cased-ruby 0.4.0 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +0 -16
- data/Gemfile.lock +2 -2
- data/README.md +126 -18
- data/lib/cased/cli/asciinema/writer.rb +2 -0
- data/lib/cased/cli/authentication.rb +2 -2
- data/lib/cased/cli/identity.rb +8 -3
- data/lib/cased/cli/interactive_session.rb +41 -2
- data/lib/cased/cli/log.rb +2 -0
- data/lib/cased/cli/recorder.rb +4 -3
- data/lib/cased/cli/session.rb +22 -8
- data/lib/cased/config.rb +20 -2
- data/lib/cased/http/client.rb +0 -2
- data/lib/cased/version.rb +1 -1
- data/vendor/cache/activesupport-6.1.3.1.gem +0 -0
- metadata +3 -3
- data/vendor/cache/activesupport-6.1.3.gem +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3404d2c5e8385e78dfd4a65f7cfc8a2f6554271a782cb693b19f11ad49c9bd97
|
4
|
+
data.tar.gz: 0f181045afaef98ccf76a78b7622b48d0d9d325dbe11ac8d57c052db646a3124
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ad8b59c1a598c4e131207fdec357059511446924f2606a198cc3a55f438d8ad4f777e4b1a372c6bb20a31270ea305f39ec90b590505ee5f387f3dc7e69574b3b
|
7
|
+
data.tar.gz: e492c1719d7a3fac650830d93a11735a0474852c790db6f503621eedff135c4ba5f4aae5bafffb344f12ea5cb18355a97b79dc83fa68db1cf988c211e090dc4b
|
data/.github/workflows/ruby.yml
CHANGED
@@ -28,19 +28,3 @@ jobs:
|
|
28
28
|
- name: Run Tests
|
29
29
|
run: |
|
30
30
|
bundle exec rake test
|
31
|
-
|
32
|
-
- name: Generate yard documentation
|
33
|
-
run: |
|
34
|
-
bundle exec yard
|
35
|
-
|
36
|
-
- name: Upload test coverage report
|
37
|
-
uses: actions/upload-artifact@v2
|
38
|
-
with:
|
39
|
-
name: coverage
|
40
|
-
path: coverage/**/*
|
41
|
-
|
42
|
-
- name: Upload generated yard documentation
|
43
|
-
uses: actions/upload-artifact@v2
|
44
|
-
with:
|
45
|
-
name: yard
|
46
|
-
path: doc/**/*
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cased-ruby (0.4.
|
4
|
+
cased-ruby (0.4.5)
|
5
5
|
activesupport (~> 6)
|
6
6
|
dotpath (= 0.1.0)
|
7
7
|
faraday (~> 1.0)
|
@@ -14,7 +14,7 @@ PATH
|
|
14
14
|
GEM
|
15
15
|
remote: https://rubygems.org/
|
16
16
|
specs:
|
17
|
-
activesupport (6.1.3)
|
17
|
+
activesupport (6.1.3.1)
|
18
18
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
19
19
|
i18n (>= 1.6, < 2)
|
20
20
|
minitest (>= 5.1)
|
data/README.md
CHANGED
@@ -7,14 +7,17 @@ A Cased client for Ruby applications in your organization to control and monitor
|
|
7
7
|
- [Installation](#installation)
|
8
8
|
- [Configuration](#configuration)
|
9
9
|
- [Usage](#usage)
|
10
|
-
- [
|
11
|
-
|
12
|
-
- [
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
10
|
+
- [Cased CLI](#cased-cli)
|
11
|
+
- [Starting an approval workflow](#starting-an-approval-workflow)
|
12
|
+
- [Audit trails](#audit-trails)
|
13
|
+
- [Publishing events to Cased](#publishing-events-to-cased)
|
14
|
+
- [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
|
15
|
+
- [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
|
16
|
+
- [Exporting events](#exporting-events)
|
17
|
+
- [Masking & filtering sensitive information](#masking--filtering-sensitive-information)
|
18
|
+
- [Disable publishing events](#disable-publishing-events)
|
19
|
+
- [Context](#context)
|
20
|
+
- [Testing](#testing)
|
18
21
|
- [Customizing cased-ruby](#customizing-cased-ruby)
|
19
22
|
- [Contributing](#contributing)
|
20
23
|
|
@@ -56,9 +59,21 @@ Cased.configure do |config|
