carpool 0.1.2 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.2
1
+ 0.2.0
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{carpool}
8
- s.version = "0.1.2"
8
+ s.version = "0.2.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Brent Kirby"]
12
- s.date = %q{2010-08-16}
12
+ s.date = %q{2010-08-24}
13
13
  s.description = %q{Carpool is a single sign on solution for Rack-based applications allowing you to persist sessions across domains.}
14
14
  s.email = %q{dev@kurbmedia.com}
15
15
  s.extra_rdoc_files = [
@@ -16,6 +16,20 @@ module Carpool
16
16
  @auth_attempt ||= false
17
17
  end
18
18
 
19
+ def driver_uri
20
+ "#{Carpool::Passenger.driver_uri}/sso/authenticate"
21
+ end
22
+
23
+ def revoke_uri
24
+ "#{Carpool::Passenger.driver_uri}/sso/revoke"
25
+ end
26
+
27
+ def acts_as=(obj); @acts_as = obj.to_sym; end
28
+ def acts_as; @acts_as; end
29
+ def acts_as?(type)
30
+ @acts_as == type.to_sym
31
+ end
32
+
19
33
  end
20
34
 
21
35
  def self.generate_site_key(url)
@@ -10,6 +10,7 @@ module Carpool
10
10
 
11
11
  attr_accessor :site_key
12
12
  attr_accessor :unauthorized_uri
13
+ attr_accessor :revoke_uri
13
14
 
14
15
  def passengers
15
16
  @passengers ||= []
@@ -29,6 +30,7 @@ module Carpool
29
30
 
30
31
  def initialize(app)
31
32
  @app = app
33
+ Carpool.acts_as = :driver
32
34
  yield Carpool::Driver if block_given?
33
35
  self
34
36
  end
@@ -40,15 +42,23 @@ module Carpool
40
42
 
41
43
  # Unless we are trying to authenticate a passenger, just continue through the stack.
42
44
  return @app.call(env) unless valid_request? && valid_referrer?
43
-
45
+
44
46
  # Parse the referring site
45
47
  referrer = URI.parse(@env['HTTP_REFERER'])
46
48
 
47
49
  # Unless this domain is listed as a potential passenger, issue a 500.
48
- unless Carpool::Driver.passengers.collect{ |p| p.keys.first.downcase }.include?(referrer.host)
50
+ current_passenger = Carpool::Driver.passengers.reject{ |p| !p.keys.first.downcase.include?(referrer.host) }
51
+ if current_passenger.nil? or current_passenger.empty?
49
52
  return [500, {}, 'Unauthorized request.']
50
53
  end
51
54
 
55
+ if is_revoking?
56
+ response = [302, {'Location' => Carpool::Driver.revoke_uri}, 'Redirecting logged out session...']
57
+ return response
58
+ end
59
+
60
+ cookies[:current_passenger] = current_passenger.first[referrer.host.to_s]
61
+
52
62
  # Attempt to find an existing driver session.
53
63
  # If one is found, redirect back to the passenger site and include our seatbelt
54
64
  # The seatbelt includes two parts:
@@ -60,8 +70,8 @@ module Carpool
60
70
 
61
71
  puts "Carpool::Driver: Redirecting to authentication path.."
62
72
  Carpool.auth_attempt = true
63
- cookies[:redirect_to] = referrer
64
- response = [301, {'Location' => Carpool::Driver.unauthorized_uri}, 'Redirecting unauthorized user...']
73
+ cookies[:redirect_to] = referrer
74
+ response = [302, {'Location' => Carpool::Driver.unauthorized_uri}, 'Redirecting unauthorized user...']
65
75
 
66
76
  else
67
77
 
@@ -69,9 +79,10 @@ module Carpool
69
79
  cookies[:redirect_to] = referrer
70
80
  seatbelt = SeatBelt.new(env).create_payload!
71
81
 
72
- response = [301, {'Location' => seatbelt}, 'Approved!']
82
+ response = [302, {'Location' => seatbelt}, 'Approved!']
73
83
  Carpool.auth_attempt = false
74
84
  cookies[:redirect_to] = false
85
+ cookies[:current_passenger] = nil
75
86
 
76
87
  end
77
88
 
@@ -82,11 +93,16 @@ module Carpool
82
93
  private
83
94
 
84
95
  def valid_referrer?
96
+ puts "Referrer?: #{@env['HTTP_REFERER']}"
85
97
  !(@env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?)
86
98
  end
87
99
 
