global_session 3.2.4 → 3.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.rdoc +87 -14
- data/VERSION +1 -1
- data/global_session.gemspec +3 -3
- data/lib/global_session/keystore.rb +12 -1
- data/rails_generators/global_session_authority/global_session_authority_generator.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4cf0f0c904f527bf182584e926bd80e8b98afcaa
|
|
4
|
+
data.tar.gz: eddd6c5e8c9fea9175dfeb3059737757196f5f76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83c3cfd4461a9c17a30e4881cfe9bd33e0468de8410e38cb740e8a70e415c1aa382be43adf3650d33676cf45e04ec39b4ec3d7cc581d4ee262d1dcbd86334b73
|
|
7
|
+
data.tar.gz: 8fdba2a31e228e3eac3cf1dc72e39190a3e51089882523b5b2ef1949710c2807ede4fbc4714b6a1a6bfc2f28885ed138335ebce550ef6414c1fd50372bdba5a3
|
data/README.rdoc
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
Copyright (c) 2009-2015 RightScale, Inc. <support@rightscale.com>; see LICENSE for more details.
|
|
2
2
|
|
|
3
|
+
= Preamble
|
|
4
|
+
|
|
5
|
+
<b>WARNING:</b> This RubyGem was authored in 2010 when Rails 2.1 was state of
|
|
6
|
+
the art. Its Rails integration has not been kept up to date over time; it is
|
|
7
|
+
untested with Rails 3, 4 and 5, and its generators are broken with Rails above
|
|
8
|
+
2.3.5.
|
|
9
|
+
|
|
10
|
+
We continue to support the Rack middleware and other components of this gem,
|
|
11
|
+
and recommend using it as a plain old Rack middleware in your Rails apps.
|
|
12
|
+
Instructions for doing so are provided in this README.
|
|
13
|
+
|
|
3
14
|
= Introduction
|
|
4
15
|
|
|
5
16
|
GlobalSession enables multiple heterogeneous Web applications to share
|
|
@@ -44,25 +55,81 @@ particular, it does not provide any of the following:
|
|
|
44
55
|
|
|
45
56
|
= Examples
|
|
46
57
|
|
|
47
|
-
==
|
|
58
|
+
== Make a YML configuration file
|
|
59
|
+
|
|
60
|
+
The config file format is designed to be self-documenting. The most important
|
|
61
|
+
data are: what data can be in your global session (`attributes`), what
|
|
62
|
+
directory contains your `.pub` files with authorities' public keys (`keystore.public`),
|
|
63
|
+
and the locatio nof `.key` private key file, if any, used by this app (`keystore.private`).
|
|
64
|
+
|
|
65
|
+
You can omit `keystore.private` if the app should be able to read, but not
|
|
66
|
+
write, global sessions.
|
|
67
|
+
|
|
68
|
+
If you have asymmetrical trust (e.g. dev trusts production but not vice-versa),
|
|
69
|
+
you can include an optional `trust` list. By default, every public key file is
|
|
70
|
+
trusted.
|
|
71
|
+
|
|
72
|
+
common:
|
|
73
|
+
attributes:
|
|
74
|
+
signed:
|
|
75
|
+
- user
|
|
76
|
+
insecure:
|
|
77
|
+
- favorite_color
|
|
78
|
+
cookie:
|
|
79
|
+
name: global_session
|
|
80
|
+
keystore:
|
|
81
|
+
public: config/authorities
|
|
82
|
+
renew: 30
|
|
83
|
+
timeout: 60
|
|
84
|
+
development:
|
|
85
|
+
keystore:
|
|
86
|
+
private: config/authorities/dev
|
|
87
|
+
production:
|
|
88
|
+
trust:
|
|
89
|
+
- prod
|
|
90
|
+
keystore:
|
|
91
|
+
private: config/authorities/prod
|
|
48
92
|
|
|
49
|
-
|
|
50
|
-
$ script/generate global_session_config mycoolapp.com
|
|
93
|
+
== Make a new keypair for a GlobalSession authority
|
|
51
94
|
|
|
52
|
-
|
|
53
|
-
|
|
95
|
+
Decide on a name for your authority. The name is a short string that identifies
|
|
96
|
+
a pair of key files on disk (one public, one private) which will be used to
|
|
97
|
+
sign and verify sessions. If you have mutual trust between every app in your
|
|
98
|
+
architecture, then you only need one authority and your domain name, e.g.
|
|
99
|
+
`example-com`, is a fine choice of name. If you want partition trust within your
|
|
100
|
+
architecture, then authorities could be named after environments
|
|
101
|
+
(`staging`, `production`), regions (`us`, `eu`) or even specific apps
|
|
102
|
+
(`frontend`, `api`) depending on where you draw the trust boundaries.
|
|
54
103
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
has_global_session
|
|
58
|
-
end
|
|
104
|
+
Figure out where key files live in your application. This is whatever value
|
|
105
|
+
you set in the `keystore: public: ...` directive in the configuration.
