doorkeeper_sso 0.4.8 → 0.4.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/sso/sessions_controller.rb +16 -57
- data/app/serializers/sso/session_serializer.rb +1 -1
- data/config/routes.rb +3 -1
- data/lib/sso/doorkeeper/oauth/base.rb +2 -1
- data/lib/sso/version.rb +1 -1
- data/spec/api/schemas/{session.json → sso_client.json} +0 -0
- data/spec/api/schemas/sso_session.json +35 -0
- data/spec/controllers/sso/sessions_controller_spec.rb +43 -25
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 16c808f31d307591acaf6cc14d26c1fbe7a5103f
|
4
|
+
data.tar.gz: 5b535b54c1e3d9dc14bf5c89bda5596228b46deb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 327af4ca735445b7f1b83389cf1bf058496a3958352bc61d0fcc7e44e877743f7709f1d65ebc4e9965aac554e267d450f9f37aad236f1f17c5214848179bbd41
|
7
|
+
data.tar.gz: 9f0507ac75064591b2ee2363d3eba3504d8f9fc3b1280281b08749468939c1fc209f83adf9548531631eaac4ff0395f3743ad1201e598d50ce25f92cfeb8df91
|
@@ -2,23 +2,14 @@ module Sso
|
|
2
2
|
class SessionsController < Sso::ApplicationController
|
3
3
|
include ::Sso::Logging
|
4
4
|
|
5
|
-
before_action :
|
6
|
-
before_action :
|
5
|
+
before_action :doorkeeper_authorize!, only: :create
|
6
|
+
before_action :authenticate_user!, except: :create
|
7
7
|
respond_to :json
|
8
8
|
|
9
9
|
################################################################################
|
10
|
-
# OAuth2
|
10
|
+
# OAuth2 Endpoints
|
11
11
|
################################################################################
|
12
12
|
|
13
|
-
# Passport verification
|
14
|
-
# Session exists (browser/insider) - return passport state
|
15
|
-
# Sessionless (iphone/outsider)
|
16
|
-
# Returns passport
|
17
|
-
def show
|
18
|
-
@client = current_client
|
19
|
-
render json: @client, serializer: Sso::ClientSerializer
|
20
|
-
end
|
21
|
-
|
22
13
|
# Passport exchange
|
23
14
|
# Passport Strategy first exchange
|
24
15
|
# Insider : Client information from Apps should always be trusted
|
@@ -35,29 +26,26 @@ module Sso
|
|
35
26
|
################################################################################
|
36
27
|
# JSONP endpoint based on Devise session
|
37
28
|
################################################################################
|
38
|
-
def
|
39
|
-
|
40
|
-
render :nothing => true
|
41
|
-
# respond_with @session, :location => sso.sessions_url
|
29
|
+
def id
|
30
|
+
render json: { passport_id: sso_session_id }
|
42
31
|
end
|
43
32
|
|
44
|
-
|
45
|
-
|
46
|
-
#
|
47
|
-
|
48
|
-
def
|
49
|
-
|
50
|
-
|
51
|
-
# passport.load_user!
|
52
|
-
# passport.create_chip!
|
53
|
-
render :nothing => true
|
54
|
-
# respond_with @session, :location => sso.sessions_url
|
33
|
+
# Passport verification
|
34
|
+
# Session exists (browser/insider) - return passport state
|
35
|
+
# Sessionless (iphone/outsider)
|
36
|
+
# Returns passport
|
37
|
+
def show
|
38
|
+
@session = Sso::Session.find(sso_session_id)
|
39
|
+
render json: @session, serializer: Sso::SessionSerializer
|
55
40
|
end
|
56
41
|
|
57
42
|
|
58
|
-
|
59
43
|
protected
|
60
44
|
|
45
|
+
def sso_session_id
|
46
|
+
warden.session(:user)["sso_session_id"]
|
47
|
+
end
|
48
|
+
|
61
49
|
def current_client
|
62
50
|
@current_client ||= doorkeeper_token.sso_client
|
63
51
|
end
|
@@ -66,10 +54,6 @@ module Sso
|
|
66
54
|
@current_resource_owner ||= User.find(doorkeeper_token.resource_owner_id)
|
67
55
|
end
|
68
56
|
|
69
|
-
def current_session
|
70
|
-
@current_session = current_client.session
|
71
|
-
end
|
72
|
-
|
73
57
|
def client_params
|
74
58
|
params.permit(:ip, :agent)
