RubyGems - heimdall_auth - Versions diffs - 1.7.0 → 1.8.0 - Mend

heimdall_auth 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +23 -0
data/app/controllers/heimdall_auth/sessions_controller.rb +5 -5
data/lib/heimdall_auth/authentication_additions.rb +48 -0
data/lib/heimdall_auth/controller_additions.rb +2 -46
data/lib/heimdall_auth/rails/routes.rb +16 -0
data/lib/heimdall_auth/route_constraint.rb +45 -0
data/lib/heimdall_auth/version.rb +1 -1
data/lib/heimdall_auth.rb +3 -0
metadata +6 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57bca32565813f01226295da73012e3b10a4d6c1551e7e680c74ade1fc47330c
-  data.tar.gz: 4c13f4f4e6f0c67026c8f4def6351625b2ff377d580828997adf6658f054e987
+  metadata.gz: 62917a5dfbec560e91964ae280d362973e51c3fd7aec9fa39012fcba2053fb96
+  data.tar.gz: d902146d018ba779759c7bef16e7807266d1960a49127961d587a791f131ee41
 SHA512:
-  metadata.gz: 46a5916934411a7957c8f494bd0348083a1cc5394517d9924899eebae911450c4bfeb78a6cdbae1e85dc4fd51146d07af562f56615362ebe72e06e7da1af3a43
-  data.tar.gz: 630a7af9ae20322235561977d94f0d84900bab12edb052515a1967db5bce6aa262493a13acba131cace42790641762d1d6db603c5169d2e3e80c05712c900137
+  metadata.gz: b47b0dfd4f6db45ab8a1d5a34626e1529dcba2811901c36e3ba9a1534e5a814b7c163a4ed433198c66462575feb2eadbd60792ac604f53703381c88cf0282cbc
+  data.tar.gz: 97c6c1a896670c6e224725d848e30340cf30baeecca65a24d7f12275d8040ad1ebdd1bc75156295eda8b94c847901a34802e0542145a2a02a75fdc09a38de91a

data/README.md CHANGED Viewed

@@ -1,6 +1,29 @@
 # HeimdallAuth
 This makes it easy to equip an empty rails application with our Heimdall Auth features.
+## New Feature: Secure Sidekiq (and other mounts)
+Use it like so in `config/routes.rb`:
+```
+mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq
+```
+instead of the known:
+```
+mount Sidekiq::Web => '/sidekiq'
+```
+Additionally you need to add the rights to your `app/models/ability.rb`:
+```
+if user.is_admin
+  can :manage, :sidekiq
+end
+```
+Options:
+- mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE
+- ENGINE - any mountable Engine like `Sidekiq::Web`
+- PATH - where to mount the engine
+- ACTION & RESOURCE - like any action and resource in cancancan
 ## Installation and Usage
 Example: https://gitlab.vesputi.com/netzmap/nanna

data/app/controllers/heimdall_auth/sessions_controller.rb CHANGED Viewed

@@ -8,29 +8,29 @@ class HeimdallAuth::SessionsController < ApplicationController
     if user_token
       do_a_signin_precall(user_token, heimdall_auth_url)
     else
-      redirect_to heimdall_auth_url
+      redirect_to heimdall_auth_url, allow_other_host: true
     end
   end
   def create
     auth = request.env["omniauth.auth"]
     session[:access_token] = auth.credentials.token
-    redirect_to session[:last_url] || root_url
+    redirect_to( session[:last_url] || request.base_url, allow_other_host: true)
   end
   def destroy
     last_url = session[:last_url]
     reset_session
-    redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || passenger_url}", :notice => 'Signed out!'
+    redirect_to("#{ENV['HEIMDALL_SERVER_URL']}/signout?redirect_to=#{last_url || request.base_url}", :notice => 'Signed out!', allow_other_host: true)
   end
   def failure
-    redirect_to root_url, :alert => "Authentication error: #{params[:message].humanize}"
+    redirect_to request.base_url, :alert => "Authentication error: #{params[:message].humanize}", allow_other_host: true
   end
   private
   def do_a_signin_precall(user_token, heimdall_auth_url)
-    redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}"
+    redirect_to "#{ENV['HEIMDALL_SERVER_URL']}/?user_token=#{user_token}&redirect_to=#{heimdall_auth_url}", allow_other_host: true
   end
 end

data/lib/heimdall_auth/authentication_additions.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module HeimdallAuth
+  module AuthenticationAdditions
+    def current_ability
+      @current_ability ||= Ability.new(current_user)
+    end
+    def store_location_in_session
+      session[:last_url] = request.url if storable_location?
+      ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
+    end
+    def storable_location?
+      request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
+    end
+    def current_access_token
+      request.session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
+    end
+    def current_user
+      begin
+        @current_user ||= get_user_from_auth_server(current_access_token)
+      rescue NoMethodError => e
+        User.new(is_invalid: true)
+      rescue Exception => e
+        nil
+      end
+    end
+    def current_environment
+      begin
+        @current_environment ||= current_user.key_environment || params[:environment]
+      rescue NoMethodError, Exception => e
+        nil
+      end
+    end
+    def get_user_from_auth_server(access_token)
+      client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
+      user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
+      User.new(user_data)
+    end
+    def user_signed_in?
+      return true if current_user
+    end
+  end
+end

