gatekeeper 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/gatekeeper.gemspec +2 -1
- data/lib/gatekeeper/helpers/authentication.rb +17 -0
- data/lib/gatekeeper/helpers/rack.rb +30 -32
- data/lib/gatekeeper/middleware.rb +9 -11
- data/lib/gatekeeper/sso.rb +43 -45
- data/spec/gatekeeper_spec.rb +1 -1
- metadata +2 -1
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.1
|
data/gatekeeper.gemspec
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{gatekeeper}
|
|
8
|
-
s.version = "0.1.
|
|
8
|
+
s.version = "0.1.1"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Chris Dinn"]
|
|
@@ -25,6 +25,7 @@ Gem::Specification.new do |s|
|
|
|
25
25
|
"VERSION",
|
|
26
26
|
"gatekeeper.gemspec",
|
|
27
27
|
"lib/gatekeeper.rb",
|
|
28
|
+
"lib/gatekeeper/helpers/authentication.rb",
|
|
28
29
|
"lib/gatekeeper/helpers/rack.rb",
|
|
29
30
|
"lib/gatekeeper/middleware.rb",
|
|
30
31
|
"lib/gatekeeper/sso.rb",
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Gatekeeper
|
|
2
|
+
module Helpers
|
|
3
|
+
module Authentication
|
|
4
|
+
def current_user
|
|
5
|
+
session[:sso] && session[:sso][:user_id]
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def is_admin?
|
|
9
|
+
(session[:sso][:is_admin?]=='true')
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def is_manager_for?(hotink_account_id)
|
|
13
|
+
(session[:sso]["account_#{hotink_account_id.to_s}_manager".to_sym]=='true')
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,42 +1,40 @@
|
|
|
1
1
|
module Gatekeeper
|
|
2
|
-
module
|
|
3
|
-
module
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
end
|
|
2
|
+
module Helpers
|
|
3
|
+
module Rack
|
|
4
|
+
def sso_logged_in?
|
|
5
|
+
session[:sso] && sso_user_id
|
|
6
|
+
end
|
|
8
7
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
8
|
+
def sso_login_as(user_id, sreg_params)
|
|
9
|
+
session.delete(:last_oidreq)
|
|
10
|
+
session.delete('OpenID::Consumer::last_requested_endpoint')
|
|
11
|
+
session.delete('OpenID::Consumer::DiscoveredServices::OpenID::Consumer::')
|
|
13
12
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
13
|
+
session[:sso] ||= { }
|
|
14
|
+
session[:sso][:user_id] = user_id
|
|
15
|
+
sreg_params.each { |key, value| session[:sso][key.to_sym] = value.to_s }
|
|
16
|
+
end
|
|
18
17
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
18
|
+
def sso_user_id
|
|
19
|
+
session[:sso][:user_id]
|
|
20
|
+
end
|
|
22
21
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
22
|
+
def sso_user_email
|
|
23
|
+
session[:sso][:email]
|
|
24
|
+
end
|
|
26
25
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
26
|
+
def absolute_url(suffix = nil)
|
|
27
|
+
port_part = case request.scheme
|
|
28
|
+
when "http"
|
|
29
|
+
request.port == 80 ? "" : ":#{request.port}"
|
|
30
|
+
when "https"
|
|
31
|
+
request.port == 443 ? "" : ":#{request.port}"
|
|
32
|
+
end
|
|
33
|
+
"#{request.scheme}://#{request.host}#{port_part}#{suffix}"
|
|
34
|
+
end
|
|
36
35
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
end
|
|
36
|
+
def excluded_path?
