fortifier 0.2.3 → 0.2.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d30eeb99b0b1213c68918b193b5b91259d956b97
4
- data.tar.gz: 8f0d4e3b7a3446b5019da07a79242b12e0fee5b5
3
+ metadata.gz: bf5ec2e45377ccc4101c75b9e29cc27068ab1dd8
4
+ data.tar.gz: 807af011ad7d4ddbafe9258413aa893470cbd831
5
5
  SHA512:
6
- metadata.gz: 73aaa91c7f54242d385e0616f1d230d27284f822e1c2206699ea15b7790498a6566e6d9446f9ebe20be820aed1724932c1dc9b71d76ef084779ffa2cc8e96c41
7
- data.tar.gz: ddcb67cb26ae7007b574f581b096637d3ce3fab2408008793c49637cdee4c5272c464c8a4ac87d7d301b3ac61fe541b11787345879d47aa1f2044fc5333a325d
6
+ metadata.gz: 8deb81f7f8cf4f05d2efe8f821740c291966121206fab7d639a2757cd19dbf41419ca1c5af38213b4e962b0b9b41834c33cc3e352866eac81a7b0abdf6c144c2
7
+ data.tar.gz: b906bf178f8a2791b67ffbf6273f14438f6072bde32109e896a7a4795df06a315eb185ea18c5834683573469471bd305688020a8aa30f7c186484d408df58176
@@ -3,8 +3,8 @@ module Fortifier
3
3
  class InitializeAuthAttempt
4
4
  def self.invoke(params)
5
5
  secret = params[:secret]
6
- auth_user = AuthUser.where(login: params[:login]).first
7
- auth_success = secret.blank? || auth_user.blank? ? false : auth_user.authenticated?(secret)
6
+ auth_user = AuthUser.where(login: params[:login]).where(deleted: 0).first
7
+ auth_success = (secret.blank? || auth_user.blank? || auth_user.deleted? ) ? false : auth_user.authenticated?(secret)
8
8
  auth_log = Fortifier::AuthLog.create(auth_user: auth_user,
9
9
  user_agent: params[:user_agent],
10
10
  remote_addr: params[:remote_addr],
@@ -90,50 +90,47 @@ module Fortifier
90
90
 
91
91
  def secrets_match?(secret_string)
92
92
  current_secret_model = current_secret_non_token
93
- return false if current_secret_model.blank?
93
+ return false if current_secret_model.blank?
94
94
 
95
- auth_result = current_secret_model.matches?(secret_string)
96
- current_secret_model.update_encryption_method(secret_string) if (auth_result && current_secret_model.enc_type == "SHA")
95
+ auth_result = current_secret_model.matches?(secret_string)
96
+ current_secret_model.update_encryption_method(secret_string) if (auth_result && current_secret_model.enc_type == "SHA")
97
97
 
98
- return auth_result
98
+ return auth_result
99
99
  end
100
100
 
101
101
  def authenticated?(secret_string)
102
102
  # TODO: (DK) do not increase consecutive_failed_logins if user is attempting a pw change
103
103
  # move consecutive_failed_logins updates to a different method so this method
104
104
  # doesn't do multiple things (code smell)
105
- # TODO: (DK) remove if self
106
- if self
107
- if self.secrets_match?(secret_string)
108
- self.update_column(:consecutive_failed_logins, 0)
109
- true
110
- else
111
- self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
112
- false
113
- end
105
+ if self.secrets_match?(secret_string)
106
+ self.update_column(:consecutive_failed_logins, 0) unless self.blocked?
107
+ true
108
+ else
109
+ self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
110
+ false
114
111
  end
115
112
  end
116
113
 
117
114
  def self.authenticate_batch_sso(account_uuid, token)
118
115
  return nil if token.blank?
119
116
  AuthUser.
120
- joins(:secrets).
121
- where("find_in_set(? , account_uuids_csv)
117
+ joins(:secrets).
118
+ where("find_in_set(? , account_uuids_csv)
122
119
  AND (expired IS NULL OR expired = false)
123
120
  AND enc_type = '#{Secret::SSO_TOKEN}'
124
121
  AND secret_value = ?", account_uuid, token).
125
- first
122
+ first
126
123
  end
127
124
 
