glogin 0.2 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +7 -7
- data/lib/glogin/cookie.rb +13 -11
- data/lib/glogin/version.rb +1 -1
- data/test/glogin/test_cookie.rb +8 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 39525c79b9353af1f2baa96306fd38ee13d73796
|
|
4
|
+
data.tar.gz: 3ae939f552d4ab34bb6b26de01b23b9944ac773d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ecbacab1006d2c2cab12dce480cc7a6e2948c0d3977b7ab8570c5deafc939f822885a17c584bcbb65341e1d45e5bb1f623c69a4f62ebabc78e39b1d4badb7506
|
|
7
|
+
data.tar.gz: b9a115d1c87718cece3763ededbe430ac7b6dcf5f52ec8b12242ae40cf0e6081a2a8fa474678e4685f615c08bbbd9b89b67404ebed1048c7c3093b061d8f75eb
|
data/README.md
CHANGED
|
@@ -23,11 +23,11 @@ First, somewhere in the global space, before the app starts:
|
|
|
23
23
|
require 'glogin'
|
|
24
24
|
configure do
|
|
25
25
|
set :glogin, GLogin::Auth.new(
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
# Make sure their values are coming from a secure
|
|
27
|
+
# place and are not visible in the source code:
|
|
28
28
|
client_id, client_secret,
|
|
29
|
-
|
|
30
|
-
|
|
29
|
+
# This is what you will register in GitHub as an
|
|
30
|
+
# authorization callback URL:
|
|
31
31
|
'http://www.example.com/github-callback'
|
|
32
32
|
)
|
|
33
33
|
end
|
|
@@ -43,8 +43,8 @@ before '/*' do
|
|
|
43
43
|
begin
|
|
44
44
|
@user = Cookie::Closed.new(
|
|
45
45
|
cookies[:glogin],
|
|
46
|
-
|
|
47
|
-
|
|
46
|
+
# This must be some long text to be used to
|
|
47
|
+
# encrypt the value in the cookie.
|
|
48
48
|
secret
|
|
49
49
|
).to_user
|
|
50
50
|
rescue OpenSSL::Cipher::CipherError => _
|
|
@@ -67,7 +67,7 @@ Next, we need a URL for GitHub OAuth callback:
|
|
|
67
67
|
get '/github-callback' do
|
|
68
68
|
cookies[:glogin] = Cookie::Open.new(
|
|
69
69
|
settings.glogin.user(params[:code]),
|
|
70
|
-
|
|
70
|
+
# The same encryption secret that we were using above:
|
|
71
71
|
secret
|
|
72
72
|
).to_s
|
|
73
73
|
redirect to('/')
|
data/lib/glogin/cookie.rb
CHANGED
|
@@ -41,17 +41,19 @@ module GLogin
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def to_user
|
|
44
|
-
|
|
45
|
-
@
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
44
|
+
plain =
|
|
45
|
+
if @secret.empty?
|
|
46
|
+
@text
|
|
47
|
+
else
|
|
48
|
+
cpr = Cookie.cipher
|
|
49
|
+
cpr.decrypt
|
|
50
|
+
cpr.key = Digest::SHA1.hexdigest(@secret)
|
|
51
|
+
decrypted = cpr.update(Base64.decode64(@text))
|
|
52
|
+
decrypted << cpr.final
|
|
53
|
+
decrypted.to_s
|
|
54
|
+
end
|
|
55
|
+
parts = plain.split('|')
|
|
56
|
+
{ login: parts[0], avatar: parts[1] }
|
|
55
57
|
end
|
|
56
58
|
end
|
|
57
59
|
|
data/lib/glogin/version.rb
CHANGED
data/test/glogin/test_cookie.rb
CHANGED
|
@@ -40,6 +40,14 @@ class TestCookie < Minitest::Test
|
|
|
40
40
|
assert_equal(user[:avatar], 'https://avatars1.githubusercontent.com/u/526301')
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def test_decrypts_in_test_mode
|
|
44
|
+
user = GLogin::Cookie::Closed.new(
|
|
45
|
+
'test|http://example.com', ''
|
|
46
|
+
).to_user
|
|
47
|
+
assert_equal(user[:login], 'test')
|
|
48
|
+
assert_equal(user[:avatar], 'http://example.com')
|
|
49
|
+
end
|
|
50
|
+
|
|
43
51
|
def test_fails_on_broken_text
|
|
44
52
|
assert_raises OpenSSL::Cipher::CipherError do
|
|
45
53
|
GLogin::Cookie::Closed.new(
|