fortifier 0.2.3 → 0.2.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/fortifier/auth_steps/initialize_auth_attempt.rb +2 -2
- data/app/models/fortifier/auth_user.rb +37 -37
- data/app/models/fortifier/auth_user_api.rb +28 -10
- data/db/migrate/20150310194416_add_deleted_to_auth_users.rb +5 -0
- data/lib/fortifier/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bf5ec2e45377ccc4101c75b9e29cc27068ab1dd8
|
|
4
|
+
data.tar.gz: 807af011ad7d4ddbafe9258413aa893470cbd831
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8deb81f7f8cf4f05d2efe8f821740c291966121206fab7d639a2757cd19dbf41419ca1c5af38213b4e962b0b9b41834c33cc3e352866eac81a7b0abdf6c144c2
|
|
7
|
+
data.tar.gz: b906bf178f8a2791b67ffbf6273f14438f6072bde32109e896a7a4795df06a315eb185ea18c5834683573469471bd305688020a8aa30f7c186484d408df58176
|
|
@@ -3,8 +3,8 @@ module Fortifier
|
|
|
3
3
|
class InitializeAuthAttempt
|
|
4
4
|
def self.invoke(params)
|
|
5
5
|
secret = params[:secret]
|
|
6
|
-
auth_user = AuthUser.where(login: params[:login]).first
|
|
7
|
-
auth_success = secret.blank? || auth_user.blank? ? false : auth_user.authenticated?(secret)
|
|
6
|
+
auth_user = AuthUser.where(login: params[:login]).where(deleted: 0).first
|
|
7
|
+
auth_success = (secret.blank? || auth_user.blank? || auth_user.deleted? ) ? false : auth_user.authenticated?(secret)
|
|
8
8
|
auth_log = Fortifier::AuthLog.create(auth_user: auth_user,
|
|
9
9
|
user_agent: params[:user_agent],
|
|
10
10
|
remote_addr: params[:remote_addr],
|
|
@@ -90,50 +90,47 @@ module Fortifier
|
|
|
90
90
|
|
|
91
91
|
def secrets_match?(secret_string)
|
|
92
92
|
current_secret_model = current_secret_non_token
|
|
93
|
-
|
|
93
|
+
return false if current_secret_model.blank?
|
|
94
94
|
|
|
95
|
-
|
|
96
|
-
|
|
95
|
+
auth_result = current_secret_model.matches?(secret_string)
|
|
96
|
+
current_secret_model.update_encryption_method(secret_string) if (auth_result && current_secret_model.enc_type == "SHA")
|
|
97
97
|
|
|
98
|
-
|
|
98
|
+
return auth_result
|
|
99
99
|
end
|
|
100
100
|
|
|
101
101
|
def authenticated?(secret_string)
|
|
102
102
|
# TODO: (DK) do not increase consecutive_failed_logins if user is attempting a pw change
|
|
103
103
|
# move consecutive_failed_logins updates to a different method so this method
|
|
104
104
|
# doesn't do multiple things (code smell)
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
|
|
112
|
-
false
|
|
113
|
-
end
|
|
105
|
+
if self.secrets_match?(secret_string)
|
|
106
|
+
self.update_column(:consecutive_failed_logins, 0) unless self.blocked?
|
|
107
|
+
true
|
|
108
|
+
else
|
|
109
|
+
self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
|
|
110
|
+
false
|
|
114
111
|
end
|
|
115
112
|
end
|
|
116
113
|
|
|
117
114
|
def self.authenticate_batch_sso(account_uuid, token)
|
|
118
115
|
return nil if token.blank?
|
|
119
116
|
AuthUser.
|
|
120
|
-
|
|
121
|
-
|
|
117
|
+
joins(:secrets).
|
|
118
|
+
where("find_in_set(? , account_uuids_csv)
|
|
122
119
|
AND (expired IS NULL OR expired = false)
|
|
123
120
|
AND enc_type = '#{Secret::SSO_TOKEN}'
|
|
124
121
|
AND secret_value = ?", account_uuid, token).
|
|
125
|
-
|
|
122
|
+
first
|
|
126
123
|
end
|
|
127
124
|
|
|
128
125
|
def self.authenticate_on_demand_sso(account_uuid, token)
|
|
129
126
|
return nil if token.blank?
|
|
130
127
|
AuthUser.
|
|
131
|
-
|
|
132
|
-
|
|
128
|
+
joins(:secrets).
|
|
129
|
+
where("find_in_set(? , account_uuids_csv)
|
|
133
130
|
AND (expired IS NULL OR expired = false)
|
|
134
131
|
AND enc_type = '#{Secret::SSO_TOKEN}'
|
|
135
132
|
AND secret_value = ?", account_uuid, token).
