carpool 0.1.2 → 0.2.0

data/VERSION

@@ -1 +1 @@
-0.1.2
+0.2.0

data/carpool.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{carpool}
-  s.version = "0.1.2"
+  s.version = "0.2.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Brent Kirby"]
-  s.date = %q{2010-08-16}
+  s.date = %q{2010-08-24}
   s.description = %q{Carpool is a single sign on solution for Rack-based applications allowing you to persist sessions across domains.}
   s.email = %q{dev@kurbmedia.com}
   s.extra_rdoc_files = [

data/lib/carpool.rb

@@ -16,6 +16,20 @@ module Carpool
       @auth_attempt ||= false
     end
     
+    def driver_uri
+      "#{Carpool::Passenger.driver_uri}/sso/authenticate"
+    end
+    
+    def revoke_uri
+      "#{Carpool::Passenger.driver_uri}/sso/revoke"
+    end
+    
+    def acts_as=(obj); @acts_as = obj.to_sym; end
+    def acts_as; @acts_as; end
+    def acts_as?(type)
+      @acts_as == type.to_sym
+    end
+    
   end
   
   def self.generate_site_key(url)

data/lib/carpool/driver.rb

@@ -10,6 +10,7 @@ module Carpool
       
       attr_accessor :site_key
       attr_accessor :unauthorized_uri
+      attr_accessor :revoke_uri
       
       def passengers
         @passengers ||= []
@@ -29,6 +30,7 @@ module Carpool
     
     def initialize(app)
       @app = app
+      Carpool.acts_as = :driver
       yield Carpool::Driver if block_given?
       self
     end
@@ -40,15 +42,23 @@ module Carpool
 
       # Unless we are trying to authenticate a passenger, just continue through the stack.
       return @app.call(env) unless valid_request? && valid_referrer? 
-      
+
       # Parse the referring site
       referrer = URI.parse(@env['HTTP_REFERER'])
       
       # Unless this domain is listed as a potential passenger, issue a 500.
-      unless Carpool::Driver.passengers.collect{ |p| p.keys.first.downcase }.include?(referrer.host)   
+      current_passenger = Carpool::Driver.passengers.reject{ |p| !p.keys.first.downcase.include?(referrer.host) }
+      if current_passenger.nil? or current_passenger.empty?
         return [500, {}, 'Unauthorized request.']
       end
       
+      if is_revoking?
+        response = [302, {'Location' => Carpool::Driver.revoke_uri}, 'Redirecting logged out session...']
+        return response
+      end
+      
+      cookies[:current_passenger] = current_passenger.first[referrer.host.to_s]
+      
       # Attempt to find an existing driver session.
       # If one is found, redirect back to the passenger site and include our seatbelt
       # The seatbelt includes two parts:
@@ -60,8 +70,8 @@ module Carpool
         
         puts "Carpool::Driver: Redirecting to authentication path.."
         Carpool.auth_attempt = true
-        cookies[:redirect_to] = referrer
-        response = [301, {'Location' => Carpool::Driver.unauthorized_uri}, 'Redirecting unauthorized user...']
+        cookies[:redirect_to] = referrer        
+        response = [302, {'Location' => Carpool::Driver.unauthorized_uri}, 'Redirecting unauthorized user...']        
         
       else
         
@@ -69,9 +79,10 @@ module Carpool
         cookies[:redirect_to] = referrer
         seatbelt = SeatBelt.new(env).create_payload!
 
-        response = [301, {'Location' => seatbelt}, 'Approved!']
+        response = [302, {'Location' => seatbelt}, 'Approved!']
         Carpool.auth_attempt  = false
         cookies[:redirect_to] = false
+        cookies[:current_passenger] = nil
                 
       end
       
@@ -82,11 +93,16 @@ module Carpool
     private
     
     def valid_referrer?
+      puts "Referrer?: #{@env['HTTP_REFERER']}"
       !(@env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?)
     end
     
     def valid_request?
-      @env['PATH_INFO'].downcase == "/sso/authenticate"
+      @env['PATH_INFO'].downcase == "/sso/authenticate" || @env['PATH_INFO'].downcase == "/sso/revoke"
+    end
+    
+    def is_revoking?
+      @env['PATH_INFO'].downcase == "/sso/revoke"
     end
     
   end

data/lib/carpool/passenger.rb

@@ -14,23 +14,24 @@ module Carpool
     
     def initialize(app)
       @app = app
+      Carpool.acts_as = :passenger
       yield Carpool::Passenger if block_given?
       self
     end
     
     def call(env)
       @env = env
+      @params = CGI.parse(env['QUERY_STRING'])
       cookies[:scope] = "passenger"
       
