forget-passwords 0.2.13 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4db3ce83ab06fe2e7ba9fbf453370f1182e8fc6e7f888e1edd2851e1eb4dfe1a
-  data.tar.gz: '049d12c72b928352235e422c2c737a7c7827d5284a68054ea09f50c7d3a962d0'
+  metadata.gz: dacb56a002005cc14bb46809690604cccd905eee5c5fc8c5efb78557629611e6
+  data.tar.gz: 704b521acb64f33a934c8768e8bc1496a86ae55d27a0598f4172a7ddc6c8d0e0
 SHA512:
-  metadata.gz: 2d3bc2353a0b41009cb7b537a67bc58210670095949afbe21ada7221912c3d6a91c580240d56803b159a32a73c3d4e1c756f7b34c288879be61f842740c6bf20
-  data.tar.gz: 3c7771eb7709deeeca3c7617be519168d6387c619b5e0de0a61243905bb8a4f5a9a2667ab6a63ada192c962a426301e2d83400a5370dc212aaa7e2ee1f69eefb
+  metadata.gz: 1e79d40cbf1151f1a6fb056e17e90f022f65cf575e9eac4a2d1931b4c9c32723924a7e27f83ec893acbafa46710c6da68de3e2791005066ba74eea2a880f0f39
+  data.tar.gz: c306b865ed182f590338d26a7a41a165c38626519dbfc627b77fac4f8a271f7a9d83274a10ec8ae7629a9992407fe92524a4b2a9eb5e4c74ebf1b3b5907e67de

data/README.md

@@ -578,9 +578,11 @@ favourite flavour of templating engine.
 
 ### Reconcile with OAuth
 
-The authentication cookie used by Forget Passwords bears a striking
-resemblance to an [OAuth](https://oauth.net/) bearer token, such that
-could actually _be_ (at least a proxy for) an OAuth bearer token.
+Let's face it: this thing is 98% of what [OAuth](https://oauth.net/)
+does: it trades one token for another over a more-or-less secure side
+channel. It could be made a heck of a lot simpler by just…wrapping
+OAuth.
+
 Indeed, bearer tokens would make for an _excellent_ cleavage plane for
 _segmented_ authentication: Method X to bearer token, then bearer
 token to `REMOTE_USER`. This means we could have multiple

data/lib/forget-passwords/template.rb

@@ -4,6 +4,7 @@ require 'xml-mixup'
 require 'http-negotiate'
 require 'forget-passwords/types'
 require 'uri'
+require 'time'
 
 module ForgetPasswords
 
@@ -18,6 +19,8 @@ module ForgetPasswords
       DEFAULT_PATH = (
         Pathname(__FILE__).parent + '../../content').expand_path.freeze
 
+      # this is a default document root subpath
+      DEFAULT_DOCROOT = '.forgetpw'.freeze
 
       # Normalize the input to symbol `:like_this`.
       #
@@ -57,21 +60,67 @@ module ForgetPasswords
         @path      = Pathname(path).expand_path
         @base      = base
         @transform = transform
-        @mapping   = mapping.map do |k, v|
-          name = normalize k
-          template = v.is_a?(ForgetPasswords::Template) ? v :
-            ForgetPasswords::Template.new(self, k, @path + v)
-          [name, template]
-        end.to_h
+        @mapping   = mapping
+        @templates = {
+          @path => mapping.map do |k, v|
+            name = normalize k
+            template = v.is_a?(ForgetPasswords::Template) ? v :
+              ForgetPasswords::Template.new(self, k, @path + v)
+            [name, template]
+          end.to_h
+        }
       end
 
-      def [] key
-        @mapping[normalize key]
+      # Fetch the appropriate template, optionally relative to a given root.
+      #
+      # @param key [Symbol, #to_sym] the template key.
+      # @param root [nil, String] an optional document root.
+      #
+      # @return [nil, ForgetPasswords::Template] a template
+      #
+      def [] key, root = nil
+        key = normalize key
+        # bail early if we don't know the key
+        return unless @mapping[key]
+
+        # obtain optional root
+        root = if root
+                 r = root.respond_to?(:env) ? root.env['DOCUMENT_ROOT'] : root
+                 r = (Pathname(r) + DEFAULT_DOCROOT).expand_path
+                 r.readable? ? r : nil
+               end
+
+        if root
+          # get the full file path
+          fp = root + @mapping[key]
+          if fp.readable?
+            mt       = fp.mtime
+            rootmap  = @templates[root] ||= {}
+            template = rootmap[key]
+
+            # congratulations, you found it
+            return template if template and mt <= template.modified
+
+            # XXX this could explode obvs
+            begin
+              template = ForgetPasswords::Template.new(self, key, fp, mt)
+              rootmap[key] = template
+              return template
+            rescue
+              # XXX duhh what do we do here
+              nil
+            end
+          end
+        end
+
+        # otherwise just return the default
+        @templates[@path][key]
       end
 
       def []= key, path
         name = normalize key
-        @mapping[name] = path.is_a?(ForgetPasswords::Template) ? path :
+        # XXX do something less dumb here
+        @templates[@path][name] = path.is_a?(ForgetPasswords::Template) ? path :
           ForgetPasswords::Template.new(self, key, @path + path)
       end
 