|
|
56
59
|
# CASED_PUBLISH_URL=https://publish.cased.com
|
57
60
|
config.publish_url = 'https://publish.cased.com'
|
58
61
|
|
62
|
+
# CASED_URL=https://app.cased.com
|
63
|
+
config.url = 'https://app.cased.com'
|
64
|
+
|
59
65
|
# CASED_API_URL=https://api.cased.com
|
60
66
|
config.api_url = 'https://api.cased.com'
|
61
67
|
|
68
|
+
# GUARD_APPLICATION_KEY=guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH
|
69
|
+
config.guard_application_key = 'guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH'
|
70
|
+
|
71
|
+
# GUARD_USER_TOKEN=user_1oFqlROLNRGVLOXJSsHkJiVmylr
|
72
|
+
config.guard_user_token = 'user_1oFqlROLNRGVLOXJSsHkJiVmylr'
|
73
|
+
|
74
|
+
# DENY_IF_UNREACHABLE=1
|
75
|
+
config.guard_deny_if_unreachable = true
|
76
|
+
|
62
77
|
# CASED_RAISE_ON_ERRORS=1
|
63
78
|
config.raise_on_errors = false
|
64
79
|
|
@@ -75,7 +90,100 @@ end
|
|
75
90
|
|
76
91
|
## Usage
|
77
92
|
|
78
|
-
###
|
93
|
+
### Cased CLI
|
94
|
+
|
95
|
+
Keep any command line tool available as your team grows — monitor usage, require peer approvals for sensitive operations, and receive intelligent alerts to suspicious activity.
|
96
|
+
|
97
|
+
#### Starting an approval workflow
|
98
|
+
|
99
|
+
To start an approval workflow you must first obtain your application key and the
|
100
|
+
user token for who is requesting access.
|
101
|
+
|
102
|
+
```ruby
|
103
|
+
Cased.configure do |config|
|
104
|
+
config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
|
105
|
+
end
|
106
|
+
|
107
|
+
authentication = Cased::CLI::Authentication.new(token: 'user_1pG43D1AzTjLR8XWJHj8B3aNZ4Y')
|
108
|
+
session = Cased::CLI::Session.new(
|
109
|
+
authentication: authentication,
|
110
|
+
reason: 'I need export our GitHub issues.',
|
111
|
+
metadata: {
|
112
|
+
organization: 'GitHub',
|
113
|
+
},
|
114
|
+
)
|
115
|
+
|
116
|
+
if session.create && session.approved?
|
117
|
+
github.issues.each do |issue|
|
118
|
+
puts issue.title
|
119
|
+
end
|
120
|
+
else
|
121
|
+
puts 'Unauthorized to export GitHub issues.'
|
122
|
+
end
|
123
|
+
```
|
124
|
+
|
125
|
+
If you do not have the user token you can always request it interactively.
|
126
|
+
[Cased::CLI::Identity#identify](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/identity.rb#L10-L21)
|
127
|
+
is a blocking operation prompting the user to visit Cased to identify
|
128
|
+
themselves, returning their user token upon identifying themselves which can be
|
129
|
+
used to start your session.
|
130
|
+
|
131
|
+
```ruby
|
132
|
+
Cased.configure do |config|
|
133
|
+
config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
|
134
|
+
end
|
135
|
+
|
136
|
+
authentication = Cased::CLI::Authentication.new
|
137
|
+
identity = Cased::CLI::Identity.new
|
138
|
+
token, ip_address = identity.identify
|
139
|
+
authentication.token = token
|
140
|
+
|
141
|
+
session = Cased::CLI::Session.new(
|
142
|
+
authentication: authentication,
|
143
|
+
reason: 'I need export our GitHub issues.',
|
144
|
+
metadata: {
|
145
|
+
organization: 'GitHub',
|
146
|
+
},
|
147
|
+
)
|
148
|
+
|
149
|
+
if session.create && session.approved?
|
150
|
+
github.issues.each do |issue|
|
151
|
+
puts issue.title
|
152
|
+
end
|
153
|
+
else
|
154
|
+
puts 'Unauthorized to export GitHub issues.'
