carpool 0.1.0

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Brent Kirby
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,17 @@
+= carpool
+
+Description goes here.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Brent Kirby. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,54 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "carpool"
+    gem.summary = %Q{Single Sign On solution for Rack-Based applications}
+    gem.description = %Q{Carpool is a single sign on solution for Rack-based applications allowing you to persist sessions across domains.}
+    gem.email = "dev@kurbmedia.com"
+    gem.homepage = "http://github.com/kurbmedia/carpool"
+    gem.authors = ["Brent Kirby"]
+    gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
+    gem.add_dependency "fast-aes"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "carpool #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/carpool.gemspec

@@ -0,0 +1,62 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{carpool}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Brent Kirby"]
+  s.date = %q{2010-08-15}
+  s.description = %q{Carpool is a single sign on solution for Rack-based applications allowing you to persist sessions across domains.}
+  s.email = %q{dev@kurbmedia.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "carpool.gemspec",
+     "init.rb",
+     "lib/carpool.rb",
+     "lib/carpool/driver.rb",
+     "lib/carpool/mixins.rb",
+     "lib/carpool/passenger.rb",
+     "lib/carpool/seatbelt.rb",
+     "test/helper.rb",
+     "test/test_carpool.rb"
+  ]
+  s.homepage = %q{http://github.com/kurbmedia/carpool}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Single Sign On solution for Rack-Based applications}
+  s.test_files = [
+    "test/helper.rb",
+     "test/test_carpool.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+      s.add_runtime_dependency(%q<fast-aes>, [">= 0"])
+    else
+      s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+      s.add_dependency(%q<fast-aes>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    s.add_dependency(%q<fast-aes>, [">= 0"])
+  end
+end
+

data/init.rb

@@ -0,0 +1 @@
+require 'carpool'

data/lib/carpool/driver.rb

@@ -0,0 +1,93 @@
+require 'net/http'
+
+module Carpool
+  
+  class Driver
+    
+    include Carpool::Mixins::Core
+    
+    class << self
+      
+      attr_accessor :site_key
+      attr_accessor :unauthorized_uri
+      
+      def passengers
+        @passengers ||= []
+      end
+      
+      def passenger(url, options = {})
+        options[:site_key] ||= Carpool.generate_site_key(url)
+        options[:secret]   ||= Carpool.generate_site_key(url.reverse)
+        passengers << { url => options }
+      end
+      
+      def site_key
+        @site_key ||= Carpool.generate_site_key(@env['HTTP_HOST'])
+      end
+      
+    end
+    
+    def initialize(app)
+      @app = app
+      yield Carpool::Driver if block_given?
+      self
+    end
+    
+    def call(env)
+      
+      @env = env
+      cookies[:scope]    = "driver"
+
+      # Unless we are trying to authenticate a passenger, just continue through the stack.
+      return @app.call(env) unless valid_request? && valid_referrer? 
+      
+      # Parse the referring site
+      referrer = URI.parse(@env['HTTP_REFERER'])
+      
+      # Unless this domain is listed as a potential passenger, issue a 500.
+      unless Carpool::Driver.passengers.collect{ |p| p.keys.first.downcase }.include?(referrer.host)   
+        return [500, {}, 'Unauthorized request.']
+      end
+      
+      # Attempt to find an existing driver session.
+      # If one is found, redirect back to the passenger site and include our seatbelt
+      # The seatbelt includes two parts:
+      #   1) The referring uri, so that Carpool::Passenger on the other end can send the user back to their location one authenticated
+      #   2) The session payload. This is an AES encrypted hash of whatever attributes you've made available. The encrypted hash is
+      #      keyed with the site_key and secret of the referring site for extra security.
+      #
+      unless cookies[:passenger_token]
+        
+        puts "Carpool::Driver: Redirecting to authentication path.."
+        Carpool.auth_attempt = true
+        cookies[:redirect_to] = referrer
+        response = [301, {'Location' => Carpool::Driver.unauthorized_uri}, 'Redirecting unauthorized user...']
+        
+      else
+        
+        puts "Carpool::Driver: Redirecting to passenger site.."
+        cookies[:redirect_to] = referrer
+        seatbelt = SeatBelt.new(env).create_payload!
+
+        response = [301, {'Location' => seatbelt}, 'Approved!']
+        Carpool.auth_attempt  = false
+        cookies[:redirect_to] = false
+                
+      end
+      
+      response
+      
+    end
+    
+    private
+    
+    def valid_referrer?
+      !(@env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?)
+    end
+    
+    def valid_request?
+      @env['PATH_INFO'].downcase == "/sso/authenticate"
+    end
+    
+  end
+end

data/lib/carpool/mixins.rb

@@ -0,0 +1,21 @@
+module Carpool
+  module Mixins
+    
+    module Core
+      def self.included(base)
+        base.send :include, InstanceMethods
+      end
+      
+      module InstanceMethods
+        def session
+          @env['rack.session']
+        end
+
+        def cookies
+          session['carpool.cookies'] ||= {}
+        end
+      end
+    end
+    
+  end
+end

