cased-ruby 0.4.0 → 0.4.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e22f14bbfac74d8d6ed2565ab7d4dd2607b03178a8534e15681ebad08aadd047
-  data.tar.gz: aeec32fc2d39829a6e4c24b4b8024b416dad08d84528d13eaa2d310c4a3c2c59
+  metadata.gz: 3404d2c5e8385e78dfd4a65f7cfc8a2f6554271a782cb693b19f11ad49c9bd97
+  data.tar.gz: 0f181045afaef98ccf76a78b7622b48d0d9d325dbe11ac8d57c052db646a3124
 SHA512:
-  metadata.gz: ba38566776a824c05f9750a72ca0e0b878279a07e5134fac83d54e9f10d462a8a940bf01f5d0968c1654adfb9a196f3d7ad6398614c987e41168bdf81d40cd93
-  data.tar.gz: f5bde94bab92b5cfc4dce4a146ca5a1d02d7946f14e5003386b3b82c920c656b92665b801b5ae5ef116316b0d33e7c3d727a730bda46426e30d08380b7bac798
+  metadata.gz: ad8b59c1a598c4e131207fdec357059511446924f2606a198cc3a55f438d8ad4f777e4b1a372c6bb20a31270ea305f39ec90b590505ee5f387f3dc7e69574b3b
+  data.tar.gz: e492c1719d7a3fac650830d93a11735a0474852c790db6f503621eedff135c4ba5f4aae5bafffb344f12ea5cb18355a97b79dc83fa68db1cf988c211e090dc4b

data/.github/workflows/ruby.yml

@@ -28,19 +28,3 @@ jobs:
       - name: Run Tests
         run: |
           bundle exec rake test
-
-      - name: Generate yard documentation
-        run: |
-          bundle exec yard
-
-      - name: Upload test coverage report
-        uses: actions/upload-artifact@v2
-        with:
-          name: coverage
-          path: coverage/**/*
-
-      - name: Upload generated yard documentation
-        uses: actions/upload-artifact@v2
-        with:
-          name: yard
-          path: doc/**/*

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cased-ruby (0.4.0)
+    cased-ruby (0.4.5)
       activesupport (~> 6)
       dotpath (= 0.1.0)
       faraday (~> 1.0)
@@ -14,7 +14,7 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.1.3)
+    activesupport (6.1.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)

data/README.md

@@ -7,14 +7,17 @@ A Cased client for Ruby applications in your organization to control and monitor
 - [Installation](#installation)
 - [Configuration](#configuration)
 - [Usage](#usage)
-  - [Publishing events to Cased](#publishing-events-to-cased)
-  - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
-  - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
-  - [Exporting events](#exporting-events)
-  - [Masking & filtering sensitive information](#masking--filtering-sensitive-information)
-  - [Disable publishing events](#disable-publishing-events)
-  - [Context](#context)
-  - [Testing](#testing)
+  - [Cased CLI](#cased-cli)
+    - [Starting an approval workflow](#starting-an-approval-workflow)
+  - [Audit trails](#audit-trails)
+    - [Publishing events to Cased](#publishing-events-to-cased)
+    - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
+    - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
+    - [Exporting events](#exporting-events)
+    - [Masking & filtering sensitive information](#masking--filtering-sensitive-information)
+    - [Disable publishing events](#disable-publishing-events)
+    - [Context](#context)
+    - [Testing](#testing)
 - [Customizing cased-ruby](#customizing-cased-ruby)
 - [Contributing](#contributing)
 
@@ -56,9 +59,21 @@ Cased.configure do |config|
   # CASED_PUBLISH_URL=https://publish.cased.com
   config.publish_url = 'https://publish.cased.com'
 
+  # CASED_URL=https://app.cased.com
+  config.url = 'https://app.cased.com'
+
   # CASED_API_URL=https://api.cased.com
   config.api_url = 'https://api.cased.com'
 
+  # GUARD_APPLICATION_KEY=guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH
+  config.guard_application_key = 'guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH'
+
+  # GUARD_USER_TOKEN=user_1oFqlROLNRGVLOXJSsHkJiVmylr
+  config.guard_user_token = 'user_1oFqlROLNRGVLOXJSsHkJiVmylr'
+
+  # DENY_IF_UNREACHABLE=1
+  config.guard_deny_if_unreachable = true
+
   # CASED_RAISE_ON_ERRORS=1
   config.raise_on_errors = false
 
