forget-passwords 0.2.13 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4db3ce83ab06fe2e7ba9fbf453370f1182e8fc6e7f888e1edd2851e1eb4dfe1a
-  data.tar.gz: '049d12c72b928352235e422c2c737a7c7827d5284a68054ea09f50c7d3a962d0'
+  metadata.gz: 356eaeb9312780934bfae2ec2563654d692923be2633da67962cb8e4def0eb7e
+  data.tar.gz: 94cdf2ecac3f9509159e648bcf672c9f6bda8b70adbeba01120ce4ba96585384
 SHA512:
-  metadata.gz: 2d3bc2353a0b41009cb7b537a67bc58210670095949afbe21ada7221912c3d6a91c580240d56803b159a32a73c3d4e1c756f7b34c288879be61f842740c6bf20
-  data.tar.gz: 3c7771eb7709deeeca3c7617be519168d6387c619b5e0de0a61243905bb8a4f5a9a2667ab6a63ada192c962a426301e2d83400a5370dc212aaa7e2ee1f69eefb
+  metadata.gz: 567efe5a44252f6aa39206ed58325f6f74f9acad040af449383317f7bc80c2c7ecd0680a19e8231a6d1710dccba22521c651495ef992b04a3329f25527738f74
+  data.tar.gz: e20c7477ae6b0bf4c9fb54bbae5b285dc962c27a07e5815a1e1c1da5b37064f9d2a11dfe8fbab5413a127c550e40277a7010f56c5e9642e54b63f267adb8e100

data/README.md

@@ -578,9 +578,11 @@ favourite flavour of templating engine.
 
 ### Reconcile with OAuth
 
-The authentication cookie used by Forget Passwords bears a striking
-resemblance to an [OAuth](https://oauth.net/) bearer token, such that
-could actually _be_ (at least a proxy for) an OAuth bearer token.
+Let's face it: this thing is 98% of what [OAuth](https://oauth.net/)
+does: it trades one token for another over a more-or-less secure side
+channel. It could be made a heck of a lot simpler by just…wrapping
+OAuth.
+
 Indeed, bearer tokens would make for an _excellent_ cleavage plane for
 _segmented_ authentication: Method X to bearer token, then bearer
 token to `REMOTE_USER`. This means we could have multiple

data/forget-passwords.gemspec

@@ -56,7 +56,7 @@ DESC
   spec.add_runtime_dependency 'fcgi',       '>= 0.9.2.1'
   spec.add_runtime_dependency 'iso8601',    '>= 0.12'
   spec.add_runtime_dependency 'mail',       '>= 2.7.1'
-  spec.add_runtime_dependency 'rack',       '>= 2.0'
+  spec.add_runtime_dependency 'rack',       '~> 2'
   spec.add_runtime_dependency 'sequel',     '>= 5.20'
   spec.add_runtime_dependency 'uuidtools',  '>= 2.1'
 

data/lib/forget-passwords/template.rb

@@ -4,6 +4,7 @@ require 'xml-mixup'
 require 'http-negotiate'
 require 'forget-passwords/types'
 require 'uri'
+require 'time'
 
 module ForgetPasswords
 
@@ -18,6 +19,8 @@ module ForgetPasswords
       DEFAULT_PATH = (
         Pathname(__FILE__).parent + '../../content').expand_path.freeze
 
+      # this is a default document root subpath
+      DEFAULT_DOCROOT = '.forgetpw'.freeze
 
       # Normalize the input to symbol `:like_this`.
       #
@@ -57,21 +60,67 @@ module ForgetPasswords
         @path      = Pathname(path).expand_path
         @base      = base
         @transform = transform
-        @mapping   = mapping.map do |k, v|
-          name = normalize k
-          template = v.is_a?(ForgetPasswords::Template) ? v :
-            ForgetPasswords::Template.new(self, k, @path + v)
-          [name, template]
-        end.to_h
+        @mapping   = mapping
+        @templates = {
+          @path => mapping.map do |k, v|
+            name = normalize k
+            template = v.is_a?(ForgetPasswords::Template) ? v :
+              ForgetPasswords::Template.new(self, k, @path + v)
+            [name, template]
+          end.to_h
+        }
       end
 
-      def [] key
-        @mapping[normalize key]
+      # Fetch the appropriate template, optionally relative to a given root.
+      #
+      # @param key [Symbol, #to_sym] the template key.
+      # @param root [nil, String] an optional document root.
+      #
+      # @return [nil, ForgetPasswords::Template] a template
+      #
+      def [] key, root = nil
+        key = normalize key
+        # bail early if we don't know the key
+        return unless @mapping[key]
+
+        # obtain optional root
+        root = if root
+                 r = root.respond_to?(:env) ? root.env['DOCUMENT_ROOT'] : root
+                 r = (Pathname(r) + DEFAULT_DOCROOT).expand_path
+                 r.readable? ? r : nil
+               end
+
+        if root
+          # get the full file path
+          fp = root + @mapping[key]
+          if fp.readable?
+            mt       = fp.mtime
+            rootmap  = @templates[root] ||= {}
+            template = rootmap[key]
+
+            # congratulations, you found it
+            return template if template and mt <= template.modified
+
+            # XXX this could explode obvs
+            begin
+              template = ForgetPasswords::Template.new(self, key, fp, mt)
+              rootmap[key] = template
+              return template
+            rescue
+              # XXX duhh what do we do here
+              nil
+            end
+          end
+        end
+
+        # otherwise just return the default
+        @templates[@path][key]
       end
 
       def []= key, path
         name = normalize key
-        @mapping[name] = path.is_a?(ForgetPasswords::Template) ? path :
+        # XXX do something less dumb here
+        @templates[@path][name] = path.is_a?(ForgetPasswords::Template) ? path :
           ForgetPasswords::Template.new(self, key, @path + path)
       end
 
