fortifier 0.2.3 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/fortifier/auth_steps/initialize_auth_attempt.rb +2 -2
- data/app/models/fortifier/auth_user.rb +37 -37
- data/app/models/fortifier/auth_user_api.rb +28 -10
- data/db/migrate/20150310194416_add_deleted_to_auth_users.rb +5 -0
- data/lib/fortifier/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bf5ec2e45377ccc4101c75b9e29cc27068ab1dd8
|
|
4
|
+
data.tar.gz: 807af011ad7d4ddbafe9258413aa893470cbd831
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8deb81f7f8cf4f05d2efe8f821740c291966121206fab7d639a2757cd19dbf41419ca1c5af38213b4e962b0b9b41834c33cc3e352866eac81a7b0abdf6c144c2
|
|
7
|
+
data.tar.gz: b906bf178f8a2791b67ffbf6273f14438f6072bde32109e896a7a4795df06a315eb185ea18c5834683573469471bd305688020a8aa30f7c186484d408df58176
|
|
@@ -3,8 +3,8 @@ module Fortifier
|
|
|
3
3
|
class InitializeAuthAttempt
|
|
4
4
|
def self.invoke(params)
|
|
5
5
|
secret = params[:secret]
|
|
6
|
-
auth_user = AuthUser.where(login: params[:login]).first
|
|
7
|
-
auth_success = secret.blank? || auth_user.blank? ? false : auth_user.authenticated?(secret)
|
|
6
|
+
auth_user = AuthUser.where(login: params[:login]).where(deleted: 0).first
|
|
7
|
+
auth_success = (secret.blank? || auth_user.blank? || auth_user.deleted? ) ? false : auth_user.authenticated?(secret)
|
|
8
8
|
auth_log = Fortifier::AuthLog.create(auth_user: auth_user,
|
|
9
9
|
user_agent: params[:user_agent],
|
|
10
10
|
remote_addr: params[:remote_addr],
|
|
@@ -90,50 +90,47 @@ module Fortifier
|
|
|
90
90
|
|
|
91
91
|
def secrets_match?(secret_string)
|
|
92
92
|
current_secret_model = current_secret_non_token
|
|
93
|
-
|
|
93
|
+
return false if current_secret_model.blank?
|
|
94
94
|
|
|
95
|
-
|
|
96
|
-
|
|
95
|
+
auth_result = current_secret_model.matches?(secret_string)
|
|
96
|
+
current_secret_model.update_encryption_method(secret_string) if (auth_result && current_secret_model.enc_type == "SHA")
|
|
97
97
|
|
|
98
|
-
|
|
98
|
+
return auth_result
|
|
99
99
|
end
|
|
100
100
|
|
|
101
101
|
def authenticated?(secret_string)
|
|
102
102
|
# TODO: (DK) do not increase consecutive_failed_logins if user is attempting a pw change
|
|
103
103
|
# move consecutive_failed_logins updates to a different method so this method
|
|
104
104
|
# doesn't do multiple things (code smell)
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
|
|
112
|
-
false
|
|
113
|
-
end
|
|
105
|
+
if self.secrets_match?(secret_string)
|
|
106
|
+
self.update_column(:consecutive_failed_logins, 0) unless self.blocked?
|
|
107
|
+
true
|
|
108
|
+
else
|
|
109
|
+
self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
|
|
110
|
+
false
|
|
114
111
|
end
|
|
115
112
|
end
|
|
116
113
|
|
|
117
114
|
def self.authenticate_batch_sso(account_uuid, token)
|
|
118
115
|
return nil if token.blank?
|
|
119
116
|
AuthUser.
|
|
120
|
-
|
|
121
|
-
|
|
117
|
+
joins(:secrets).
|
|
118
|
+
where("find_in_set(? , account_uuids_csv)
|
|
122
119
|
AND (expired IS NULL OR expired = false)
|
|
123
120
|
AND enc_type = '#{Secret::SSO_TOKEN}'
|
|
124
121
|
AND secret_value = ?", account_uuid, token).
|
|
125
|
-
|
|
122
|
+
first
|
|
126
123
|
end
|
|
127
124
|
|
|
128
125
|
def self.authenticate_on_demand_sso(account_uuid, token)
|
|
129
126
|
return nil if token.blank?
|
|
130
127
|
AuthUser.
|
|
131
|
-
|
|
132
|
-
|
|
128
|
+
joins(:secrets).
|
|
129
|
+
where("find_in_set(? , account_uuids_csv)
|
|
133
130
|
AND (expired IS NULL OR expired = false)
|
|
134
131
|
AND enc_type = '#{Secret::SSO_TOKEN}'
|
|
135
132
|
AND secret_value = ?", account_uuid, token).