data/lib/carpool/passenger.rb

@@ -0,0 +1,52 @@
+require 'net/http'
+
+module Carpool
+  class Passenger
+    
+    include Carpool::Mixins::Core
+    
+    class << self
+      
+      attr_accessor :driver_uri
+      attr_accessor :secret
+            
+    end
+    
+    def initialize(app)
+      @app = app
+      yield Carpool::Passenger if block_given?
+      self
+    end
+    
+    def call(env)
+      @env = env
+      cookies[:scope] = "passenger"
+      
+      # If this isn't an authorize request from the driver, just ignore it.
+      return @app.call(env) unless valid_request? && valid_referrer?
+      
+      # If we can't find our payload, then we need to abort.
+      params = CGI.parse(env['QUERY_STRING'])
+      return [500, {}, 'Invalid seatbelt.'] if params['seatbelt'].nil? or params['seatbelt'].blank?
+      
+      # Set a custom HTTP header for our payload and send the request to the user's /sso/authorize handler.
+      env['X-CARPOOL-PAYLOAD'] = params['seatbelt']
+      return @app.call(env)
+      
+    end
+    
+    private
+    
+    def valid_request?
+      @env['PATH_INFO'] == "/sso/authorize"
+    end
+    
+    def valid_referrer?
+      return false if @env['HTTP_REFERER'].nil? or @env['HTTP_REFERER'].blank?
+      referring_uri = URI.parse(@env['HTTP_REFERER'])
+      driver_uri    = URI.parse(Carpool::Passenger.driver_uri)
+      referring_uri.host.to_s.downcase === driver_uri.host.to_s.downcase
+    end
+    
+  end
+end

data/lib/carpool/seatbelt.rb

@@ -0,0 +1,75 @@
+require 'fast-aes'
+require 'yaml'
+
+module Carpool
+  class SeatBelt
+    
+    include Carpool::Mixins::Core
+    
+    attr_accessor :env
+    attr_accessor :redirect_uri
+    attr_accessor :user
+    
+    # SeatBelt instances require access to the rack environment.
+    def initialize(env)
+      @env = env
+    end
+    
+    # 'Attaches' the current user into the session so it can be re-authenticated when
+    # a passenger requests it at a later date. We 'fasten' the users seatbelt for the trip back to the
+    # referring site.
+    # Fasten! returns a url for redirection back to our passenger site including the seatbelt used for authentication
+    # on the other end.
+    #
+    def fasten!(user)
+      cookies[:passenger_token] = generate_token(user)
+      create_payload!
+    end
+    
+    # Restore the user from our payload. We 'remove' their seatbelt because they have arrived!
+    def remove!
+      payload  = env['X-CARPOOL-PAYLOAD']
+      payload  = payload.flatten.first if payload.is_a?(Array) # TODO: Figure out why our header is an array?
+      seatbelt = YAML.load(Base64.decode64(CGI.unescape(payload))).to_hash
+      puts "Seatbelt: #{seatbelt.inspect}"
+      user     = Base64.decode64(seatbelt[:user])
+      key      = Carpool.generate_site_key(env['SERVER_NAME'])
+      secret   = Carpool::Passenger.secret
+      digest   = Digest::SHA256.new
+      digest.update("#{key}--#{secret}")
+      aes  = FastAES.new(digest.digest)
+      data = aes.decrypt(user)
+      @redirect_uri = seatbelt[:redirect_uri].to_s
+      @user         = YAML.load(data).to_hash
+      self
+    end
+    
+    # Create a redirection payload to be sent back to our passenger
+    def create_payload!
+      seatbelt = self.to_s
+      referrer = cookies[:redirect_to]
+      new_uri  = "#{referrer.scheme}://"
+      new_uri << referrer.host
+      new_uri << ((referrer.port != 80 && referrer.port != 443) ? ":#{referrer.port}" : "")
+      new_uri << "/sso/authorize?seatbelt=#{seatbelt}"
+    end
+    
+    def to_s
+      CGI.escape(Base64.encode64({:redirect_uri => cookies[:redirect_to].to_s, :user => cookies[:passenger_token] }.to_yaml.to_s).gsub( /\s/, ''))
+    end
+    
+    private
+    
+    def generate_token(user)
+      referrer  = cookies[:redirect_to]
+      passenger = Carpool::Driver.passengers.reject{ |p| p.keys.first.downcase != referrer.host }.first.values.first
+            
+      digest    = Digest::SHA256.new
+      digest.update("#{passenger[:site_key]}--#{passenger[:secret]}")
+      aes = FastAES.new(digest.digest)
+      Base64.encode64(aes.encrypt(user.encrypted_credentials.to_yaml.to_s)).gsub( /\s/, '')
+      
+    end
+        
+  end
+end

data/lib/carpool.rb

@@ -0,0 +1,31 @@
+require 'carpool/mixins'
+require 'carpool/driver'
+require 'carpool/passenger'
+require 'carpool/seatbelt'
+require 'base64'
+
+module Carpool
+  
+  class << self
+    
+    def auth_attempt=(bool)
+      @auth_attempt = bool
+    end
+    
+    def auth_attempt?
+      @auth_attempt ||= false
+    end
+    
+  end
+  
+  def self.generate_site_key(url)
+    digest = Digest::SHA256.new
+    digest.update(url)
+    Base64.encode64(digest.digest).gsub( /\s/, '')
+  end
+  
+  def self.unpack_key(key)
+    Base64.decode64(key)
+  end
+    
+end

data/test/helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'carpool'
+
+class Test::Unit::TestCase
+end

data/test/test_carpool.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestCarpool < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification 
+name: carpool
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Brent Kirby
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-15 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: thoughtbot-shoulda
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: fast-aes
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+description: Carpool is a single sign on solution for Rack-based applications allowing you to persist sessions across domains.
+email: dev@kurbmedia.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- carpool.gemspec
+- init.rb
+- lib/carpool.rb
+- lib/carpool/driver.rb
+- lib/carpool/mixins.rb
+- lib/carpool/passenger.rb
+- lib/carpool/seatbelt.rb
+- test/helper.rb
+- test/test_carpool.rb
+has_rdoc: true
+homepage: http://github.com/kurbmedia/carpool
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Single Sign On solution for Rack-Based applications
+test_files: 
+- test/helper.rb
+- test/test_carpool.rb