@@ -132,12 +181,13 @@ module ForgetPasswords
 
     public
 
-    attr_reader :name, :doc, :mapper
+    attr_reader :name, :doc, :mapper, :modified
 
-    def initialize mapper, name, content
+    def initialize mapper, name, content, modified = Time.now
       # boring members
-      @mapper = mapper
-      @name   = name
+      @mapper   = mapper
+      @name     = name
+      @modified = modified
 
       # resolve content
       @doc = case content
@@ -253,6 +303,7 @@ module ForgetPasswords
     # @return [Rack::Response] the response object, updated in place
     #
     def populate resp, headers = {}, vars = {}, base: nil
+
       if (body, type = serialize(
         process(vars: vars, base: base), headers, full: true))
         #resp.length = body.bytesize # not sure if necessary

data/lib/forget-passwords/types.rb

@@ -101,7 +101,7 @@ module Dry::Types::Builder
     reqd = keys.select(&:required?)
 
     if reqd.empty?
-      # there aren't any requireed keys, but we'll set the empty hash
+      # there aren't any required keys, but we'll set the empty hash
       # as a default if there exist optional keys, otherwise any
       # default will interfere with input from upstream.
       return default({}.freeze) unless keys.empty?

data/lib/forget-passwords/version.rb

@@ -1,3 +1,3 @@
 module ForgetPasswords
-  VERSION = '0.2.13'
+  VERSION = '0.3.1'
 end

data/lib/forget-passwords.rb

@@ -311,7 +311,7 @@ module ForgetPasswords
       }
 
       # grab the template since we'll use it
-      template = @templates[:email]
+      template = @templates[:email, req]
 
       # process the templates
       doc = template.process vars: vars
@@ -336,7 +336,7 @@ module ForgetPasswords
       uri = req_uri req
       resp = Rack::Response.new
       resp.status = status
-      @templates[key].populate resp, req, vars, base: uri
+      @templates[key, req].populate resp, req, vars, base: uri
       resp.set_header "Variable-#{@vars[:type]}", resp.content_type
       raise ForgetPasswords::ErrorResponse, resp
     end
@@ -347,7 +347,7 @@ module ForgetPasswords
       uri  = req_uri req
       resp = Rack::Response.new
       resp.status = 401
-      @templates[:default_401].populate resp, req, {
+      @templates[:default_401, req].populate resp, req, {
         FORWARD: req_uri(req).to_s, LOGIN: @targets[:login] }, base: uri
       resp.set_header "Variable-#{@vars[:type]}", resp.content_type
       resp
@@ -386,7 +386,7 @@ module ForgetPasswords
         target != uri # (note this should always be true)
       resp.set_cookie @keys[:cookie], {
         value: token, secure: req.ssl?, httponly: true,
-        domain: uri.host, path: ?/, same_site: :strict,
+        domain: uri.host, path: ?/, same_site: :lax, # strict is too strict
         expires: time_delta(@state.expiry[:cookie]),
       }
 
@@ -444,7 +444,7 @@ module ForgetPasswords
       # update the cookie expiration
       resp.set_cookie @keys[:cookie], {
         value: token, secure: req.ssl?, httponly: true,
-        domain: uri.host, path: ?/, same_site: :strict,
+        domain: uri.host, path: ?/, same_site: :lax, # strict is too strict
         expires: time_delta(@state.expiry[:cookie], now),
       }
 
@@ -495,7 +495,7 @@ module ForgetPasswords
 
       # return 200 now because this is now a content handler
       resp.status = 200
-      @templates[:email_sent].populate resp, req, {
+      @templates[:email_sent, req].populate resp, req, {
         FORWARD: forward.to_s, FROM: @email[:from].to_s, EMAIL: address.to_s },
         base: uri
     end
@@ -534,6 +534,7 @@ module ForgetPasswords
     def handle_auth req
       auth = req.get_header('Authorization') || req.env['HTTP_AUTHORIZATION']
       if auth and !auth.strip.empty?
+        # warn "has authorization header #{auth}"
         mech, *auth = auth.strip.split
         token = case mech.downcase
                 when 'basic'
@@ -549,13 +550,15 @@ module ForgetPasswords
           default_401 req
         end
       elsif knock = req.GET[@keys[:query]]
-        # check for a knock first; this overrides everything
+        # check for a knock; this overrides an existing cookie
+        # warn "has knock token #{knock}"
         handle_knock req, knock
       # elsif req.post?
       #  # next check for a login/logout attempt
       #  handle_post req
       elsif token = req.cookies[@keys[:cookie]]
         # next check for a cookie
+        # warn "has cookie #{token}"
         handle_cookie req, token
       else
         default_401 req

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forget-passwords
 version: !ruby/object:Gem::Version
-  version: 0.2.13
+  version: 0.3.1
 platform: ruby
 authors:
 - Dorian Taylor
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-08 00:00:00.000000000 Z
+date: 2023-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -154,16 +154,16 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -305,7 +305,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.11
+rubygems_version: 3.3.15
 signing_key:
 specification_version: 4
 summary: Web authentication module for the extremely lazy