|
|
136
|
-
|
|
133
|
+
first
|
|
137
134
|
end
|
|
138
135
|
|
|
139
136
|
def blocked?
|
|
@@ -166,13 +163,15 @@ module Fortifier
|
|
|
166
163
|
def public_attribute_hash
|
|
167
164
|
auth_log = self.auth_logs.last
|
|
168
165
|
{
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
166
|
+
uuid: self.uuid,
|
|
167
|
+
email: self.email,
|
|
168
|
+
login: self.login,
|
|
169
|
+
name: self.name,
|
|
170
|
+
note: self.note,
|
|
171
|
+
disabled: self.disabled?,
|
|
172
|
+
deleted: self.deleted?,
|
|
173
|
+
blocked: self.blocked?,
|
|
174
|
+
last_auth_log: ({user_agent: auth_log.user_agent, status: auth_log.status, created_at: auth_log.created_at.to_time} if auth_log)
|
|
176
175
|
}
|
|
177
176
|
end
|
|
178
177
|
|
|
@@ -196,14 +195,15 @@ module Fortifier
|
|
|
196
195
|
app_uuids_query = "app_uuids_csv = '#{app_uuid}'"
|
|
197
196
|
account_uuids_query = account_uuid ? " AND account_uuids_csv = '#{account_uuid}'" : ""
|
|
198
197
|
search_keywords_query = search_keywords ? " AND FIND_IN_SET ('#{search_keywords}', search_keywords_csv)" : ''
|
|
199
|
-
|
|
198
|
+
undeleted_auth_user_clause = " AND deleted = 0 "
|
|
199
|
+
aggregate_query = app_uuids_query + account_uuids_query + search_keywords_query + undeleted_auth_user_clause
|
|
200
200
|
|
|
201
201
|
# b/c there's no 'enabled' field on auth user and abaqis allows this sorting (providigm/users in abaqis)
|
|
202
202
|
if sort_col=='enabled'
|
|
203
203
|
Fortifier::AuthUser.where(aggregate_query)
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
204
|
+
.where(user_search_query)
|
|
205
|
+
.order("app_uuids_csv #{sort_dir}, account_uuids_csv #{sort_dir}")
|
|
206
|
+
.paginate(:page=>page, :per_page=>per_page)
|
|
207
207
|
elsif sort_col=='last_login_at'
|
|
208
208
|
# In other words, pull all users associated with the app in question (if available),
|
|
209
209
|
# joined with their most recent AuthLog,
|
|
@@ -217,14 +217,14 @@ module Fortifier
|
|
|
217
217
|
AS last_seen
|
|
218
218
|
ON fau.id = last_seen.auth_user_id
|
|
219
219
|
#{'WHERE ' + aggregate_query}
|
|
220
|
-
|
|
220
|
+
#{'AND ' + user_search_query if user_search_query.present?}
|
|
221
221
|
ORDER BY last_login_at #{sort_dir}")
|
|
222
|
-
|
|
222
|
+
.paginate(:page=>page, :per_page=>per_page)
|
|
223
223
|
else
|
|
224
224
|
Fortifier::AuthUser.where(aggregate_query)
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
225
|
+
.where(user_search_query)
|
|
226
|
+
.order("#{sort_col} #{sort_dir}")
|
|
227
|
+
.paginate(:page=>page, :per_page=>per_page)
|
|
228
228
|
end
|
|
229
229
|
end
|
|
230
230
|
|
|
@@ -243,8 +243,8 @@ module Fortifier
|
|
|
243
243
|
|
|
244
244
|
def unique?(type, value)
|
|
245
245
|
case type
|
|
246
|
-
|
|
247
|
-
|
|
246
|
+
when :login then active_relation = AuthUser.where("login = ? and deleted = 0", value)
|
|
247
|
+
when :email then active_relation = AuthUser.where("email = ? and deleted = 0", value)
|
|
248
248
|
end
|
|
249
249
|
|
|
250
250
|
matching_auth_users = active_relation.to_a # converted to an array so the AuthUser isn't deleted from the db
|
|
@@ -151,10 +151,13 @@ module Fortifier
|
|
|
151
151
|
auth_user = Fortifier::AuthUser.where("uuid = ?", params[:uuid]).first
|
|
152
152
|
return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
|
|
153
153
|
|
|
154
|
-
auth_user.login
|
|
155
|
-
auth_user.email
|
|
156
|
-
auth_user.name
|
|
157
|
-
auth_user.note
|
|
154
|
+
auth_user.login = params[:login] if params[:login]
|
|
155
|
+
auth_user.email = params[:email] if params[:email]
|
|
156
|
+
auth_user.name = params[:name] if params[:name]
|
|
157
|
+
auth_user.note = params[:note] if params[:note]
|
|
158
|
+
auth_user.app_uuids = params[:app_uuids]
|
|
159
|
+
auth_user.account_uuids = params[:account_uuids]
|
|
160
|
+
auth_user.search_keywords = params[:search_keywords]
|
|
158
161
|
sso_user = params[:sso_user]
|
|
159
162
|
|
|
160
163
|
if params[:password] || sso_user
|
|
@@ -163,15 +166,16 @@ module Fortifier
|
|
|
163
166
|
enc_type = sso_user ? Secret::SSO_TOKEN : nil
|
|
164
167
|
end
|
|
165
168
|
|
|
166
|
-
if secret && secret_confirmation
|
|
169
|
+
if secret.present? && secret_confirmation.present?