@@ -75,7 +90,100 @@ end
 
 ## Usage
 
-### Publishing events to Cased
+### Cased CLI
+
+Keep any command line tool available as your team grows — monitor usage, require peer approvals for sensitive operations, and receive intelligent alerts to suspicious activity.
+
+#### Starting an approval workflow
+
+To start an approval workflow you must first obtain your application key and the
+user token for who is requesting access.
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+authentication = Cased::CLI::Authentication.new(token: 'user_1pG43D1AzTjLR8XWJHj8B3aNZ4Y')
+session = Cased::CLI::Session.new(
+  authentication: authentication,
+  reason: 'I need export our GitHub issues.',
+  metadata: {
+    organization: 'GitHub',
+  },
+)
+
+if session.create && session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+If you do not have the user token you can always request it interactively.
+[Cased::CLI::Identity#identify](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/identity.rb#L10-L21)
+is a blocking operation prompting the user to visit Cased to identify
+themselves, returning their user token upon identifying themselves which can be
+used to start your session.
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+authentication = Cased::CLI::Authentication.new
+identity = Cased::CLI::Identity.new
+token, ip_address = identity.identify
+authentication.token = token
+
+session = Cased::CLI::Session.new(
+  authentication: authentication,
+  reason: 'I need export our GitHub issues.',
+  metadata: {
+    organization: 'GitHub',
+  },
+)
+
+if session.create && session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+#### Starting an interactive approval workflow
+
+If you do not want to manually create sessions and handle each state manually,
+you can use the interactive approval workflow using
+[Cased::CLI::InteractiveSession](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/interactive_session.rb).
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+session = Cased::CLI::InteractiveSession.start
+
+if session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+You no longer need to handle obtaining the user token or asking for a reason up
+front, `Cased::CLI::InteractiveSession` will prompt the user for any reason
+being required as necessary.
+
+### Audit trails
+
+#### Publishing events to Cased
 
 There are two ways to publish your first Cased event.
 
@@ -170,7 +278,7 @@ Both examples above are equivelent in that they publish the following `credit_ca
 }
 ```
 
-### Retrieving events from a Cased audit trail
+#### Retrieving events from a Cased audit trail
 
 If you plan on retrieving audit events from your Cased audit trail you must use a Cased API key.
 
@@ -193,7 +301,7 @@ query.success? # => true
 query.error? # => false
 ```
 
-### Retrieving events from multiple Cased audit trails
+#### Retrieving events from multiple Cased audit trails
 
 To retrieve audit events from one or more Cased audit trails you can configure multiple Cased Policy API keys and retrieve events for each one.
 
@@ -222,7 +330,7 @@ results.each do |event|
 end
 ```
 
-### Exporting events
+#### Exporting events
 
 Exporting events from Cased allows you to provide users with exports of their own data or to respond to data requests.
 
@@ -240,7 +348,7 @@ export = Cased.policy.exports.create(
 export.download_url # => https://api.cased.com/exports/export_1dSHQSNtAH90KA8zGTooMnmMdiD/download?token=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidXNlcl8xZFFwWThiQmdFd2RwbWRwVnJydER6TVg0ZkgiLCJ
 ```
 
-### Masking & filtering sensitive information
+#### Masking & filtering sensitive information
 
 If you are handling sensitive information on behalf of your users you should consider masking or filtering any sensitive information.
 
@@ -257,7 +365,7 @@ Cased.publish(
 )
 ```
 
-### Console Usage
+#### Console Usage
 
 Most Cased events will be created by users from actions on the website from custom defined events or lifecycle callbacks. The exception is any console session where models may generate Cased events as you start to modify records.
 
@@ -268,7 +376,7 @@ By default any console session will include the hostname of where the console se
 Cased.context.push(actor: @actor)
 ```
 
-### Disable publishing events
+#### Disable publishing events
 
 Although rare, there may be times where you wish to disable publishing events to Cased. To do so wrap your transaction inside of a `Cased.disable` block:
 
@@ -284,7 +392,7 @@ Or you can configure the entire process to disable publishing events.
 CASED_DISABLE_PUBLISHING=1 bundle exec ruby crawl.rb
 ```
 
-### Context
+#### Context
 
 One of the most easiest ways to publish detailed events to Cased is to push contextual information on to the Cased context.
 
@@ -339,7 +447,7 @@ To clear/reset the context:
 Cased.context.clear
 ```
 
-### Testing
+#### Testing
 
 cased-ruby provides a test helper class that you can use to test events are being published to Cased.
 
