devise_sqreener 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c8483e2152547f35ade4e0b7b592e87851a15804
+  data.tar.gz: 42ed8c93d34c07d2009831782306a5a4fa45a512
+SHA512:
+  metadata.gz: 39e855247d68eff1ec23d0ddb00cd00821baaa702986aa79050a954234c3db48adb0646903ca1df155c71534f9d58c84a67578524a36f7263a4dc99f5db07f40
+  data.tar.gz: d5453a6319134d598a4bf50894aa20c32225f321ffad5d36b7da67ef47b42bf8a6b31eeb65c6f1e873c5216d6446d7d63c10458f87f4350919ed0b4b6005695b

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,34 @@
+# Sqreen open source code of conduct
+
+
+## Introduction
+Diversity and inclusion make our community strong. We encourage participation from the most varied and diverse backgrounds possible and want to be very clear about where we stand.
+
+Our goal is to maintain a safe, helpful and friendly community for everyone, regardless of experience, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, nationality, or other defining characteristic.
+
+This code and related procedures also apply to unacceptable behavior occurring outside the scope of community activities, in all community venues (online and in-person) as well as in all one-on-one communications, and anywhere such behavior has the potential to adversely affect the safety and well-being of community members.
+
+## Expected Behavior
+  * Be welcoming.
+  * Be kind.
+  * Look out for each other.
+
+## Unacceptable Behavior
+  * Conduct or speech which might be considered sexist, racist, homophobic, transphobic, ableist or otherwise discriminatory or offensive in nature.
+  * Unwelcome, suggestive, derogatory or inappropriate nicknames or terms.
+  * Disrespect towards others. (Jokes, innuendo, dismissive attitudes.)
+  * Intimidation or harassment (online or in-person). Please read the [Citizen Code of Conduct](http://citizencodeofconduct.org/) for how we interpret harassment. 
+  * Disrespect towards differences of opinion.
+  * Inappropriate attention or contact. Be aware of how your actions affect others. If it makes someone uncomfortable, stop.
+  * Not understanding the differences between constructive criticism and disparagement.
+  * Sustained disruptions.
+  * Violence, threats of violence or violent language.
+
+## Enforcement 
+Understand that speech and actions have consequences, and unacceptable behavior will not be tolerated.
+
+If you are the subject of, or witness to any violations of this Code of Conduct, please contact us by [sending us an email](mailto:hey@sqreen.io).
+
+If violations occur, organizers will take any action they deem appropriate for the infraction, up to and including expulsion.
+
+_Thanks to the [Django Code of Conduct](https://www.djangoproject.com/conduct/), [The Citizen Code of Conduct](http://citizencodeofconduct.org/), [The Rust Code of Conduct](https://www.rust-lang.org/conduct.html) and [The Ada Initiative](http://adainitiative.org/2014/02/18/howto-design-a-code-of-conduct-for-your-community/)._