|
|
167
170
|
new_secret = Secret.new(secret: secret,
|
|
168
171
|
secret_confirmation: secret_confirmation)
|
|
169
172
|
end
|
|
170
173
|
|
|
171
174
|
valid_auth_user = auth_user.valid?
|
|
172
175
|
valid_secret = new_secret ? new_secret.valid? : true
|
|
173
|
-
|
|
176
|
+
|
|
174
177
|
if valid_auth_user && valid_secret
|
|
178
|
+
auth_user.consecutive_failed_logins = 0
|
|
175
179
|
auth_user.save
|
|
176
180
|
auth_user.secrets << new_secret if new_secret
|
|
177
181
|
{ uuid: auth_user.uuid,
|
|
@@ -275,20 +279,34 @@ module Fortifier
|
|
|
275
279
|
auth_user = AuthUser.where(uuid: params[:uuid]).first
|
|
276
280
|
return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
|
|
277
281
|
|
|
278
|
-
auth_user.app_uuids
|
|
279
|
-
auth_user.account_uuids
|
|
280
|
-
auth_user.search_keywords
|
|
282
|
+
auth_user.app_uuids -= app_uuids
|
|
283
|
+
auth_user.account_uuids -= account_uuids
|
|
284
|
+
auth_user.search_keywords -= search_keywords
|
|
281
285
|
result = auth_user.save
|
|
282
286
|
|
|
283
287
|
result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
|
|
284
288
|
end
|
|
289
|
+
|
|
290
|
+
def delete(params)
|
|
291
|
+
return {status: false, errors: [:uuid_not_provided]} if params[:uuid].blank?
|
|
292
|
+
|
|
293
|
+
auth_user = AuthUser.where(uuid: params[:uuid]).first
|
|
294
|
+
return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
|
|
295
|
+
|
|
296
|
+
auth_user.deleted = 1
|
|
297
|
+
|
|
298
|
+
result = auth_user.save
|
|
299
|
+
|
|
300
|
+
result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
|
|
301
|
+
|
|
302
|
+
end
|
|
285
303
|
|
|
286
304
|
def find_auth_user(field, param)
|
|
287
305
|
field = field.to_s || ''
|
|
288
306
|
|
|
289
307
|
case field
|
|
290
308
|
when 'uuid' then auth_user = AuthUser.where("uuid = ?", param).first
|
|
291
|
-
when 'login', 'email' then auth_user = AuthUser.where("login = ? OR email = ?", param, param).first
|
|
309
|
+
when 'login', 'email' then auth_user = AuthUser.where("deleted = 0 and (login = ? OR email = ?)", param, param).first
|
|
292
310
|
when 'token' then auth_user = AuthUser.joins(:secrets).where("secret_value = ? AND (expired IS NULL OR expired = false)", param).first
|
|
293
311
|
end
|
|
294
312
|
|
data/lib/fortifier/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fortifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Derek Koloditch
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-03-
|
|
11
|
+
date: 2015-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -144,6 +144,7 @@ files:
|
|
|
144
144
|
- config/routes.rb
|
|
145
145
|
- db/migrate/20140401194012_create_fortifier_tables.rb
|
|
146
146
|
- db/migrate/20140415210139_add_auth_user_search_keywords_field.rb
|
|
147
|
+
- db/migrate/20150310194416_add_deleted_to_auth_users.rb
|
|
147
148
|
- db/migration_scripts/20140403_temp_whitelist_migration.rb
|
|
148
149
|
- lib/fortifier.rb
|
|
149
150
|
- lib/fortifier/engine.rb
|