|
75
59
|
end
|
@@ -77,28 +61,3 @@ module Sso
|
|
77
61
|
end
|
78
62
|
end
|
79
63
|
|
80
|
-
|
81
|
-
#passport exchange
|
82
|
-
# finding = ::SSO::Server::Passports.find_by_access_token_id(access_token.id)
|
83
|
-
# if finding.failure?
|
84
|
-
# # This should never happen. Every Access Token should be connected to a Passport.
|
85
|
-
# return json_error :passport_not_found
|
86
|
-
# end
|
87
|
-
# passport = finding.object
|
88
|
-
|
89
|
-
# ::SSO::Server::Passports.update_activity passport_id: passport.id, request: request
|
90
|
-
|
91
|
-
# debug { "Attaching user and chip to passport #{passport.inspect}" }
|
92
|
-
# passport.load_user!
|
93
|
-
# passport.create_chip!
|
94
|
-
|
95
|
-
# payload = { success: true, code: :here_is_your_passport, passport: passport.export }
|
96
|
-
# debug { "Created Passport #{passport.id}, sending it including user #{passport.user.inspect}}" }
|
97
|
-
|
98
|
-
# [200, { 'Content-Type' => 'application/json' }, [payload.to_json]]
|
99
|
-
|
100
|
-
#passport verification
|
101
|
-
|
102
|
-
# if request.get? && request.path == passports_path
|
103
|
-
# debug { 'Detected incoming Passport verification request.' }
|
104
|
-
# env['warden'].authenticate! :passport
|
data/config/routes.rb
CHANGED
@@ -8,7 +8,8 @@ module Sso
|
|
8
8
|
return @sso_client if @sso_client
|
9
9
|
|
10
10
|
user = User.find(@access_token.resource_owner_id)
|
11
|
-
|
11
|
+
attributes = { ip: request.ip, agent: request.user_agent }
|
12
|
+
sso_session = Sso::Session.generate_master(user, attributes)
|
12
13
|
@sso_client = sso_session.clients.last
|
13
14
|
end
|
14
15
|
|
data/lib/sso/version.rb
CHANGED
File without changes
|
@@ -0,0 +1,35 @@
|
|
1
|
+
{
|
2
|
+
"type": "object",
|
3
|
+
"required" : [
|
4
|
+
"id",
|
5
|
+
"active?",
|
6
|
+
"secret",
|
7
|
+
"owner"
|
8
|
+
],
|
9
|
+
"properties": {
|
10
|
+
"id" : { "type" : "string" },
|
11
|
+
"active?" : { "type" : "boolean" },
|
12
|
+
"revoked_at" : { "type": ["string", "null"], "format": "date-time" },
|
13
|
+
"revoke_reason" : { "type": ["string", "null"] },
|
14
|
+
"secret" : { "type" : "string" },
|
15
|
+
"owner" : {
|
16
|
+
"type" : "object",
|
17
|
+
"required" : [
|
18
|
+
"id",
|
19
|
+
"name",
|
20
|
+
"email",
|
21
|
+
"first_name",
|
22
|
+
"last_name",
|
23
|
+
"lang"
|
24
|
+
],
|
25
|
+
"properties" : {
|
26
|
+
"id" : { "type" : "integer" },
|
27
|
+
"name" : { "type" : "string" },
|
28
|
+
"email" : { "type" : "string" },
|
29
|
+
"first_name" : { "type" : "string" },
|
30
|
+
"last_name" : { "type" : "string" },
|
31
|
+
"lang" : { "type" : "string" }
|
32
|
+
}
|
33
|
+
}
|
34
|
+
}
|
35
|
+
}
|
@@ -4,63 +4,81 @@ RSpec.describe Sso::SessionsController, :type => :controller do
|
|
4
4
|
routes { Sso::Engine.routes }
|
5
5
|
render_views
|
6
6
|
|
7
|
-
|
8
|
-
let(:user) { Fabricate(:user) }
|
7
|
+
describe "GET id" do
|
9
8
|
|
10
9
|
context "logged_in" do
|
11
|
-
|
10
|
+
let(:user) { Fabricate(:user) }
|
11
|
+
let(:application) { Fabricate('Doorkeeper::Application') }
|
12
|
+
# let(:access_token) { Fabricate('Doorkeeper::AccessToken',
|
13
|
+
# resource_owner_id: user.id) }
|
14
|
+
# let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
|
15
|
+
# application_id: application.id,
|
16
|
+
# resource_owner_id: user.id,
|
17
|
+
# redirect_uri: 'http://localhost:3002/oauth/callback'
|
18
|
+
# ) }
|
12
19
|
|
13
|
-
|
14
|
-
|
20
|
+
let(:session) { Fabricate('Sso::Session', owner: user) }
|
21
|
+
# let!(:client) { Fabricate('Sso::Client', session: session,
|
22
|
+
# application_id: application.id,
|
23
|
+
# access_token_id: access_token.id,
|
24
|
+
# access_grant_id: access_grant.id) }
|
25
|
+
|
26
|
+
before(:each) do
|
27
|
+
sign_in user
|
28
|
+
allow(controller).to receive(:sso_session_id).and_return(session.id)
|
29
|
+
get :id, format: :json
|
30
|
+
end
|
31
|
+
|
32
|
+
it "returns passport_id" do
|
15
33
|
expect(response).to have_http_status(:ok)
|
34
|
+
expect(response).to match_response_schema("sso_session_id")