|
|
136
|
-
|
|
133
|
+
first
|
|
137
134
|
end
|
|
138
135
|
|
|
139
136
|
def blocked?
|
|
@@ -166,13 +163,15 @@ module Fortifier
|
|
|
166
163
|
def public_attribute_hash
|
|
167
164
|
auth_log = self.auth_logs.last
|
|
168
165
|
{
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
166
|
+
uuid: self.uuid,
|
|
167
|
+
email: self.email,
|
|
168
|
+
login: self.login,
|
|
169
|
+
name: self.name,
|
|
170
|
+
note: self.note,
|
|
171
|
+
disabled: self.disabled?,
|
|
172
|
+
deleted: self.deleted?,
|
|
173
|
+
blocked: self.blocked?,
|
|
174
|
+
last_auth_log: ({user_agent: auth_log.user_agent, status: auth_log.status, created_at: auth_log.created_at.to_time} if auth_log)
|
|
176
175
|
}
|
|
177
176
|
end
|
|
178
177
|
|
|
@@ -196,14 +195,15 @@ module Fortifier
|
|
|
196
195
|
app_uuids_query = "app_uuids_csv = '#{app_uuid}'"
|
|
197
196
|
account_uuids_query = account_uuid ? " AND account_uuids_csv = '#{account_uuid}'" : ""
|
|
198
197
|
search_keywords_query = search_keywords ? " AND FIND_IN_SET ('#{search_keywords}', search_keywords_csv)" : ''
|
|
199
|
-
|
|
198
|
+
undeleted_auth_user_clause = " AND deleted = 0 "
|
|
199
|
+
aggregate_query = app_uuids_query + account_uuids_query + search_keywords_query + undeleted_auth_user_clause
|
|
200
200
|
|
|
201
201
|
# b/c there's no 'enabled' field on auth user and abaqis allows this sorting (providigm/users in abaqis)
|
|
202
202
|
if sort_col=='enabled'
|
|
203
203
|
Fortifier::AuthUser.where(aggregate_query)
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
204
|
+
.where(user_search_query)
|
|
205
|
+
.order("app_uuids_csv #{sort_dir}, account_uuids_csv #{sort_dir}")
|
|
206
|
+
.paginate(:page=>page, :per_page=>per_page)
|
|
207
207
|
elsif sort_col=='last_login_at'
|
|
208
208
|
# In other words, pull all users associated with the app in question (if available),
|
|
209
209
|
# joined with their most recent AuthLog,
|
|
@@ -217,14 +217,14 @@ module Fortifier
|
|
|
217
217
|
AS last_seen
|
|
218
218
|
ON fau.id = last_seen.auth_user_id
|
|
219
219
|
#{'WHERE ' + aggregate_query}
|
|
220
|
-
|
|
220
|
+
#{'AND ' + user_search_query if user_search_query.present?}
|
|
221
221
|
ORDER BY last_login_at #{sort_dir}")
|
|
222
|
-
|
|
222
|
+
.paginate(:page=>page, :per_page=>per_page)
|
|
223
223
|
else
|
|
224
224
|
Fortifier::AuthUser.where(aggregate_query)
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
225
|
+
.where(user_search_query)
|
|
226
|
+
.order("#{sort_col} #{sort_dir}")
|
|
227
|
+
.paginate(:page=>page, :per_page=>per_page)
|
|
228
228
|
end
|
|
229
229
|
end
|
|
230
230
|
|
|
@@ -243,8 +243,8 @@ module Fortifier
|
|
|
243
243
|
|
|
244
244
|
def unique?(type, value)
|
|
245
245
|
case type
|
|
246
|
-
|
|
247
|
-
|
|
246
|
+
when :login then active_relation = AuthUser.where("login = ? and deleted = 0", value)
|
|
247
|
+
when :email then active_relation = AuthUser.where("email = ? and deleted = 0", value)
|
|
248
248
|
end
|
|
249
249
|
|
|
250
250
|
matching_auth_users = active_relation.to_a # converted to an array so the AuthUser isn't deleted from the db
|
|
@@ -151,10 +151,13 @@ module Fortifier
|
|
|
151
151
|
auth_user = Fortifier::AuthUser.where("uuid = ?", params[:uuid]).first
|
|
152
152
|
return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
|
|
153
153
|
|
|
154
|
-
auth_user.login
|
|
155
|
-
auth_user.email
|
|
156
|
-
auth_user.name
|
|
157
|
-
auth_user.note
|
|
154
|
+
auth_user.login = params[:login] if params[:login]
|
|
155
|
+
auth_user.email = params[:email] if params[:email]
|
|
156
|
+
auth_user.name = params[:name] if params[:name]
|
|
157
|
+
auth_user.note = params[:note] if params[:note]
|
|
158
|
+
auth_user.app_uuids = params[:app_uuids]
|
|
159
|
+
auth_user.account_uuids = params[:account_uuids]
|
|
160
|
+
auth_user.search_keywords = params[:search_keywords]
|
|
158
161
|
sso_user = params[:sso_user]
|
|
159
162
|
|
|
160
163
|
if params[:password] || sso_user
|
|
@@ -163,15 +166,16 @@ module Fortifier
|
|
|
163
166
|
enc_type = sso_user ? Secret::SSO_TOKEN : nil
|
|
164
167
|
end
|
|
165
168
|
|
|
166
|
-
if secret && secret_confirmation
|
|
169
|
+
if secret.present? && secret_confirmation.present?
