
|
81
|
+
version: 5.0.0
|
|
82
82
|
- - "<"
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
|
-
version:
|
|
84
|
+
version: 7.0.0
|
|
85
85
|
type: :runtime
|
|
86
86
|
prerelease: false
|
|
87
87
|
version_requirements: !ruby/object:Gem::Requirement
|
|
88
88
|
requirements:
|
|
89
89
|
- - ">="
|
|
90
90
|
- !ruby/object:Gem::Version
|
|
91
|
-
version: 0.
|
|
91
|
+
version: 5.0.0
|
|
92
92
|
- - "<"
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
|
-
version:
|
|
94
|
+
version: 7.0.0
|
|
95
95
|
- !ruby/object:Gem::Dependency
|
|
96
|
-
name:
|
|
96
|
+
name: activerecord
|
|
97
97
|
requirement: !ruby/object:Gem::Requirement
|
|
98
98
|
requirements:
|
|
99
99
|
- - ">="
|
|
@@ -107,7 +107,7 @@ dependencies:
|
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
108
|
version: '0'
|
|
109
109
|
- !ruby/object:Gem::Dependency
|
|
110
|
-
name:
|
|
110
|
+
name: cancan
|
|
111
111
|
requirement: !ruby/object:Gem::Requirement
|
|
112
112
|
requirements:
|
|
113
113
|
- - ">="
|
|
@@ -121,7 +121,7 @@ dependencies:
|
|
|
121
121
|
- !ruby/object:Gem::Version
|
|
122
122
|
version: '0'
|
|
123
123
|
- !ruby/object:Gem::Dependency
|
|
124
|
-
name:
|
|
124
|
+
name: inherited_resources
|
|
125
125
|
requirement: !ruby/object:Gem::Requirement
|
|
126
126
|
requirements:
|
|
127
127
|
- - ">="
|
|
@@ -148,6 +148,20 @@ dependencies:
|
|
|
148
148
|
- - ">="
|
|
149
149
|
- !ruby/object:Gem::Version
|
|
150
150
|
version: '0'
|
|
151
|
+
- !ruby/object:Gem::Dependency
|
|
152
|
+
name: rake
|
|
153
|
+
requirement: !ruby/object:Gem::Requirement
|
|
154
|
+
requirements:
|
|
155
|
+
- - ">="
|
|
156
|
+
- !ruby/object:Gem::Version
|
|
157
|
+
version: '0'
|
|
158
|
+
type: :development
|
|
159
|
+
prerelease: false
|
|
160
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
161
|
+
requirements:
|
|
162
|
+
- - ">="
|
|
163
|
+
- !ruby/object:Gem::Version
|
|
164
|
+
version: '0'
|
|
151
165
|
- !ruby/object:Gem::Dependency
|
|
152
166
|
name: rspec
|
|
153
167
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -177,7 +191,7 @@ dependencies:
|
|
|
177
191
|
- !ruby/object:Gem::Version
|
|
178
192
|
version: '0'
|
|
179
193
|
- !ruby/object:Gem::Dependency
|
|
180
|
-
name:
|
|
194
|
+
name: rubocop
|
|
181
195
|
requirement: !ruby/object:Gem::Requirement
|
|
182
196
|
requirements:
|
|
183
197
|
- - ">="
|
|
@@ -191,7 +205,7 @@ dependencies:
|
|
|
191
205
|
- !ruby/object:Gem::Version
|
|
192
206
|
version: '0'
|
|
193
207
|
- !ruby/object:Gem::Dependency
|
|
194
|
-
name:
|
|
208
|
+
name: shoulda-matchers
|
|
195
209
|
requirement: !ruby/object:Gem::Requirement
|
|
196
210
|
requirements:
|
|
197
211
|
- - ">="
|
|
@@ -219,7 +233,7 @@ dependencies:
|
|
|
219
233
|
- !ruby/object:Gem::Version
|
|
220
234
|
version: '0'
|
|
221
235
|
- !ruby/object:Gem::Dependency
|
|
222
|
-
name:
|
|
236
|
+
name: webmock
|
|
223
237
|
requirement: !ruby/object:Gem::Requirement
|
|
224
238
|
requirements:
|
|
225
239
|
- - ">="
|
|
@@ -267,15 +281,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
267
281
|
requirements:
|
|
268
282
|
- - ">="
|
|
269
283
|
- !ruby/object:Gem::Version
|
|
270
|
-
version: 2.
|
|
284
|
+
version: '2.5'
|
|
271
285
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
272
286
|
requirements:
|
|
273
287
|
- - ">="
|
|
274
288
|
- !ruby/object:Gem::Version
|
|
275
289
|
version: '0'
|
|
276
290
|
requirements: []
|
|
277
|
-
|
|
278
|
-
rubygems_version: 2.7.7
|
|
291
|
+
rubygems_version: 3.0.3
|
|
279
292
|
signing_key:
|
|
280
293
|
specification_version: 4
|
|
281
294
|
summary: BSM's internal SSO client
|