@@ -390,7 +498,7 @@ class CreditCardTest < Test::Unit::TestCase
 end
 ```
 
-## Customizing cased-ruby
+### Customizing cased-ruby
 
 Out of the box cased-ruby takes care of serializing objects for you to the best of its ability, but you can customize cased-ruby should you like to fit your products needs.
 

data/lib/cased/cli/asciinema/writer.rb

@@ -11,6 +11,7 @@ module Cased
 
         attr_accessor :width
         attr_accessor :height
+        attr_reader :command
         attr_reader :stream
         attr_reader :started_at
         attr_reader :finished_at
@@ -51,6 +52,7 @@ module Cased
             },
             'width' => width,
             'height' => height,
+            'command' => command.join(' '),
           }.tap do |h|
             if started_at
               h['timestamp'] = started_at.to_i

data/lib/cased/cli/authentication.rb

@@ -9,8 +9,8 @@ module Cased
       attr_reader :credentials_path
       attr_writer :token
 
-      def initialize
-        @token = Cased.config.guard_user_token
+      def initialize(token: nil)
+        @token = token || Cased.config.guard_user_token
         @directory = Pathname.new(File.expand_path('~/.cguard'))
         @credentials_path = @directory.join('credentials')
       end

data/lib/cased/cli/identity.rb

@@ -23,15 +23,20 @@ module Cased
       def poll(poll_url)
         count = 0
         user_id = nil
+        ip_address = nil
 
         while user_id.nil?
           count += 1
           response = Cased.clients.cli.get(poll_url)
-          user_id = response.body.dig('user', 'id')
-          sleep 1 if user_id.nil?
+          if response.success?
+            user_id = response.body.dig('user', 'id')
+            ip_address = response.body.fetch('ip_address')
+          else
+            sleep 1
+          end
         end
 
-        user_id
+        [user_id, ip_address]
       end
     end
   end

data/lib/cased/cli/interactive_session.rb

@@ -30,8 +30,31 @@ module Cased
       end
 
       def create
+        signal_handler = Signal.trap('SIGINT') do
+          if session.requested?
+            Cased::CLI::Log.log 'Exiting and canceling request…'
+            session.cancel
+            exit 0
+          elsif signal_handler.respond_to?(:call)
+            # We need to call the original handler if we exit this interactive
+            # session successfully
+            signal_handler.call
+          else
+            raise Interrupt
+          end
+        end
+
         if session.create
           handle_state(session.state)
+        elsif session.reauthenticate?
+          Cased::CLI::Log.log "You must re-authenticate with Cased due to recent changes to this application's settings."
+
+          identity = Cased::CLI::Identity.new
+          token, ip_address = identity.identify
+          session.authentication.token = token
+          session.forwarded_ip_address = ip_address
+
+          create
         elsif session.unauthorized?
           if session.authentication.exists?
             Cased::CLI::Log.log "Existing credentials at #{session.authentication.credentials_path} are not valid."
@@ -40,7 +63,9 @@ module Cased
           end
 
           identity = Cased::CLI::Identity.new
-          session.authentication.token = identity.identify
+          token, ip_address = identity.identify
+          session.authentication.token = token
+          session.forwarded_ip_address = ip_address
 
           create
         elsif session.reason_required?
@@ -57,26 +82,40 @@ module Cased
 
       def reason_prompt
         print Cased::CLI::Log.string 'Please enter a reason for access: '
-        session.reason = gets.chomp
+        session.reason = STDIN.gets.chomp
       end
 
       def wait_for_approval
+        sleep 1
         session.refresh && handle_state(session.state)
       end
 
+      def waiting_for_approval_message
+        return if defined?(@waiting_for_approval_message_displayed)
+
+        motd = session.guard_application.dig('settings', 'message_of_the_day')
+        waiting_message = motd.blank? ? 'Approval request sent…' : motd
