RubyGems - ehsso - Versions diffs - 0.4.0 → 0.6.0 - Mend

ehsso 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +9 -1
data/.github/workflows/01_test.yml +40 -0
data/.github/workflows/{cd.yml → 02_release.yml} +6 -7
data/CHANGELOG.md +10 -0
data/LICENSE +21 -0
data/README.md +143 -11
data/ehsso.gemspec +5 -1
data/lib/ehsso/person.rb +1 -1
data/lib/ehsso/version.rb +1 -1
metadata +39 -13
data/.github/workflows/ci.yml +0 -52

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 683f903f1ea816c48a57b9eda4d13dcf404f0df8b59201b3f96ecba20d1edc4d
-  data.tar.gz: 91902a4685398e35c4bb8eeed376c3d198e1e624115373bb308912d4cdb9fe8f
+  metadata.gz: d41ec655415b6806e4294ff6e28d4b4a178b9dd88aca2662cf8dfdb7382e5324
+  data.tar.gz: e659665ea07cd9e34ef5390222f874265fe964fd58dc45cd3416c4134dd25791
 SHA512:
-  metadata.gz: 5a500f497f559da02ed4108bd46d73ab2cb99c4aa83f19e9cd2564299e66ec777a60bb69b7cb610b462b7573199d70d3b7213dd8a068e2cefde6b2df14506988
-  data.tar.gz: 957687c29349f36dd75c09596b6ae092516b7e2cb36058c058f3ee68392ca91addf601b475d415fd6c1078cf144935f450165bd51430fc6a7e817b77154f8c28
+  metadata.gz: 31ef14c4188888bbfb01fa4dd73469a16346703f554eb59f365deacc047204b1eb73e15f1a2a20ce3ad7e828610278bcfab62dde61c9fec8573655c4e5966205
+  data.tar.gz: 4fe87a8e2fb5a05db5dbc456910a31d483d49208e56f5f5f0f83221b3fa4dad1fc01ebe630fb7593899ab41350ac796b5e6467803251a609e4e9a4974c5f46ac

data/.github/dependabot.yml CHANGED Viewed

@@ -5,5 +5,13 @@ updates:
     schedule:
       interval: "weekly"
       day: "saturday"
-      time: "04:00"
+      time: "04:05"
+      timezone: "Europe/Zurich"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "saturday"
+      time: "04:05"
       timezone: "Europe/Zurich"

data/.github/workflows/01_test.yml ADDED Viewed

@@ -0,0 +1,40 @@
+name: 01 - Test
+on:
+  push:
+    branches:
+      - "*"
+  pull_request:
+    branches:
+      - "*"
+  schedule:
+  - cron: 0 2 * * 3,6
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [ '3.4', '3.3', '3.2']
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+    - uses: actions/checkout@v5
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler: latest
+        bundler-cache: true
+        cache-version: 1
+    - name: Run tests
+      run: |
+        bundle exec rake

data/.github/workflows/{cd.yml → 02_release.yml} RENAMED Viewed

@@ -1,26 +1,25 @@
-name: cd
+name: 02 - Release
 on:
   workflow_dispatch:
 jobs:
-  build:
+  release:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout current code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v5
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '3.1'
+        ruby-version: '3.4'
         bundler: latest
         bundler-cache: true
         cache-version: 1
-    - name: Push to Rubygems
+    - name: Release to RubyGems
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
@@ -30,4 +29,4 @@ jobs:
         echo -e "---\n:rubygems_api_key: ${{ secrets.RUBYGEMS_API_KEY }}" > ~/.gem/credentials
         chmod 600 ~/.gem/credentials
         bundle exec rake release
-        rm ~/.gem/credentials
+        rm ~/.gem/credentials

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,15 @@
 # Changelog of ehsso
+## 0.6.0 / 2025-08-20
+* Upgrade gem dependencies
+## 0.5.0 / 2025-01-22
+* Upgrade gem dependencies
+* Have support for ruby 3.1 up to 3.4, and drop support for 2.7 and 3.0
+* Accept 2 arguments for respond_to_missing?
 ## 0.4.0 / 2022-11-20
 * Upgrade gem dependencies

data/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 ikey.ch
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md CHANGED Viewed

