fortifier 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d30eeb99b0b1213c68918b193b5b91259d956b97
4
- data.tar.gz: 8f0d4e3b7a3446b5019da07a79242b12e0fee5b5
3
+ metadata.gz: bf5ec2e45377ccc4101c75b9e29cc27068ab1dd8
4
+ data.tar.gz: 807af011ad7d4ddbafe9258413aa893470cbd831
5
5
  SHA512:
6
- metadata.gz: 73aaa91c7f54242d385e0616f1d230d27284f822e1c2206699ea15b7790498a6566e6d9446f9ebe20be820aed1724932c1dc9b71d76ef084779ffa2cc8e96c41
7
- data.tar.gz: ddcb67cb26ae7007b574f581b096637d3ce3fab2408008793c49637cdee4c5272c464c8a4ac87d7d301b3ac61fe541b11787345879d47aa1f2044fc5333a325d
6
+ metadata.gz: 8deb81f7f8cf4f05d2efe8f821740c291966121206fab7d639a2757cd19dbf41419ca1c5af38213b4e962b0b9b41834c33cc3e352866eac81a7b0abdf6c144c2
7
+ data.tar.gz: b906bf178f8a2791b67ffbf6273f14438f6072bde32109e896a7a4795df06a315eb185ea18c5834683573469471bd305688020a8aa30f7c186484d408df58176
@@ -3,8 +3,8 @@ module Fortifier
3
3
  class InitializeAuthAttempt
4
4
  def self.invoke(params)
5
5
  secret = params[:secret]
6
- auth_user = AuthUser.where(login: params[:login]).first
7
- auth_success = secret.blank? || auth_user.blank? ? false : auth_user.authenticated?(secret)
6
+ auth_user = AuthUser.where(login: params[:login]).where(deleted: 0).first
7
+ auth_success = (secret.blank? || auth_user.blank? || auth_user.deleted? ) ? false : auth_user.authenticated?(secret)
8
8
  auth_log = Fortifier::AuthLog.create(auth_user: auth_user,
9
9
  user_agent: params[:user_agent],
10
10
  remote_addr: params[:remote_addr],
@@ -90,50 +90,47 @@ module Fortifier
90
90
 
91
91
  def secrets_match?(secret_string)
92
92
  current_secret_model = current_secret_non_token
93
- return false if current_secret_model.blank?
93
+ return false if current_secret_model.blank?
94
94
 
95
- auth_result = current_secret_model.matches?(secret_string)
96
- current_secret_model.update_encryption_method(secret_string) if (auth_result && current_secret_model.enc_type == "SHA")
95
+ auth_result = current_secret_model.matches?(secret_string)
96
+ current_secret_model.update_encryption_method(secret_string) if (auth_result && current_secret_model.enc_type == "SHA")
97
97
 
98
- return auth_result
98
+ return auth_result
99
99
  end
100
100
 
101
101
  def authenticated?(secret_string)
102
102
  # TODO: (DK) do not increase consecutive_failed_logins if user is attempting a pw change
103
103
  # move consecutive_failed_logins updates to a different method so this method
104
104
  # doesn't do multiple things (code smell)
105
- # TODO: (DK) remove if self
106
- if self
107
- if self.secrets_match?(secret_string)
108
- self.update_column(:consecutive_failed_logins, 0)
109
- true
110
- else
111
- self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
112
- false
113
- end
105
+ if self.secrets_match?(secret_string)
106
+ self.update_column(:consecutive_failed_logins, 0) unless self.blocked?
107
+ true
108
+ else
109
+ self.update_column(:consecutive_failed_logins, self.consecutive_failed_logins + 1)
110
+ false
114
111
  end
115
112
  end
116
113
 
117
114
  def self.authenticate_batch_sso(account_uuid, token)
118
115
  return nil if token.blank?
119
116
  AuthUser.
120
- joins(:secrets).
121
- where("find_in_set(? , account_uuids_csv)
117
+ joins(:secrets).
118
+ where("find_in_set(? , account_uuids_csv)
122
119
  AND (expired IS NULL OR expired = false)
123
120
  AND enc_type = '#{Secret::SSO_TOKEN}'
124
121
  AND secret_value = ?", account_uuid, token).
125
- first
122
+ first
126
123
  end
127
124
 