|
16
35
|
end
|
17
36
|
end
|
18
37
|
|
19
38
|
context "not logged_in" do
|
20
39
|
it "returns not authorized" do
|
21
|
-
get :
|
40
|
+
get :id, format: :json
|
22
41
|
expect(response).to have_http_status(:unauthorized)
|
42
|
+
expect(response).to match_response_schema("error")
|
23
43
|
end
|
24
44
|
end
|
25
45
|
end
|
26
46
|
|
27
47
|
describe "GET show" do
|
28
|
-
let(:user) { Fabricate(:user) }
|
29
|
-
|
30
48
|
context "not logged_in" do
|
31
49
|
it do
|
32
50
|
get :show, format: :json
|
33
51
|
expect(response).to have_http_status(:unauthorized)
|
52
|
+
expect(response).to match_response_schema("error")
|
34
53
|
end
|
35
54
|
end
|
36
55
|
|
37
56
|
context "logged_in" do
|
38
57
|
let(:user) { Fabricate(:user) }
|
39
58
|
let(:application) { Fabricate('Doorkeeper::Application') }
|
40
|
-
let(:access_token) { Fabricate('Doorkeeper::AccessToken',
|
41
|
-
|
42
|
-
let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
59
|
+
# let(:access_token) { Fabricate('Doorkeeper::AccessToken',
|
60
|
+
# resource_owner_id: user.id) }
|
61
|
+
# let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
|
62
|
+
# application_id: application.id,
|
63
|
+
# resource_owner_id: user.id,
|
64
|
+
# redirect_uri: 'http://localhost:3002/oauth/callback'
|
65
|
+
# ) }
|
47
66
|
|
48
67
|
let(:session) { Fabricate('Sso::Session', owner: user) }
|
49
|
-
let!(:client) { Fabricate('Sso::Client', session: session,
|
50
|
-
|
51
|
-
|
52
|
-
|
68
|
+
# let!(:client) { Fabricate('Sso::Client', session: session,
|
69
|
+
# application_id: application.id,
|
70
|
+
# access_token_id: access_token.id,
|
71
|
+
# access_grant_id: access_grant.id) }
|
53
72
|
|
54
73
|
before do
|
55
|
-
|
56
|
-
allow(controller).to receive(:
|
57
|
-
|
74
|
+
sign_in user
|
75
|
+
allow(controller).to receive(:sso_session_id).and_return(session.id)
|
58
76
|
get :show, format: :json
|
59
77
|
end
|
60
78
|
|
61
79
|
it { expect(response).to have_http_status(:ok) }
|
62
|
-
it { expect(assigns(:
|
63
|
-
it { expect(response).to match_response_schema("
|
80
|
+
it { expect(assigns(:session)).to eq session }
|
81
|
+
it { expect(response).to match_response_schema("sso_session") }
|
64
82
|
end
|
65
83
|
end
|
66
84
|
|
@@ -96,7 +114,7 @@ RSpec.describe Sso::SessionsController, :type => :controller do
|
|
96
114
|
|
97
115
|
it { expect(response).to have_http_status(:created) }
|
98
116
|
it { expect(assigns(:session)).to eq master_sso_session }
|
99
|
-
it { expect(response).to match_response_schema("
|
117
|
+
it { expect(response).to match_response_schema("sso_client") }
|
100
118
|
it { expect(master_sso_session.clients).to include ::Sso::Client.find_by(access_token: access_token) }
|
101
119
|
it { expect(master_sso_session.clients.map(&:ip)).to include "202.188.0.133" }
|
102
120
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper_sso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Wong
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-12-
|
11
|
+
date: 2015-12-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: warden
|
@@ -373,7 +373,8 @@ files:
|
|
373
373
|
- lib/sso/warden/support.rb
|
374
374
|
- lib/tasks/sso_tasks.rake
|
375
375
|
- spec/api/schemas/error.json
|
376
|
-
- spec/api/schemas/
|
376
|
+
- spec/api/schemas/sso_client.json
|
377
|
+
- spec/api/schemas/sso_session.json
|
377
378
|
- spec/api/schemas/sso_session_id.json
|
378
379
|
- spec/controllers/sso/sessions_controller_spec.rb
|
379
380
|
- spec/fabricators/api_application_fabricator.rb
|
@@ -435,7 +436,8 @@ specification_version: 4
|
|
435
436
|
summary: Leveraging Doorkeeper as single-sign-on OAuth server.
|
436
437
|
test_files:
|
437
438
|
- spec/api/schemas/error.json
|
438
|
-
- spec/api/schemas/
|
439
|
+
- spec/api/schemas/sso_client.json
|
440
|
+
- spec/api/schemas/sso_session.json
|
439
441
|
- spec/api/schemas/sso_session_id.json
|
440
442
|
- spec/controllers/sso/sessions_controller_spec.rb
|
441
443
|
- spec/fabricators/api_application_fabricator.rb
|