|
|
37
|
+
options.exclude_paths && options.exclude_paths.include?(request.path_info)
|
|
40
38
|
end
|
|
41
39
|
end
|
|
42
40
|
end
|
|
@@ -1,17 +1,15 @@
|
|
|
1
1
|
module Gatekeeper
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
disable :show_exceptions
|
|
2
|
+
class Middleware < Sinatra::Base
|
|
3
|
+
enable :raise_errors
|
|
4
|
+
disable :show_exceptions
|
|
6
5
|
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
set :sso_url, nil
|
|
7
|
+
set :exclude_paths, nil
|
|
9
8
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
register ::Gatekeeper::Client::SSO
|
|
9
|
+
def sso_url=(url)
|
|
10
|
+
options.sso_url = url
|
|
15
11
|
end
|
|
12
|
+
|
|
13
|
+
register ::Gatekeeper::SSO
|
|
16
14
|
end
|
|
17
15
|
end
|
data/lib/gatekeeper/sso.rb
CHANGED
|
@@ -1,62 +1,60 @@
|
|
|
1
1
|
module Gatekeeper
|
|
2
|
-
module
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
app.helpers Gatekeeper::Client::Helpers::Rack
|
|
2
|
+
module SSO
|
|
3
|
+
def self.registered(app)
|
|
4
|
+
app.use(Rack::OpenID, OpenID::Store::Filesystem.new("#{Dir.tmpdir}/openid"))
|
|
5
|
+
app.helpers Gatekeeper::Helpers::Rack
|
|
7
6
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
end
|
|
7
|
+
app.get '/sso/login' do
|
|
8
|
+
if contact_id = params['id']
|
|
9
|
+
response['WWW-Authenticate'] = Rack::OpenID.build_header(
|
|
10
|
+
:identifier => "#{options.sso_url}/users/#{contact_id}",
|
|
11
|
+
:trust_root => absolute_url('/sso/login')
|
|
12
|
+
)
|
|
13
|
+
throw :halt, [401, 'got openid?']
|
|
14
|
+
elsif openid = request.env["rack.openid.response"]
|
|
15
|
+
if openid.status == :success
|
|
16
|
+
if contact_id = openid.display_identifier.split("/").last
|
|
17
|
+
sreg_params = openid.message.get_args("http://openid.net/extensions/sreg/1.1")
|
|
18
|
+
sso_login_as(contact_id, sreg_params)
|
|
19
|
+
|
|
20
|
+
if session['sso_return_to']
|
|
21
|
+
begin
|
|
22
|
+
return_url = URI.parse(session['sso_return_to'])
|
|
23
|
+
|
|
24
|
+
unless return_url.host==request.host
|
|
25
|
+
user_token = UserToken.create!(:user_id => sso_user_id)
|
|
26
|
+
if return_url.query==nil
|
|
27
|
+
return_url.query = "user_token=#{user_token.token}"
|
|
28
|
+
else
|
|
29
|
+
return_url.query = "user_token=#{user_token.token}&#{return_url.query}"
|
|
32
30
|
end
|
|
33
|
-
|
|
34
|
-
redirect return_url.to_s
|
|
35
|
-
rescue
|
|
36
|
-
redirect '/'
|
|
37
|
-
ensure
|
|
38
|
-
session['sso_return_to'] = nil
|
|
39
31
|
end
|
|
40
|
-
|
|
32
|
+
|
|
33
|
+
redirect return_url.to_s
|
|
34
|
+
rescue
|
|
41
35
|
redirect '/'
|
|
36
|
+
ensure
|
|
37
|
+
session['sso_return_to'] = nil
|
|
42
38
|
end
|
|
43
|
-
|
|
44
39
|
else
|
|
45
|
-
|
|
40
|
+
redirect '/'
|
|
46
41
|
end
|
|
42
|
+
|
|
47
43
|
else
|
|
48
|
-
|
|
44
|
+
raise "No contact could be found for #{openid.display_identifier}"
|
|
49
45
|
end
|
|
50
46
|
else
|
|
51
|
-
|
|
52
|
-
redirect "#{options.sso_url}/login?return_to=#{absolute_url('/sso/login')}"
|
|
47
|
+
throw :halt, [503, "Error: #{openid.status}"]
|
|
53
48
|
end
|
|
49
|
+
else
|
|
50
|
+
session['sso_return_to'] = params[:return_to] if params[:return_to]
|
|
51
|
+
redirect "#{options.sso_url}/login?return_to=#{absolute_url('/sso/login')}"
|
|
54
52
|
end
|
|
53
|
+
end
|
|
55
54
|
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
end
|
|
55
|
+
app.get '/sso/logout' do
|
|
56
|
+
session[:sso] = nil
|
|
57
|
+
redirect "#{options.sso_url}/logout"
|
|
60
58
|
end
|
|
61
59
|
end
|
|
62
60
|
end
|
data/spec/gatekeeper_spec.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gatekeeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Dinn
|
|
@@ -40,6 +40,7 @@ files:
|
|
|
40
40
|
- VERSION
|
|
41
41
|
- gatekeeper.gemspec
|
|
42
42
|
- lib/gatekeeper.rb
|
|
43
|
+
- lib/gatekeeper/helpers/authentication.rb
|
|
43
44
|
- lib/gatekeeper/helpers/rack.rb
|
|
44
45
|
- lib/gatekeeper/middleware.rb
|
|
45
46
|
- lib/gatekeeper/sso.rb
|