heimdall_auth 1.7.0 → 1.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -0
  3. data/app/controllers/heimdall_auth/sessions_controller.rb +5 -5
  4. data/lib/heimdall_auth/authentication_additions.rb +48 -0
  5. data/lib/heimdall_auth/controller_additions.rb +2 -46
  6. data/lib/heimdall_auth/rails/routes.rb +16 -0
  7. data/lib/heimdall_auth/route_constraint.rb +45 -0
  8. data/lib/heimdall_auth/version.rb +1 -1
  9. data/lib/heimdall_auth.rb +3 -0
  10. metadata +6 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 57bca32565813f01226295da73012e3b10a4d6c1551e7e680c74ade1fc47330c
4
- data.tar.gz: 4c13f4f4e6f0c67026c8f4def6351625b2ff377d580828997adf6658f054e987
3
+ metadata.gz: 62917a5dfbec560e91964ae280d362973e51c3fd7aec9fa39012fcba2053fb96
4
+ data.tar.gz: d902146d018ba779759c7bef16e7807266d1960a49127961d587a791f131ee41
5
5
  SHA512:
6
- metadata.gz: 46a5916934411a7957c8f494bd0348083a1cc5394517d9924899eebae911450c4bfeb78a6cdbae1e85dc4fd51146d07af562f56615362ebe72e06e7da1af3a43
7
- data.tar.gz: 630a7af9ae20322235561977d94f0d84900bab12edb052515a1967db5bce6aa262493a13acba131cace42790641762d1d6db603c5169d2e3e80c05712c900137
6
+ metadata.gz: b47b0dfd4f6db45ab8a1d5a34626e1529dcba2811901c36e3ba9a1534e5a814b7c163a4ed433198c66462575feb2eadbd60792ac604f53703381c88cf0282cbc
7
+ data.tar.gz: 97c6c1a896670c6e224725d848e30340cf30baeecca65a24d7f12275d8040ad1ebdd1bc75156295eda8b94c847901a34802e0542145a2a02a75fdc09a38de91a
data/README.md CHANGED
@@ -1,6 +1,29 @@
1
1
  # HeimdallAuth
2
2
  This makes it easy to equip an empty rails application with our Heimdall Auth features.
3
3
 
4
+ ## New Feature: Secure Sidekiq (and other mounts)
5
+ Use it like so in `config/routes.rb`:
6
+ ```
7
+ mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq
8
+ ```
9
+ instead of the known:
10
+ ```
11
+ mount Sidekiq::Web => '/sidekiq'
12
+ ```
13
+
14
+ Additionally you need to add the rights to your `app/models/ability.rb`:
15
+ ```
16
+ if user.is_admin
17
+ can :manage, :sidekiq
18
+ end
19
+ ```
20
+
21
+ Options:
22
+ - mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE
23
+ - ENGINE - any mountable Engine like `Sidekiq::Web`
24
+ - PATH - where to mount the engine
25
+ - ACTION & RESOURCE - like any action and resource in cancancan
26
+
4
27
  ## Installation and Usage
5
28
 
6
29
  Example: https://gitlab.vesputi.com/netzmap/nanna
data/app/controllers/heimdall_auth/sessions_controller.rb CHANGED
@@ -8,29 +8,29 @@ class HeimdallAuth::SessionsController < ApplicationController
8
8
  if user_token
9
9
  do_a_signin_precall(user_token, heimdall_auth_url)
10
10
  else
11
- redirect_to heimdall_auth_url
11
+ redirect_to heimdall_auth_url, allow_other_host: true
12
12
  end
13
13
  end
14
14
 
15
15
  def create
16
16
  auth = request.env["omniauth.auth"]
17
17
  session[:access_token] = auth.credentials.token
18
- redirect_to session[:last_url] || root_url
18
+ redirect_to( session[:last_url] || request.base_url, allow_other_host: true)
19
19
  end
20
20
 
21
21
  def destroy
22
22
  last_url = session[:last_url]
23
23
  reset_session
24
- redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || passenger_url}", :notice => 'Signed out!'
24
+ redirect_to("#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || request.base_url}", :notice => 'Signed out!', allow_other_host: true)
25
25
  end
26
26
 
27
27
  def failure
28
- redirect_to root_url, :alert => "Authentication error: #{params[:message].humanize}"
28
+ redirect_to request.base_url, :alert => "Authentication error: #{params[:message].humanize}", allow_other_host: true
29
29
  end
30
30
 
31
31
  private
32
32
  def do_a_signin_precall(user_token, heimdall_auth_url)
33
- redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}"
33
+ redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}", allow_other_host: true
34
34
  end
35
35
 
36
36
  end
data/lib/heimdall_auth/authentication_additions.rb ADDED
@@ -0,0 +1,48 @@
1
+ module HeimdallAuth
2
+ module AuthenticationAdditions
3
+ def current_ability
4
+ @current_ability ||= Ability.new(current_user)
5
+ end
6
+
7
+ def store_location_in_session
8
+ session[:last_url] = request.url if storable_location?
9
+ ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
10
+ end
11
+
12
+ def storable_location?
13
+ request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
14
+ end
15
+
16
+ def current_access_token
17
+ request.session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
18
+ end
19
+
20
+ def current_user
21
+ begin
22
+ @current_user ||= get_user_from_auth_server(current_access_token)
23
+ rescue NoMethodError => e
24
+ User.new(is_invalid: true)
25
+ rescue Exception => e
26
+ nil
27
+ end
28
+ end
29
+
30
+ def current_environment
31
+ begin
32
+ @current_environment ||= current_user.key_environment || params[:environment]
33
+ rescue NoMethodError, Exception => e
34
+ nil
35
+ end
36
+ end
37
+
38
+ def get_user_from_auth_server(access_token)
39
+ client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
40
+ user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
41
+ User.new(user_data)
42
+ end
43
+
44
+ def user_signed_in?
45
+ return true if current_user
46
+ end
47
+ end
48
+ end
data/lib/heimdall_auth/controller_additions.rb CHANGED
@@ -1,10 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
  require "cancancan"
3
+ require "heimdall_auth/authentication_additions"
3
4
 
4
5
  module HeimdallAuth
5
6
  # This module is automatically included into all controllers.
6
7
  # It adds methods like current_user but also handles auth-failure redirections
7
8
  module ControllerAdditions
9
+ include HeimdallAuth::AuthenticationAdditions
8
10
 
9
11
  def self.included(base)
10
12
  base.helper_method :current_user, :current_access_token, :current_environment, :user_signed_in? if base.respond_to? :helper_method
@@ -28,52 +30,6 @@ module HeimdallAuth
28
30
  end
29
31
 
30
32
  end
31
-
32
- def current_ability
33
- @current_ability ||= Ability.new(current_user)
34
- end
35
-
36
- def store_location_in_session
37
- session[:last_url] = request.url if storable_location?
38
- ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
39
- end
40
-
41
- def storable_location?
42
- request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
43
- end
44
-
45
-
46
- def current_access_token
47
- session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
48
- end
49
-
50
- def current_user
51
- begin
52
- @current_user ||= get_user_from_auth_server(current_access_token)
53
- rescue NoMethodError => e
54
- User.new(is_invalid: true)
55
- rescue Exception => e
56
- nil
57
- end
58
- end
59
-
60
- def current_environment
61
- begin
62
- @current_environment ||= current_user.key_environment || params[:environment]
63
- rescue NoMethodError, Exception => e
64
- nil
65
- end
66
- end
67
-
68
- def get_user_from_auth_server(access_token)
69
- client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
70
- user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
71
- User.new(user_data)
72
- end
73
-
74
- def user_signed_in?
75
- return true if current_user
76
- end
77
33
  end
78
34
  end
79
35
 
