global_session 3.2.4 → 3.2.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.rdoc +87 -14
- data/VERSION +1 -1
- data/global_session.gemspec +3 -3
- data/lib/global_session/keystore.rb +12 -1
- data/rails_generators/global_session_authority/global_session_authority_generator.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4cf0f0c904f527bf182584e926bd80e8b98afcaa
|
|
4
|
+
data.tar.gz: eddd6c5e8c9fea9175dfeb3059737757196f5f76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83c3cfd4461a9c17a30e4881cfe9bd33e0468de8410e38cb740e8a70e415c1aa382be43adf3650d33676cf45e04ec39b4ec3d7cc581d4ee262d1dcbd86334b73
|
|
7
|
+
data.tar.gz: 8fdba2a31e228e3eac3cf1dc72e39190a3e51089882523b5b2ef1949710c2807ede4fbc4714b6a1a6bfc2f28885ed138335ebce550ef6414c1fd50372bdba5a3
|
data/README.rdoc
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
Copyright (c) 2009-2015 RightScale, Inc. <support@rightscale.com>; see LICENSE for more details.
|
|
2
2
|
|
|
3
|
+
= Preamble
|
|
4
|
+
|
|
5
|
+
<b>WARNING:</b> This RubyGem was authored in 2010 when Rails 2.1 was state of
|
|
6
|
+
the art. Its Rails integration has not been kept up to date over time; it is
|
|
7
|
+
untested with Rails 3, 4 and 5, and its generators are broken with Rails above
|
|
8
|
+
2.3.5.
|
|
9
|
+
|
|
10
|
+
We continue to support the Rack middleware and other components of this gem,
|
|
11
|
+
and recommend using it as a plain old Rack middleware in your Rails apps.
|
|
12
|
+
Instructions for doing so are provided in this README.
|
|
13
|
+
|
|
3
14
|
= Introduction
|
|
4
15
|
|
|
5
16
|
GlobalSession enables multiple heterogeneous Web applications to share
|
|
@@ -44,25 +55,81 @@ particular, it does not provide any of the following:
|
|
|
44
55
|
|
|
45
56
|
= Examples
|
|
46
57
|
|
|
47
|
-
==
|
|
58
|
+
== Make a YML configuration file
|
|
59
|
+
|
|
60
|
+
The config file format is designed to be self-documenting. The most important
|
|
61
|
+
data are: what data can be in your global session (`attributes`), what
|
|
62
|
+
directory contains your `.pub` files with authorities' public keys (`keystore.public`),
|
|
63
|
+
and the locatio nof `.key` private key file, if any, used by this app (`keystore.private`).
|
|
64
|
+
|
|
65
|
+
You can omit `keystore.private` if the app should be able to read, but not
|
|
66
|
+
write, global sessions.
|
|
67
|
+
|
|
68
|
+
If you have asymmetrical trust (e.g. dev trusts production but not vice-versa),
|
|
69
|
+
you can include an optional `trust` list. By default, every public key file is
|
|
70
|
+
trusted.
|
|
71
|
+
|
|
72
|
+
common:
|
|
73
|
+
attributes:
|
|
74
|
+
signed:
|
|
75
|
+
- user
|
|
76
|
+
insecure:
|
|
77
|
+
- favorite_color
|
|
78
|
+
cookie:
|
|
79
|
+
name: global_session
|
|
80
|
+
keystore:
|
|
81
|
+
public: config/authorities
|
|
82
|
+
renew: 30
|
|
83
|
+
timeout: 60
|
|
84
|
+
development:
|
|
85
|
+
keystore:
|
|
86
|
+
private: config/authorities/dev
|
|
87
|
+
production:
|
|
88
|
+
trust:
|
|
89
|
+
- prod
|
|
90
|
+
keystore:
|
|
91
|
+
private: config/authorities/prod
|
|
48
92
|
|
|
49
|
-
|
|
50
|
-
$ script/generate global_session_config mycoolapp.com
|
|
93
|
+
== Make a new keypair for a GlobalSession authority
|
|
51
94
|
|
|
52
|
-
|
|
53
|
-
|
|
95
|
+
Decide on a name for your authority. The name is a short string that identifies
|
|
96
|
+
a pair of key files on disk (one public, one private) which will be used to
|
|
97
|
+
sign and verify sessions. If you have mutual trust between every app in your
|
|
98
|
+
architecture, then you only need one authority and your domain name, e.g.
|
|
99
|
+
`example-com`, is a fine choice of name. If you want partition trust within your
|
|
100
|
+
architecture, then authorities could be named after environments
|
|
101
|
+
(`staging`, `production`), regions (`us`, `eu`) or even specific apps
|
|
102
|
+
(`frontend`, `api`) depending on where you draw the trust boundaries.
|
|
54
103
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
has_global_session
|
|
58
|
-
end
|
|
104
|
+
Figure out where key files live in your application. This is whatever value
|
|
105
|
+
you set in the `keystore: public: ...` directive in the configuration.