+        Cased::CLI::Log.log "#{waiting_message} (id: #{session.id})"
+        @waiting_for_approval_message_displayed = true
+      end
+
       def handle_state(state)
         case state
         when 'approved'
           Cased::CLI::Log.log 'CLI session has been approved'
           session.record
         when 'requested'
+          waiting_for_approval_message
           wait_for_approval
         when 'denied'
           Cased::CLI::Log.log 'CLI session has been denied'
+          exit 1
         when 'timed_out'
           Cased::CLI::Log.log 'CLI session has timed out'
+          exit 1
         when 'canceled'
           Cased::CLI::Log.log 'CLI session has been canceled'
+          exit 0
         end
       end
     end

data/lib/cased/cli/log.rb

@@ -13,6 +13,8 @@ module Cased
 
       def self.log(text)
         puts string(text)
+      ensure
+        STDOUT.flush
       end
 
       def self.color(text, color, bold = false)

data/lib/cased/cli/recorder.rb

@@ -6,6 +6,7 @@ module Cased
   module CLI
     class Recorder
       KEY = 'CASED_CLI_RECORDING'
+      TRUE = '1'
 
       attr_reader :command
       attr_reader :events
@@ -17,7 +18,7 @@ module Cased
 
       # @return [Boolean] if CLI session is being recorded.
       def self.recording?
-        ENV[KEY] == '1'
+        ENV[KEY] == TRUE
       end
 
       def initialize(command, env: {})
@@ -27,10 +28,10 @@ module Cased
         @height = Subprocess.check_output(%w[tput lines]).strip.to_i
 
         subprocess_env = ENV.to_h.dup
-        subprocess_env[KEY] = '1'
+        subprocess_env[KEY] = TRUE
         subprocess_env.merge!(env)
         @writer = Cased::CLI::Asciinema::Writer.new(
-          command: command.join(' '),
+          command: command,
           width: width,
           height: height,
         )

data/lib/cased/cli/session.rb

@@ -22,9 +22,7 @@ module Cased
       # If we're inside of a recorded session we can lookup the session
       # we're in.
       def self.current
-        return @current if defined?(@current)
-
-        @current = if ENV['GUARD_SESSION_ID']
+        @current ||= if ENV['GUARD_SESSION_ID']
           Cased::CLI::Session.find(ENV['GUARD_SESSION_ID'])
         end
       end
@@ -88,9 +86,17 @@ module Cased
       # @return [String, nil]
       attr_accessor :reason
 
+      # Public: The forwarded IP V4 or IP V6 address of the user that initiated
+      # the CLI session.
+      #
+      # @example
+      #   session.forwarded_ip_address #=> "1.1.1.1"
+      # @return [String, nil]
+      attr_accessor :forwarded_ip_address
+
       # Public: The client's IP V4 or IP V6 address that initiated the CLI session.
       # @example
-      #   session.reason #=> "1.1.1.1"
+      #   session.ip_address #=> "1.1.1.1"
       # @return [String, nil]
       attr_reader :ip_address
 
@@ -121,7 +127,7 @@ module Cased
       def initialize(reason: nil, command: nil, metadata: {}, authentication: nil)
         @authentication = authentication || Cased::CLI::Authentication.new
         @reason = reason
-        @command = command
+        @command = command || [$PROGRAM_NAME, *ARGV].join(' ')
         @metadata = metadata
         @requester = {}
         @responder = {}
@@ -146,6 +152,7 @@ module Cased
         @command = session.fetch('command')
         @metadata = session.fetch('metadata')
         @reason = session.fetch('reason')
+        @forwarded_ip_address = session.fetch('forwarded_ip_address')
         @ip_address = session.fetch('ip_address')
         @requester = session.fetch('requester')
         @responded_at = session['responded_at']
@@ -177,7 +184,7 @@ module Cased
         return false unless api_url
 
         response = Cased.clients.cli.get(api_url, user_token: authentication.token)
-        self.session = response.body if response.success?
+        self.session = response.body
       end
 
       def error?
@@ -196,12 +203,16 @@ module Cased
         error == :unauthorized
       end
 
+      def reauthenticate?
+        error == :reauthenticate
+      end
+