|
|
167
170
|
new_secret = Secret.new(secret: secret,
|
|
168
171
|
secret_confirmation: secret_confirmation)
|
|
169
172
|
end
|
|
170
173
|
|
|
171
174
|
valid_auth_user = auth_user.valid?
|
|
172
175
|
valid_secret = new_secret ? new_secret.valid? : true
|
|
173
|
-
|
|
176
|
+
|
|
174
177
|
if valid_auth_user && valid_secret
|
|
178
|
+
auth_user.consecutive_failed_logins = 0
|
|
175
179
|
auth_user.save
|
|
176
180
|
auth_user.secrets << new_secret if new_secret
|
|
177
181
|
{ uuid: auth_user.uuid,
|
|
@@ -275,20 +279,34 @@ module Fortifier
|
|
|
275
279
|
auth_user = AuthUser.where(uuid: params[:uuid]).first
|
|
276
280
|
return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
|
|
277
281
|
|
|
278
|
-
auth_user.app_uuids
|
|
279
|
-
auth_user.account_uuids
|
|
280
|
-
auth_user.search_keywords
|
|
282
|
+
auth_user.app_uuids -= app_uuids
|
|
283
|
+
auth_user.account_uuids -= account_uuids
|
|
284
|
+
auth_user.search_keywords -= search_keywords
|
|
281
285
|
result = auth_user.save
|
|
282
286
|
|
|
283
287
|
result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
|
|
284
288
|
end
|
|
289
|
+
|
|
290
|
+
def delete(params)
|
|
291
|
+
return {status: false, errors: [:uuid_not_provided]} if params[:uuid].blank?
|
|
292
|
+
|
|
293
|
+
auth_user = AuthUser.where(uuid: params[:uuid]).first
|
|
294
|
+
return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
|
|
295
|
+
|
|
296
|
+
auth_user.deleted = 1
|
|
297
|
+
|
|
298
|
+
result = auth_user.save
|
|
299
|
+
|
|
300
|
+
result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
|
|
301
|
+
|
|
302
|
+
end
|
|
285
303
|
|
|
286
304
|
def find_auth_user(field, param)
|
|
287
305
|
field = field.to_s || ''
|
|
288
306
|
|
|
289
307
|
case field
|
|
290
308
|
when 'uuid' then auth_user = AuthUser.where("uuid = ?", param).first
|
|
291
|
-
when 'login', 'email' then auth_user = AuthUser.where("login = ? OR email = ?", param, param).first
|
|
309
|
+
when 'login', 'email' then auth_user = AuthUser.where("deleted = 0 and (login = ? OR email = ?)", param, param).first
|
|
292
310
|
when 'token' then auth_user = AuthUser.joins(:secrets).where("secret_value = ? AND (expired IS NULL OR expired = false)", param).first
|
|
293
311
|
end
|
|
294
312
|
|
data/lib/fortifier/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fortifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Derek Koloditch
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-03-
|
|
11
|
+
date: 2015-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -144,6 +144,7 @@ files:
|
|
|
144
144
|
- config/routes.rb
|
|
145
145
|
- db/migrate/20140401194012_create_fortifier_tables.rb
|
|
146
146
|
- db/migrate/20140415210139_add_auth_user_search_keywords_field.rb
|
|
147
|
+
- db/migrate/20150310194416_add_deleted_to_auth_users.rb
|
|
147
148
|
- db/migration_scripts/20140403_temp_whitelist_migration.rb
|
|
148
149
|
- lib/fortifier.rb
|
|
149
150
|
- lib/fortifier/engine.rb
|