128
125
  def self.authenticate_on_demand_sso(account_uuid, token)
129
126
  return nil if token.blank?
130
127
  AuthUser.
131
- joins(:secrets).
132
- where("find_in_set(? , account_uuids_csv)
128
+ joins(:secrets).
129
+ where("find_in_set(? , account_uuids_csv)
133
130
  AND (expired IS NULL OR expired = false)
134
131
  AND enc_type = '#{Secret::SSO_TOKEN}'
135
132
  AND secret_value = ?", account_uuid, token).
136
- first
133
+ first
137
134
  end
138
135
 
139
136
  def blocked?
@@ -166,13 +163,15 @@ module Fortifier
166
163
  def public_attribute_hash
167
164
  auth_log = self.auth_logs.last
168
165
  {
169
- uuid: self.uuid,
170
- email: self.email,
171
- login: self.login,
172
- name: self.name,
173
- note: self.note,
174
- disabled: self.disabled?,
175
- last_auth_log: ({user_agent: auth_log.user_agent, status: auth_log.status, created_at: auth_log.created_at.to_time} if auth_log)
166
+ uuid: self.uuid,
167
+ email: self.email,
168
+ login: self.login,
169
+ name: self.name,
170
+ note: self.note,
171
+ disabled: self.disabled?,
172
+ deleted: self.deleted?,
173
+ blocked: self.blocked?,
174
+ last_auth_log: ({user_agent: auth_log.user_agent, status: auth_log.status, created_at: auth_log.created_at.to_time} if auth_log)
176
175
  }
177
176
  end
178
177
 
@@ -196,14 +195,15 @@ module Fortifier
196
195
  app_uuids_query = "app_uuids_csv = '#{app_uuid}'"
197
196
  account_uuids_query = account_uuid ? " AND account_uuids_csv = '#{account_uuid}'" : ""
198
197
  search_keywords_query = search_keywords ? " AND FIND_IN_SET ('#{search_keywords}', search_keywords_csv)" : ''
199
- aggregate_query = app_uuids_query + account_uuids_query + search_keywords_query
198
+ undeleted_auth_user_clause = " AND deleted = 0 "
199
+ aggregate_query = app_uuids_query + account_uuids_query + search_keywords_query + undeleted_auth_user_clause
200
200
 
201
201
  # b/c there's no 'enabled' field on auth user and abaqis allows this sorting (providigm/users in abaqis)
202
202
  if sort_col=='enabled'
203
203
  Fortifier::AuthUser.where(aggregate_query)
204
- .where(user_search_query)
205
- .order("app_uuids_csv #{sort_dir}, account_uuids_csv #{sort_dir}")
206
- .paginate(:page=>page, :per_page=>per_page)
204
+ .where(user_search_query)
205
+ .order("app_uuids_csv #{sort_dir}, account_uuids_csv #{sort_dir}")
206
+ .paginate(:page=>page, :per_page=>per_page)
207
207
  elsif sort_col=='last_login_at'
208
208
  # In other words, pull all users associated with the app in question (if available),
209
209
  # joined with their most recent AuthLog,
@@ -217,14 +217,14 @@ module Fortifier
217
217
  AS last_seen
218
218
  ON fau.id = last_seen.auth_user_id
219
219
  #{'WHERE ' + aggregate_query}
220
- #{'AND ' + user_search_query if user_search_query.present?}
220
+ #{'AND ' + user_search_query if user_search_query.present?}
221
221
  ORDER BY last_login_at #{sort_dir}")
222
- .paginate(:page=>page, :per_page=>per_page)
222
+ .paginate(:page=>page, :per_page=>per_page)
223
223
  else
224
224
  Fortifier::AuthUser.where(aggregate_query)
225
- .where(user_search_query)
226
- .order("#{sort_col} #{sort_dir}")
227
- .paginate(:page=>page, :per_page=>per_page)
225
+ .where(user_search_query)
226
+ .order("#{sort_col} #{sort_dir}")
227
+ .paginate(:page=>page, :per_page=>per_page)
228
228
  end
229
229
  end
230
230
 
@@ -243,8 +243,8 @@ module Fortifier
243
243
 
244
244
  def unique?(type, value)
245
245
  case type
246
- when :login then active_relation = AuthUser.where("login = ?", value)
247
- when :email then active_relation = AuthUser.where("email = ?", value)
246
+ when :login then active_relation = AuthUser.where("login = ? and deleted = 0", value)
247
+ when :email then active_relation = AuthUser.where("email = ? and deleted = 0", value)
248
248
  end
249
249
 
250
250
  matching_auth_users = active_relation.to_a # converted to an array so the AuthUser isn't deleted from the db
@@ -151,10 +151,13 @@ module Fortifier
151
151
  auth_user = Fortifier::AuthUser.where("uuid = ?", params[:uuid]).first
152
152
  return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
153
153
 