|
155
|
+
end
|
156
|
+
```
|
157
|
+
|
158
|
+
#### Starting an interactive approval workflow
|
159
|
+
|
160
|
+
If you do not want to manually create sessions and handle each state manually,
|
161
|
+
you can use the interactive approval workflow using
|
162
|
+
[Cased::CLI::InteractiveSession](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/interactive_session.rb).
|
163
|
+
|
164
|
+
```ruby
|
165
|
+
Cased.configure do |config|
|
166
|
+
config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
|
167
|
+
end
|
168
|
+
|
169
|
+
session = Cased::CLI::InteractiveSession.start
|
170
|
+
|
171
|
+
if session.approved?
|
172
|
+
github.issues.each do |issue|
|
173
|
+
puts issue.title
|
174
|
+
end
|
175
|
+
else
|
176
|
+
puts 'Unauthorized to export GitHub issues.'
|
177
|
+
end
|
178
|
+
```
|
179
|
+
|
180
|
+
You no longer need to handle obtaining the user token or asking for a reason up
|
181
|
+
front, `Cased::CLI::InteractiveSession` will prompt the user for any reason
|
182
|
+
being required as necessary.
|
183
|
+
|
184
|
+
### Audit trails
|
185
|
+
|
186
|
+
#### Publishing events to Cased
|
79
187
|
|
80
188
|
There are two ways to publish your first Cased event.
|
81
189
|
|
@@ -170,7 +278,7 @@ Both examples above are equivelent in that they publish the following `credit_ca
|
|
170
278
|
}
|
171
279
|
```
|
172
280
|
|
173
|
-
|
281
|
+
#### Retrieving events from a Cased audit trail
|
174
282
|
|
175
283
|
If you plan on retrieving audit events from your Cased audit trail you must use a Cased API key.
|
176
284
|
|
@@ -193,7 +301,7 @@ query.success? # => true
|
|
193
301
|
query.error? # => false
|
194
302
|
```
|
195
303
|
|
196
|
-
|
304
|
+
#### Retrieving events from multiple Cased audit trails
|
197
305
|
|
198
306
|
To retrieve audit events from one or more Cased audit trails you can configure multiple Cased Policy API keys and retrieve events for each one.
|
199
307
|
|
@@ -222,7 +330,7 @@ results.each do |event|
|
|
222
330
|
end
|
223
331
|
```
|
224
332
|
|
225
|
-
|
333
|
+
#### Exporting events
|
226
334
|
|
227
335
|
Exporting events from Cased allows you to provide users with exports of their own data or to respond to data requests.
|
228
336
|
|
@@ -240,7 +348,7 @@ export = Cased.policy.exports.create(
|
|
240
348
|
export.download_url # => https://api.cased.com/exports/export_1dSHQSNtAH90KA8zGTooMnmMdiD/download?token=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidXNlcl8xZFFwWThiQmdFd2RwbWRwVnJydER6TVg0ZkgiLCJ
|
241
349
|
```
|
242
350
|
|
243
|
-
|
351
|
+
#### Masking & filtering sensitive information
|
244
352
|
|
245
353
|
If you are handling sensitive information on behalf of your users you should consider masking or filtering any sensitive information.
|
246
354
|
|
@@ -257,7 +365,7 @@ Cased.publish(
|
|
257
365
|
)
|
258
366
|
```
|
259
367
|
|
260
|
-
|
368
|
+
#### Console Usage
|
261
369
|
|
262
370
|
Most Cased events will be created by users from actions on the website from custom defined events or lifecycle callbacks. The exception is any console session where models may generate Cased events as you start to modify records.
|
263
371
|
|
@@ -268,7 +376,7 @@ By default any console session will include the hostname of where the console se
|
|
268
376
|
Cased.context.push(actor: @actor)
|
269
377
|
```
|
270
378
|
|
271
|
-
|
379
|
+
#### Disable publishing events
|
272
380
|
|
273
381
|
Although rare, there may be times where you wish to disable publishing events to Cased. To do so wrap your transaction inside of a `Cased.disable` block:
|
274
382
|
|
@@ -284,7 +392,7 @@ Or you can configure the entire process to disable publishing events.
|
|
284
392
|
CASED_DISABLE_PUBLISHING=1 bundle exec ruby crawl.rb
|
285
393
|
```
|
286
394
|
|
287
|
-
|
395
|
+
#### Context
|
288
396
|
|
289
397
|
One of the most easiest ways to publish detailed events to Cased is to push contextual information on to the Cased context.