       def record_output?
         guard_application.dig('settings', 'record_output') || false
       end
 
       def record
-        return unless recordable? && record_output?
+        return false unless recordable? && record_output?
 
         Cased::CLI::Log.log 'CLI session is now recording'
 
@@ -224,6 +235,7 @@ module Cased
 
         response = Cased.clients.cli.post('cli/sessions',
           user_token: authentication.token,
+          forwarded_ip_address: forwarded_ip_address,
           reason: reason,
           metadata: metadata,
           command: command)
@@ -235,6 +247,8 @@ module Cased
             @error = :reason_required
           when 'unauthorized'
             @error = :unauthorized
+          when 'reauthenticate'
+            @error = :reauthenticate
           else
             @error = true
             return false
@@ -246,7 +260,7 @@ module Cased
 
       def cancel
         response = Cased.clients.cli.post("#{api_url}/cancel", user_token: authentication.token)
-        self.session = response.body if response.success?
+        self.session = response.body
 
         canceled?
       end

data/lib/cased/config.rb

@@ -26,6 +26,19 @@ module Cased
     #    end
     attr_reader :http_read_timeout
 
+    # The Cased HTTP URL. Defaults to https://app.cased.com
+    #
+    # @example
+    #    CASED_URL="https://app.cased.com" rails server
+    #
+    # @example
+    #    Cased.configure do |config|
+    #      config.url = "https://app.cased.com"
+    #    end
+    #
+    # @return [String]
+    attr_accessor :url
+
     # The Cased HTTP API URL. Defaults to https://api.cased.com
     #
     # @example
@@ -62,7 +75,7 @@ module Cased
     #    Cased.configure do |config|
     #      config.guard_deny_if_unreachable = true
     #    end
-    attr_accessor :guard_deny_if_unreachable
+    attr_reader :guard_deny_if_unreachable
 
     # The URL to publish audit events to. Defaults to https://publish.cased.com
     #
@@ -140,11 +153,12 @@ module Cased
       @http_read_timeout = ENV.fetch('CASED_HTTP_READ_TIMEOUT', 10).to_i
       @http_open_timeout = ENV.fetch('CASED_HTTP_OPEN_TIMEOUT', 5).to_i
       @raise_on_errors = !ENV['CASED_RAISE_ON_ERRORS'].nil?
+      @url = ENV.fetch('CASED_URL', 'https://app.cased.com')
       @api_url = ENV.fetch('CASED_API_URL', 'https://api.cased.com')
       @publish_url = ENV.fetch('CASED_PUBLISH_URL', 'https://publish.cased.com')
       @guard_application_key = ENV['GUARD_APPLICATION_KEY']
       @guard_user_token = ENV['GUARD_USER_TOKEN']
-      @guard_deny_if_unreachable = parse_bool(ENV['DENY_IF_UNREACHABLE'])
+      self.guard_deny_if_unreachable = ENV['DENY_IF_UNREACHABLE']
       @publish_key = ENV['CASED_PUBLISH_KEY']
       @silence = !ENV['CASED_SILENCE'].nil?
       @policy_keys = Hash.new do |hash, key|
@@ -199,6 +213,10 @@ module Cased
       @silence || !ENV['CASED_SILENCE'].nil?
     end
 
+    def guard_deny_if_unreachable=(value)
+      @guard_deny_if_unreachable = parse_bool(value)
+    end
+
     def guard_deny_if_unreachable?
       @guard_deny_if_unreachable
     end

data/lib/cased/http/client.rb

@@ -20,8 +20,6 @@ module Cased
 
           conn.options.timeout = Cased.config.http_read_timeout
           conn.options.open_timeout = Cased.config.http_open_timeout
-
-          conn.adapter :net_http_persistent
         end
       end
 

data/lib/cased/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Cased
-  VERSION = '0.4.0'
+  VERSION = '0.4.5'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cased-ruby
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.5
 platform: ruby
 authors:
 - Garrett Bjerkhoel
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-02 00:00:00.000000000 Z
+date: 2021-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -343,7 +343,7 @@ files:
 - lib/cased/sensitive/string.rb
 - lib/cased/test_helper.rb
 - lib/cased/version.rb
-- vendor/cache/activesupport-6.1.3.gem
+- vendor/cache/activesupport-6.1.3.1.gem
 - vendor/cache/addressable-2.7.0.gem
 - vendor/cache/ast-2.4.0.gem
 - vendor/cache/byebug-11.0.1.gem