154
- auth_user.login = params[:login] if params[:login]
155
- auth_user.email = params[:email] if params[:email]
156
- auth_user.name = params[:name] if params[:name]
157
- auth_user.note = params[:note] if params[:note]
154
+ auth_user.login = params[:login] if params[:login]
155
+ auth_user.email = params[:email] if params[:email]
156
+ auth_user.name = params[:name] if params[:name]
157
+ auth_user.note = params[:note] if params[:note]
158
+ auth_user.app_uuids = params[:app_uuids]
159
+ auth_user.account_uuids = params[:account_uuids]
160
+ auth_user.search_keywords = params[:search_keywords]
158
161
  sso_user = params[:sso_user]
159
162
 
160
163
  if params[:password] || sso_user
@@ -163,15 +166,16 @@ module Fortifier
163
166
  enc_type = sso_user ? Secret::SSO_TOKEN : nil
164
167
  end
165
168
 
166
- if secret && secret_confirmation
169
+ if secret.present? && secret_confirmation.present?
167
170
  new_secret = Secret.new(secret: secret,
168
171
  secret_confirmation: secret_confirmation)
169
172
  end
170
173
 
171
174
  valid_auth_user = auth_user.valid?
172
175
  valid_secret = new_secret ? new_secret.valid? : true
173
-
176
+
174
177
  if valid_auth_user && valid_secret
178
+ auth_user.consecutive_failed_logins = 0
175
179
  auth_user.save
176
180
  auth_user.secrets << new_secret if new_secret
177
181
  { uuid: auth_user.uuid,
@@ -275,20 +279,34 @@ module Fortifier
275
279
  auth_user = AuthUser.where(uuid: params[:uuid]).first
276
280
  return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
277
281
 
278
- auth_user.app_uuids - app_uuids
279
- auth_user.account_uuids - account_uuids
280
- auth_user.search_keywords - search_keywords
282
+ auth_user.app_uuids -= app_uuids
283
+ auth_user.account_uuids -= account_uuids
284
+ auth_user.search_keywords -= search_keywords
281
285
  result = auth_user.save
282
286
 
283
287
  result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
284
288
  end
289
+
290
+ def delete(params)
291
+ return {status: false, errors: [:uuid_not_provided]} if params[:uuid].blank?
292
+
293
+ auth_user = AuthUser.where(uuid: params[:uuid]).first
294
+ return {status: false, errors: [:auth_user_not_found]} if auth_user.blank?
295
+
296
+ auth_user.deleted = 1
297
+
298
+ result = auth_user.save
299
+
300
+ result ? {status: true} : {status: false, errors: (result.errors.full_messages if result)}
301
+
302
+ end
285
303
 
286
304
  def find_auth_user(field, param)
287
305
  field = field.to_s || ''
288
306
 
289
307
  case field
290
308
  when 'uuid' then auth_user = AuthUser.where("uuid = ?", param).first
291
- when 'login', 'email' then auth_user = AuthUser.where("login = ? OR email = ?", param, param).first
309
+ when 'login', 'email' then auth_user = AuthUser.where("deleted = 0 and (login = ? OR email = ?)", param, param).first
292
310
  when 'token' then auth_user = AuthUser.joins(:secrets).where("secret_value = ? AND (expired IS NULL OR expired = false)", param).first
293
311
  end
294
312
 
@@ -0,0 +1,5 @@
1
+ class AddDeletedToAuthUsers < ActiveRecord::Migration
2
+ def change
3
+ add_column :fortifier_auth_users, :deleted, :integer, :default => 0, :after => :search_keywords_csv
4
+ end
5
+ end
@@ -1,3 +1,3 @@
1
1
  module Fortifier
2
- VERSION = "0.2.3"
2
+ VERSION = "0.2.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fortifier
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 0.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Derek Koloditch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-09 00:00:00.000000000 Z
11
+ date: 2015-03-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -144,6 +144,7 @@ files:
144
144
  - config/routes.rb
145
145
  - db/migrate/20140401194012_create_fortifier_tables.rb
146
146
  - db/migrate/20140415210139_add_auth_user_search_keywords_field.rb
147
+ - db/migrate/20150310194416_add_deleted_to_auth_users.rb
147
148
  - db/migration_scripts/20140403_temp_whitelist_migration.rb
148
149
  - lib/fortifier.rb
149
150
  - lib/fortifier/engine.rb