|
290
398
|
|
@@ -339,7 +447,7 @@ To clear/reset the context:
|
|
339
447
|
Cased.context.clear
|
340
448
|
```
|
341
449
|
|
342
|
-
|
450
|
+
#### Testing
|
343
451
|
|
344
452
|
cased-ruby provides a test helper class that you can use to test events are being published to Cased.
|
345
453
|
|
@@ -390,7 +498,7 @@ class CreditCardTest < Test::Unit::TestCase
|
|
390
498
|
end
|
391
499
|
```
|
392
500
|
|
393
|
-
|
501
|
+
### Customizing cased-ruby
|
394
502
|
|
395
503
|
Out of the box cased-ruby takes care of serializing objects for you to the best of its ability, but you can customize cased-ruby should you like to fit your products needs.
|
396
504
|
|
@@ -11,6 +11,7 @@ module Cased
|
|
11
11
|
|
12
12
|
attr_accessor :width
|
13
13
|
attr_accessor :height
|
14
|
+
attr_reader :command
|
14
15
|
attr_reader :stream
|
15
16
|
attr_reader :started_at
|
16
17
|
attr_reader :finished_at
|
@@ -51,6 +52,7 @@ module Cased
|
|
51
52
|
},
|
52
53
|
'width' => width,
|
53
54
|
'height' => height,
|
55
|
+
'command' => command.join(' '),
|
54
56
|
}.tap do |h|
|
55
57
|
if started_at
|
56
58
|
h['timestamp'] = started_at.to_i
|
@@ -9,8 +9,8 @@ module Cased
|
|
9
9
|
attr_reader :credentials_path
|
10
10
|
attr_writer :token
|
11
11
|
|
12
|
-
def initialize
|
13
|
-
@token = Cased.config.guard_user_token
|
12
|
+
def initialize(token: nil)
|
13
|
+
@token = token || Cased.config.guard_user_token
|
14
14
|
@directory = Pathname.new(File.expand_path('~/.cguard'))
|
15
15
|
@credentials_path = @directory.join('credentials')
|
16
16
|
end
|
data/lib/cased/cli/identity.rb
CHANGED
@@ -23,15 +23,20 @@ module Cased
|
|
23
23
|
def poll(poll_url)
|
24
24
|
count = 0
|
25
25
|
user_id = nil
|
26
|
+
ip_address = nil
|
26
27
|
|
27
28
|
while user_id.nil?
|
28
29
|
count += 1
|
29
30
|
response = Cased.clients.cli.get(poll_url)
|
30
|
-
|
31
|
-
|
31
|
+
if response.success?
|
32
|
+
user_id = response.body.dig('user', 'id')
|
33
|
+
ip_address = response.body.fetch('ip_address')
|
34
|
+
else
|
35
|
+
sleep 1
|
36
|
+
end
|
32
37
|
end
|
33
38
|
|
34
|
-
user_id
|
39
|
+
[user_id, ip_address]
|
35
40
|
end
|
36
41
|
end
|
37
42
|
end
|
@@ -30,8 +30,31 @@ module Cased
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def create
|
33
|
+
signal_handler = Signal.trap('SIGINT') do
|
34
|
+
if session.requested?
|
35
|
+
Cased::CLI::Log.log 'Exiting and canceling request…'
|
36
|
+
session.cancel
|
37
|
+
exit 0
|
38
|
+
elsif signal_handler.respond_to?(:call)
|
39
|
+
# We need to call the original handler if we exit this interactive
|
40
|
+
# session successfully
|
41
|
+
signal_handler.call
|
42
|
+
else
|
43
|
+
raise Interrupt
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
33
47
|
if session.create
|
34
48
|
handle_state(session.state)
|
49
|
+
elsif session.reauthenticate?
|
50
|
+
Cased::CLI::Log.log "You must re-authenticate with Cased due to recent changes to this application's settings."
|
51
|
+
|
52
|
+
identity = Cased::CLI::Identity.new
|
53
|
+
token, ip_address = identity.identify
|
54
|
+
session.authentication.token = token
|
55
|
+
session.forwarded_ip_address = ip_address
|
56
|
+
|
57
|
+
create
|
35
58
|
elsif session.unauthorized?
