RubyGems - doorkeeper_sso_client - Versions diffs - 0.4.6 → 0.4.7 - Mend

doorkeeper_sso_client 0.4.6 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/doorkeeper_sso_client.rb +0 -2
data/lib/doorkeeper_sso_client/mixins/devise/controller_helpers.rb +4 -0
data/lib/doorkeeper_sso_client/version.rb +1 -1
data/spec/lib/doorkeeper_sso_client/mixins/devise/controller_helper_spec.rb +4 -0
data/spec/models/passport_spec.rb +17 -1
metadata +2 -4
data/lib/doorkeeper_sso_client/passport_verifier.rb +0 -146
data/lib/doorkeeper_sso_client/warden/hooks/after_fetch.rb +0 -134

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aa2d95c6f02bff6fa8d4bf95dcb760591e39d23d
-  data.tar.gz: ae2fd4b66c75e23957fac23bc1145930f7be73f4
+  metadata.gz: e39b15ab6dd20ae730f58de5e82d046a49eadb72
+  data.tar.gz: b5a888aeca2850a2f10f65a248d620ae887bef95
 SHA512:
-  metadata.gz: 3e5c7076db43b1f70cea8f9df1db648f24023ce27ff120af72e2a58c2c8681d9782ace202424dbebfea60e622e23110b1c4e98350e4cf4748eebd4b947063f7b
-  data.tar.gz: b399085444f1e88108bd0a55cc2011debed894ebefd6cc1e3738ba03e8c77a1ed052c93800ba1aa6bbccde5790577a87ae2f0ac083e1bdbd484cb13dc3432bc1
+  metadata.gz: 83316a1e64626bad774180b1b8ad8dbe824b50448fde2c2f37b87e073a14c4f172a01d04414b868018905070947d46c506c70dcaeafd4b1dc36a67dcd27f9b57
+  data.tar.gz: 97937dfdb0942e6e278e91557e5029471952ab96f5378e345df7775023411a9d2da86671f40719b62ab31f018ba45c12af81d3d9696de3d23c34592a08b1f97d

data/lib/doorkeeper_sso_client.rb CHANGED Viewed

@@ -3,9 +3,7 @@ require 'doorkeeper_sso_client/mixins'
 require "doorkeeper_sso_client/engine"
 require 'doorkeeper_sso_client/config'
 require 'doorkeeper_sso_client/logging'
-require 'doorkeeper_sso_client/passport_verifier'
 require 'doorkeeper_sso_client/warden/support'
-require 'doorkeeper_sso_client/warden/hooks/after_fetch'
 require 'doorkeeper_sso_client/version'
 require 'omniauth/strategies/doorkeeper_sso'

data/lib/doorkeeper_sso_client/mixins/devise/controller_helpers.rb CHANGED Viewed

@@ -27,6 +27,10 @@ module DoorkeeperSsoClient
                 end
               end
+              def after_omniauth_failure_path_for(scope)
+                return File.join( DoorkeeperSsoClient::Config.base_uri, "logout?app_id=" + DoorkeeperSsoClient::Config.oauth_client_id.to_s )
+              end
               def sign_out(resource_or_scope=nil)
                 return sign_out_all_scopes unless resource_or_scope
                 if scope_match? resource_or_scope, :#{scope}

data/lib/doorkeeper_sso_client/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DoorkeeperSsoClient
-  VERSION = "0.4.6"
+  VERSION = "0.4.7"
 end

data/spec/lib/doorkeeper_sso_client/mixins/devise/controller_helper_spec.rb CHANGED Viewed

@@ -53,6 +53,10 @@ RSpec.describe "DoorkeeperSsoClient::Mixins::Devise::ControllerHelpers DeviseHoo
     it { expect(controller.after_sign_out_path_for(:user)).to eq "http://sso_server.com/logout?app_id=123" }
   end
+  describe "#after_omniauth_failure_path_for" do
+    # Will redirect to sso server to completely logout user
+    it { expect(controller.after_omniauth_failure_path_for(:ANYSCOPE)).to eq "http://sso_server.com/logout?app_id=123" }
+  end
   describe "#after_sign_in_path_for" do
     # Will redirect to request.env['omniauth.origin']

