clerk-rails 0.1.10 → 0.1.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c63b3805b3c868266fa141994d51861c36937e129d2ceac798968edd1179d65
-  data.tar.gz: 93f0dad921f7969221f5355a1f193ff12352b2b63acf7f97f6aa2e22ca2ec33b
+  metadata.gz: 954cbd3886921775435d732704b6ae645237571ff1eb538979e86b252419a38d
+  data.tar.gz: bbcaa255ffb48a83f694398467e6afca6df2fc9e7138bdf45e9ed0628ad1c8fd
 SHA512:
-  metadata.gz: c2cac89e76f26076e369e9682db9b9ca9b1a75c3511fcf78462f3b6997c2ace36eb571c48c2a4118837012a0e1a9b805b931f2ba2bdbda74e8a2c8444c04ba59
-  data.tar.gz: beda17af8b83240de22cdb56d8c256b1a0ee7d27f4edbc98ed4abc5650f864c83109fb207e53016c9aad0fe72566af48171daa251232a5c4c0a234c11e4505e0
+  metadata.gz: 3e34b00a89204fa089c6534e385d167b3e0ec961257b1e18bc8463e598adad7ab1580c0799fcdcf8c37d2dabd928d7fe7d6d4fe888a2876f4712c5ae647640a8
+  data.tar.gz: e401f93db2c7bee14b7f70def532e247f97e400bc545c08040315be1c36c84d2f8a7b3724ca4f1d865018144bbec30709ac18977190d036a08b5c391e7b8e120

data/app/models/clerk/application_record.rb

@@ -3,8 +3,8 @@ module Clerk
     self.abstract_class = true
     establish_connection Clerk.database_connection_url
     def self.clerk_table_name(table_name)
-      version = Clerk::VERSION.split(".").map.with_index{|x, i| (i==2 ? "00" : x.rjust(2, '0')) }.join
-      "instance.#{table_name}_#{version}_#{Clerk.key_secret}"
+      # version = Clerk::VERSION.split(".").map.with_index{|x, i| (i==2 ? "00" : x.rjust(2, '0')) }.join
+      "#{table_name}_01"
     end
 
     def self.clerk_table_name_nc(table_name)

data/app/models/clerk/session_token.rb

@@ -0,0 +1,25 @@
+module Clerk
+  class SessionToken < Clerk::ApplicationRecord
+    self.table_name = self.clerk_table_name("session_tokens")
+    self.primary_key = 'id'
+
+    belongs_to :account, class_name: "Clerk::Account"
+
+    def self.find_account(cookie:)
+      require "bcrypt"
+      begin
+        id, token, token_hash = Clerk.decrypt(cookie).split("--")
+        if BCrypt::Password.new(token_hash) == token
+          Account.joins(:session_token).where(token_hash: token_hash, )
+          SessionToken.eager_load(:account).find_by!(id: id, token_hash: token_hash)&.account
+        else 
+          nil
+        end
+      rescue => e
+        puts "Error finding acount #{e}"
+        puts "Cookie #{cookie}"
+        nil
+      end
+    end
+  end
+end

data/config/initializers/add_application_helpers.rb

@@ -1 +1,2 @@
-::ActionController::Base.send :include, Clerk::ApplicationHelper
+::ActionController::Base.send :helper, Clerk::Helpers
+::ActionController::Base.send :include, Clerk::Helpers

data/lib/clerk-rails.rb

@@ -2,6 +2,7 @@ require "clerk/version"
 require "clerk/api"
 require "clerk/engine"
 require "clerk/id"
+require "clerk/helpers"
 require "faraday"
 
 module Clerk
@@ -11,15 +12,6 @@ module Clerk
     def configure
       @config = Configuration.new
       yield config
-      # if Rails.env.development?
-        config.environment = :development
-        config.session_mode = :cookie_session
-        config.cookie_host = nil
-      # else
-      #   config.environment = client.environment.to_sym
-      #   config.session_mode = client.session_mode.to_sym
-      #   config.cookie_host = client.cookie_host
-      # end
     end
 
     def database_connection_url
@@ -48,9 +40,41 @@ module Clerk
     def app_url
       @app_url ||= "https://#{Clerk.config.app_host}"
     end
+
+    def cipher_key
+      @cipher_key ||= ::Base64.strict_decode64(Clerk.config.cipher_key)
+    end
+
+    def decrypt(encrypted_message)
+      cipher = OpenSSL::Cipher.new("aes-256-gcm")
+
+      encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map { |v| ::Base64.strict_decode64(v) }
+
+      # Currently the OpenSSL bindings do not raise an error if auth_tag is
+      # truncated, which would allow an attacker to easily forge it. See
+      # https://github.com/ruby/openssl/issues/63
+      raise InvalidMessage if (auth_tag.nil? || auth_tag.bytes.length != 16)
+
+      cipher.decrypt
+      cipher.key = cipher_key
+      cipher.iv  = iv
+      cipher.auth_tag = auth_tag
+      cipher.auth_data = ""
+
+      message = cipher.update(encrypted_data)
+      message << cipher.final
+      message
+    end
   end
 
   class Configuration
-    attr_accessor :app_host, :accounts_host, :database_url, :ngrok_authtoken, :environment, :session_mode, :last_account, :cookie_host, :tunnel_cert, :tunnel_key
+    attr_accessor :accounts_host,
+      :app_host,
+      :cipher_key,
+      :database_url, 
+      :last_account, 
+      :ngrok_authtoken, 
+      :tunnel_cert, 
+      :tunnel_key
   end
 end

data/lib/clerk/engine.rb

@@ -13,8 +13,9 @@ module Clerk
       begin
         config_data = Clerk.api.get('/api/environment').data
         Clerk.configure do |config|
-          config.app_host         = config_data[:APP_HOST]
           config.accounts_host    = config_data[:ACCOUNTS_HOST]
+          config.app_host         = config_data[:APP_HOST]
+          config.cipher_key       = config_data[:CIPHER_KEY]
           config.database_url     = config_data[:DATABASE_URL]
           config.ngrok_authtoken  = config_data[:NGROK_AUTHTOKEN]
           config.tunnel_cert      = config_data[:TUNNEL_CERT]

data/lib/clerk/helpers.rb

@@ -0,0 +1,28 @@
+# We're not including this in clerk-rails/app/helpers because it is injected
+# into ActionController::Base via initializes/add_application_helpers and cannot be in the autoload path
+# https://stackoverflow.com/questions/29636334/a-copy-of-xxx-has-been-removed-from-the-module-tree-but-is-still-active
+module Clerk
+  module Helpers
+    def current_account
+      @clerk_current_account ||= SessionToken.find_account(
+        cookie: cookies[:clerk_session]
+      )
+    end
+
+    def clerk_sign_out_path
+      "#{Clerk.accounts_url}/sign_out"
+    end
+
+    def clerk_sign_in_path
+      "#{Clerk.accounts_url}"
+    end
+
+    def clerk_sign_up_path
+      "#{Clerk.accounts_url}/sign_up"
+    end
+
+    def clerk_add_card_path(account_id:, redirect_path:)
+      "#{Clerk.accounts_url}/add_card?account_id=#{account_id}&redirect_path=#{redirect_path}"
+    end
+  end
+end

data/lib/clerk/version.rb

@@ -1,3 +1,3 @@
 module Clerk
-  VERSION = '0.1.10'
+  VERSION = '0.1.11'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: clerk-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.10
+  version: 0.1.11
 platform: ruby
 authors:
 - Clerk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-08 00:00:00.000000000 Z
+date: 2019-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -136,7 +150,6 @@ files:
 - app/assets/javascripts/clerk/application.js
 - app/assets/stylesheets/clerk/application.css
 - app/controllers/clerk/application_controller.rb
-- app/helpers/clerk/application_helper.rb
 - app/jobs/clerk/application_job.rb
 - app/mailers/clerk/application_mailer.rb
 - app/models/clerk/account.rb
@@ -146,6 +159,7 @@ files:
 - app/models/clerk/payment_method.rb
 - app/models/clerk/plan.rb
 - app/models/clerk/role.rb
+- app/models/clerk/session_token.rb
 - app/models/clerk/subscription.rb
 - app/models/concerns/clerk/clerked.rb
 - app/models/concerns/clerk/errors.rb
@@ -157,6 +171,7 @@ files:
 - lib/clerk-rails.rb
 - lib/clerk/api.rb
 - lib/clerk/engine.rb
+- lib/clerk/helpers.rb
 - lib/clerk/id.rb
 - lib/clerk/tunnel.rb
 - lib/clerk/version.rb

data/app/helpers/clerk/application_helper.rb

@@ -1,48 +0,0 @@
-module Clerk
-  module ApplicationHelper
-    def current_account
-      return @clerk_current_account if defined?(@clerk_current_account)
-      @clerk_current_account ||= begin
-        if Clerk.config.session_mode==:database_session
-          raise "TODO"
-        elsif Clerk.config.session_mode==:cookie_session
-          Clerk::Account.find_by(id: current_account_id)
-        end
-      rescue => e
-        puts e
-        nil
-      end
-    end
-
-    def current_account_id
-      return @clerk_current_account_id if defined?(@clerk_current_account_id)
-      @clerk_current_account_id ||= begin
-        if Clerk.config.session_mode==:database_session
-          current_account.id
-        elsif Clerk.config.session_mode==:cookie_session
-          session_cookie = JSON.parse(cookies[:clerk_session])
-          nil if session_cookie.nil?
-          JSON.parse(session_cookie["d"])["k"]
-        end
-      rescue => e
-        nil
-      end
-    end
-
-    def clerk_sign_out_path
-      "#{Clerk.accounts_url}/sign_out"
-    end
-
-    def clerk_sign_in_path
-      "#{Clerk.accounts_url}"
-    end
-
-    def clerk_sign_up_path
-      "#{Clerk.accounts_url}/sign_up"
-    end
-
-    def clerk_add_card_path(account_id:, redirect_path:)
-      "#{Clerk.accounts_url}/add_card?account_id=#{account_id}&redirect_path=#{redirect_path}"
-    end
-  end
-end