|
|
59
106
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
@current_user = User.find(global_session['user'])
|
|
107
|
+
If you have complete, mutual trust between all components of your architecture,
|
|
108
|
+
then something based on your organization's domain name (e.g. `example-com`)
|
|
109
|
+
is a fine choice.
|
|
64
110
|
|
|
65
|
-
|
|
111
|
+
Open irb or your console of choice and require the `global_session` gem.
|
|
112
|
+
|
|
113
|
+
# default is RSA cryptosystem with 1024-bit keys.
|
|
114
|
+
keypair = GlobalSession::Keystore.create_keypair(:RSA, 1024)
|
|
115
|
+
public_pem = keypair.public_key.to_pem
|
|
116
|
+
private_pem = keypair.to_pem
|
|
117
|
+
|
|
118
|
+
# write keys to disk
|
|
119
|
+
File.open('config/authorities/example-com.pub', 'w') { |f| f.write public_pem }
|
|
120
|
+
File.open('config/authorities/example-com.key', 'w') { |f| f.write private_pem }
|
|
121
|
+
|
|
122
|
+
== Integration with Rails
|
|
123
|
+
|
|
124
|
+
Install the GlobalSession middleware in your application startup. Open
|
|
125
|
+
`environment.rb` or `application.rb` (depending on your Rails version) and
|
|
126
|
+
add a new file to `config/initializers` to configure and install the
|
|
127
|
+
middleware:
|
|
128
|
+
|
|
129
|
+
configuration = GlobalSession::Configuration.new('config/global_session.yml', Rails.env)
|
|
130
|
+
directory = GlobalSession::Directory.new(configuration)
|
|
131
|
+
|
|
132
|
+
== Integration with Rack
|
|
66
133
|
|
|
67
134
|
Install the GlobalSession middleware into your Rack stack; pass a config and a directory
|
|
68
135
|
object to its initializer. For instance, in config.ru:
|
|
@@ -71,6 +138,12 @@ object to its initializer. For instance, in config.ru:
|
|
|
71
138
|
directory = GlobalSession::Directory.new(configuration)
|
|
72
139
|
use ::GlobalSession::Rack::Middleware, configuration, directory
|
|
73
140
|
|
|
141
|
+
Application.config.middleware.insert_before(Application.config.session_store, ::Rack::Cookies)
|
|
142
|
+
Application.config.middleware.insert_before(Application.config.session_store, ::Rack::GlobalSession, configuration, directory)
|
|
143
|
+
|
|
144
|
+
Note that the GlobalSession middleware depends on `Rack::Cookies`; be sure
|
|
145
|
+
to install them both, and in the proper order.
|
|
146
|
+
|
|
74
147
|
= Global Session Contents
|
|
75
148
|
|
|
76
149
|
Global session state is stored as a cookie in the user's browser and/or sent
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.2.
|
|
1
|
+
3.2.5
|
data/global_session.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: global_session 3.2.
|
|
5
|
+
# stub: global_session 3.2.5 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "global_session"
|
|
9
|
-
s.version = "3.2.
|
|
9
|
+
s.version = "3.2.5"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib"]
|
|
13
13
|
s.authors = ["Tony Spataro"]
|
|
14
|
-
s.date = "2016-
|
|
14
|
+
s.date = "2016-04-07"
|
|
15
15
|
s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
|
|
16
16
|
s.email = "support@rightscale.com"
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -62,6 +62,17 @@ module GlobalSession
|
|
|
62
62
|
load
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
+
# Factory method to generate a new keypair for use with GlobalSession.
|
|
66
|
+
#
|
|
67
|
+
# @raise [ArgumentError] if cryptosystem is unknown to OpenSSL
|
|
68
|
+
# @return [OpenSSL::PKey::PKey] a public/private keypair
|
|
69
|
+
def self.create_keypair(cryptosystem=:RSA, keysize=1024)
|
|
70
|
+
factory = OpenSSL::PKey.const_get(cryptosystem)
|
|
71
|
+
factory.generate( 1024 )
|
|
72
|
+
rescue NameError => e
|
|
73
|
+
raise ArgumentError, e.message
|
|
74
|
+
end
|
|
75
|
+
|
|
65
76
|
private
|
|
66
77
|
|
|
67
78
|
# Load all public and/or private keys from location(s) specified in the configuration's
|
|
@@ -136,4 +147,4 @@ module GlobalSession
|
|
|
136
147
|
end
|
|
137
148
|
end
|
|
138
149
|
end
|
|
139
|
-
end
|
|
150
|
+
end
|
|
@@ -30,7 +30,7 @@ class GlobalSessionAuthorityGenerator < Rails::Generator::Base
|
|
|
30
30
|
|
|
31
31
|
def manifest
|
|
32
32
|
record do |m|
|
|
33
|
-
new_key
|
|
33
|
+
new_key = GlobalSession::Keystore.create_keypair(:RSA, 1024)
|
|
34
34
|
new_public = new_key.public_key.to_pem
|
|
35
35
|
new_private = new_key.to_pem
|
|
36
36
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: global_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Spataro
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|