heimdall_auth 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 57bca32565813f01226295da73012e3b10a4d6c1551e7e680c74ade1fc47330c
4
- data.tar.gz: 4c13f4f4e6f0c67026c8f4def6351625b2ff377d580828997adf6658f054e987
3
+ metadata.gz: 62917a5dfbec560e91964ae280d362973e51c3fd7aec9fa39012fcba2053fb96
4
+ data.tar.gz: d902146d018ba779759c7bef16e7807266d1960a49127961d587a791f131ee41
5
5
  SHA512:
6
- metadata.gz: 46a5916934411a7957c8f494bd0348083a1cc5394517d9924899eebae911450c4bfeb78a6cdbae1e85dc4fd51146d07af562f56615362ebe72e06e7da1af3a43
7
- data.tar.gz: 630a7af9ae20322235561977d94f0d84900bab12edb052515a1967db5bce6aa262493a13acba131cace42790641762d1d6db603c5169d2e3e80c05712c900137
6
+ metadata.gz: b47b0dfd4f6db45ab8a1d5a34626e1529dcba2811901c36e3ba9a1534e5a814b7c163a4ed433198c66462575feb2eadbd60792ac604f53703381c88cf0282cbc
7
+ data.tar.gz: 97c6c1a896670c6e224725d848e30340cf30baeecca65a24d7f12275d8040ad1ebdd1bc75156295eda8b94c847901a34802e0542145a2a02a75fdc09a38de91a
data/README.md CHANGED
@@ -1,6 +1,29 @@
1
1
  # HeimdallAuth
2
2
  This makes it easy to equip an empty rails application with our Heimdall Auth features.
3
3
 
4
+ ## New Feature: Secure Sidekiq (and other mounts)
5
+ Use it like so in `config/routes.rb`:
6
+ ```
7
+ mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq
8
+ ```
9
+ instead of the known:
10
+ ```
11
+ mount Sidekiq::Web => '/sidekiq'
12
+ ```
13
+
14
+ Additionally you need to add the rights to your `app/models/ability.rb`:
15
+ ```
16
+ if user.is_admin
17
+ can :manage, :sidekiq
18
+ end
19
+ ```
20
+
21
+ Options:
22
+ - mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE
23
+ - ENGINE - any mountable Engine like `Sidekiq::Web`
24
+ - PATH - where to mount the engine
25
+ - ACTION & RESOURCE - like any action and resource in cancancan
26
+
4
27
  ## Installation and Usage
5
28
 
6
29
  Example: https://gitlab.vesputi.com/netzmap/nanna
@@ -8,29 +8,29 @@ class HeimdallAuth::SessionsController < ApplicationController
8
8
  if user_token
9
9
  do_a_signin_precall(user_token, heimdall_auth_url)
10
10
  else
11
- redirect_to heimdall_auth_url
11
+ redirect_to heimdall_auth_url, allow_other_host: true
12
12
  end
13
13
  end
14
14
 
15
15
  def create
16
16
  auth = request.env["omniauth.auth"]
17
17
  session[:access_token] = auth.credentials.token
18
- redirect_to session[:last_url] || root_url
18
+ redirect_to( session[:last_url] || request.base_url, allow_other_host: true)
19
19
  end
20
20
 
21
21
  def destroy
22
22
  last_url = session[:last_url]
23
23
  reset_session
24
- redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || passenger_url}", :notice => 'Signed out!'
24
+ redirect_to("#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || request.base_url}", :notice => 'Signed out!', allow_other_host: true)
25
25
  end
26
26
 
27
27
  def failure
28
- redirect_to root_url, :alert => "Authentication error: #{params[:message].humanize}"
28
+ redirect_to request.base_url, :alert => "Authentication error: #{params[:message].humanize}", allow_other_host: true
29
29
  end
30
30
 
31
31
  private
32
32
  def do_a_signin_precall(user_token, heimdall_auth_url)
33
- redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}"
33
+ redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}", allow_other_host: true
34
34
  end
35
35
 
36
36
  end
@@ -0,0 +1,48 @@
1
+ module HeimdallAuth
2
+ module AuthenticationAdditions
3
+ def current_ability
4
+ @current_ability ||= Ability.new(current_user)
5
+ end
6
+
7
+ def store_location_in_session
8
+ session[:last_url] = request.url if storable_location?
9
+ ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
10
+ end
11
+
12
+ def storable_location?
13
+ request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
14
+ end
15
+
16
+ def current_access_token
17
+ request.session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
18
+ end
19
+
20
+ def current_user
21
+ begin
22
+ @current_user ||= get_user_from_auth_server(current_access_token)
23
+ rescue NoMethodError => e
24
+ User.new(is_invalid: true)
25
+ rescue Exception => e
26
+ nil
27
+ end
28
+ end
29
+
30
+ def current_environment
31
+ begin
32
+ @current_environment ||= current_user.key_environment || params[:environment]
33
+ rescue NoMethodError, Exception => e
34
+ nil
35
+ end
36
+ end
37
+
38
+ def get_user_from_auth_server(access_token)
39
+ client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
40
+ user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
41
+ User.new(user_data)
42
+ end
43
+
44
+ def user_signed_in?
45
+ return true if current_user
46
+ end
47
+ end
48
+ end
@@ -1,10 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
  require "cancancan"
3
+ require "heimdall_auth/authentication_additions"
3
4
 
4
5
  module HeimdallAuth
5
6
  # This module is automatically included into all controllers.
6
7
  # It adds methods like current_user but also handles auth-failure redirections
7
8
  module ControllerAdditions
9
+ include HeimdallAuth::AuthenticationAdditions
8
10
 