data/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2017 Sqreen
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,120 @@
+# devise\_sqreener
+
+Add Sqreen API integration to Devise. Whenever a new user sign up or sign in its IP address and email addressed will be sqreened with security metadata. This plugin also provides the ability to block the said sign in/up using simple rules. Blocking people with disposable email, using TOR or geographically has never been easier. 
+
+## Installation
+
+Add this line to your application Gemfile:
+
+```ruby
+gem 'devise_sqreener'
+```
+
+and then execute
+```bash
+$ bundle
+```
+
+## Automatic Installation
+
+First if you want IP addresses to be sqreened (as it were) ensure your model use Devise `:trackable`.
+
+Add devise\_sqreener to any or you Devise models using the following generator:
+
+```bash
+$ rails generate devise_sqreener MODEL
+```
+
+Replace `MODEL` with the class name you want to add devise\_sqreener. This will add the `:sqreenable` flag to your model's Devise modules. The generator will also create a migration file. Currently only ActiveRecord is supported. Then run:
+
+```bash
+$ rails db:migrate
+```
+
+For the automatic sqreening to work you need to provide [your API token](https://my.sqreen.io) into you devise configuration (in `config/initializers/devise.rb`):
+```ruby
+Devise.setup do |config|
+  #...
+  config.sqreen_api_token="TOKEN"
+  #...
+end
+```
+
+## Manual Installation
+
+First if you want IP addresses to be sqreened (as it were) ensure your model use Devise `:trackable`.
+
+Add `:sqreenable` to the devise call in your model:
+
+```ruby
+class User < ActiveRecord
+  devise :database_authenticable, :confirmable, :sqreenable
+end
+```
+Add the necessary fields to your Devise model migration:
+
+```ruby
+class DeviseSqreenerAddToUser < ActiveRecord::Migration
+  def change
+    add_column :user, :sqreened_email, :text
+    # only if you use devise's :trackable
+    add_column :user, :current_sqreened_sign_in_ip, :text
+    # only if you use devise's :trackable
+    add_column :user, :last_sqreened_sign_in_ip, :text
+  end
+end
+```
+Then run:
+
+```bash
+$ rails db:migrate
+```
+
+For the automatic sqreening to work you need to provide [your API token](https://my.sqreen.io) into you devise configuration (in `config/initializers/devise.rb`):
+```ruby
+Devise.setup do |config|
+  #...
+  config.sqreen_api_token="TOKEN"
+  #...
+end
+```
+
+## Usage
+
+Signups and Signins are automatically sqreened whenever needed. [Sqreened metada](https://www.sqreen.io/developers.html) are automatically added to your model as serialized fields.
+![Activeadmin Screenshor](/doc/activeadmin.png)
+
+## Blocking signups or signins
+
+Blocking sign up or sign in is as easy as adding a predicate in your devise configuration.
+
+```ruby
+Devise.setup do |config|
+  #...
+  # Block signing in from TOR
+  config.sqreen_block_sign_in =  -> (email, ip, user)  {ip && ip["is_tor"] }
+  # Block signing up with a disposable email address 
+  config.sqreen_block_sign_up =  -> (email, ip, user)  {email && email["is_disposable"] }
+  #...
+end
+```
+
+The arguments always are:
+* `email`: Current email sqreened metadata (a Hash or nil)
+* `ip`: Current ip address sqreened metadata (a Hash or nil)
+* `user`: The current instance of your MODEL class trying to sign in/up.
+
+## Contributing to devise\_sqreener
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+## Copyright
+
+Copyright (c) 2017 Sqreen. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,44 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://guides.rubygems.org/specification-reference/ for more options
+  gem.name = "devise_sqreener"
+  gem.homepage = "http://github.com/sqreen/devise_sqreener"
+  gem.license = "MIT"
+  gem.summary = %Q{TODO: one-line summary of your gem}
+  gem.description = %Q{TODO: longer description of your gem}
+  gem.email = "benoit@sqreen.io"
+  gem.authors = ["Benoit Larroque"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+desc "Code coverage detail"
+task :simplecov do
+  ENV['COVERAGE'] = "true"
+  Rake::Task['test'].execute
+end
+
+task :default => :test
+
+require 'yard'
+YARD::Rake::YardocTask.new

data/lib/devise_sqreener/hook.rb

@@ -0,0 +1,16 @@
+# After each authentication check if sign_in should have been authorized.
+# This is only triggered when the user is explicitly set (with set_user)
+# and on authentication. Retrieving the user from session (:fetch) does
+# not trigger it.
+Warden::Manager.prepend_after_set_user :except => :fetch do |record, warden, options|
+  if warden.authenticated?(options[:scope]) &&
+     record.respond_to?(:current_ip_address=)
+    record.current_ip_address = warden.request.remote_ip
+    if record.respond_to?(:sqreen_block_sign_in?) &&
+       record.sqreen_block_sign_in?
+      scope = options[:scope]
+      warden.logout(scope)
+      throw :warden, :scope => scope, :message => record.inactive_message
+    end
+  end
+end