88
100
  def valid_request?
89
- @env['PATH_INFO'].downcase == "/sso/authenticate"
101
+ @env['PATH_INFO'].downcase == "/sso/authenticate" || @env['PATH_INFO'].downcase == "/sso/revoke"
102
+ end
103
+
104
+ def is_revoking?
105
+ @env['PATH_INFO'].downcase == "/sso/revoke"
90
106
  end
91
107
 
92
108
  end
@@ -14,23 +14,24 @@ module Carpool
14
14
 
15
15
  def initialize(app)
16
16
  @app = app
17
+ Carpool.acts_as = :passenger
17
18
  yield Carpool::Passenger if block_given?
18
19
  self
19
20
  end
20
21
 
21
22
  def call(env)
22
23
  @env = env
24
+ @params = CGI.parse(env['QUERY_STRING'])
23
25
  cookies[:scope] = "passenger"
24
26
 
25
27
  # If this isn't an authorize request from the driver, just ignore it.
26
28
  return @app.call(env) unless valid_request? && valid_referrer?
27
29
 
28
- # If we can't find our payload, then we need to abort.
29
- params = CGI.parse(env['QUERY_STRING'])
30
- return [500, {}, 'Invalid seatbelt.'] if params['seatbelt'].nil? or params['seatbelt'].blank?
30
+ # If we can't find our payload, then we need to abort.
31
+ return [500, {}, 'Invalid seatbelt.'] if @params['seatbelt'].nil? or @params['seatbelt'].blank?
31
32
 
32
33
  # Set a custom HTTP header for our payload and send the request to the user's /sso/authorize handler.
33
- env['X-CARPOOL-PAYLOAD'] = params['seatbelt']
34
+ env['X-CARPOOL-PAYLOAD'] = @params['seatbelt']
34
35
  return @app.call(env)
35
36
 
36
37
  end
@@ -43,9 +44,13 @@ module Carpool
43
44
 
44
45
  def valid_referrer?
45
46
  return false if @env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?
46
- referring_uri = URI.parse(@env['HTTP_REFERER'])
47
- driver_uri = URI.parse(Carpool::Passenger.driver_uri)
48
- referring_uri.host.to_s.downcase === driver_uri.host.to_s.downcase
47
+ return false if @params['driver'].nil? or @params['driver'].blank?
48
+
49
+ referring_uri = @params['driver'].to_s
50
+ secret_match = Digest::SHA256.new
51
+ secret_match = secret_match.update(Carpool::Passenger.secret).digest.to_s
52
+ puts "Trying to match #{referring_uri} to #{secret_match} : #{referring_uri == secret_match}"
53
+ referring_uri === secret_match
49
54
  end
50
55
 
51
56
  end
@@ -31,12 +31,12 @@ module Carpool
31
31
 
32
32
  # Restore the user from our payload. We 'remove' their seatbelt because they have arrived!
33
33
  def remove!
34
- payload = env['X-CARPOOL-PAYLOAD']
34
+ payload = @env['X-CARPOOL-PAYLOAD']
35
35
  payload = payload.flatten.first if payload.is_a?(Array) # TODO: Figure out why our header is an array?
36
36
  seatbelt = YAML.load(Base64.decode64(CGI.unescape(payload))).to_hash
37
37
  puts "Seatbelt: #{seatbelt.inspect}"
38
38
  user = Base64.decode64(seatbelt[:user])
39
- key = Carpool.generate_site_key(env['SERVER_NAME'])
39
+ key = Carpool.generate_site_key(@env['SERVER_NAME'])
40
40
  secret = Carpool::Passenger.secret
41
41
  digest = Digest::SHA256.new
42
42
  digest.update("#{key}--#{secret}")
@@ -51,10 +51,12 @@ module Carpool
51
51
  def create_payload!
52
52
  seatbelt = self.to_s
53
53
  referrer = cookies[:redirect_to]
54
+ driver = Digest::SHA256.new
55
+ driver = driver.update(cookies[:current_passenger][:secret]).digest.to_s
54
56
  new_uri = "#{referrer.scheme}://"
55
57
  new_uri << referrer.host
56
58
  new_uri << ((referrer.port != 80 && referrer.port != 443) ? ":#{referrer.port}" : "")
57
- new_uri << "/sso/authorize?seatbelt=#{seatbelt}"
59
+ new_uri << "/sso/authorize?seatbelt=#{seatbelt}&driver=#{driver}"
58
60
  end
59
61
 
60
62
  def to_s
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: carpool
3
3
  version: !ruby/object:Gem::Version
4
- hash: 31
4
+ hash: 23
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 1
9
8
  - 2
10
- version: 0.1.2
9
+ - 0
10
+ version: 0.2.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Brent Kirby
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-08-16 00:00:00 -04:00
18
+ date: 2010-08-24 00:00:00 -04:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency