carpool 0.1.2 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/carpool.gemspec +2 -2
- data/lib/carpool.rb +14 -0
- data/lib/carpool/driver.rb +22 -6
- data/lib/carpool/passenger.rb +12 -7
- data/lib/carpool/seatbelt.rb +5 -3
- metadata +4 -4
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.2.0
|
data/carpool.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{carpool}
|
|
8
|
-
s.version = "0.
|
|
8
|
+
s.version = "0.2.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Brent Kirby"]
|
|
12
|
-
s.date = %q{2010-08-
|
|
12
|
+
s.date = %q{2010-08-24}
|
|
13
13
|
s.description = %q{Carpool is a single sign on solution for Rack-based applications allowing you to persist sessions across domains.}
|
|
14
14
|
s.email = %q{dev@kurbmedia.com}
|
|
15
15
|
s.extra_rdoc_files = [
|
data/lib/carpool.rb
CHANGED
|
@@ -16,6 +16,20 @@ module Carpool
|
|
|
16
16
|
@auth_attempt ||= false
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
def driver_uri
|
|
20
|
+
"#{Carpool::Passenger.driver_uri}/sso/authenticate"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def revoke_uri
|
|
24
|
+
"#{Carpool::Passenger.driver_uri}/sso/revoke"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def acts_as=(obj); @acts_as = obj.to_sym; end
|
|
28
|
+
def acts_as; @acts_as; end
|
|
29
|
+
def acts_as?(type)
|
|
30
|
+
@acts_as == type.to_sym
|
|
31
|
+
end
|
|
32
|
+
|
|
19
33
|
end
|
|
20
34
|
|
|
21
35
|
def self.generate_site_key(url)
|
data/lib/carpool/driver.rb
CHANGED
|
@@ -10,6 +10,7 @@ module Carpool
|
|
|
10
10
|
|
|
11
11
|
attr_accessor :site_key
|
|
12
12
|
attr_accessor :unauthorized_uri
|
|
13
|
+
attr_accessor :revoke_uri
|
|
13
14
|
|
|
14
15
|
def passengers
|
|
15
16
|
@passengers ||= []
|
|
@@ -29,6 +30,7 @@ module Carpool
|
|
|
29
30
|
|
|
30
31
|
def initialize(app)
|
|
31
32
|
@app = app
|
|
33
|
+
Carpool.acts_as = :driver
|
|
32
34
|
yield Carpool::Driver if block_given?
|
|
33
35
|
self
|
|
34
36
|
end
|
|
@@ -40,15 +42,23 @@ module Carpool
|
|
|
40
42
|
|
|
41
43
|
# Unless we are trying to authenticate a passenger, just continue through the stack.
|
|
42
44
|
return @app.call(env) unless valid_request? && valid_referrer?
|
|
43
|
-
|
|
45
|
+
|
|
44
46
|
# Parse the referring site
|
|
45
47
|
referrer = URI.parse(@env['HTTP_REFERER'])
|
|
46
48
|
|
|
47
49
|
# Unless this domain is listed as a potential passenger, issue a 500.
|
|
48
|
-
|
|
50
|
+
current_passenger = Carpool::Driver.passengers.reject{ |p| !p.keys.first.downcase.include?(referrer.host) }
|
|
51
|
+
if current_passenger.nil? or current_passenger.empty?
|
|
49
52
|
return [500, {}, 'Unauthorized request.']
|
|
50
53
|
end
|
|
51
54
|
|
|
55
|
+
if is_revoking?
|
|
56
|
+
response = [302, {'Location' => Carpool::Driver.revoke_uri}, 'Redirecting logged out session...']
|
|
57
|
+
return response
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
cookies[:current_passenger] = current_passenger.first[referrer.host.to_s]
|
|
61
|
+
|
|
52
62
|
# Attempt to find an existing driver session.
|
|
53
63
|
# If one is found, redirect back to the passenger site and include our seatbelt
|
|
54
64
|
# The seatbelt includes two parts:
|
|
@@ -60,8 +70,8 @@ module Carpool
|
|
|
60
70
|
|
|
61
71
|
puts "Carpool::Driver: Redirecting to authentication path.."
|
|
62
72
|
Carpool.auth_attempt = true
|
|
63
|
-
cookies[:redirect_to] = referrer
|
|
64
|
-
response = [
|
|
73
|
+
cookies[:redirect_to] = referrer
|
|
74
|
+
response = [302, {'Location' => Carpool::Driver.unauthorized_uri}, 'Redirecting unauthorized user...']
|
|
65
75
|
|
|
66
76
|
else
|
|
67
77
|
|
|
@@ -69,9 +79,10 @@ module Carpool
|
|
|
69
79
|
cookies[:redirect_to] = referrer
|
|
70
80
|
seatbelt = SeatBelt.new(env).create_payload!
|
|
71
81
|
|
|
72
|
-
response = [
|
|
82
|
+
response = [302, {'Location' => seatbelt}, 'Approved!']
|
|
73
83
|
Carpool.auth_attempt = false
|
|
74
84
|
cookies[:redirect_to] = false
|
|
85
|
+
cookies[:current_passenger] = nil
|
|
75
86
|
|
|
76
87
|
end
|
|
77
88
|
|
|
@@ -82,11 +93,16 @@ module Carpool
|
|
|
82
93
|
private
|
|
83
94
|
|
|
84
95
|
def valid_referrer?
|
|
96
|
+
puts "Referrer?: #{@env['HTTP_REFERER']}"
|
|
85
97
|
!(@env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?)
|
|
86
98
|
end
|
|
87
99
|
|
|
88
100
|
def valid_request?
|
|
89
|
-
@env['PATH_INFO'].downcase == "/sso/authenticate"
|
|
101
|
+
@env['PATH_INFO'].downcase == "/sso/authenticate" || @env['PATH_INFO'].downcase == "/sso/revoke"
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
def is_revoking?
|
|
105
|
+
@env['PATH_INFO'].downcase == "/sso/revoke"
|
|
90
106
|
end
|
|
91
107
|
|
|
92
108
|
end
|
data/lib/carpool/passenger.rb
CHANGED
|
@@ -14,23 +14,24 @@ module Carpool
|
|
|
14
14
|
|
|
15
15
|
def initialize(app)
|
|
16
16
|
@app = app
|
|
17
|
+
Carpool.acts_as = :passenger
|
|
17
18
|
yield Carpool::Passenger if block_given?
|
|
18
19
|
self
|
|
19
20
|
end
|
|
20
21
|
|
|
21
22
|
def call(env)
|
|
22
23
|
@env = env
|
|
24
|
+
@params = CGI.parse(env['QUERY_STRING'])
|
|
23
25
|
cookies[:scope] = "passenger"
|
|
24
26
|
|
|
25
27
|
# If this isn't an authorize request from the driver, just ignore it.
|
|
26
28
|
return @app.call(env) unless valid_request? && valid_referrer?
|
|
27
29
|
|
|
28
|
-
# If we can't find our payload, then we need to abort.
|
|
29
|
-
|
|
30
|
-
return [500, {}, 'Invalid seatbelt.'] if params['seatbelt'].nil? or params['seatbelt'].blank?
|
|
30
|
+
# If we can't find our payload, then we need to abort.
|
|
31
|
+
return [500, {}, 'Invalid seatbelt.'] if @params['seatbelt'].nil? or @params['seatbelt'].blank?
|
|
31
32
|
|
|
32
33
|
# Set a custom HTTP header for our payload and send the request to the user's /sso/authorize handler.
|
|
33
|
-
env['X-CARPOOL-PAYLOAD'] = params['seatbelt']
|
|
34
|
+
env['X-CARPOOL-PAYLOAD'] = @params['seatbelt']
|
|
34
35
|
return @app.call(env)
|
|
35
36
|
|
|
36
37
|
end
|
|
@@ -43,9 +44,13 @@ module Carpool
|
|
|
43
44
|
|
|
44
45
|
def valid_referrer?
|
|
45
46
|
return false if @env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
referring_uri
|
|
47
|
+
return false if @params['driver'].nil? or @params['driver'].blank?
|
|
48
|
+
|
|
49
|
+
referring_uri = @params['driver'].to_s
|
|
50
|
+
secret_match = Digest::SHA256.new
|
|
51
|
+
secret_match = secret_match.update(Carpool::Passenger.secret).digest.to_s
|
|
52
|
+
puts "Trying to match #{referring_uri} to #{secret_match} : #{referring_uri == secret_match}"
|
|
53
|
+
referring_uri === secret_match
|
|
49
54
|
end
|
|
50
55
|
|
|
51
56
|
end
|
data/lib/carpool/seatbelt.rb
CHANGED
|
@@ -31,12 +31,12 @@ module Carpool
|
|
|
31
31
|
|
|
32
32
|
# Restore the user from our payload. We 'remove' their seatbelt because they have arrived!
|
|
33
33
|
def remove!
|
|
34
|
-
payload = env['X-CARPOOL-PAYLOAD']
|
|
34
|
+
payload = @env['X-CARPOOL-PAYLOAD']
|
|
35
35
|
payload = payload.flatten.first if payload.is_a?(Array) # TODO: Figure out why our header is an array?
|
|
36
36
|
seatbelt = YAML.load(Base64.decode64(CGI.unescape(payload))).to_hash
|
|
37
37
|
puts "Seatbelt: #{seatbelt.inspect}"
|
|
38
38
|
user = Base64.decode64(seatbelt[:user])
|
|
39
|
-
key = Carpool.generate_site_key(env['SERVER_NAME'])
|
|
39
|
+
key = Carpool.generate_site_key(@env['SERVER_NAME'])
|
|
40
40
|
secret = Carpool::Passenger.secret
|
|
41
41
|
digest = Digest::SHA256.new
|
|
42
42
|
digest.update("#{key}--#{secret}")
|
|
@@ -51,10 +51,12 @@ module Carpool
|
|
|
51
51
|
def create_payload!
|
|
52
52
|
seatbelt = self.to_s
|
|
53
53
|
referrer = cookies[:redirect_to]
|
|
54
|
+
driver = Digest::SHA256.new
|
|
55
|
+
driver = driver.update(cookies[:current_passenger][:secret]).digest.to_s
|
|
54
56
|
new_uri = "#{referrer.scheme}://"
|
|
55
57
|
new_uri << referrer.host
|
|
56
58
|
new_uri << ((referrer.port != 80 && referrer.port != 443) ? ":#{referrer.port}" : "")
|
|
57
|
-
new_uri << "/sso/authorize?seatbelt=#{seatbelt}"
|
|
59
|
+
new_uri << "/sso/authorize?seatbelt=#{seatbelt}&driver=#{driver}"
|
|
58
60
|
end
|
|
59
61
|
|
|
60
62
|
def to_s
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: carpool
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 23
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
-
- 1
|
|
9
8
|
- 2
|
|
10
|
-
|
|
9
|
+
- 0
|
|
10
|
+
version: 0.2.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Brent Kirby
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-08-
|
|
18
|
+
date: 2010-08-24 00:00:00 -04:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|