data/lib/devise_sqreener/model.rb

@@ -0,0 +1,93 @@
+require 'devise_sqreener/sqreen'
+module Devise
+  module Models
+    # Sqreen model module, add all necessary behavior to a devise model
+    module Sqreenable
+      extend ActiveSupport::Concern
+
+      included do
+        serialize :sqreened_email
+        serialize :current_sqreened_sign_in_ip
+        serialize :last_sqreened_sign_in_ip
+        before_save :sqreen_email
+
+        validate :sqreen_block_sign_up?, :on => :create
+
+        attr_accessor :current_ip_address
+      end
+
+      # DB fields that are needed
+      def self.required_fields(klass)
+        required_fields = %i(sqreened_email)
+        return required_fields unless klass.devise_modules.include?(:trackable)
+        required_fields + %i(current_sign_in_ip last_sign_in_ip
+                             current_sqreened_sign_in_ip
+                             last_sqreened_sign_in_ip)
+      end
+
+      # The current ip address lazily sqreened
+      def current_sqreened_ip_address
+        if current_ip_address.present?
+          @current_sqreened_ip ||= self.class.sqreener.sqreen_ip(current_ip_address)
+        end
+      end
+
+      # The curren email address lazily sqreened
+      def current_sqreened_email
+        if email.present?
+          @current_sqreened_email ||= self.class.sqreener.sqreen_email(email)
+        end
+      end
+
+      # Add sqreening behavior to trackable
+      # Save last sqreened_ip info
+      def update_tracked_fields(request)
+        return unless self.class.devise_modules.include?(:trackable)
+        self.last_sqreened_sign_in_ip = current_sqreened_sign_in_ip
+        self.current_sqreened_sign_in_ip = current_sqreened_ip_address
+        super(request)
+      end
+
+      # Should the current sign in be blocked
+      def sqreen_block_sign_in?
+        oracle = Devise.sqreen_block_sign_in
+        return false if oracle.blank? || !oracle.respond_to?(:call)
+        oracle.call(current_sqreened_email, current_sqreened_ip_address, self)
+      end
+
+      # Should the current sign up be blocked
+      # used as a on_create validation
+      def sqreen_block_sign_up?
+        return false unless email_changed?
+        oracle = Devise.sqreen_block_sign_up
+        return false if oracle.blank? || !oracle.respond_to?(:call)
+        if oracle.call(current_sqreened_email,
+                       current_sqreened_ip_address, self)
+          errors[:base] = I18n.t(:forbidden, :scope => %i(devise registrations))
+          return true
+        end
+        false
+      end
+
+      # When sign_in was refuse get the correct message
+      def inactive_message
+        sqreen_block_sign_in? ? :forbidden : super
+      end
+
+      # save sqreened email
+      def sqreen_email
+        return if email.blank? || !email_changed?
+        self.sqreened_email = current_sqreened_email
+      end
+
+      # Class methods
+      module ClassMethods
+        def sqreener
+          DeviseSqreener::Sqreen.new(Devise.sqreen_api_token)
+        end
+      end
+    end
+  end
+end
+
+require 'devise_sqreener/hook'

data/lib/devise_sqreener/sqreen.rb

@@ -0,0 +1,51 @@
+require 'net/http'
+module DeviseSqreener
+  # sqreen an email of ip
+  class Sqreen
+    BASE_URL = 'https://api.sqreen.io/v1/%s/%s'.freeze
+
+    attr_accessor :sqreen_api_token
+
+    def initialize(token)
+      self.sqreen_api_token = token
+    end
+
+    # Sqreen an email address
+    # @param [String] email address to sqreen
+    # @return [String, nil] nil (on any error) or the metadata hash
+    def sqreen_email(email)
+      sqreen(:emails, email)
+    end
+
+    # Sqreen an ip address
+    # @param [String] ip address to sqreen
+    # @return [] nil (on any error) or the metadata hash
+    def sqreen_ip(ip)
+      sqreen(:ips, ip)
+    end
+
+    protected
+
+    def sqreen(kind, value)
+      uri = URI(format(BASE_URL, kind, value))
+      response = Net::HTTP.start(uri.hostname, uri.port,
+                                 :use_ssl => uri.scheme == 'https') do |http|
+        http.request_get(uri, 'x-api-key' => sqreen_api_token.to_s)
+      end
+
+      handle_response(kind, value, response)
+    end
+
+    def handle_response(kind, value, response)
+      case response
+      when Net::HTTPSuccess then
+        return JSON.load(response.body)
+      else
+        Rails.logger.debug do
+          "Cannot sqreen #{kind} #{value} #{response.inspect}"
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/devise_sqreener/version.rb

@@ -0,0 +1,3 @@
+module DeviseSqreener
+  VERSION="0.1.0"
+end

data/lib/devise_sqreener.rb

@@ -0,0 +1,25 @@
+require 'devise_sqreener/version'
+require 'devise'
+
+module Devise # :nodoc:
+  # Token that will be used to call Sqreen API
+  mattr_accessor :sqreen_api_token
+  @sqreen_api_token = nil
+
+  # callable that will be used to authorize sign ins
+  mattr_accessor :sqreen_block_sign_in
+  @sqreen_block_sign_in = nil
+
+  # callable that will be used to authorize sign ups
+  mattr_accessor :sqreen_block_sign_up
+  @sqreen_block_sign_up = nil
+
+  add_module :sqreenable, :model => 'devise_sqreener/model',
+                          :insert_at => Devise::ALL.size
+end
+
+module DeviseSqreener
+  # Rails engine declaration (to pick up locales)
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/generators/active_record/devise_sqreener_generator.rb

@@ -0,0 +1,13 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class DeviseSqreenerGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path("../", __FILE__)
+
+      def copy_devise_migration
+        migration_template "migration.rb", "db/migrate/devise_sqreener_add_to_#{table_name}.rb"
+      end
+    end
+  end
+end

data/lib/generators/active_record/migration.rb

@@ -0,0 +1,9 @@
+class DeviseSqreenerAddTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def change
+    add_column :<%= table_name %>, :sqreened_email, :text
+    if <%= class_name %>.devise_modules.include?(:trackable)
+      add_column :<%= table_name %>, :current_sqreened_sign_in_ip, :text
+      add_column :<%= table_name %>, :last_sqreened_sign_in_ip, :text
+    end
+  end
+end

data/lib/generators/devise_sqreener/devise_enricher_generator.rb

@@ -0,0 +1,16 @@
+module DeviseSqreener
+  module Generators
+    class DeviseSqreenerGenerator < Rails::Generators::NamedBase
+      namespace "devise_sqreener"
+
+      desc "Add :sqreenable directive in the given model. Also generate migration for ActiveRecord"
+
+      def inject_devise_sqreenable_content
+        path = File.join("app", "models", "#{file_path}.rb")
+        inject_into_file(path, "sqreenable, :", :after => "devise :") if File.exists?(path)
+      end
+
+      hook_for :orm
+    end
+  end
+end

metadata

@@ -0,0 +1,58 @@
+--- !ruby/object:Gem::Specification
+name: devise_sqreener
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Benoit Larroque
+- D.E. Goodman-Wilson
+- Sqreen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-06-01 00:00:00.000000000 Z
+dependencies: []
+description: Sqreen emails/ips that are seen by Devise through the Sqreen API, and
+  block bad actors from signing up to your Rails app.
+email: hey@sqreen.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CODE_OF_CONDUCT.md
+- LICENSE
+- README.md
+- Rakefile
+- lib/devise_sqreener.rb
+- lib/devise_sqreener/hook.rb
+- lib/devise_sqreener/model.rb
+- lib/devise_sqreener/sqreen.rb
+- lib/devise_sqreener/version.rb
+- lib/generators/active_record/devise_sqreener_generator.rb
+- lib/generators/active_record/migration.rb
+- lib/generators/devise_sqreener/devise_enricher_generator.rb
+homepage: https://github.com/sqreen/devise_sqreener
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Sqreen - Devise integration
+test_files: []