@@ -1,21 +1,31 @@
 [![Gem Version](https://badge.fury.io/rb/ehsso.svg)](https://badge.fury.io/rb/ehsso)
-[![Maintainability](https://api.codeclimate.com/v1/badges/baea493e227c446ffe49/maintainability)](https://codeclimate.com/github/thomis/ehsso/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/baea493e227c446ffe49/test_coverage)](https://codeclimate.com/github/thomis/ehsso/test_coverage)
-[![ci](https://github.com/thomis/ehsso/actions/workflows/ci.yml/badge.svg)](https://github.com/thomis/ehsso/actions/workflows/ci.yml)
+[![01 - Test](https://github.com/thomis/ehsso/actions/workflows/01_test.yml/badge.svg)](https://github.com/thomis/ehsso/actions/workflows/01_test.yml)
+[![02 - Release](https://github.com/thomis/ehsso/actions/workflows/02_release.yml/badge.svg)](https://github.com/thomis/ehsso/actions/workflows/02_release.yml)
 # ehsso
-Company specific Single Sign On for Rails applications.
+A Rails authorization gem that integrates with company-specific Single Sign-On (SSO) infrastructure. It extracts user identity from HTTP request headers and queries a configured authorization service to retrieve user roles for your application.
+## How it works
+1. **Identity Extraction**: Reads user information from specific HTTP headers injected by your SSO infrastructure
+2. **Authorization Query**: Sends the user identity along with your application's module key to a central authorization service
+3. **Role Management**: Receives and manages user roles specific to your application/module
+4. **Access Control**: Provides simple role-checking methods for implementing authorization logic in your Rails app
+This gem handles the authorization aspect of SSO - determining what an already authenticated user is allowed to do in your specific application based on their assigned roles.
 ## Supported Ruby Versions
 Currently supported and tested ruby versions are:
-- 3.2
-- 3.1
-- 3.0
-- 2.7
-- 2.6
+- 3.4 (EOL 31 Mar 2028)
+- 3.3 (EOL 31 Mar 2027)
+- 3.2 (EOL 31 Mar 2026)
+Ruby versions not tested anymore:
+- 3.1 (EOL 31 Mar 2025)
 ## Installation
@@ -34,7 +44,7 @@ Ehsso.configure do |config|
   # Application reference
   config.module_key = 'my_module_key'
-  # Service Endpoint
+  # Authorization service endpoint with HTTP Basic Auth
   config.base_url   = 'http://{host}:{port}'
   config.username_and_password = 'username:password'
 end
@@ -42,8 +52,130 @@ end
 ## Usage
-to do....
+The authorization service typically returns roles like:
+- **ADMINISTRATOR** - Full system access
+- **OPERATOR** - Manage and modify resources
+- **USER** - Standard access, read-only
+- **GUEST** - Limited access, pending approval
+Note: The actual roles returned depend on your authorization service configuration. The gem dynamically handles any role names returned by the service.
+### Basic Controller Integration
+```ruby
+class ApplicationController < ActionController::Base
+  before_action :authorize_user
+  private
+  def authorize_user
+    @current_user = Ehsso::Person.parse_from_request_header(request.headers)
+    if @current_user.valid?
+      @current_user.fetch  # Retrieve roles from authorization service
+      unless @current_user.valid?
+        render plain: 'Authorization service unavailable', status: :service_unavailable
+      end
+    else
+      render plain: 'Unauthorized', status: :unauthorized
+    end
+  end
+  def current_user
+    @current_user
+  end
+end
+```
+### Role-Based Access Control
+```ruby
+class AdminController < ApplicationController
+  before_action :require_admin
+  def dashboard
+    # Administrator-only content
+  end
+  private
+  def require_admin
+    unless @current_user.administrator?
+      render plain: 'Access denied', status: :forbidden
+    end
+  end
+end
+class ResourcesController < ApplicationController
+  def index
+    # All authenticated users can view (even guests)
+    @resources = Resource.all
+  end
+  def show
+    # Users, operators, and administrators can view details
+    if @current_user.user? || @current_user.operator? || @current_user.administrator?
+      @resource = Resource.find(params[:id])
+    else
+      render plain: 'Guest access limited', status: :forbidden
+    end
+  end
+  def edit
+    # Operators and administrators can edit
+    if @current_user.operator? || @current_user.administrator?
+      @resource = Resource.find(params[:id])
+    else
+      render plain: 'Access denied', status: :forbidden
+    end
+  end
+  def destroy
+    # Only administrators can delete
+    if @current_user.administrator?
+      @resource = Resource.find(params[:id])
+      @resource.destroy
+      redirect_to resources_path
+    else
+      render plain: 'Access denied - Administrator only', status: :forbidden
+    end
+  end
+end
+```
+### Auto-Registration for New Users
+```ruby
+class ApplicationController < ActionController::Base
+  before_action :authorize_or_register_user
+  private
+  def authorize_or_register_user
+    @current_user = Ehsso::Person.parse_from_request_header(request.headers)
+    if @current_user.valid?
+      # This will create user with 'GUEST' role if they don't exist yet
+      @current_user.fetch_or_create
+      if @current_user.guest?
+        redirect_to pending_approval_path
+      elsif @current_user.user? || @current_user.operator? || @current_user.administrator?
+        # User has been granted proper access
+        return true
+      end
+    else
+      render plain: 'Missing SSO headers', status: :unauthorized
+    end
+  end
+end
+```
 ## Contributing
 Bug reports and pull requests are welcome on GitHub at https://github.com/thomis/ehsso.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/ehsso.gemspec CHANGED Viewed