|
36
59
|
if session.authentication.exists?
|
37
60
|
Cased::CLI::Log.log "Existing credentials at #{session.authentication.credentials_path} are not valid."
|
@@ -40,7 +63,9 @@ module Cased
|
|
40
63
|
end
|
41
64
|
|
42
65
|
identity = Cased::CLI::Identity.new
|
43
|
-
|
66
|
+
token, ip_address = identity.identify
|
67
|
+
session.authentication.token = token
|
68
|
+
session.forwarded_ip_address = ip_address
|
44
69
|
|
45
70
|
create
|
46
71
|
elsif session.reason_required?
|
@@ -57,26 +82,40 @@ module Cased
|
|
57
82
|
|
58
83
|
def reason_prompt
|
59
84
|
print Cased::CLI::Log.string 'Please enter a reason for access: '
|
60
|
-
session.reason = gets.chomp
|
85
|
+
session.reason = STDIN.gets.chomp
|
61
86
|
end
|
62
87
|
|
63
88
|
def wait_for_approval
|
89
|
+
sleep 1
|
64
90
|
session.refresh && handle_state(session.state)
|
65
91
|
end
|
66
92
|
|
93
|
+
def waiting_for_approval_message
|
94
|
+
return if defined?(@waiting_for_approval_message_displayed)
|
95
|
+
|
96
|
+
motd = session.guard_application.dig('settings', 'message_of_the_day')
|
97
|
+
waiting_message = motd.blank? ? 'Approval request sent…' : motd
|
98
|
+
Cased::CLI::Log.log "#{waiting_message} (id: #{session.id})"
|
99
|
+
@waiting_for_approval_message_displayed = true
|
100
|
+
end
|
101
|
+
|
67
102
|
def handle_state(state)
|
68
103
|
case state
|
69
104
|
when 'approved'
|
70
105
|
Cased::CLI::Log.log 'CLI session has been approved'
|
71
106
|
session.record
|
72
107
|
when 'requested'
|
108
|
+
waiting_for_approval_message
|
73
109
|
wait_for_approval
|
74
110
|
when 'denied'
|
75
111
|
Cased::CLI::Log.log 'CLI session has been denied'
|
112
|
+
exit 1
|
76
113
|
when 'timed_out'
|
77
114
|
Cased::CLI::Log.log 'CLI session has timed out'
|
115
|
+
exit 1
|
78
116
|
when 'canceled'
|
79
117
|
Cased::CLI::Log.log 'CLI session has been canceled'
|
118
|
+
exit 0
|
80
119
|
end
|
81
120
|
end
|
82
121
|
end
|
data/lib/cased/cli/log.rb
CHANGED
data/lib/cased/cli/recorder.rb
CHANGED
@@ -6,6 +6,7 @@ module Cased
|
|
6
6
|
module CLI
|
7
7
|
class Recorder
|
8
8
|
KEY = 'CASED_CLI_RECORDING'
|
9
|
+
TRUE = '1'
|
9
10
|
|
10
11
|
attr_reader :command
|
11
12
|
attr_reader :events
|
@@ -17,7 +18,7 @@ module Cased
|
|
17
18
|
|
18
19
|
# @return [Boolean] if CLI session is being recorded.
|
19
20
|
def self.recording?
|
20
|
-
ENV[KEY] ==
|
21
|
+
ENV[KEY] == TRUE
|
21
22
|
end
|
22
23
|
|
23
24
|
def initialize(command, env: {})
|
@@ -27,10 +28,10 @@ module Cased
|
|
27
28
|
@height = Subprocess.check_output(%w[tput lines]).strip.to_i
|
28
29
|
|
29
30
|
subprocess_env = ENV.to_h.dup
|
30
|
-
subprocess_env[KEY] =
|
31
|
+
subprocess_env[KEY] = TRUE
|
31
32
|
subprocess_env.merge!(env)
|
32
33
|
@writer = Cased::CLI::Asciinema::Writer.new(
|
33
|
-
command: command
|
34
|
+
command: command,
|
34
35
|
width: width,
|
35
36
|
height: height,
|
36
37
|
)