data/lib/heimdall_auth/controller_additions.rb CHANGED Viewed

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 require "cancancan"
+require "heimdall_auth/authentication_additions"
 module HeimdallAuth
   # This module is automatically included into all controllers.
   # It adds methods like current_user but also handles auth-failure redirections
   module ControllerAdditions
+    include HeimdallAuth::AuthenticationAdditions
     def self.included(base)
       base.helper_method :current_user, :current_access_token, :current_environment, :user_signed_in? if base.respond_to? :helper_method
@@ -28,52 +30,6 @@ module HeimdallAuth
       end
     end
-    def current_ability
-      @current_ability ||= Ability.new(current_user)
-    end
-    def store_location_in_session
-      session[:last_url] = request.url if storable_location?
-      ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m")
-    end
-    def storable_location?
-      request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr?
-    end
-    def current_access_token
-      session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken']
-    end
-    def current_user
-      begin
-        @current_user ||= get_user_from_auth_server(current_access_token)
-      rescue NoMethodError => e
-        User.new(is_invalid: true)
-      rescue Exception => e
-        nil
-      end
-    end
-    def current_environment
-      begin
-        @current_environment ||= current_user.key_environment || params[:environment]
-      rescue NoMethodError, Exception => e
-        nil
-      end
-    end
-    def get_user_from_auth_server(access_token)
-      client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL'])
-      user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed
-      User.new(user_data)
-    end
-    def user_signed_in?
-      return true if current_user
-    end
   end
 end

data/lib/heimdall_auth/rails/routes.rb CHANGED Viewed

@@ -9,6 +9,22 @@ module HeimdallAuth
           get '/signin' => 'heimdall_auth/sessions#new', :as => :new_user_session
           get '/signout' => 'heimdall_auth/sessions#destroy', :as => :destroy_user_session
         end
+        def mount_heimdall_auth_secured(options = {}, &block)
+          mount_element = options.keys.first
+          path = options[mount_element]
+          action = options.keys.second
+          resource = options.values.second
+          if action.nil? || resource.nil?
+            puts "WARNING: It seems you missed the cancancan rights. Use: `mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq`"
+          end
+          mount mount_element => path, constraints: HeimdallAuth::RouteConstraint.new(action, resource)
+           get "#{path}", to: redirect('/signin')
+           get "#{path}/*rest", to: redirect('/signin')
+        end
       end
       def self.install!

data/lib/heimdall_auth/route_constraint.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module HeimdallAuth
+  class AuthenticationChecker
+    include HeimdallAuth::AuthenticationAdditions
+    def initialize(request)
+      @request = request
+    end
+    def request #This allowes the methods in AuthenticationAdditions to use to usually global request
+      @request
+    end
+    def session #This allowes the methods in AuthenticationAdditions to use to usually global request
+      @request.session
+    end
+    def can?(action, resource)
+      store_location_in_session
+      if current_user
+        if current_ability.can?(action, resource)
+          return true
+        else
+          session[:last_url] = request.base_url #prevent a redirection loop if users do not have enough rights. So send her to the base_url
+          return false
+        end
+      else
+        return false
+      end
+    end
+  end
+  class RouteConstraint
+    def initialize(action, resource)
+      @action = action
+      @resource = resource
+    end
+    def matches?(matching_request)
+      AuthenticationChecker.new(matching_request).can?(@action, @resource)
+    end
+  end
+end

data/lib/heimdall_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module HeimdallAuth
-  VERSION = '1.7.0'
+  VERSION = '1.8.0'
 end

data/lib/heimdall_auth.rb CHANGED Viewed

@@ -6,8 +6,11 @@ require "heimdall_auth/rails/routes"
 require "heimdall_auth/user"
 require "omniauth/stategies/heimdall"
+require "heimdall_auth/authentication_additions"
 require "heimdall_auth/controller_additions"
+require "heimdall_auth/route_constraint"
 module HeimdallAuth
   # Your code goes here...

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_auth
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - René Meye
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-13 00:00:00.000000000 Z
+date: 2023-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -19,7 +19,7 @@ dependencies:
         version: '5.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '5.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
@@ -109,10 +109,12 @@ files:
 - lib/generators/heimdall_auth/standard_pages/templates/invalid_user_data.html.erb
 - lib/generators/heimdall_auth/standard_pages/templates/not_enough_rights.html.erb
 - lib/heimdall_auth.rb
+- lib/heimdall_auth/authentication_additions.rb
 - lib/heimdall_auth/controller_additions.rb
 - lib/heimdall_auth/engine.rb
 - lib/heimdall_auth/rails/routes.rb
 - lib/heimdall_auth/railtie.rb
+- lib/heimdall_auth/route_constraint.rb
 - lib/heimdall_auth/user.rb
 - lib/heimdall_auth/version.rb
 - lib/omniauth/stategies/heimdall.rb