9
11
  def self.included(base)
10
12
  base.helper_method :current_user, :current_access_token, :current_environment, :user_signed_in? if base.respond_to? :helper_method
@@ -28,52 +30,6 @@ module HeimdallAuth
28
30
  end
29
31
 
30
32
  end
31
-
32
- def current_ability
33
- @current_ability ||= Ability.new(current_user)
34
- end
35
-
36
- def store_location_in_session
37
- session[:last_url] = request.url if storable_location?
38
- ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
39
- end
40
-
41
- def storable_location?
42
- request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
43
- end
44
-
45
-
46
- def current_access_token
47
- session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
48
- end
49
-
50
- def current_user
51
- begin
52
- @current_user ||= get_user_from_auth_server(current_access_token)
53
- rescue NoMethodError => e
54
- User.new(is_invalid: true)
55
- rescue Exception => e
56
- nil
57
- end
58
- end
59
-
60
- def current_environment
61
- begin
62
- @current_environment ||= current_user.key_environment || params[:environment]
63
- rescue NoMethodError, Exception => e
64
- nil
65
- end
66
- end
67
-
68
- def get_user_from_auth_server(access_token)
69
- client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
70
- user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
71
- User.new(user_data)
72
- end
73
-
74
- def user_signed_in?
75
- return true if current_user
76
- end
77
33
  end
78
34
  end
79
35
 
@@ -9,6 +9,22 @@ module HeimdallAuth
9
9
  get '/signin' => 'heimdall_auth/sessions#new', :as => :new_user_session
10
10
  get '/signout' => 'heimdall_auth/sessions#destroy', :as => :destroy_user_session
11
11
  end
12
+
13
+
14
+ def mount_heimdall_auth_secured(options = {}, &block)
15
+ mount_element = options.keys.first
16
+ path = options[mount_element]
17
+
18
+ action = options.keys.second
19
+ resource = options.values.second
20
+ if action.nil? || resource.nil?
21
+ puts "WARNING: It seems you missed the cancancan rights. Use: `mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq`"
22
+ end
23
+
24
+ mount mount_element => path, constraints: HeimdallAuth::RouteConstraint.new(action, resource)
25
+ get "#{path}", to: redirect('/signin')
26
+ get "#{path}/*rest", to: redirect('/signin')
27
+ end
12
28
  end
13
29
 
14
30
  def self.install!
@@ -0,0 +1,45 @@
1
+ module HeimdallAuth
2
+
3
+ class AuthenticationChecker
4
+ include HeimdallAuth::AuthenticationAdditions
5
+
6
+ def initialize(request)
7
+ @request = request
8
+ end
9
+
10
+ def request #This allowes the methods in AuthenticationAdditions to use to usually global request
11
+ @request
12
+ end
13
+
14
+ def session #This allowes the methods in AuthenticationAdditions to use to usually global request
15
+ @request.session
16
+ end
17
+
18
+ def can?(action, resource)
19
+ store_location_in_session
20
+ if current_user
21
+ if current_ability.can?(action, resource)
22
+ return true
23
+ else
24
+ session[:last_url] = request.base_url #prevent a redirection loop if users do not have enough rights. So send her to the base_url
25
+ return false
26
+ end
27
+ else
28
+ return false
29
+ end
30
+ end
31
+ end
32
+
33
+ class RouteConstraint
34
+
35
+ def initialize(action, resource)
36
+ @action = action
37
+ @resource = resource
38
+ end
39
+
40
+ def matches?(matching_request)
41
+ AuthenticationChecker.new(matching_request).can?(@action, @resource)
42
+ end
43
+
44
+ end
45
+ end
@@ -1,3 +1,3 @@
1
1
  module HeimdallAuth
2
- VERSION = '1.7.0'
2
+ VERSION = '1.8.0'
3
3
  end
data/lib/heimdall_auth.rb CHANGED
@@ -6,8 +6,11 @@ require "heimdall_auth/rails/routes"
6
6
  require "heimdall_auth/user"
7
7
  require "omniauth/stategies/heimdall"
8
8
 
9
+ require "heimdall_auth/authentication_additions"
9
10
  require "heimdall_auth/controller_additions"
10
11
 
12
+ require "heimdall_auth/route_constraint"
13
+
11
14
 
12
15
  module HeimdallAuth
13
16
  # Your code goes here...
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - René Meye
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-13 00:00:00.000000000 Z
11
+ date: 2023-01-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '5.0'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
- version: '7.0'
22
+ version: '8.0'
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '5.0'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
- version: '7.0'
32
+ version: '8.0'
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: omniauth
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -109,10 +109,12 @@ files:
109
109
  - lib/generators/heimdall_auth/standard_pages/templates/invalid_user_data.html.erb
110
110
  - lib/generators/heimdall_auth/standard_pages/templates/not_enough_rights.html.erb
111
111
  - lib/heimdall_auth.rb
112
+ - lib/heimdall_auth/authentication_additions.rb
112
113
  - lib/heimdall_auth/controller_additions.rb
113
114
  - lib/heimdall_auth/engine.rb
114
115
  - lib/heimdall_auth/rails/routes.rb
115
116
  - lib/heimdall_auth/railtie.rb
117
+ - lib/heimdall_auth/route_constraint.rb
116
118
  - lib/heimdall_auth/user.rb
117
119
  - lib/heimdall_auth/version.rb
118
120
  - lib/omniauth/stategies/heimdall.rb