       # If this isn't an authorize request from the driver, just ignore it.
       return @app.call(env) unless valid_request? && valid_referrer?
       
-      # If we can't find our payload, then we need to abort.
-      params = CGI.parse(env['QUERY_STRING'])
-      return [500, {}, 'Invalid seatbelt.'] if params['seatbelt'].nil? or params['seatbelt'].blank?
+      # If we can't find our payload, then we need to abort.      
+      return [500, {}, 'Invalid seatbelt.'] if @params['seatbelt'].nil? or @params['seatbelt'].blank?
       
       # Set a custom HTTP header for our payload and send the request to the user's /sso/authorize handler.
-      env['X-CARPOOL-PAYLOAD'] = params['seatbelt']
+      env['X-CARPOOL-PAYLOAD'] = @params['seatbelt']
       return @app.call(env)
       
     end
@@ -43,9 +44,13 @@ module Carpool
     
     def valid_referrer?
       return false if @env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?
-      referring_uri = URI.parse(@env['HTTP_REFERER'])
-      driver_uri    = URI.parse(Carpool::Passenger.driver_uri)
-      referring_uri.host.to_s.downcase === driver_uri.host.to_s.downcase
+      return false if @params['driver'].nil?    or @params['driver'].blank?
+      
+      referring_uri = @params['driver'].to_s
+      secret_match  = Digest::SHA256.new
+      secret_match  = secret_match.update(Carpool::Passenger.secret).digest.to_s
+      puts "Trying to match #{referring_uri} to #{secret_match} : #{referring_uri == secret_match}"
+      referring_uri === secret_match
     end
     
   end

data/lib/carpool/seatbelt.rb

@@ -31,12 +31,12 @@ module Carpool
     
     # Restore the user from our payload. We 'remove' their seatbelt because they have arrived!
     def remove!
-      payload  = env['X-CARPOOL-PAYLOAD']
+      payload  = @env['X-CARPOOL-PAYLOAD']
       payload  = payload.flatten.first if payload.is_a?(Array) # TODO: Figure out why our header is an array?
       seatbelt = YAML.load(Base64.decode64(CGI.unescape(payload))).to_hash
       puts "Seatbelt: #{seatbelt.inspect}"
       user     = Base64.decode64(seatbelt[:user])
-      key      = Carpool.generate_site_key(env['SERVER_NAME'])
+      key      = Carpool.generate_site_key(@env['SERVER_NAME'])
       secret   = Carpool::Passenger.secret
       digest   = Digest::SHA256.new
       digest.update("#{key}--#{secret}")
@@ -51,10 +51,12 @@ module Carpool
     def create_payload!
       seatbelt = self.to_s
       referrer = cookies[:redirect_to]
+      driver   = Digest::SHA256.new
+      driver   = driver.update(cookies[:current_passenger][:secret]).digest.to_s
       new_uri  = "#{referrer.scheme}://"
       new_uri << referrer.host
       new_uri << ((referrer.port != 80 && referrer.port != 443) ? ":#{referrer.port}" : "")
-      new_uri << "/sso/authorize?seatbelt=#{seatbelt}"
+      new_uri << "/sso/authorize?seatbelt=#{seatbelt}&driver=#{driver}"
     end
     
     def to_s

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: carpool
 version: !ruby/object:Gem::Version 
-  hash: 31
+  hash: 23
   prerelease: false
   segments: 
   - 0
-  - 1
   - 2
-  version: 0.1.2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Brent Kirby
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-16 00:00:00 -04:00
+date: 2010-08-24 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency