go_sso 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 94692c360a28d7beff1f95900b6b798d2bee7a554e988f003623ed8675969751
+  data.tar.gz: 63990eb7c21d4f8d4316d143abad2596a9533b43576021e00b441595664b076b
+SHA512:
+  metadata.gz: eb726512139fcae3835d644f31304ae509509eefab7a19bcdba264eba04601ea76bc3d4b674480ceead8757e0a9d9bbdd0bc21b5654011c2fa4fcea6c4c78da7
+  data.tar.gz: f77a159bf650f9a855a059cbb416954b22a39d96a76477834fbd88b1f8584e1a454ce7126662751c8796d592e40bd1f71d9ce9a56294696b8dcfe9c7947057cb

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2019 Yi Feng
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'GoSso'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/go_sso_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/go_sso .css

data/app/assets/stylesheets/go_sso/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/go_sso/application_controller.rb

@@ -0,0 +1,44 @@
+module GoSso
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+
+    before_action do
+      GoSso::Current.host = request.base_url
+    end
+
+    def auth
+      session[:go_sso_referrer] = params[:redirect_url] || request.referrer || request.base_url
+      redirect_to GoSso.authorize_url
+    end
+
+    def callback
+      token = GoSso.get_token(params[:code])
+      set_sso_token(token.token, expires_at: token.expires_at)
+      redirect_to session.delete(:go_sso_referrer) || request.base_url
+    rescue OAuth2::Error => error
+      render json: {
+        code: error.code,
+        description: error.description
+      }
+    end
+
+    def logout
+      set_sso_token(nil)
+      redirect_to params[:redirect_url] || request.referrer || request.base_url
+    end
+
+    private
+    def set_sso_token(token, expires_at: nil)
+      if token
+        session[:go_sso_token] = token
+        session[:go_sso_token_expires_at] = expires_at
+      else
+        session[:go_sso_token] = session[:go_sso_token_expires_at] = nil
+      end
+    end
+
+    def sso_token_expired?
+      session[:go_sso_token_expires_at] < Time.now.to_i
+    end
+  end
+end

data/app/helpers/go_sso/application_helper.rb

@@ -0,0 +1,4 @@
+module GoSso
+  module ApplicationHelper
+  end
+end

data/app/jobs/go_sso/application_job.rb

@@ -0,0 +1,4 @@
+module GoSso
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/go_sso/application_mailer.rb

@@ -0,0 +1,6 @@
+module GoSso
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/go_sso/application_record.rb

@@ -0,0 +1,5 @@
+module GoSso
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/go_sso/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Go sso</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "go_sso/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,7 @@
+Rails.application.routes.draw do
+  namespace :go_sso do
+    get :auth, to: 'application#auth'
+    get :callback, to: 'application#callback'
+    delete :logout, to: 'application#logout'
+  end
+end

data/lib/go_sso.rb

@@ -0,0 +1,53 @@
+require "oauth2"
+
+module GoSso
+  autoload :User, 'go_sso/user'
+  autoload :Current, 'go_sso/current'
+
+  module Controllers
+    autoload :Helpers, 'go_sso/controllers/helpers'
+  end
+
+  mattr_accessor :client_id
+  mattr_accessor :client_secret
+  mattr_accessor :site
+  mattr_accessor :user_json_url, default: 'api/me'
+  mattr_accessor :user_cache_ttl, default: 1.minute
+  mattr_accessor :main_app_module_name
+  mattr_accessor :host
+
+  def self.setup
+    yield self
+  end
+
+  def self.set_default_options!
+    self.client_id = ENV['GO_SSO_CLIENT_ID']
+    self.client_secret = ENV['GO_SSO_CLIENT_SECRET']
+    self.site = ENV['GO_SSO_CLIENT_SITE']
+    self.main_app_module_name = if Rails::VERSION::MAJOR == 6
+      Rails.application.class.module_parent.to_s
+    else
+      Rails.application.class.parent.to_s
+    end
+  end
+
+  def self.client
+    @client ||= OAuth2::Client.new(client_id, client_secret, site: site)
+  end
+
+  def self.authorize_url
+    client.auth_code.authorize_url(redirect_uri: Rails.application.routes.url_helpers.go_sso_callback_url(host: current_host))
+  end
+
+  def self.get_token(code)
+    client.auth_code.get_token(code, redirect_uri: Rails.application.routes.url_helpers.go_sso_callback_url(host: current_host))
+  end
+
+  def self.current_host
+    host || Current.host
+  end
+
+  class FailedToOpenConnection < Exception; end
+end
+
+require "go_sso/engine"

data/lib/go_sso/controllers/helpers.rb

@@ -0,0 +1,37 @@
+module GoSso
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :current_sso_user
+
+        rescue_from GoSso::FailedToOpenConnection do
+          render json: {
+            message: 'Failed to open connection to SSO server. Try again later.'
+          }, status: 500
+        end
+      end
+
+      def current_sso_user
+        @current_sso_user ||= begin
+          return nil unless session[:go_sso_token]
+          return nil if sso_token_expired?
+          GoSso::User.from_token(session[:go_sso_token])
+        end
+      rescue OAuth2::Error
+        nil
+      end
+
+      def authenticate_sso_user_permission
+        unless current_sso_user
+          return redirect_to(go_sso_auth_url(redirect_url: request.url))
+        end
+
+        unless current_sso_user.can_access?(GoSso.main_app_module_name)
+          render json: { message: 'access denied' }, status: 401
+        end
+      end
+    end
+  end
+end

data/lib/go_sso/current.rb

@@ -0,0 +1,3 @@
+class GoSso::Current < ActiveSupport::CurrentAttributes
+  attribute :host
+end

data/lib/go_sso/engine.rb

@@ -0,0 +1,13 @@
+module GoSso
+  class Engine < ::Rails::Engine
+    initializer "go_sso.configs", before: :load_config_initializers do
+      GoSso.set_default_options!
+    end
+
+    initializer "go_sso.helpers" do
+      ActiveSupport.on_load(:action_controller) do
+        include Controllers::Helpers
+      end
+    end
+  end
+end

data/lib/go_sso/user.rb

@@ -0,0 +1,33 @@
+class GoSso::User
+  def initialize(attrs)
+    @attrs = attrs
+  end
+
+  def can_access?(app_name)
+    applications.include?(app_name.to_s)
+  end
+
+  def applications
+    @attrs['applications'] || []
+  end
+
+  def method_missing(m, *args, &block)
+    method_name = m.to_s
+    if @attrs.has_key?(method_name)
+      @attrs[method_name]
+    else
+      super
+    end
+  end
+
+  def self.from_token(token)
+    o_token = OAuth2::AccessToken.new(GoSso.client, token)
+    json_str = Rails.cache.fetch([:go_sso_user, token], expires_in: GoSso.user_cache_ttl) do
+      o_token.get(GoSso.user_json_url).body
+    end
+    attrs = JSON.parse(json_str)
+    new(attrs)
+  rescue Faraday::ConnectionFailed
+    raise GoSso::FailedToOpenConnection
+  end
+end

data/lib/go_sso/version.rb

@@ -0,0 +1,3 @@
+module GoSso
+  VERSION = '0.1.0'
+end

data/lib/tasks/go_sso_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :go_sso do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: go_sso
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yi Feng
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-10-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: dotenv-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Description of GoSso.
+email:
+- yfxie@me.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- Rakefile
+- app/assets/config/go_sso_manifest.js
+- app/assets/stylesheets/go_sso/application.css
+- app/controllers/go_sso/application_controller.rb
+- app/helpers/go_sso/application_helper.rb
+- app/jobs/go_sso/application_job.rb
+- app/mailers/go_sso/application_mailer.rb
+- app/models/go_sso/application_record.rb
+- app/views/layouts/go_sso/application.html.erb
+- config/routes.rb
+- lib/go_sso.rb
+- lib/go_sso/controllers/helpers.rb
+- lib/go_sso/current.rb
+- lib/go_sso/engine.rb
+- lib/go_sso/user.rb
+- lib/go_sso/version.rb
+- lib/tasks/go_sso_tasks.rake
+homepage: https://github.com/yfxie/go_sso
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Summary of GoSso.
+test_files: []