128
125
  def self.authenticate_on_demand_sso(account_uuid, token)
129
126
  return nil if token.blank?
130
127
  AuthUser.
131
- joins(:secrets).
132
- where("find_in_set(? , account_uuids_csv)
128
+ joins(:secrets).
129
+ where("find_in_set(? , account_uuids_csv)
133
130
  AND (expired IS NULL OR expired = false)
134
131
  AND enc_type = '#{Secret::SSO_TOKEN}'
135
132
  AND secret_value = ?", account_uuid, token).
136
- first
133
+ first
137
134
  end
138
135
 
139
136
  def blocked?
@@ -166,13 +163,15 @@ module Fortifier
166
163
  def public_attribute_hash
167
164
  auth_log = self.auth_logs.last
168
165
  {
169
- uuid: self.uuid,
170
- email: self.email,
171
- login: self.login,
172
- name: self.name,
173
- note: self.note,
174
- disabled: self.disabled?,
175
- last_auth_log: ({user_agent: auth_log.user_agent, status: auth_log.status, created_at: auth_log.created_at.to_time} if auth_log)
166
+ uuid: self.uuid,
167
+ email: self.email,
168
+ login: self.login,
169
+ name: self.name,
170
+ note: self.note,
171
+ disabled: self.disabled?,
172
+ deleted: self.deleted?,
173
+ blocked: self.blocked?,
174
+ last_auth_log: ({user_agent: auth_log.user_agent, status: auth_log.status, created_at: auth_log.created_at.to_time} if auth_log)
176
175
  }
177
176
  end
178
177
 
@@ -196,14 +195,15 @@ module Fortifier
196
195
  app_uuids_query = "app_uuids_csv = '#{app_uuid}'"
197
196
  account_uuids_query = account_uuid ? " AND account_uuids_csv = '#{account_uuid}'" : ""
198
197
  search_keywords_query = search_keywords ? " AND FIND_IN_SET ('#{search_keywords}', search_keywords_csv)" : ''
199
- aggregate_query = app_uuids_query + account_uuids_query + search_keywords_query
198
+ undeleted_auth_user_clause = " AND deleted = 0 "
199
+ aggregate_query = app_uuids_query + account_uuids_query + search_keywords_query + undeleted_auth_user_clause
200
200
 
201
201
  # b/c there's no 'enabled' field on auth user and abaqis allows this sorting (providigm/users in abaqis)
202
202
  if sort_col=='enabled'
203
203
  Fortifier::AuthUser.where(aggregate_query)
204
- .where(user_search_query)
205
- .order("app_uuids_csv #{sort_dir}, account_uuids_csv #{sort_dir}")
206
- .paginate(:page=>page, :per_page=>per_page)
204
+ .where(user_search_query)
205
+ .order("app_uuids_csv #{sort_dir}, account_uuids_csv #{sort_dir}")
206
+ .paginate(:page=>page, :per_page=>per_page)
207
207
  elsif sort_col=='last_login_at'
208
208
  # In other words, pull all users associated with the app in question (if available),
209
209
  # joined with their most recent AuthLog,
@@ -217,14 +217,14 @@ module Fortifier
217
217
  AS last_seen
218
218
  ON fau.id = last_seen.auth_user_id
219
219
  #{'WHERE ' + aggregate_query}
220
- #{'AND ' + user_search_query if user_search_query.present?}
220
+ #{'AND ' + user_search_query if user_search_query.present?}
221
221
  ORDER BY last_login_at #{sort_dir}")
222
- .paginate(:page=>page, :per_page=>per_page)
222
+ .paginate(:page=>page, :per_page=>per_page)
223
223
  else
224
224
  Fortifier::AuthUser.where(aggregate_query)
225
- .where(user_search_query)
226
- .order("#{sort_col} #{sort_dir}")
227
- .paginate(:page=>page, :per_page=>per_page)
225
+ .where(user_search_query)
226
+ .order("#{sort_col} #{sort_dir}")
227
+ .paginate(:page=>page, :per_page=>per_page)
228
228
  end
229
229
  end
230
230
 
@@ -243,8 +243,8 @@ module Fortifier
243
243
 
244
244
  def unique?(type, value)
245
245
  case type
246
- when :login then active_relation = AuthUser.where("login = ?", value)
247
- when :email then active_relation = AuthUser.where("email = ?", value)
246
+ when :login then active_relation = AuthUser.where("login = ? and deleted = 0", value)
247
+ when :email then active_relation = AuthUser.where("email = ? and deleted = 0", value)
248
248
  end
249
249
 