@@ -132,12 +181,13 @@ module ForgetPasswords
 
     public
 
-    attr_reader :name, :doc, :mapper
+    attr_reader :name, :doc, :mapper, :modified
 
-    def initialize mapper, name, content
+    def initialize mapper, name, content, modified = Time.now
       # boring members
-      @mapper = mapper
-      @name   = name
+      @mapper   = mapper
+      @name     = name
+      @modified = modified
 
       # resolve content
       @doc = case content
@@ -253,6 +303,7 @@ module ForgetPasswords
     # @return [Rack::Response] the response object, updated in place
     #
     def populate resp, headers = {}, vars = {}, base: nil
+
       if (body, type = serialize(
         process(vars: vars, base: base), headers, full: true))
         #resp.length = body.bytesize # not sure if necessary

data/lib/forget-passwords/version.rb

@@ -1,3 +1,3 @@
 module ForgetPasswords
-  VERSION = '0.2.13'
+  VERSION = '0.3.0'
 end

data/lib/forget-passwords.rb

@@ -311,7 +311,7 @@ module ForgetPasswords
       }
 
       # grab the template since we'll use it
-      template = @templates[:email]
+      template = @templates[:email, req]
 
       # process the templates
       doc = template.process vars: vars
@@ -336,7 +336,7 @@ module ForgetPasswords
       uri = req_uri req
       resp = Rack::Response.new
       resp.status = status
-      @templates[key].populate resp, req, vars, base: uri
+      @templates[key, req].populate resp, req, vars, base: uri
       resp.set_header "Variable-#{@vars[:type]}", resp.content_type
       raise ForgetPasswords::ErrorResponse, resp
     end
@@ -347,7 +347,7 @@ module ForgetPasswords
       uri  = req_uri req
       resp = Rack::Response.new
       resp.status = 401
-      @templates[:default_401].populate resp, req, {
+      @templates[:default_401, req].populate resp, req, {
         FORWARD: req_uri(req).to_s, LOGIN: @targets[:login] }, base: uri
       resp.set_header "Variable-#{@vars[:type]}", resp.content_type
       resp
@@ -386,7 +386,7 @@ module ForgetPasswords
         target != uri # (note this should always be true)
       resp.set_cookie @keys[:cookie], {
         value: token, secure: req.ssl?, httponly: true,
-        domain: uri.host, path: ?/, same_site: :strict,
+        domain: uri.host, path: ?/, same_site: :lax, # strict is too strict
         expires: time_delta(@state.expiry[:cookie]),
       }
 
@@ -444,7 +444,7 @@ module ForgetPasswords
       # update the cookie expiration
       resp.set_cookie @keys[:cookie], {
         value: token, secure: req.ssl?, httponly: true,
-        domain: uri.host, path: ?/, same_site: :strict,
+        domain: uri.host, path: ?/, same_site: :lax, # strict is too strict
         expires: time_delta(@state.expiry[:cookie], now),
       }
 
@@ -495,7 +495,7 @@ module ForgetPasswords
 
       # return 200 now because this is now a content handler
       resp.status = 200
-      @templates[:email_sent].populate resp, req, {
+      @templates[:email_sent, req].populate resp, req, {
         FORWARD: forward.to_s, FROM: @email[:from].to_s, EMAIL: address.to_s },
         base: uri
     end
@@ -534,6 +534,7 @@ module ForgetPasswords
     def handle_auth req
       auth = req.get_header('Authorization') || req.env['HTTP_AUTHORIZATION']
       if auth and !auth.strip.empty?
+        # warn "has authorization header #{auth}"
         mech, *auth = auth.strip.split
         token = case mech.downcase
                 when 'basic'
@@ -549,13 +550,15 @@ module ForgetPasswords
           default_401 req
         end
       elsif knock = req.GET[@keys[:query]]
-        # check for a knock first; this overrides everything
+        # check for a knock; this overrides an existing cookie
+        # warn "has knock token #{knock}"
         handle_knock req, knock
       # elsif req.post?
       #  # next check for a login/logout attempt
       #  handle_post req
       elsif token = req.cookies[@keys[:cookie]]
         # next check for a cookie
+        # warn "has cookie #{token}"
         handle_cookie req, token
       else
         default_401 req

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forget-passwords
 version: !ruby/object:Gem::Version
-  version: 0.2.13
+  version: 0.3.0
 platform: ruby
 authors:
 - Dorian Taylor
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-12-08 00:00:00.000000000 Z
+date: 2023-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -290,7 +290,7 @@ homepage: https://github.com/doriantaylor/rb-forget-passwords
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -305,8 +305,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.11
-signing_key:
+rubygems_version: 3.1.2
+signing_key: 
 specification_version: 4
 summary: Web authentication module for the extremely lazy
 test_files: []