go_sso 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +47 -0
- data/app/controllers/go_sso/application_controller.rb +7 -6
- data/config/routes.rb +4 -4
- data/lib/go_sso.rb +22 -0
- data/lib/go_sso/controllers/helpers.rb +7 -2
- data/lib/go_sso/user.rb +0 -11
- data/lib/go_sso/version.rb +1 -1
- metadata +7 -7
- data/app/models/go_sso/application_record.rb +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5699d1f30c56dc29ad69891e7e0e5f78328ebbc77be73bf064a98d910f2f5f2a
|
|
4
|
+
data.tar.gz: 3a0a7805c36f40ff2ac6b15fb46da68af237f3fa1b3ef51eb546c1833db6c1ff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8ee99a7199532820c1cf592af33afb156d9c783daa091fb1c88b6a7fb20fbd5cf75a5dc4b1aa0019bd1e2f277abc61842df13f276dd5fe472ab3b57c505676df
|
|
7
|
+
data.tar.gz: 69f5d732f77dcb087796457b5776d9052a8d5b1823153633269b4d9950ba4ccb40717650d278b0d51974474feb11e5331447a118f27156c646a966a5f96ed520
|
data/README.md
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# GoSSO
|
|
2
|
+
|
|
3
|
+
This is a plugin to protect applications from access by unauthorized users.
|
|
4
|
+
You need to have your own OAuth server as SSO(Single Sign On) server
|
|
5
|
+
then install this plugin to each application need to be protected.
|
|
6
|
+
|
|
7
|
+
Set the SSO server secrets through environment variables:
|
|
8
|
+
```
|
|
9
|
+
GO_SSO_CLIENT_ID=
|
|
10
|
+
GO_SSO_CLIENT_SECRET=
|
|
11
|
+
GO_SSO_CLIENT_SITE=
|
|
12
|
+
```
|
|
13
|
+
|
|
14
|
+
Create a initializer file for other configurations:
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
GoSso.setup do |config|
|
|
18
|
+
config.client_id # GO_SSO_CLIENT_ID
|
|
19
|
+
config.client_secret # GO_SSO_CLIENT_SECRET
|
|
20
|
+
config.site # GO_SSO_CLIENT_SITE
|
|
21
|
+
config.user_json_url # default: 'api/me'
|
|
22
|
+
config.user_cache_ttl # default 1.minute
|
|
23
|
+
config.main_app_module_name # default is your host app module name
|
|
24
|
+
config.host # set to your app host
|
|
25
|
+
config.fake_user_json # set this options for development or test environment only
|
|
26
|
+
end
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
You must implement `api/me` to response user information in JSON format which provides `applications` attribute at least.
|
|
30
|
+
`applications` is an array of strings.
|
|
31
|
+
|
|
32
|
+
Add `before :authenticate_sso_user_permission` to application controllers.
|
|
33
|
+
Pages with this hook will be protected.
|
|
34
|
+
If `current_sso_user` is not present, redirect users to SSO to login.
|
|
35
|
+
Users can access the protected page only if after login and their applications attribute contains `main_app_module_name`
|
|
36
|
+
|
|
37
|
+
You can access current user in views or controllers via `current_sso_user`.
|
|
38
|
+
|
|
39
|
+
In a development environment, it is probably without SSO server support. When `fake_user_json` option is set, users will always login successfully and its user JSON will be `fake_user_json`:
|
|
40
|
+
```
|
|
41
|
+
GoSso.setup do |config|
|
|
42
|
+
# other configurations...
|
|
43
|
+
if Rails.env.development?
|
|
44
|
+
config.fake_user_json = { uid: 1, email: 'yfxie@me.com' }
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
```
|
|
@@ -8,12 +8,17 @@ module GoSso
|
|
|
8
8
|
|
|
9
9
|
def auth
|
|
10
10
|
session[:go_sso_referrer] = params[:redirect_url] || request.referrer || request.base_url
|
|
11
|
-
|
|
11
|
+
if GoSso.test_mode?
|
|
12
|
+
redirect_to go_sso_callback_url
|
|
13
|
+
else
|
|
14
|
+
redirect_to GoSso.authorize_url
|
|
15
|
+
end
|
|
12
16
|
end
|
|
13
17
|
|
|
14
18
|
def callback
|
|
15
|
-
token = GoSso.get_token(params[:code])
|
|
19
|
+
token = GoSso.test_mode? ? GoSso.generate_fake_token : GoSso.get_token(params[:code])
|
|
16
20
|
set_sso_token(token.token, expires_at: token.expires_at)
|
|
21
|
+
GoSso.after_login.call(self)
|
|
17
22
|
redirect_to session.delete(:go_sso_referrer) || request.base_url
|
|
18
23
|
rescue OAuth2::Error => error
|
|
19
24
|
render json: {
|
|
@@ -36,9 +41,5 @@ module GoSso
|
|
|
36
41
|
session[:go_sso_token] = session[:go_sso_token_expires_at] = nil
|
|
37
42
|
end
|
|
38
43
|
end
|
|
39
|
-
|
|
40
|
-
def sso_token_expired?
|
|
41
|
-
session[:go_sso_token_expires_at] < Time.now.to_i
|
|
42
|
-
end
|
|
43
44
|
end
|
|
44
45
|
end
|
data/config/routes.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Rails.application.routes.draw do
|
|
2
|
-
|
|
3
|
-
get :auth, to: 'application#auth'
|
|
4
|
-
get :callback, to: 'application#callback'
|
|
5
|
-
delete :logout, to: 'application#logout'
|
|
2
|
+
scope GoSso.routes_prefix do
|
|
3
|
+
get :auth, to: 'go_sso/application#auth', as: :go_sso_auth
|
|
4
|
+
get :callback, to: 'go_sso/application#callback', as: :go_sso_callback
|
|
5
|
+
delete :logout, to: 'go_sso/application#logout', as: :go_sso_logout
|
|
6
6
|
end
|
|
7
7
|
end
|
data/lib/go_sso.rb
CHANGED
|
@@ -15,6 +15,9 @@ module GoSso
|
|
|
15
15
|
mattr_accessor :user_cache_ttl, default: 1.minute
|
|
16
16
|
mattr_accessor :main_app_module_name
|
|
17
17
|
mattr_accessor :host
|
|
18
|
+
mattr_accessor :fake_user_json
|
|
19
|
+
mattr_accessor :after_login, default: ->(ctx){}
|
|
20
|
+
mattr_accessor :routes_prefix, default: "/go_sso"
|
|
18
21
|
|
|
19
22
|
def self.setup
|
|
20
23
|
yield self
|
|
@@ -47,6 +50,25 @@ module GoSso
|
|
|
47
50
|
host || Current.host
|
|
48
51
|
end
|
|
49
52
|
|
|
53
|
+
def self.get_user_json(token = nil)
|
|
54
|
+
return fake_user_json.as_json if test_mode?
|
|
55
|
+
o_token = OAuth2::AccessToken.new(client, token)
|
|
56
|
+
json_str = Rails.cache.fetch([:go_sso_user, token], expires_in: user_cache_ttl) do
|
|
57
|
+
o_token.get(GoSso.user_json_url).body
|
|
58
|
+
end
|
|
59
|
+
JSON.parse(json_str)
|
|
60
|
+
rescue Faraday::ConnectionFailed
|
|
61
|
+
raise GoSso::FailedToOpenConnection
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def self.test_mode?
|
|
65
|
+
fake_user_json.present?
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def self.generate_fake_token
|
|
69
|
+
OAuth2::AccessToken.new(client, SecureRandom.urlsafe_base64, expires_in: 2.hours)
|
|
70
|
+
end
|
|
71
|
+
|
|
50
72
|
class FailedToOpenConnection < Exception; end
|
|
51
73
|
end
|
|
52
74
|
|
|
@@ -17,7 +17,8 @@ module GoSso
|
|
|
17
17
|
@current_sso_user ||= begin
|
|
18
18
|
return nil unless session[:go_sso_token]
|
|
19
19
|
return nil if sso_token_expired?
|
|
20
|
-
GoSso
|
|
20
|
+
user_json = GoSso.get_user_json(session[:go_sso_token])
|
|
21
|
+
GoSso::User.new(user_json)
|
|
21
22
|
end
|
|
22
23
|
rescue OAuth2::Error
|
|
23
24
|
nil
|
|
@@ -29,9 +30,13 @@ module GoSso
|
|
|
29
30
|
end
|
|
30
31
|
|
|
31
32
|
unless current_sso_user.can_access?(GoSso.main_app_module_name)
|
|
32
|
-
render json: { message: 'access denied' }, status: 401
|
|
33
|
+
return render json: { message: 'access denied' }, status: 401
|
|
33
34
|
end
|
|
34
35
|
end
|
|
36
|
+
|
|
37
|
+
def sso_token_expired?
|
|
38
|
+
session[:go_sso_token_expires_at] < Time.now.to_i
|
|
39
|
+
end
|
|
35
40
|
end
|
|
36
41
|
end
|
|
37
42
|
end
|
data/lib/go_sso/user.rb
CHANGED
|
@@ -19,15 +19,4 @@ class GoSso::User
|
|
|
19
19
|
super
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
|
-
|
|
23
|
-
def self.from_token(token)
|
|
24
|
-
o_token = OAuth2::AccessToken.new(GoSso.client, token)
|
|
25
|
-
json_str = Rails.cache.fetch([:go_sso_user, token], expires_in: GoSso.user_cache_ttl) do
|
|
26
|
-
o_token.get(GoSso.user_json_url).body
|
|
27
|
-
end
|
|
28
|
-
attrs = JSON.parse(json_str)
|
|
29
|
-
new(attrs)
|
|
30
|
-
rescue Faraday::ConnectionFailed
|
|
31
|
-
raise GoSso::FailedToOpenConnection
|
|
32
|
-
end
|
|
33
22
|
end
|
data/lib/go_sso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: go_sso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yi Feng
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-08-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: oauth2
|
|
@@ -116,6 +116,7 @@ extensions: []
|
|
|
116
116
|
extra_rdoc_files: []
|
|
117
117
|
files:
|
|
118
118
|
- MIT-LICENSE
|
|
119
|
+
- README.md
|
|
119
120
|
- Rakefile
|
|
120
121
|
- app/assets/config/go_sso_manifest.js
|
|
121
122
|
- app/assets/stylesheets/go_sso/application.css
|
|
@@ -123,7 +124,6 @@ files:
|
|
|
123
124
|
- app/helpers/go_sso/application_helper.rb
|
|
124
125
|
- app/jobs/go_sso/application_job.rb
|
|
125
126
|
- app/mailers/go_sso/application_mailer.rb
|
|
126
|
-
- app/models/go_sso/application_record.rb
|
|
127
127
|
- app/views/layouts/go_sso/application.html.erb
|
|
128
128
|
- config/routes.rb
|
|
129
129
|
- lib/go_sso.rb
|
|
@@ -137,7 +137,7 @@ homepage: https://github.com/yfxie/go_sso
|
|
|
137
137
|
licenses:
|
|
138
138
|
- MIT
|
|
139
139
|
metadata: {}
|
|
140
|
-
post_install_message:
|
|
140
|
+
post_install_message:
|
|
141
141
|
rdoc_options: []
|
|
142
142
|
require_paths:
|
|
143
143
|
- lib
|
|
@@ -152,8 +152,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
152
|
- !ruby/object:Gem::Version
|
|
153
153
|
version: '0'
|
|
154
154
|
requirements: []
|
|
155
|
-
rubygems_version: 3.0.
|
|
156
|
-
signing_key:
|
|
155
|
+
rubygems_version: 3.0.8
|
|
156
|
+
signing_key:
|
|
157
157
|
specification_version: 4
|
|
158
158
|
summary: Summary of GoSso.
|
|
159
159
|
test_files: []
|