|
data/lib/cased/cli/session.rb
CHANGED
@@ -22,9 +22,7 @@ module Cased
|
|
22
22
|
# If we're inside of a recorded session we can lookup the session
|
23
23
|
# we're in.
|
24
24
|
def self.current
|
25
|
-
|
26
|
-
|
27
|
-
@current = if ENV['GUARD_SESSION_ID']
|
25
|
+
@current ||= if ENV['GUARD_SESSION_ID']
|
28
26
|
Cased::CLI::Session.find(ENV['GUARD_SESSION_ID'])
|
29
27
|
end
|
30
28
|
end
|
@@ -88,9 +86,17 @@ module Cased
|
|
88
86
|
# @return [String, nil]
|
89
87
|
attr_accessor :reason
|
90
88
|
|
89
|
+
# Public: The forwarded IP V4 or IP V6 address of the user that initiated
|
90
|
+
# the CLI session.
|
91
|
+
#
|
92
|
+
# @example
|
93
|
+
# session.forwarded_ip_address #=> "1.1.1.1"
|
94
|
+
# @return [String, nil]
|
95
|
+
attr_accessor :forwarded_ip_address
|
96
|
+
|
91
97
|
# Public: The client's IP V4 or IP V6 address that initiated the CLI session.
|
92
98
|
# @example
|
93
|
-
# session.
|
99
|
+
# session.ip_address #=> "1.1.1.1"
|
94
100
|
# @return [String, nil]
|
95
101
|
attr_reader :ip_address
|
96
102
|
|
@@ -121,7 +127,7 @@ module Cased
|
|
121
127
|
def initialize(reason: nil, command: nil, metadata: {}, authentication: nil)
|
122
128
|
@authentication = authentication || Cased::CLI::Authentication.new
|
123
129
|
@reason = reason
|
124
|
-
@command = command
|
130
|
+
@command = command || [$PROGRAM_NAME, *ARGV].join(' ')
|
125
131
|
@metadata = metadata
|
126
132
|
@requester = {}
|
127
133
|
@responder = {}
|
@@ -146,6 +152,7 @@ module Cased
|
|
146
152
|
@command = session.fetch('command')
|
147
153
|
@metadata = session.fetch('metadata')
|
148
154
|
@reason = session.fetch('reason')
|
155
|
+
@forwarded_ip_address = session.fetch('forwarded_ip_address')
|
149
156
|
@ip_address = session.fetch('ip_address')
|
150
157
|
@requester = session.fetch('requester')
|
151
158
|
@responded_at = session['responded_at']
|
@@ -177,7 +184,7 @@ module Cased
|
|
177
184
|
return false unless api_url
|
178
185
|
|
179
186
|
response = Cased.clients.cli.get(api_url, user_token: authentication.token)
|
180
|
-
self.session = response.body
|
187
|
+
self.session = response.body
|
181
188
|
end
|
182
189
|
|
183
190
|
def error?
|
@@ -196,12 +203,16 @@ module Cased
|
|
196
203
|
error == :unauthorized
|
197
204
|
end
|
198
205
|
|
206
|
+
def reauthenticate?
|
207
|
+
error == :reauthenticate
|
208
|
+
end
|
209
|
+
|
199
210
|
def record_output?
|
200
211
|
guard_application.dig('settings', 'record_output') || false
|
201
212
|
end
|
202
213
|
|
203
214
|
def record
|
204
|
-
return unless recordable? && record_output?
|
215
|
+
return false unless recordable? && record_output?
|
205
216
|
|
206
217
|
Cased::CLI::Log.log 'CLI session is now recording'
|
207
218
|
|
@@ -224,6 +235,7 @@ module Cased
|
|
224
235
|
|
225
236
|
response = Cased.clients.cli.post('cli/sessions',
|
226
237
|
user_token: authentication.token,
|
238
|
+
forwarded_ip_address: forwarded_ip_address,
|
227
239
|
reason: reason,
|
228
240
|
metadata: metadata,
|
229
241
|
command: command)
|
@@ -235,6 +247,8 @@ module Cased
|
|
235
247
|
@error = :reason_required
|
236
248
|
when 'unauthorized'
|
237
249
|
@error = :unauthorized
|
250
|
+
when 'reauthenticate'
|
251
|
+
@error = :reauthenticate
|
238
252
|
else
|
239
253
|
@error = true
|
240
254
|
return false
|
@@ -246,7 +260,7 @@ module Cased
|
|
246
260
|
|
247
261
|
def cancel
|
248
262
|
response = Cased.clients.cli.post("#{api_url}/cancel", user_token: authentication.token)
|
249
|
-
self.session = response.body
|
263
|
+
self.session = response.body
|
250
264
|
|
251
265
|
canceled?