|
|
59
106
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
@current_user = User.find(global_session['user'])
|
|
107
|
+
If you have complete, mutual trust between all components of your architecture,
|
|
108
|
+
then something based on your organization's domain name (e.g. `example-com`)
|
|
109
|
+
is a fine choice.
|
|
64
110
|
|
|
65
|
-
|
|
111
|
+
Open irb or your console of choice and require the `global_session` gem.
|
|
112
|
+
|
|
113
|
+
# default is RSA cryptosystem with 1024-bit keys.
|
|
114
|
+
keypair = GlobalSession::Keystore.create_keypair(:RSA, 1024)
|
|
115
|
+
public_pem = keypair.public_key.to_pem
|
|
116
|
+
private_pem = keypair.to_pem
|
|
117
|
+
|
|
118
|
+
# write keys to disk
|
|
119
|
+
File.open('config/authorities/example-com.pub', 'w') { |f| f.write public_pem }
|
|
120
|
+
File.open('config/authorities/example-com.key', 'w') { |f| f.write private_pem }
|
|
121
|
+
|
|
122
|
+
== Integration with Rails
|
|
123
|
+
|
|
124
|
+
Install the GlobalSession middleware in your application startup. Open
|
|
125
|
+
`environment.rb` or `application.rb` (depending on your Rails version) and
|
|
126
|
+
add a new file to `config/initializers` to configure and install the
|
|
127
|
+
middleware:
|
|
128
|
+
|
|
129
|
+
configuration = GlobalSession::Configuration.new('config/global_session.yml', Rails.env)
|
|
130
|
+
directory = GlobalSession::Directory.new(configuration)
|
|
131
|
+
|
|
132
|
+
== Integration with Rack
|
|
66
133
|
|
|
67
134
|
Install the GlobalSession middleware into your Rack stack; pass a config and a directory
|
|
68
135
|
object to its initializer. For instance, in config.ru:
|
|
@@ -71,6 +138,12 @@ object to its initializer. For instance, in config.ru:
|
|
|
71
138
|
directory = GlobalSession::Directory.new(configuration)
|
|
72
139
|
use ::GlobalSession::Rack::Middleware, configuration, directory
|
|
73
140
|
|
|
141
|
+
Application.config.middleware.insert_before(Application.config.session_store, ::Rack::Cookies)
|
|
142
|
+
Application.config.middleware.insert_before(Application.config.session_store, ::Rack::GlobalSession, configuration, directory)
|
|
143
|
+
|
|
144
|
+
Note that the GlobalSession middleware depends on `Rack::Cookies`; be sure
|
|
145
|
+
to install them both, and in the proper order.
|
|
146
|
+
|
|
74
147
|
= Global Session Contents
|
|
75
148
|
|
|
76
149
|
Global session state is stored as a cookie in the user's browser and/or sent
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.2.
|
|
1
|
+
3.2.5
|
data/global_session.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: global_session 3.2.
|
|
5
|
+
# stub: global_session 3.2.5 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "global_session"
|
|
9
|
-
s.version = "3.2.
|
|
9
|
+
s.version = "3.2.5"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib"]
|
|
13
13
|
s.authors = ["Tony Spataro"]
|
|
14
|
-
s.date = "2016-
|
|
14
|
+
s.date = "2016-04-07"
|
|
15
15
|
s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
|
|
16
16
|
s.email = "support@rightscale.com"
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -62,6 +62,17 @@ module GlobalSession
|
|
|
62
62
|
load
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
+
# Factory method to generate a new keypair for use with GlobalSession.
|
|
66
|
+
#
|
|
67
|
+
# @raise [ArgumentError] if cryptosystem is unknown to OpenSSL
|
|
68
|
+
# @return [OpenSSL::PKey::PKey] a public/private keypair
|
|
69
|
+
def self.create_keypair(cryptosystem=:RSA, keysize=1024)
|
|
70
|
+
factory = OpenSSL::PKey.const_get(cryptosystem)
|
|
71
|
+
factory.generate( 1024 )
|
|
72
|
+
rescue NameError => e
|
|
73
|
+
raise ArgumentError, e.message
|
|
74
|
+
end
|
|
75
|
+
|
|
65
76
|
private
|
|
66
77
|
|
|
67
78
|
# Load all public and/or private keys from location(s) specified in the configuration's
|
|
@@ -136,4 +147,4 @@ module GlobalSession
|
|
|
136
147
|
end
|
|
137
148
|
end
|
|
138
149
|
end
|
|
139
|
-
end
|
|
150
|
+
end
|
|
@@ -30,7 +30,7 @@ class GlobalSessionAuthorityGenerator < Rails::Generator::Base
|
|
|
30
30
|
|
|
31
31
|
def manifest
|
|
32
32
|
record do |m|
|
|
33
|
-
new_key
|
|
33
|
+
new_key = GlobalSession::Keystore.create_keypair(:RSA, 1024)
|
|
34
34
|
new_public = new_key.public_key.to_pem
|
|
35
35
|
new_private = new_key.to_pem
|
|
36
36
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: global_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Spataro
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|