data/spec/models/passport_spec.rb CHANGED Viewed

@@ -52,7 +52,23 @@ RSpec.describe DoorkeeperSsoClient::Passport, :type => :model do
       it { expect(fetched_passport.uid).to eq passport_uid }
       it { expect(fetched_passport.token).to eq token }
     end
   end
+  describe "#update_from_pingback" do
+    subject(:passport) { Fabricate("DoorkeeperSsoClient::Passport") }
+    let(:the_time) { Time.now }
+    let(:pingback_data) {
+      HashWithIndifferentAccess.new(
+        revoked_at: the_time,
+        revoke_reason: 'logout',
+        activity_at: the_time
+      )
+    }
+    before() { passport.update_from_pingback(pingback_data) }
+    it { expect(passport.revoked_at).to eq the_time }
+    it { expect(passport.revoke_reason).to eq 'logout' }
+    it { expect(passport.last_login_at).to eq the_time }
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper_sso_client
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.4.7
 platform: ruby
 authors:
 - John Wong
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-07 00:00:00.000000000 Z
+date: 2015-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -348,9 +348,7 @@ files:
 - lib/doorkeeper_sso_client/mixins/devise/test_helpers.rb
 - lib/doorkeeper_sso_client/mixins/mongoid/passport.rb
 - lib/doorkeeper_sso_client/mixins/passport_base.rb
-- lib/doorkeeper_sso_client/passport_verifier.rb
 - lib/doorkeeper_sso_client/version.rb
-- lib/doorkeeper_sso_client/warden/hooks/after_fetch.rb
 - lib/doorkeeper_sso_client/warden/support.rb
 - lib/omniauth/strategies/doorkeeper_sso.rb
 - lib/tasks/doorkeeper_sso_client_tasks.rake

data/lib/doorkeeper_sso_client/passport_verifier.rb DELETED Viewed

@@ -1,146 +0,0 @@
-module DoorkeeperSsoClient
-  class PassportVerifier
-    attr_reader :passport_id, :passport_state, :passport_secret, :user_ip, :user_agent, :device_id
-    def initialize(options = {})
-      options = ActionController::Parameters.new(options)
-      options.require(:passport_id, :passport_state, :passport_secret, :user_ip)
-      options.permit(:user_agent, :device_id)
-      options.each { |k,v| instance_variable_set("@#{k}",v) }
-    end
-    def call
-      fetch_response { |failure| return failure }
-      interpret_response
-    rescue ::JSON::ParserError
-      error { 'SSO Server response is not valid JSON.' }
-      error { response.inspect }
-      Operations.failure :server_response_not_parseable, object: response
-    end
-    def human_readable_timeout_in_ms
-      "#{timeout_in_milliseconds}ms"
-    end
-    private
-    def fetch_response
-      yield Operations.failure(:server_unreachable, object: response)                   unless response.code.to_s == '200'
-      yield Operations.failure(:server_response_not_parseable, object: response)        unless parsed_response
-      yield Operations.failure(:server_response_missing_success_flag, object: response) unless response_has_success_flag?
-      Operations.success :server_response_looks_legit
-    end
-    def interpret_response
-      debug { "Interpreting response code #{response_code.inspect}" }
-      case response_code
-      when :passpord_unmodified then Operations.success(:passport_valid)
-      when :passport_changed    then Operations.success(:passport_valid_and_modified, object: received_passport)
-      when :passport_invalid    then Operations.failure(:passport_invalid)
-      else                           Operations.failure(:unexpected_server_response_status, object: response)
-      end
-    end
-    def response_code
-      return :unknown_response_code if parsed_response['code'].to_s == ''
-      parsed_response['code'].to_s.to_sym
-    end
-    def received_passport
-      ::DoorkeeperSsoClient::Passport.new received_passport_attributes
-    rescue ArgumentError
-      error { "Could not instantiate Passport from serialized response #{received_passport_attributes.inspect}" }
-      raise
-    end
-    def received_passport_attributes
-      attributes = parsed_response['passport']
-      attributes.keys.each do |key|
-        attributes[(key.to_sym rescue key) || key] = attributes.delete(key)
-      end
-      attributes
-    end
-    def params
-      result = { ip: user_ip, agent: user_agent, device_id: device_id, state: passport_state }
-      result.merge! insider_id: insider_id, insider_signature: insider_signature
-      result
-    end
-    def insider_id
-      ::Sso.config.oauth_client_id
-    end
-    def insider_secret
-      ::Sso.config.oauth_client_secret
-    end
-    def insider_signature
-      ::OpenSSL::HMAC.hexdigest signature_digest, insider_secret, user_ip
-    end
-    def signature_digest
-      OpenSSL::Digest.new 'sha1'
-    end
-    def token
-      Signature::Token.new passport_id, passport_secret
-    end
-    def signature_request
-      Signature::Request.new('GET', path, params)
-    end
-    def auth_hash
-      signature_request.sign token
-    end
-    def timeout_in_milliseconds
-      ::Sso.config.passport_verification_timeout_ms.to_i
-    end
-    def timeout_in_seconds
-      (timeout_in_milliseconds / 1000).round 2
-    end
-    # TODO: Needs to be configurable
-    def path
-      ::OmniAuth::Strategies::DoorkeeperSso.sessions_path
-    end
-    def base_endpoint
-      ::OmniAuth::Strategies::DoorkeeperSso.endpoint
-    end
-    def endpoint
-      URI.join(base_endpoint, path).to_s
-    end
-    def query_params
-      params.merge auth_hash
-    end
-    def response
-      @response ||= response!
-    end
-    def response!
-      debug { "Fetching Passport from #{endpoint.inspect}" }
-      ::HTTParty.get endpoint, timeout: timeout_in_seconds, query: query_params, headers: { 'Accept' => 'application/json' }
-    end
-    def parsed_response
-      response.parsed_response
-    end
-    def response_has_success_flag?
-      parsed_response && parsed_response.respond_to?(:key?) && (parsed_response.key?('success') || parsed_response.key?(:success))
-    end
-  end
-end