|
252
266
|
end
|
data/lib/cased/config.rb
CHANGED
@@ -26,6 +26,19 @@ module Cased
|
|
26
26
|
# end
|
27
27
|
attr_reader :http_read_timeout
|
28
28
|
|
29
|
+
# The Cased HTTP URL. Defaults to https://app.cased.com
|
30
|
+
#
|
31
|
+
# @example
|
32
|
+
# CASED_URL="https://app.cased.com" rails server
|
33
|
+
#
|
34
|
+
# @example
|
35
|
+
# Cased.configure do |config|
|
36
|
+
# config.url = "https://app.cased.com"
|
37
|
+
# end
|
38
|
+
#
|
39
|
+
# @return [String]
|
40
|
+
attr_accessor :url
|
41
|
+
|
29
42
|
# The Cased HTTP API URL. Defaults to https://api.cased.com
|
30
43
|
#
|
31
44
|
# @example
|
@@ -62,7 +75,7 @@ module Cased
|
|
62
75
|
# Cased.configure do |config|
|
63
76
|
# config.guard_deny_if_unreachable = true
|
64
77
|
# end
|
65
|
-
|
78
|
+
attr_reader :guard_deny_if_unreachable
|
66
79
|
|
67
80
|
# The URL to publish audit events to. Defaults to https://publish.cased.com
|
68
81
|
#
|
@@ -140,11 +153,12 @@ module Cased
|
|
140
153
|
@http_read_timeout = ENV.fetch('CASED_HTTP_READ_TIMEOUT', 10).to_i
|
141
154
|
@http_open_timeout = ENV.fetch('CASED_HTTP_OPEN_TIMEOUT', 5).to_i
|
142
155
|
@raise_on_errors = !ENV['CASED_RAISE_ON_ERRORS'].nil?
|
156
|
+
@url = ENV.fetch('CASED_URL', 'https://app.cased.com')
|
143
157
|
@api_url = ENV.fetch('CASED_API_URL', 'https://api.cased.com')
|
144
158
|
@publish_url = ENV.fetch('CASED_PUBLISH_URL', 'https://publish.cased.com')
|
145
159
|
@guard_application_key = ENV['GUARD_APPLICATION_KEY']
|
146
160
|
@guard_user_token = ENV['GUARD_USER_TOKEN']
|
147
|
-
|
161
|
+
self.guard_deny_if_unreachable = ENV['DENY_IF_UNREACHABLE']
|
148
162
|
@publish_key = ENV['CASED_PUBLISH_KEY']
|
149
163
|
@silence = !ENV['CASED_SILENCE'].nil?
|
150
164
|
@policy_keys = Hash.new do |hash, key|
|
@@ -199,6 +213,10 @@ module Cased
|
|
199
213
|
@silence || !ENV['CASED_SILENCE'].nil?
|
200
214
|
end
|
201
215
|
|
216
|
+
def guard_deny_if_unreachable=(value)
|
217
|
+
@guard_deny_if_unreachable = parse_bool(value)
|
218
|
+
end
|
219
|
+
|
202
220
|
def guard_deny_if_unreachable?
|
203
221
|
@guard_deny_if_unreachable
|
204
222
|
end
|
data/lib/cased/http/client.rb
CHANGED
data/lib/cased/version.rb
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cased-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Garrett Bjerkhoel
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-03-
|
11
|
+
date: 2021-03-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -343,7 +343,7 @@ files:
|
|
343
343
|
- lib/cased/sensitive/string.rb
|
344
344
|
- lib/cased/test_helper.rb
|
345
345
|
- lib/cased/version.rb
|
346
|
-
- vendor/cache/activesupport-6.1.3.gem
|
346
|
+
- vendor/cache/activesupport-6.1.3.1.gem
|
347
347
|
- vendor/cache/addressable-2.7.0.gem
|
348
348
|
- vendor/cache/ast-2.4.0.gem
|
349
349
|
- vendor/cache/byebug-11.0.1.gem
|
Binary file
|