@@ -20,12 +20,16 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
+  spec.required_ruby_version = ">= 3.1"
   spec.add_development_dependency "bundler", "~> 2.3"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.12"
-  spec.add_development_dependency "rails", "~> 6.1.6.1"
+  spec.add_development_dependency "rails", ">= 6.1"
   spec.add_development_dependency "standard", "~> 1.18"
   spec.add_development_dependency "simplecov", "~> 0.21"
   spec.add_runtime_dependency("typhoeus", "~> 1.3")
+  spec.add_runtime_dependency("logger", "~> 1.7")
+  spec.add_runtime_dependency("bigdecimal", "~> 3.2")
 end

data/lib/ehsso/person.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Ehsso
       @roles.include?(method[0..-2].upcase)
     end
-    def respond_to_missing?(method)
+    def respond_to_missing?(method, include_private = false)
       true if method[-1] == "?"
     end

data/lib/ehsso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Ehsso
-  VERSION = "0.4.0"
+  VERSION = "0.6.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: ehsso
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Thomas Steiner
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-11-20 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -56,16 +55,16 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 6.1.6.1
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 6.1.6.1
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: standard
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +107,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: bigdecimal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
 description: EH Single Sign On
 email:
 - thomas.steiner@ikey.ch
@@ -116,12 +143,13 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
-- ".github/workflows/cd.yml"
-- ".github/workflows/ci.yml"
+- ".github/workflows/01_test.yml"
+- ".github/workflows/02_release.yml"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - ehsso.gemspec
@@ -134,7 +162,6 @@ homepage: http://github.com/thomis/ehsso
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -142,15 +169,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: EH Single Sign On
 test_files: []

data/.github/workflows/ci.yml DELETED Viewed

@@ -1,52 +0,0 @@
-name: ci
-on:
-  push:
-    branches:
-      - "*"
-  pull_request:
-    branches:
-      - "*"
-  schedule:
-  - cron: 0 2 * * 1,3,5,6
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    env:
-      CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby: [ '3.2', '3.1', '3.0', '2.7', '2.6']
-    name: Ruby ${{ matrix.ruby }}
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler: latest
-        bundler-cache: true
-        cache-version: 1
-    - name: Code Climate setup test reporter
-      run: |
-        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-        chmod +x ./cc-test-reporter
-        ./cc-test-reporter before-build
-    - name: Run default task
-      run: |
-        bundle exec rake
-    - name: Code Climate publish test coverage
-      run: |
-        ./cc-test-reporter after-build