data/lib/doorkeeper_sso_client/warden/hooks/after_fetch.rb DELETED Viewed

@@ -1,134 +0,0 @@
-module DoorkeeperSsoClient
-  module Warden
-    module Hooks
-      # This is a helpful `Warden::Manager.after_fetch` hook for Alpha and Beta.
-      # Whenever Carol is fetched out of the session, we also verify her resource.
-      #
-      # Usage:
-      #
-      #   SSO::Client::Warden::Hooks::AfterFetch.activate scope: :vip
-      #
-      class AfterFetch
-        include ::DoorkeeperSsoClient::Logging
-        attr_reader :resource, :warden, :options
-        delegate :request, to: :warden
-        delegate :params, to: :request
-        def self.activate(warden_options)
-          ::Warden::Manager.after_fetch(warden_options) do |resource, warden, options|
-            self.new(resource, warden, options).call
-          end
-        end
-        def initialize(resource, warden, options)
-          @resource, @warden, @options = resource, warden, options
-        end
-        def call
-          return unless resource.is_a?(Session)
-          verify
-        rescue ::Timeout::Error
-          error { 'SSO Server timed out. Continuing with last known authentication/authorization...' }
-          Operations.failure :server_request_timed_out
-        rescue => exception
-          raise exception
-          Operations.failure :client_exception_caught
-        end
-        private
-        def verifier
-          ::DoorkeeperSsoClient::PassportVerifier.new resource_id: resource.id, resource_state: resource.state, resource_secret: resource.secret, user_ip: ip, user_agent: agent, device_id: device_id
-        end
-        def verification
-          @verification ||= verifier.call
-        end
-        def verification_code
-          verification.code
-        end
-        def verification_object
-          verification.object
-        end
-        def verify
-          debug { "Validating Passport #{resource.id.inspect} of logged in #{resource.user.class} in scope #{warden_scope.inspect}" }
-          case verification_code
-          when :server_unreachable                    then server_unreachable!
-          when :server_response_not_parseable         then server_response_not_parseable!
-          when :server_response_missing_success_flag  then server_response_missing_success_flag!
-          when :resource_valid                        then resource_valid!
-          when :resource_valid_and_modified           then resource_valid_and_modified!(verification.object)
-          when :resource_invalid                      then resource_invalid!
-          else                                             unexpected_server_response_status!
-          end
-        end
-        def resource_valid_and_modified!(modified_resource)
-          debug { 'Valid resource, but state changed' }
-          resource.verified!
-          resource.modified!
-          resource.user = modified_resource.user
-          resource.state = modified_resource.state
-          Operations.success :valid_and_modified
-        end
-        def resource_valid!
-          debug { 'Valid resource, no changes' }
-          resource.verified!
-          Operations.success :valid
-        end
-        def resource_invalid!
-          info { 'Your Passport is not valid any more.' }
-          warden.logout warden_scope
-          Operations.failure :invalid
-        end
-        def server_unreachable!
-          error { "SSO Server responded with an unexpected HTTP status code (#{verification_code.inspect} instead of 200). #{verification_object.inspect}" }
-          Operations.failure :server_unreachable
-        end
-        def server_response_missing_success_flag!
-          error { 'SSO Server response did not include the expected success flag.' }
-          Operations.failure :server_response_missing_success_flag
-        end
-        def unexpected_server_response_status!
-          error { "SSO Server response did not include a known resource status code. #{verification_code.inspect}" }
-          Operations.failure :unexpected_server_response_status
-        end
-        def server_response_not_parseable!
-          error { 'SSO Server response could not be parsed at all.' }
-          Operations.failure :server_response_not_parseable
-        end
-        # TODO: Use ActionDispatch remote IP or you might get the Load Balancer's IP instead :(
-        def ip
-          request.ip
-        end
-        def agent
-          request.user_agent
-        end
-        def device_id
-          params['device_id']
-        end
-        def warden_scope
-          options[:scope]
-        end
-      end
-    end
-  end
-end