data/lib/heimdall_auth/rails/routes.rb CHANGED
@@ -9,6 +9,22 @@ module HeimdallAuth
9
9
  get '/signin' => 'heimdall_auth/sessions#new', :as => :new_user_session
10
10
  get '/signout' => 'heimdall_auth/sessions#destroy', :as => :destroy_user_session
11
11
  end
12
+
13
+
14
+ def mount_heimdall_auth_secured(options = {}, &block)
15
+ mount_element = options.keys.first
16
+ path = options[mount_element]
17
+
18
+ action = options.keys.second
19
+ resource = options.values.second
20
+ if action.nil? || resource.nil?
21
+ puts "WARNING: It seems you missed the cancancan rights. Use: `mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq`"
22
+ end
23
+
24
+ mount mount_element => path, constraints: HeimdallAuth::RouteConstraint.new(action, resource)
25
+ get "#{path}", to: redirect('/signin')
26
+ get "#{path}/*rest", to: redirect('/signin')
27
+ end
12
28
  end
13
29
 
14
30
  def self.install!
data/lib/heimdall_auth/route_constraint.rb ADDED
@@ -0,0 +1,45 @@
1
+ module HeimdallAuth
2
+
3
+ class AuthenticationChecker
4
+ include HeimdallAuth::AuthenticationAdditions
5
+
6
+ def initialize(request)
7
+ @request = request
8
+ end
9
+
10
+ def request #This allowes the methods in AuthenticationAdditions to use to usually global request
11
+ @request
12
+ end
13
+
14
+ def session #This allowes the methods in AuthenticationAdditions to use to usually global request
15
+ @request.session
16
+ end
17
+
18
+ def can?(action, resource)
19
+ store_location_in_session
20
+ if current_user
21
+ if current_ability.can?(action, resource)
22
+ return true
23
+ else
24
+ session[:last_url] = request.base_url #prevent a redirection loop if users do not have enough rights. So send her to the base_url
25
+ return false
26
+ end
27
+ else
28
+ return false
29
+ end
30
+ end
31
+ end
32
+
33
+ class RouteConstraint
34
+
35
+ def initialize(action, resource)
36
+ @action = action
37
+ @resource = resource
38
+ end
39
+
40
+ def matches?(matching_request)
41
+ AuthenticationChecker.new(matching_request).can?(@action, @resource)
42
+ end
43
+
44
+ end
45
+ end
data/lib/heimdall_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module HeimdallAuth
2
- VERSION = '1.7.0'
2
+ VERSION = '1.8.0'
3
3
  end
data/lib/heimdall_auth.rb CHANGED
@@ -6,8 +6,11 @@ require "heimdall_auth/rails/routes"
6
6
  require "heimdall_auth/user"
7
7
  require "omniauth/stategies/heimdall"
8
8
 
9
+ require "heimdall_auth/authentication_additions"
9
10
  require "heimdall_auth/controller_additions"
10
11
 
12
+ require "heimdall_auth/route_constraint"
13
+
11
14
 
12
15
  module HeimdallAuth
13
16
  # Your code goes here...
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - René Meye
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-13 00:00:00.000000000 Z
11
+ date: 2023-01-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '5.0'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
- version: '7.0'
22
+ version: '8.0'
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '5.0'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
- version: '7.0'
32
+ version: '8.0'
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: omniauth
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -109,10 +109,12 @@ files:
109
109
  - lib/generators/heimdall_auth/standard_pages/templates/invalid_user_data.html.erb
110
110
  - lib/generators/heimdall_auth/standard_pages/templates/not_enough_rights.html.erb
111
111
  - lib/heimdall_auth.rb
112
+ - lib/heimdall_auth/authentication_additions.rb
112
113
  - lib/heimdall_auth/controller_additions.rb
113
114
  - lib/heimdall_auth/engine.rb
114
115
  - lib/heimdall_auth/rails/routes.rb
115
116
  - lib/heimdall_auth/railtie.rb
117
+ - lib/heimdall_auth/route_constraint.rb
116
118
  - lib/heimdall_auth/user.rb
117
119
  - lib/heimdall_auth/version.rb
118
120
  - lib/omniauth/stategies/heimdall.rb