250
250
  matching_auth_users = active_relation.to_a # converted to an array so the AuthUser isn't deleted from the db
@@ -151,10 +151,13 @@ module Fortifier
151
151
  auth_user = Fortifier::AuthUser.where("uuid = ?", params[:uuid]).first
152
152
  return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
153
153
 
154
- auth_user.login = params[:login] if params[:login]
155
- auth_user.email = params[:email] if params[:email]
156
- auth_user.name = params[:name] if params[:name]
157
- auth_user.note = params[:note] if params[:note]
154
+ auth_user.login = params[:login] if params[:login]
155
+ auth_user.email = params[:email] if params[:email]
156
+ auth_user.name = params[:name] if params[:name]
157
+ auth_user.note = params[:note] if params[:note]
158
+ auth_user.app_uuids = params[:app_uuids]
159
+ auth_user.account_uuids = params[:account_uuids]
160
+ auth_user.search_keywords = params[:search_keywords]
158
161
  sso_user = params[:sso_user]
159
162
 
160
163
  if params[:password] || sso_user
@@ -163,15 +166,16 @@ module Fortifier
163
166
  enc_type = sso_user ? Secret::SSO_TOKEN : nil
164
167
  end
165
168
 
166
- if secret && secret_confirmation
169
+ if secret.present? && secret_confirmation.present?
167
170
  new_secret = Secret.new(secret: secret,
168
171
  secret_confirmation: secret_confirmation)
169
172
  end
170
173
 
171
174
  valid_auth_user = auth_user.valid?
172
175
  valid_secret = new_secret ? new_secret.valid? : true
173
-
176
+
174
177
  if valid_auth_user && valid_secret
178
+ auth_user.consecutive_failed_logins = 0
175
179
  auth_user.save
176
180
  auth_user.secrets << new_secret if new_secret
177
181
  { uuid: auth_user.uuid,
@@ -275,20 +279,34 @@ module Fortifier
275
279
  auth_user = AuthUser.where(uuid: params[:uuid]).first
276
280
  return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
277
281
 
278
- auth_user.app_uuids - app_uuids
279
- auth_user.account_uuids - account_uuids
280
- auth_user.search_keywords - search_keywords
282
+ auth_user.app_uuids -= app_uuids
283
+ auth_user.account_uuids -= account_uuids
284
+ auth_user.search_keywords -= search_keywords
281
285
  result = auth_user.save
282
286
 
283
287
  result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
284
288
  end
289
+
290
+ def delete(params)
291
+ return {status: false, errors: [:uuid_not_provided]} if params[:uuid].blank?
292
+
293
+ auth_user = AuthUser.where(uuid: params[:uuid]).first
294
+ return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
295
+
296
+ auth_user.deleted = 1
297
+
298
+ result = auth_user.save
299
+
300
+ result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
301
+
302
+ end
285
303
 
286
304
  def find_auth_user(field, param)
287
305
  field = field.to_s || ''
288
306
 
289
307
  case field
290
308
  when 'uuid' then auth_user = AuthUser.where("uuid = ?", param).first
291
- when 'login', 'email' then auth_user = AuthUser.where("login = ? OR email = ?", param, param).first
309
+ when 'login', 'email' then auth_user = AuthUser.where("deleted = 0 and (login = ? OR email = ?)", param, param).first
292
310
  when 'token' then auth_user = AuthUser.joins(:secrets).where("secret_value = ? AND (expired IS NULL OR expired = false)", param).first
293
311
  end
294
312
 
@@ -0,0 +1,5 @@
1
+ class AddDeletedToAuthUsers < ActiveRecord::Migration
2
+ def change
3
+ add_column :fortifier_auth_users, :deleted, :integer, :default => 0, :after => :search_keywords_csv
4
+ end
5
+ end
@@ -1,3 +1,3 @@
1
1
  module Fortifier
2
- VERSION = "0.2.3"
2
+ VERSION = "0.2.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fortifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 0.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Derek Koloditch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-09 00:00:00.000000000 Z
11
+ date: 2015-03-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -144,6 +144,7 @@ files:
144
144
  - config/routes.rb
145
145
  - db/migrate/20140401194012_create_fortifier_tables.rb
146
146
  - db/migrate/20140415210139_add_auth_user_search_keywords_field.rb
147
+ - db/migrate/20150310194416_add_deleted_to_auth_users.rb
147
148
  - db/migration_scripts/20140403_temp_whitelist_migration.rb
148
149
  - lib/fortifier.rb
149
150
  - lib/fortifier/engine.rb